Abnormal file access behavior monitoring method and device
The invention discloses an abnormal file access behavior monitoring method, which is used for solving the identification of behaviors such as deleting and modifying an abnormal file of a Linux server.The method comprises the following steps: learning and generating a user access permission white lis...
Gespeichert in:
Hauptverfasser: | , , , , , , , |
---|---|
Format: | Patent |
Sprache: | chi ; eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | The invention discloses an abnormal file access behavior monitoring method, which is used for solving the identification of behaviors such as deleting and modifying an abnormal file of a Linux server.The method comprises the following steps: learning and generating a user access permission white list from a historical log; based on the streaming data, identifying file access behaviors in the streaming data through association analysis of various system logs; and based on filtering of the user access permission white list, identifying abnormal deletion and modification behaviors. The device comprises a log acquisition unit, an offline training unit and a behavior monitoring unit. Compared with the prior art, the invention has the advantages that 1) a wider file system can be monitored, 2)a white list is generated through a machine learning algorithm, normal access behaviors are filtered, and the false alarm rate is reduced, and 3) real-time detection is carried out based on a stream processing framework.
本发明一种 |
---|