CN108304704A - Authority control method, device, computer equipment and storage medium - Google Patents
Authority control method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN108304704A CN108304704A CN201810122839.0A CN201810122839A CN108304704A CN 108304704 A CN108304704 A CN 108304704A CN 201810122839 A CN201810122839 A CN 201810122839A CN 108304704 A CN108304704 A CN 108304704A
- Authority
- CN
- China
- Prior art keywords
- mark
- operation mark
- action event
- log
- same subscriber
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3438—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Quality & Reliability (AREA)
- Software Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
This application involves a kind of authority control method, system, computer equipment and storage mediums.The method includes:Obtain the operation log of multiple operation systems in preset duration;Operation log includes user identifier and operation mark, and there are correspondences for user identifier and operation mark;Corresponding operation mark is identified to same subscriber and carries out quantity statistics, obtains the operation amount of operation mark;Detection same subscriber identifies corresponding operation mark and whether the operation amount of operation mark triggers default monitoring condition;If so, reducing the corresponding user right of user identifier according to the default monitoring condition of triggering;User right is the permission operated to operation system.The risk that sensitive information leakage can be reduced using this method improves the safety of operation system.
Description
Technical field
This application involves field of computer technology, more particularly to a kind of authority control method, device, computer equipment and
Storage medium.
Background technology
Sensitive information may include:Individual privacy information, business operation information, financial information, personnel information, IT O&Ms letter
Breath etc..The usually distribution of the sensitive information of enterprise is stored in multiple corresponding operation systems.Sensitive information leakage can lead to property
The harmful effects such as loss, network service crashes, corporate reputation be compromised.Enterprise's sensitive information leakage in order to prevent, it will usually will
Sensitive information is stored again after being encrypted.Accordingly even when hacker has downloaded database, password cracking nor easy thing.
However, traditional sensitive information leakage prevention method, can only reduce the risk that enterprise external personnel steal sensitive information,
But it is difficult to take precautions against internal staff and directly obtains sensitive information from operation system.Therefore, cause to reveal by operation system
The case where sensitive information, remains to over and over again occur, and the safety of operation system is relatively low.
Invention content
Based on this, it is necessary in view of the above technical problems, provide a kind of permission control that can improve operation system safety
Method, apparatus, computer equipment and storage medium processed.
A kind of authority control method, the method includes:Obtain the operation log of multiple operation systems in preset duration;Institute
It includes user identifier and operation mark to state operation log, and there are correspondences with the operation mark for the user identifier;To phase
With user identifier, corresponding operation mark carries out quantity statistics, obtains the operation amount of the operation mark;Detect same subscriber
Whether the operation amount for identifying corresponding operation mark and the operation mark triggers default monitoring condition;If so, according to touching
The default monitoring condition of hair reduces the corresponding user right of the user identifier;The user right be to the operation system into
The permission of row operation.
The operation log for obtaining multiple operation systems in preset duration in one of the embodiments, including:It captures
In multiple operation systems it is multiple it is preset bury a little corresponding action event, and extract user identifier corresponding with the action event
And time identifier;The action event is parsed, operation mark corresponding with the action event is obtained;According to it is described
The corresponding user identifier of action event, time identifier and operation mark generate operation log;According to the time mark in operation log
Know, extracts the operation log of multiple operation systems in preset duration.
The time identifier according in operation log in one of the embodiments, extracts multiple industry in preset duration
The operation log of business system, including:Multiple operation logs are sent in buffer queue, according to operation log generated time according to
Secondary storage;The extraction operation daily record from the buffer queue every preset duration.
It is described in one of the embodiments, that the action event is parsed, it obtains corresponding with the action event
Operation mark, including:Judge whether the action event is sensitive operation event;The sensitive operation event includes logging in grasp
At least one of work, information inquiry operation and information down operation;If so, obtaining operation corresponding with the action event
Mark.
The action event is logon operation in one of the embodiments,;The acquisition is corresponding with the action event
Operation mark, including:Obtain the login result parameter of the register;The login result parameter includes logining successfully ginseng
Number and/or login failure parameter;Obtain operation mark corresponding with the login result parameter;It is described to login successfully parameter correspondence
First operation mark;The login failure parameter corresponds to the second operation mark;It is described that corresponding operation mark is identified to same subscriber
Know and carry out quantity statistics, obtains the operation amount of the operation mark, including:The first operation mark corresponding to same subscriber mark
Knowledge is counted to obtain the first number of operations, and/or is identified corresponding second operation mark to same subscriber and counted to obtain
Second number of operations.
