+

WO2019066099A1 - Système de détection de comportement anormal sur la base d'un modèle d'analyse intégré, et procédé associé - Google Patents

Système de détection de comportement anormal sur la base d'un modèle d'analyse intégré, et procédé associé Download PDF

Info

Publication number
WO2019066099A1
WO2019066099A1 PCT/KR2017/010760 KR2017010760W WO2019066099A1 WO 2019066099 A1 WO2019066099 A1 WO 2019066099A1 KR 2017010760 W KR2017010760 W KR 2017010760W WO 2019066099 A1 WO2019066099 A1 WO 2019066099A1
Authority
WO
WIPO (PCT)
Prior art keywords
abnormal behavior
model
analysis
integrated
analysis model
Prior art date
Application number
PCT/KR2017/010760
Other languages
English (en)
Korean (ko)
Inventor
조창훈
민정기
Original Assignee
(주)알티캐스트
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)알티캐스트 filed Critical (주)알티캐스트
Publication of WO2019066099A1 publication Critical patent/WO2019066099A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N99/00Subject matter not provided for in other groups of this subclass
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00971Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures for monitoring the industrial media production and distribution channels, e.g. for controlling content providers or the official manufacturers or replicators of recording media
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/24Monitoring of processes or resources, e.g. monitoring of server load, available bandwidth, upstream requests

