INTEGRATED MONITORING SYSTEM FOR PERSONAL INFORMATION SECURITY PRODUCT

摘要

The present invention relates to an integrated management system for personal information security products comprising: a profiling cluster storage module; and an abnormal pattern analysis module. The profiling cluster storage module comprises: a task-based data converting unit which converts data using personal information for a task of a user into a task behavior list data; a task-based data extracting unit which extracts the task behavior list acquired by the data converting unit for each user; a task-based vector converting unit which vectorizes the extracted task behavior list for each user; a task-based clustering processing unit which uses a K-average algorithm to cluster the vectorized task behavior list and forms a task-based cluster; a task-based critical value calculating unit which uses t-digest algorithm to calculate a threshold value of a distance value between a center of the task-based cluster and factors; and a clustering storage unit which stores the task-based cluster and the threshold value of the distance value as a column-type data format. The abnormal pattern analysis module comprises an abnormal pattern determining unit which compares an analyzed distance value of a cluster acquired by a following personal information access behavior of the user with a threshold value of the task-based distance value acquired by the storage module, and determines whether abnormality occurs or not. The system analyzes task behavior of a user for logs generated and collected with no preset abnormal patterns, such that false positive rates or false negative rates can be reduced.