The action event operates for information inquiry in one of the embodiments,;The acquisition and the action event
Corresponding operation mark, including:Obtain the corresponding searching keyword of described information inquiry operation;Judging the searching keyword is
It is no to be matched with preset sensitive keys word;If so, obtaining operation mark corresponding with matched sensitive keys word;The basis
User identifier corresponding with the action event, time identifier and operation mark generate operation log, including:According to the letter
It ceases the corresponding user identifier of inquiry operation, time identifier, operation mark and searching keyword and generates operation log.
It is described in one of the embodiments, that corresponding operation mark progress quantity statistics are identified to same subscriber, it obtains
The operation amount of the operation mark, including:When it includes a variety of operation marks that same subscriber, which identifies in corresponding operation log,
Quantity statistics are carried out to the operation mark of identical type, obtain the operation amount of each operation mark;The detection same subscriber
Whether the operation amount for identifying corresponding operation mark and the operation mark triggers default monitoring condition, including:Judge each
Whether the operation amount of operation mark is more than corresponding preset quantity;If so, judgement triggers and is more than corresponding preset quantity
Operation mark corresponding to default monitoring condition.
A kind of permission control device, described device include:Operation log acquisition module, it is multiple in preset duration for obtaining
The operation log of operation system;The operation log includes user identifier and operation mark, the user identifier and the operation
There are correspondences for mark;Operation amount statistical module carries out quantity system for identifying corresponding operation mark to same subscriber
Meter, obtains the operation amount of the operation mark;Monitoring module is operated, corresponding operation mark is identified for detecting same subscriber
Default monitoring condition whether is triggered with the operation amount of the operation mark;Permission control module, for being identified when same subscriber
When monitoring condition is preset in the triggering of the operation amount of corresponding operation mark and the operation mark, according to the default monitoring item of triggering
Part reduces the corresponding user right of the user identifier;The user right is the permission operated to the operation system.
A kind of computer equipment, including memory and processor, the memory are stored with computer program, the calculating
Machine program realizes the step of authority control method described in above-mentioned each embodiment when being executed by the processor.
A kind of computer readable storage medium, is stored thereon with computer program, which realizes when being executed by processor
The step of authority control method described in above-mentioned each embodiment.
Above-mentioned authority control method, device, computer equipment and storage medium, by obtaining multiple business in preset duration
The operation log of system carries out quantity statistics according to the user identifier and operation mark for including in operation log, obtains operand
Amount.By the way that operation mark and operation amount are matched with default monitoring condition, the default monitoring condition triggered.And root
The corresponding user right operated to operation system of user identifier is reduced according to the default monitoring condition of triggering.According to default prison
The operation log for controlling the multiple operation systems of condition monitoring, can find in time there are the action event of sensitive information leakage risk,
By reducing there are the corresponding user right operated to operation system of the user identifier of risk, sensitive information can be avoided
Further leakage, so as to improve the safety of operation system.
Description of the drawings
Fig. 1 is the application scenario diagram of authority control method in one embodiment;
Fig. 2 is the flow diagram of authority control method in one embodiment;
Fig. 3 is the flow diagram of authority control method in another embodiment;
Fig. 4 is the internal structure chart of one embodiment Computer equipment.
Specific implementation mode
It is with reference to the accompanying drawings and embodiments, right in order to make the object, technical solution and advantage of the application be more clearly understood
The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not
For limiting the application.
It is appreciated that term " first " used in this application, " second " etc. can be used to describe herein various elements,
But these elements should not be limited by these terms.These terms are only used to distinguish first element and another element.Citing comes
It says, in the case where not departing from scope of the present application, the first operation mark can be known as the second operation mark, and similarly,
Second operation mark can be known as the first operation mark.First operation mark and the second operation mark both operation mark,
But it is not same operation mark.