Definitions

  • the present invention relates to a system and a method for detecting abnormal behavior according to the use of digital contents, and more particularly, to a technical idea for detecting abnormal behavior based on a machine-learned analysis model.
  • the detection system based on the rule or the policy can detect the abnormal behavior only when the behavior of the client terminal or the user corresponds to the specific condition, the limit of detecting the abnormal behavior gradually becomes intelligent have.
  • An object of the present invention is to provide a technology capable of minimizing traffic generation due to data transmission by transmitting only analysis models obtained through machine learning to each of the analysis servers to a cloud server.
  • the present invention aims at proactively detecting an abnormal behavior based on an analytical model including a predictive symptom, and by proactively detecting the abnormal behavior before occurrence of the abnormal behavior.
  • a system for detecting abnormal behavior includes an information receiver for receiving usage information according to use of digital contents, A model generating unit for generating an analysis model; a model transmitting unit for transmitting the analysis model to the cloud server; and an integrated analysis model from the cloud server, receiving the abnormal behavior based on at least one of the integrated analysis model and the generated analysis model And the cloud server collects the transmitted analysis models and generates the integrated analysis models by machine learning the collected analysis models.
  • the information receiving unit can receive usage information from at least one of a CAS (Conditional Access System) server and a DRM (Digital Rights Management) server.
  • a CAS Content Access System
  • DRM Digital Rights Management
  • the information receiving unit includes at least one of information (log information according to use of digital contents, ID information of a client terminal using digital contents, manufacturer information of a client terminal, and extended display identification data (EDID) Lt; / RTI >
  • information log information according to use of digital contents, ID information of a client terminal using digital contents, manufacturer information of a client terminal, and extended display identification data (EDID) Lt; / RTI >
  • the model generating unit may extract an occurrence event of an abnormal behavior from usage information, and may generate an analysis model including a predictive indication for predicting an abnormal behavior by machine learning of the occurrence event of the abnormal behavior.
  • the model generating unit generates an analytical model for mechanically learning the usage information to predict and detect an abnormal behavior in real time or before the occurrence of the abnormality, wherein the abnormal behavior is an entity that is authenticated at the time of purchase, Lt; / RTI >
  • the model generating unit may perform an operation other than a procedure, such as an attempt to hack and infringe threatening copyright and security, an illegal downloading of digital contents, an illegal copying of digital contents,
  • An analysis model for detecting at least one operation among the operations using the content and the operation of frequently exchanging suspicious data between the client terminal and the server managing the digital content can be created.
  • At least one of a blocking operation of the digital content distribution through the CAS or the DRM server, a connection blocking operation to the client terminal in which the abnormal behavior is detected, and a user authentication request operation are performed based on the detection result of the abnormal behavior
  • a signal generator for generating a control signal for controlling the control signal.
  • the system for detecting abnormal behavior includes a model collection unit for collecting analysis models from at least two analysis servers, an integrated model generation unit for generating an integrated analysis model by machine learning of the collected analysis models, And an integrated model transmitter for providing an integrated analysis model to each of the analysis servers.
  • the analysis server generates an analysis model for detecting abnormal behavior according to the use of digital contents by mechanically learning usage information, And detects abnormal behavior based on at least one of the model and the integrated analysis model.
  • the analysis server includes at least one of information (log information according to use of digital contents, ID information of a client terminal using digital contents, manufacturer information of a client terminal, and extended display identification data (EDID) Lt; / RTI >
  • information log information according to use of digital contents, ID information of a client terminal using digital contents, manufacturer information of a client terminal, and extended display identification data (EDID) Lt; / RTI >
  • the analysis server can extract an occurrence of an abnormal behavior from the usage information, and generate an analysis model including predictive indications for predictive detection of abnormal behavior by machine learning of the occurrence event of the abnormal behavior.
  • the analysis server generates an analysis model for mechanically learning usage information to predict and detect an abnormal behavior in real time or before the occurrence of the abnormality, and the abnormal behavior may be an entity that is authenticated at the time of purchase, Lt; / RTI >
  • the analysis server is an operation other than a procedure, including an operation of attempting hacking and infringement that threatens copyright and security, an operation of illegally downloading digital contents, an operation of illegally copying digital contents,
  • An analysis model for detecting at least one operation among the operations using the content and the operation of frequently exchanging suspicious data between the client terminal and the server managing the digital content can be created.
  • the analysis server may perform at least one of a blocking operation of the digital contents distribution through the CAS or the DRM server, a connection blocking operation to the client terminal in which the abnormal behavior is detected, And generate a control signal that controls the operation to be performed.
  • a method for detecting abnormal behavior includes receiving information on use of digital content in an information receiving unit, mechanically learning usage information received from the model generating unit, Generating an analysis model for detecting abnormal behavior, transmitting the analysis model to the cloud server in the model transmission unit, receiving the integrated analysis model from the cloud server in the abnormal behavior detection unit, And detecting an abnormal behavior based on at least one of the analysis models.
