Provided are a log data analysis-based behavior detection method, apparatus, device, and medium. The method enables: obtaining first log data of each functional node of a person to be detected in a preset system; calculating a first access frequency of each functional node of the person to be detected, retrieving the target access frequency of each functional node, and performing a comparison; if the first access frequency of a functional node is greater than the target access frequency, then from the first log data, determining the sequence of access to the functional node by the person to be detected, establishing a first queue of the functional node, and splitting the first queue to obtain a first group; retrieving a preset benchmark group, and matching the first group with the reference group; if there is a group matching failure in said first group, then carrying out security protection, determining that the behavior of the person to be detected is abnormal, detecting abnormal behaviors more comprehensively and accurately, and alerting relevant personnel.
展开▼