Authority control method provided by the present application can be applied in application environment as shown in Figure 1.Wherein, terminal 102
It is communicated by network with server 104.Terminal 102 may include multiple terminals, such as first terminal 102a, second terminal 102b
With third terminal 102c etc..Wherein, terminal 102 can be, but not limited to be various personal computers, laptop, intelligent hand
Machine, tablet computer and portable wearable device, server 104 can be formed with the either multiple servers of independent server
Server cluster realize.Terminal 102 can be connect with multiple operation systems, when register, information have occurred in terminal 102
When the action events such as inquiry operation, server 104 can according to corresponding to action event user identifier and operation mark generate behaviour
Make daily record.Server 104 can carry out quantity statistics to identifying corresponding operation mark to same subscriber, obtain the behaviour of operation mark
Make quantity.When server 104 detect same subscriber identify corresponding operation mark and operation mark operation amount triggering it is pre-
If when monitoring condition, server 104 can reduce the corresponding user right of the user identifier, user right is to be carried out to operation system
The permission of operation.The real-time monitoring operation event of monitoring condition is preset by basis, and there are sensitive information leakage wind for reduction in time
User right corresponding to the user identifier of danger, to improve the safety of operation system.
In one embodiment, as shown in Fig. 2, providing a kind of authority control method, it is applied in Fig. 1 in this way
It illustrates, includes the following steps for server:
Step 202, the operation log of multiple operation systems in preset duration is obtained;Operation log includes user identifier and behaviour
It makes a check mark, there are correspondences with operation mark for user identifier.
Operation system refers to enterprises for managing individual privacy information, business operation information, financial information, occurrences in human life letter
The system of the one or more of which sensitive informations such as breath, IT O&M information.Operation log refers to acting on end by monitoring user
The action event at end is formed by daily record.Wherein action event class includes the regular jobs event such as power-on operation and power-off operation,
It may also include the sensitive operations events such as the register for being directed to operation system, information inquiry operation and information down operation.With
Family mark refers to the mark for positioning operation event action object, such as can be the IP address (Internet of terminal
Protocol Address, Internet protocol address, IP address are one of each terminal distribution that IP agreement is on internet
The logical address of unified address format), it can also be user for the user account or IP address of registering service system and user
The combination of account.Operation mark refers to the mark for a kind of action event to be distinguished over to other action events.
In one embodiment, plug-in unit SDK (Software Development Kit, software development are mounted in terminal
Kit).SDK is the foot for developing generation in advance based on UI (User Interface, user interface) the cross-platform frame increased income
This.The cross-platform frames of UI can be React Native frames (a kind of cross-platform mobile application Development Framework increased income) or Weex
Frame (an a kind of expansible, cross-platform solution for dynamic programming and publication project) etc..SDK includes that data are adopted
Collection script, action event intercept script and action event reports script etc., for data acquisition, action event interception and operation thing
Part reports.Terminal can intercept user in the action event of multiple operation systems and corresponding with the action event by SDK
User identifier and operation mark, and operation log is generated according to the action event of interception.The operation day that terminal will can in real time generate
Will stores and local, and is sent to server every preset duration.
Step 204, corresponding operation mark is identified to same subscriber and carries out quantity statistics, obtain the operand of operation mark
Amount.
Due to can be attached by terminal and one or more operation systems according to multiple user accounts, and terminal can be
It is multiple, therefore the operation log of multiple operation systems may include a variety of user identifiers and operation mark.To same subscriber mark pair
The operation mark for including in the operation log answered carries out quantity statistics, obtains the operation amount of operation mark.For example, can to comprising
The operation log of identical IP address is counted, and the corresponding operation amount of each IP address is obtained.It for another example, can be to comprising identical
The operation log of user account is counted, and the corresponding operation amount of each user account is obtained.It further can also be to identical
The operation log of user identifier and same operation mark is counted, and corresponding operation amount is obtained.
In one embodiment, operation log further includes system banner.Wherein system banner refers to for by a business
System distinguishes over the mark of other operation systems.In user's registering service system, or inquires and grasp in operation system execution information
When work or information down operation, the corresponding system banner of the operation system can record.It can be to same subscriber mark and same system
The operation log of mark is counted, and the operation amount of operation mark is obtained;It can also be to same subscriber mark and same operation
The operation log of mark is counted, and the operation amount of system banner is obtained;Or it can be identified with same subscriber, same system
The operation log of mark and same operation mark is counted, and corresponding operation amount is obtained, without being limited thereto.