  • the cloud server collects the analysis models to be transmitted, and mechanically learns the collected analysis models to generate an integrated analysis model.
  • the step of receiving usage information includes receiving at least one of information (log information according to use of digital contents, ID information of a client terminal using digital contents, manufacturer information of a client terminal, and EDID As shown in Fig.
  • a method of analyzing an object comprising: collecting an analysis model transmitted from a model collection unit; generating an integrated analysis model by mechanically learning an analysis model collected by the integrated model generation unit; To the behavior sensing unit.
  • only the analysis model obtained through machine learning at each analysis server is transmitted to the cloud server, thereby minimizing traffic generation due to data transmission.
  • the integrated analysis models can be shared among the analysis servers, thereby improving the accuracy and reliability of abnormal behavior detection according to the use of digital contents.
  • FIG. 1 is a diagram illustrating a system for detecting abnormal behavior according to an embodiment of the present invention.
  • FIG. 2 is a diagram illustrating an analysis server according to an embodiment of the present invention.
  • FIG. 3 is a diagram illustrating a cloud server according to an embodiment of the present invention.
  • FIG. 4 is a diagram illustrating a method for detecting abnormal behavior according to an embodiment of the present invention.
  • first, second, or the like may be used to describe various elements, but the elements should not be limited by the terms.
  • the terms may be named for the purpose of distinguishing one element from another, for example without departing from the scope of the right according to the concept of the present invention, the first element being referred to as the second element, Similarly, the second component may also be referred to as the first component.
  • FIG. 1 is a block diagram showing a system for detecting abnormal behavior according to an embodiment of the present invention.
  • the system 100 for detecting an abnormal behavior can minimize traffic generation due to data transmission, improve the accuracy and reliability of abnormal behavior detection according to digital content use, , It is possible to provide a technique capable of detecting and responding to an abnormal behavior before occurrence.
  • the system 100 for detecting anomalous behavior may include a cloud server 110 and at least two analysis servers 120.
  • At least two analysis servers 120 may be servers operated by respective providers providing digital contents.
  • the cloud server 110 collects analysis models for detecting abnormal behavior from at least two analysis servers 120, and can generate an integrated analysis model by mechanically learning the collected analysis models.
  • the analysis server 120 may generate an analysis model through machine learning, and may detect abnormal behavior based on at least one of the generated analysis model and the integrated analysis model.
  • FIG. 2 is a configuration diagram showing an analysis server according to an embodiment of the present invention.
  • the analysis server 200 generates an analysis model through machine learning, transmits the generated analysis model to the cloud server of FIG. 1, and analyzes the integrated analysis model received from the cloud server And an analysis model based on at least one of the generated analysis models.
  • an information receiving unit 210 a model generating unit 220, a model transmitting unit 230, and an abnormal behavior detecting unit 240 are included.
  • the analysis server 200 may further include a controller for controlling operations of the information receiving unit 210, the model generating unit 220, the model transmitting unit 230, and the abnormal behavior detecting unit 240 have.
  • the information receiving unit 210 receives usage information according to use of digital contents.
  • the information receiving unit 210 may receive usage information from at least one of a CAS (Conditional Access System) server and a DRM (Digital Rights Management) server.
  • a CAS Content Access System
  • DRM Digital Rights Management
  • the information receiving unit 210 may receive usage information collected from at least one client terminal using digital content in at least one server among the CAS server and the DRM server.
  • the information receiving unit 210 may directly receive usage information from each client terminal.
  • the information receiving unit 210 may use, as usage information, log information according to use of digital contents, ID information of a client terminal using digital contents, manufacturer information of a client terminal, and extended display identification data (EDID) One information can be received.
  • usage information log information according to use of digital contents
  • ID information of a client terminal using digital contents ID information of a client terminal using digital contents
  • manufacturer information of a client terminal manufacturer information of a client terminal
  • EDID extended display identification data
  • the model generation unit 220 generates an analysis model for detecting an abnormal behavior according to the use of the digital contents by mechanically learning the received usage information.
  • the model generation unit 220 may generate a model using at least one learning algorithm among a neural network, a decision tree, a Bayesian network, and a support vector machine (SVM)
  • An analytical model can be created by machine learning of usage information.
  • the model generating unit 220 may extract an occurrence event of an abnormal behavior from the usage information, and may generate an analysis model including expected indications for predictive detection of an abnormal behavior by machine learning of the occurrence event of the abnormal behavior have.
  • the model generation unit 220 may analyze the log information in the usage information to extract a case of occurrence of an abnormal behavior.
  • Examples of the occurrence of the abnormal behavior include a symptom of the abnormal behavior and a corresponding action .
  • the present invention it is possible to predict the abnormal behavior based on the analytical model including the expected symptom, and to proactively detect the abnormal behavior before the abnormal behavior occurs.
  • the model generation unit 220 may generate an analysis model for mechanically learning usage information to predict and detect abnormal behavior in real time or before generation.
  • the analysis model according to an exemplary embodiment may detect an operation other than a procedure generated by an authenticated entity when purchasing, using, and distributing digital contents as an abnormal behavior.
  • the model generation unit 220 can generate an analysis model for detecting an operation other than a procedure.
  • operations other than the procedures include an operation of attempting hacking and infringement that threatens copyright and security, an operation of illegally downloading digital contents, an operation of illegally copying digital contents, an operation of using digital contents in unauthenticated client terminals, An operation of frequently exchanging suspicious data between a client terminal and a server managing digital contents, and the like.
  • the server for managing digital contents may include at least one of a CAS server, a DRM server, and a server for distributing digital contents.
  • the model transmitting unit 230 transmits the analysis model to the cloud server.
  • the model transmitting unit 230 may transmit the entire analysis model to the cloud server, or may transmit only some analytical models that do not conflict with the business policy or the customer policy to the cloud server.
  • the cloud server collects transmitted analysis models, and generates a combined analysis model by mechanically learning the collected analysis models.
  • the cloud server may collect analytical models from at least two analysis servers 200.
  • At least two analysis servers 200 may be servers operated by respective providers providing digital contents.
  • an analysis model generated by a first-order analysis through machine learning is collected in a cloud server in each analysis server 200, and an analysis model collected in a cloud server is integrated into a second analysis through machine learning Create an analysis model.
  • the abnormal behavior detection unit 240 receives the integrated analysis model from the cloud server and detects an abnormal behavior based on at least one of the integrated analysis model and the analysis model generated by the model generation unit 220 do.
  • the abnormal behavior detection unit 240 may generate an analysis model in which a part of the integrated analysis model is combined with the generated analysis model, and detect abnormal behavior based on the combined analysis model.
  • the abnormal behavior detection unit 240 extracts some analytical models that can be applied according to business policy or customer policy among the integrated analytical models received from the cloud server, and extracts some extracted analytical models and the generated analytical models
  • the combined analysis model can be integrated and the abnormal behavior can be detected based on the combined analysis model.
  • the analysis server 200 may perform a blocking operation of the digital content distribution through the CAS or the DRM server, a connection blocking operation to the client terminal in which the abnormal behavior is detected, And a signal generator 250 for generating a control signal for controlling at least one operation to be performed.
  • the signal generator generates a control signal based on the detection result, and transmits the generated control signal to a management server that manages the distribution of the digital contents, thereby making a connection to the client terminal, Block or block distribution of content.
  • the management server can control the client terminal to request the user authentication.
  • FIG. 3 is a configuration diagram illustrating a cloud server according to an embodiment of the present invention.
  • FIG. 3 The description of FIG. 3 will not be repeated in the analysis server according to an embodiment of the present invention.
  • the cloud server 300 collects analysis models from at least two analysis servers, generates an integrated analysis model by machine learning the collected analysis models, Provided to each analysis server.
  • a model collecting unit 310 For this, a model collecting unit 310, an integrated model generating unit 320, and an integrated model transmitting unit 330 are included.
  • the cloud server 300 may further include a controller for controlling operations of the model collecting unit 310, the integrated model generating unit 320, and the integrated model transmitting unit 330 according to an exemplary embodiment of the present invention.
  • the model collecting unit 310 collects analytic models from at least two analysis servers.
  • the analysis server according to an exemplary embodiment of the present invention generates an analysis model for detecting an abnormal behavior due to use of digital contents by mechanically learning usage information.
  • At least two analysis servers may be servers operated by respective providers providing digital contents.
  • the analysis server includes at least one of information (log information according to use of digital contents, ID information of a client terminal using digital contents, manufacturer information of a client terminal, and extended display identification data (EDID) Lt; / RTI >
  • information log information according to use of digital contents, ID information of a client terminal using digital contents, manufacturer information of a client terminal, and extended display identification data (EDID) Lt; / RTI >
  • the analysis server can extract an occurrence of an abnormal behavior from the usage information, and generate an analysis model including predictive indications for predictive detection of abnormal behavior by machine learning of the occurrence event of the abnormal behavior.
  • the present invention it is possible to predict the abnormal behavior based on the analytical model including the expected symptom, and to proactively detect the abnormal behavior before the abnormal behavior occurs.
  • the analysis server may generate an analysis model for machine learning of usage information to predict and detect anomalous behavior in real time or before occurrence.
  • the analysis model may detect an operation other than a procedure generated by an authenticated entity when purchasing, using, and distributing digital contents as an abnormal behavior.
  • the analysis server can generate an analysis model for detecting actions other than the procedure.
  • operations other than the procedures include an operation of attempting hacking and infringement that threatens copyright and security, an operation of illegally downloading digital contents, an operation of illegally copying digital contents, an operation of using digital contents in unauthenticated client terminals, An operation of frequently exchanging suspicious data between a client terminal and a server managing digital contents, and the like.
  • the integrated model generation unit 320 generates an integrated analysis model by mechanically learning the collected analysis models.
  • the integrated model transmitter 330 provides an integrated analysis model to each analysis server.
  • the analysis server detects abnormal behavior based on at least one of the generated analysis model and the integrated analysis model.