Step 206, detection same subscriber identify corresponding operation mark and operation mark operation amount whether trigger it is pre-
If monitoring condition.
Default monitoring condition refers to the preset condition that whether there is sensitive information leakage risk for policer operation event.
Default monitoring condition can be described to constitute by conditions such as user identifier, operation mark, operation amounts.The identical use that statistics can be obtained
Family identifies the operation amount of corresponding operation mark and operation mark, is matched, is detected whether with multiple default monitoring conditions
There are matched default monitoring conditions.If in the presence of judging that same subscriber identifies the behaviour of corresponding operation mark and operation mark
Make quantity triggering and presets monitoring condition.
In one embodiment, corresponding operation mark is identified to same subscriber and carries out quantity statistics, obtain operation mark
Operation amount, including:When it includes a variety of operation marks that same subscriber, which identifies in corresponding operation log, to identical type
Operation mark carries out quantity statistics, obtains the operation amount of each operation mark;It detects same subscriber and identifies corresponding operation mark
Know and whether the operation amount of operation mark triggers default monitoring condition, including:Judging the operation amount of each operation mark is
It is no to be more than corresponding preset quantity;If so, judgement triggering be more than corresponding preset quantity operation mark corresponding to it is pre-
If monitoring condition.
Several default monitoring conditions have been illustrated in table 1.It is corresponding when statistics obtains in user account " 001 " 24 hours
The operation amount of the operation mark of some registers be 25, and also correspond to 8 system banners, due to 8 be more than preset quantity 7,
Then explanation triggers default monitoring condition " logging in multiple systems with account ".When statistics obtains in user account " 001 " 24 hours,
The event of logining successfully is corresponding with 5 IP address, then explanation triggers default monitoring condition " successfully being logged in the more IP of account ".
Table 1
Step 208, when same subscriber identifies the default monitoring of operation amount triggering of corresponding operation mark and operation mark
When condition, then the corresponding user right of user identifier is reduced according to the default monitoring condition of triggering;User right is to business system
The permission that system is operated.
User right refers to the permission operated to operation system, such as, the power of user account registering service system
Information download after the permission, user account registering service system of information inspection after limit, user account registering service system
The permission of permission or terminal connection operation system, but not limited to this.When detecting that monitoring condition is preset in triggering, then illustrate
There are the risk of sensitive information leakage, need to reduce the corresponding user right of user identifier.Reduce the corresponding user of user identifier
The mode of permission may include a variety of permission control strategies, such as, the permission of user account registering service system is limited, or reduce
The information etc. that can be checked after user account registering service system, the access request to operation system that refusal terminal is sent.
For example, when detect IP address be 116.24.64.100 terminal trigger default monitoring condition " in mono- hour of IP
Logon account number be more than 5 ", then can receive again IP address be 116.24.64.100 terminal send to business system
When the access request of system, refuse the access request;It can also refuse to trigger pair that the user account of the default monitoring condition is sent
The access request of operation system, no matter whether the access request sends from IP address 116.24.64.100.
In one embodiment, each default monitoring condition can be directed to, globally unique condition ID is set, and to each pre-
If monitoring condition configures corresponding permission control strategy.Monitoring condition and other default monitoring items will be each preset by condition ID
Part distinguishes.When detecting that triggering presets the same subscriber of monitoring condition and identify the operation of corresponding operation mark and operation mark
When quantity, the condition ID of the default monitoring condition of the triggering is recorded.After the user identifier for extracting the default monitoring condition that sets out,
Permission control strategy that can be corresponding to the condition ID according to triggering reduces the corresponding user right of the user identifier.Different condition ID
Default monitoring condition can correspond to identical or different permission control strategy.
For example, when the condition ID of triggering is 1 default monitoring condition, relative users account is locked, makes it pre-
If being unable to registering service system in the time;When the condition ID of triggering is 2 default monitoring condition, relative users account is added
Blacklist makes it could registering service system after being verified by Account Review or by administrative staff;When triggering
When the default monitoring condition that condition ID is 3, the verification page is sent when relative users account asks registering service system again, than
If said, preset privacy problem can be transmitted, only could carry out next step operation when user inputs correct option, can prevent
The case where other people appropriating accounts.