  • the integrated model generation unit 320 when collecting the analysis models from the respective analysis servers operated by the first to third parties, the integrated model generation unit 320 generates the integrated analysis models by machine learning the collected analysis models, An integrated analysis model including an additional analysis model for abnormal behavior detection that is not present in the analysis model generated by the first business entity can be generated.
  • the integrated model transmission unit 330 can improve the accuracy and reliability of the abnormal behavior detection operation performed in the analysis server by providing the integrated analysis model including the additional analysis model to the analysis server of the first provider.
  • the analytical model generated by the first analysis through machine learning is collected in the cloud server in each analysis server, and the analysis model collected in the cloud server is integrated into the second analysis through machine learning
  • the analysis server may perform at least one of a blocking operation of the digital contents distribution through the CAS or the DRM server, a connection blocking operation to the client terminal in which the abnormal behavior is detected, And generate a control signal that controls the operation to be performed.
  • FIG. 4 is a flowchart illustrating a method for detecting abnormal behavior according to an embodiment of the present invention.
  • the method of detecting an abnormal behavior according to an embodiment of FIG. 4 may be performed by a system that detects abnormal behavior according to an embodiment.
  • a method for detecting abnormal behavior receives usage information according to usage of digital contents in an information receiving unit.
  • a method for detecting abnormal behavior includes logging information according to use of digital contents, ID information of a client terminal using digital contents, manufacturer information of a client terminal, and EDID data) information including at least one piece of information.
  • step 420 the method for detecting abnormal behavior according to an exemplary embodiment of the present invention generates an analysis model for detecting an abnormal behavior according to the use of digital contents by mechanically learning usage information received by the model generation unit.
  • an analysis model including expected signs for predicting abnormal behavior by extracting occurrence cases of abnormal behavior from usage information and mechanically learning occurrence cases of abnormal behavior.
  • a method for detecting abnormal behavior transmits an analysis model to a cloud server in a model transmission unit.
  • the cloud server collects analysis models transmitted through steps 440 to 460, and generates a combined analysis model by machine learning the collected analysis models.
  • a method of detecting an abnormal behavior may collect an analysis model transmitted from a model collecting unit.
  • the integrated analysis model may be generated by mechanically learning the analysis model collected by the integrated model generation unit.
  • the integrated model transmission unit may provide an integrated analysis model to the abnormal behavior sensing unit.
  • the method of detecting an abnormal behavior includes receiving an integrated analysis model from a cloud server in an abnormal behavior detection unit and detecting an abnormal behavior based on at least one of the integrated analysis model and the generated analysis model do.
  • a method of detecting an abnormal behavior includes: a blocking operation of digital content distribution through a CAS or a DRM server; A connection blocking operation for the client terminal, and a user authentication request operation may be performed.
  • the analytical model generated from the first analysis through machine learning is collected from the cloud server in each analysis server, the integrated analysis model is generated by the second analysis through the machine learning on the analysis model collected from the cloud server, By sharing the integrated analysis model with each analysis server, it is possible to improve the accuracy and reliability of abnormal behavior detection according to the use of digital contents.
  • the apparatus described above may be implemented as a hardware component, a software component, and / or a combination of hardware components and software components.
  • the apparatus and components described in the embodiments may be implemented within a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable array (FPA) A programmable logic unit (PLU), a microprocessor, or any other device capable of executing and responding to instructions.
  • the processing device may execute an operating system (OS) and one or more software applications running on the operating system.
  • the processing device may also access, store, manipulate, process, and generate data in response to execution of the software.
  • the processing apparatus may be described as being used singly, but those skilled in the art will recognize that the processing apparatus may have a plurality of processing elements and / As shown in FIG.
  • the processing unit may comprise a plurality of processors or one processor and one controller.
  • Other processing configurations are also possible, such as a parallel processor.
  • the software may include a computer program, code, instructions, or a combination of one or more of the foregoing, and may be configured to configure the processing device to operate as desired or to process it collectively or collectively Device can be commanded.
  • the software and / or data may be in the form of any type of machine, component, physical device, virtual equipment, computer storage media, or device , Or may be permanently or temporarily embodied in a transmitted signal wave.
  • the software may be distributed over a networked computer system and stored or executed in a distributed manner.
  • the software and data may be stored on one or more computer readable recording media.
  • the method according to an embodiment may be implemented in the form of a program command that can be executed through various computer means and recorded in a computer-readable medium.
  • the computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination.
  • the program instructions to be recorded on the medium may be those specially designed and configured for the embodiments or may be available to those skilled in the art of computer software.
  • Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like.
  • program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like.
  • the hardware devices described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Medical Informatics (AREA)
  • Evolutionary Computation (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Artificial Intelligence (AREA)
  • Debugging And Monitoring (AREA)