In above-mentioned authority control method, by obtaining the operation log of multiple operation systems in preset duration, according to operation
The user identifier and operation mark for including in daily record are counted, and operation amount is obtained.By by operation mark and operation amount
It is matched with default monitoring condition, the default monitoring condition triggered.And it is reduced and is used according to the default monitoring condition of triggering
Family identifies the corresponding user right operated to operation system.The behaviour of multiple operation systems is monitored according to default monitoring condition
Make daily record, can find that, there are the action event of sensitive information leakage risk, there are the user identifiers of risk by reducing in time
The corresponding user right operated to operation system can avoid the further leakage of sensitive information, so as to improve
The safety of operation system.
It should be understood that although each step in the flow chart of Fig. 2 is shown successively according to the instruction of arrow, this
A little steps are not that the inevitable sequence indicated according to arrow executes successively.Unless expressly state otherwise herein, these steps
It executes there is no the limitation of stringent sequence, these steps can execute in other order.Moreover, at least part in Fig. 2
Step may include that either these sub-steps of multiple stages or stage are executed in synchronization to multiple sub-steps
It completes, but can execute at different times, the execution sequence in these sub-steps or stage is also not necessarily to be carried out successively,
But it can either the sub-step of other steps or at least part in stage execute in turn or alternately with other steps.
In one embodiment, the operation log of multiple operation systems in preset duration is obtained, including:Capture multiple business
In system it is multiple it is preset bury a little corresponding action event, and extract user identifier corresponding with action event and time identifier;
Action event is parsed, operation mark corresponding with action event is obtained;According to user identifier corresponding with action event,
Time identifier and operation mark generate operation log;According to the time identifier in operation log, multiple industry in preset duration are extracted
The operation log of business system.
Can be pre-set in operation system it is preset bury a little, such as can be directed to operation system in control, text, picture,
Report etc., which is pre-set, to be buried a little.After user connects operation system by terminal, control, the text in operation system can trigger
Preset corresponding to sheet, picture, report etc. is buried a little.When it is preset bury a little be triggered when, for example when terminal receives act on control
Clicking operation when, or when terminal detects the down operation for acting on report, terminal can will collect action event,
And after extracting user identifier corresponding with action event and time identifier, action event is reported into server.Server can be caught
It catches and multiple in multiple operation systems preset buries a little corresponding action event.The time point institute that time identifier occurs for action event
The mark of formation.Since action event may include register, information inquiry operation and information down operation etc., it is therefore desirable to right
Action event is parsed, and operation mark corresponding with action event is obtained.
It, can be according to user corresponding with action event by after obtaining user identifier, time identifier and operation mark
Mark, time identifier and operation mark generate operation log so that can be according to the time identifier in operation log, when extracting default
The operation log of multiple operation systems in long obtains the precision of operation amount to improve statistics, can be accurately by behaviour
Make quantity to match with default monitoring condition, and reduces the corresponding user right of user identifier in time.Thus, it is possible to take precautions against more in time
The leakage of sensitive information improves the safety of operation system.
In one embodiment, according to the time identifier in operation log, multiple operation systems in preset duration are extracted
Operation log, including:Multiple operation logs are sent in buffer queue, are stored successively according to the generated time of operation log;
The extraction operation daily record from buffer queue every preset duration.
Wherein, buffer queue refers to the message queue for storing operation log.Can according to the generated time of operation log,
The operation log of multiple operation systems is sent in buffer queue in real time and is stored so that server can be according to operation log
Generated time the operation log in buffer queue is handled.
Since action event is constantly occurring, the related data very magnanimity of action event, if being handled in real time not
Convenient for management.Action event can be collected in terminal, and extract user identifier corresponding with action event and time identifier it
Afterwards, the related data of action event is stored in terminal local, and every the first preset duration by detected action event
Related data generate operation log be sent in buffer queue.Server is extracted every the second preset duration from buffer queue
Operation log, and the second preset duration is more than the first preset duration.Such as every 10 minutes by the operation thing detected by terminal
The related data of part generates operation log and is sent in buffer queue, and server was every 1 hour extraction operation from buffer queue
Daily record.Can be by the management to buffer queue, for example the operation log for exceeding third preset duration in buffer queue is deleted, it improves
The utilization ratio of server memory resource.