Abstract

La présente invention concerne une technologie relative à un système de détection d'un comportement anormal, et un procédé associé. Le système de détection d'un comportement anormal selon un mode de réalisation de l'invention comprend : une unité de réception d'informations pour recevoir des informations d'utilisation sur la base de l'utilisation d'un contenu numérique ; une unité de génération de modèle pour générer, par un apprentissage automatique des informations d'utilisation reçues, un modèle d'analyse pour détecter le comportement anormal sur la base de l'utilisation du contenu numérique ; une unité de transmission de modèle pour transmettre le modèle d'analyse à un serveur en nuage ; et une unité de détection de comportement anormal pour recevoir, du serveur en nuage, un modèle d'analyse intégré et détecter le comportement anormal sur la base du modèle d'analyse intégré et/ou du modèle d'analyse généré, le serveur en nuage collectant le modèle d'analyse transmis et générant le modèle d'analyse intégré par l'apprentissage automatique du modèle d'analyse collecté.
PCT/KR2017/010760 2017-09-27 2017-09-27 Système de détection de comportement anormal sur la base d'un modèle d'analyse intégré, et procédé associé WO2019066099A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2017-0125014 2017-09-27
KR1020170125014A KR101971790B1 (ko) 2017-09-27 2017-09-27 통합된 분석 모델에 기초하여 이상 행동을 감지하는 시스템 및 그 방법

Publications (1)

Publication Number Publication Date
WO2019066099A1 true WO2019066099A1 (fr) 2019-04-04

Family

ID=65903646

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2017/010760 WO2019066099A1 (fr) 2017-09-27 2017-09-27 Système de détection de comportement anormal sur la base d'un modèle d'analyse intégré, et procédé associé

Country Status (2)

Country Link
KR (1) KR101971790B1 (fr)
WO (1) WO2019066099A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024079668A1 (fr) * 2022-10-13 2024-04-18 Cybersentry.Ai, Inc. Détection d'anomalie d'exécution de programme pour la cybersécurité

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102295948B1 (ko) * 2019-11-26 2021-08-30 한전케이디엔주식회사 연합 학습을 통한 인공지능 기반 보안관제 시스템 및 방법
KR102393109B1 (ko) 2020-04-29 2022-05-03 한국전력공사 이종 기관 간 협업을 위한 빅데이터 플랫폼 및 전역 학습 모델을 이용한 빅데이터 학습 방법

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130110565A (ko) * 2012-03-29 2013-10-10 삼성전자주식회사 사용자 행동 실시간 인식장치 및 방법
US20140279614A1 (en) * 2013-03-14 2014-09-18 Wayne D. Lonstein Methods and systems for detecting, preventing and monietizing attempted unauthorized use and unauthorized use of media content
KR20150009727A (ko) * 2013-07-17 2015-01-27 양진호 단말인증을 통한 디지털 컨텐츠의 전송 장치 및 방법
KR20160029671A (ko) * 2014-09-05 2016-03-15 주식회사 좋은친구 해킹 시도의 조기 검출 방법 및 이에 사용되는 보안 서버
KR101662489B1 (ko) * 2016-02-12 2016-10-07 주식회사 디지캡 클라우드 기반의 공통 암호화를 지원하는 보안 프록시 서버 및 그 운영방법

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100933986B1 (ko) 2007-10-22 2009-12-28 한국전자통신연구원 네트워크 공격의 통합 시그니처 관리 및 분배 시스템 및방법
CN102498702A (zh) * 2009-07-20 2012-06-13 美国唯美安视国际有限公司 用于检测克隆回放装置的系统和方法
CN105074718A (zh) * 2013-02-15 2015-11-18 高通股份有限公司 具有多个分析仪模型提供商的移动设备中的在线行为分析引擎
KR20160095856A (ko) 2015-02-04 2016-08-12 한국전자통신연구원 새로운 공격 유형의 자동 탐지 및 공격 유형 모델 갱신을 통한 지능형 침입 탐지 시스템 및 방법
US10210453B2 (en) * 2015-08-17 2019-02-19 Adobe Inc. Behavioral prediction for targeted end users

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130110565A (ko) * 2012-03-29 2013-10-10 삼성전자주식회사 사용자 행동 실시간 인식장치 및 방법
US20140279614A1 (en) * 2013-03-14 2014-09-18 Wayne D. Lonstein Methods and systems for detecting, preventing and monietizing attempted unauthorized use and unauthorized use of media content
KR20150009727A (ko) * 2013-07-17 2015-01-27 양진호 단말인증을 통한 디지털 컨텐츠의 전송 장치 및 방법
KR20160029671A (ko) * 2014-09-05 2016-03-15 주식회사 좋은친구 해킹 시도의 조기 검출 방법 및 이에 사용되는 보안 서버
KR101662489B1 (ko) * 2016-02-12 2016-10-07 주식회사 디지캡 클라우드 기반의 공통 암호화를 지원하는 보안 프록시 서버 및 그 운영방법

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024079668A1 (fr) * 2022-10-13 2024-04-18 Cybersentry.Ai, Inc. Détection d'anomalie d'exécution de programme pour la cybersécurité
US11989296B2 (en) 2022-10-13 2024-05-21 Cybersentry.Ai, Inc. Program execution anomaly detection for cybersecurity

Also Published As

Publication number Publication date
KR101971790B1 (ko) 2019-05-13
KR20190036144A (ko) 2019-04-04

Similar Documents

Publication Publication Date Title
WO2014069777A1 (fr) Commande de transit pour des données
WO2012015171A2 (fr) Dispositif de commande à sécurité intégrée contre virus de piratage informatique
WO2016114601A1 (fr) Procédé pour service de notification de catastrophe ne nécessitant pas de collecte d'informations de localisation, et serveur de notification de catastrophe et système d'application associés
WO2013048111A2 (fr) Procédé et appareil de détection d'une intrusion dans un service informatique en nuage
WO2018056601A1 (fr) Dispositif et procédé de blocage de rançongiciel à l'aide d'une commande d'accès à un fichier de contenu
WO2019088686A1 (fr) Système et procédé de gestion de distribution de contenu à l'aide d'une technologie de chaîne de blocs
WO2023106504A1 (fr) Procédé, dispositif et support d'enregistrement lisible par ordinateur destinés : à la mesure de niveau d'observation, basée sur l'apprentissage automatique et utilisant un journal de système de serveur ; et au calcul de niveau de risque, selon cette mesure
WO2019066099A1 (fr) Système de détection de comportement anormal sur la base d'un modèle d'analyse intégré, et procédé associé
WO2021112494A1 (fr) Système et procédé de détection et de réponse de type gestion basée sur des points d'extrémité
WO2019039730A1 (fr) Dispositif et méthode pour empêcher les logiciels de rançon
WO2018097344A1 (fr) Procédé et système de vérification de validité de résultat de détection
WO2021162473A1 (fr) Système et procédé de détection d'intrusion dans un réseau embarqué dans un véhicule
WO2020159053A1 (fr) Chaîne de vérification d'intégrité pour vérifier l'intégrité d'un dispositif, et procédé pour vérifier l'intégrité d'un dispositif à l'aide de celle-ci
WO2017086757A1 (fr) Procédé et dispositif de maîtrise de la sécurité d'un dispositif cible à l'aide d'un tunnel sécurisé
WO2019124770A1 (fr) Appareil terminal et procédé de commande d'appareil terminal
WO2016064024A1 (fr) Dispositif et procédé de détection de connexion anormale
WO2018199366A1 (fr) Procédé et système permettant de détecter si un obscurcissement a été appliqué à un fichier dex et d'évaluer la sécurité
KR101971799B1 (ko) 통합된 분석 모델에 기초하여 이상 행동을 감지하는 시스템 및 그 방법
WO2018194196A1 (fr) Procédé et système de détection d'application d'obfuscation et d'évaluation de la sécurité d'un fichier elf
WO2016064040A1 (fr) Terminal utilisateur utilisant des informations de signature pour détecter si programme d'application a été altéré et procédé de détection de fraude à l'aide du terminal utilisateur
EP3714607A1 (fr) Procédé, appareil, et système de gestion d'empreinte électronique de fichier électronique
WO2011065768A2 (fr) Procédé de protection d'application et procédé d'exécution de l'application utilisant ledit procédé
WO2019066098A1 (fr) Système de détection d'utilisation illégale de contenu et procédé associé
WO2018070598A1 (fr) Dispositif de surveillance d'activité illégale à l'aide d'une évaluation d'influence de changement d'un code source et procédé associé
WO2018056582A1 (fr) Procédé d'inspection de paquet à l'aide d'une communication ssl

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17927443

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17927443

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载