In one embodiment, action event is parsed, obtains operation mark corresponding with action event, including:
Judge whether action event is sensitive operation event;Sensitive operation event includes under register, information inquiry operation and information
Carry at least one of operation;If so, obtaining operation mark corresponding with action event.
Sensitive operation event refers to that may result in the operation of sensitive information leakage.Register refers to user in terminal
Pass through the operation of user account registering service system.Information inquiry operation refers to user's Query Information after registering service system
Operation.Information down operation refers to the operation of user's download information after registering service system.Each sensitive operation event
It is all preset with corresponding globally unique operation mark, for each sensitive operation event to be distinguished over other action events.
In one embodiment, action event is register, obtains operation mark corresponding with action event, including:
Obtain the login result parameter of register;Login result parameter includes logining successfully parameter and/or login failure parameter;It obtains
Operation mark corresponding with login result parameter;It logins successfully parameter and corresponds to the first operation mark;Login failure parameter corresponds to the
Two operation marks;Corresponding operation mark is identified to same subscriber and carries out quantity statistics, obtains the operation amount of operation mark, is wrapped
It includes:Corresponding first operation mark is identified to same subscriber to be counted to obtain the first number of operations, and/or to same subscriber mark
Know corresponding second operation mark to be counted to obtain the second number of operations.
Login result parameter refers to the parameter generated according to the login result of register, including login successfully parameter and/
Or login failure parameter.First number of operations is corresponding with the first operation mark, and the second number of operations is corresponding with the second operation mark.
When user by terminal inputs user account and when user password, server can receive and verify the user account of terminal transmission with
Corresponding user password.When being verified, it is believed that detect that when logining successfully event, server, which can be fed back, logins successfully ginseng
It counts to terminal;It is obstructed out-of-date when verifying, it is believed that when detecting login failure event, server can feed back login failure parameter extremely
Terminal.
When user is from terminal browser registering service system, browser can send out a login page and ask to taking first
Business device, server can ask to return to login page response according to login page, and point JS can be buried comprising one section in login page response
Code.Terminal can respond display systems login page according to login page.This buries point JS codes meeting dynamic creation script tag,
And the script tag is directed toward an individual data collection script, this individual data collection script can be by browser at this time
It asks and executes, for collecting operation data.After the completion of operation data is collected, operation that data collection script can will be collected into
Data are with hypertext transfer protocol HTTP (Hyper Text Transport Protocol, hypertext transfer protocol) parameter
Form returns to server, and server can parse HTTP parameters, obtains user account, the IP address of terminal, system banner, time
The information such as mark, login result parameter.
It counts same subscriber and identifies corresponding first number of operations of the first operation mark and second in corresponding operation log
After corresponding second number of operations of operation mark, detection same subscriber identifies the operation of corresponding operation mark and operation mark
Whether quantity triggers default monitoring condition, including:It detects the first number of operations or whether the second number of operations triggers default monitoring
Condition.For example, when 24 is small, corresponding second number of operations of interior second operation mark is more than 20, then the default monitoring of triggering
Condition " with account homologous ray login failure number ".
In one embodiment, action event operates for information inquiry;Obtain operation mark corresponding with action event, packet
It includes:It obtains information inquiry and operates corresponding searching keyword;Judge whether searching keyword matches with preset sensitive keys word;
If so, obtaining operation mark corresponding with matched sensitive keys word;According to user identifier corresponding with action event, time
Mark and operation mark generate operation log, including:According to user identifier corresponding with information inquiry operation, time identifier, behaviour
It makes a check mark and generates operation log with searching keyword.
When user is by terminal browser registering service system and Query Information, user needs in input inquiry keyword
Click the inquiry control for Query Information later, therefore can control is preset buries a little to inquiry.Terminal can be acted on detecting
When inquiring the clicking operation of control, a preset response file is asked to server by the preset triggering browser that buries.Than
As said, response file can be the blank gif pictures of 1K sizes.After server receives the request, you can think to capture
Information inquiry operates, and obtains information inquiry and operate corresponding searching keyword.By by searching keyword and preset sensitivity
Keywords matching, for example when searching keyword is " client ", " fund ", " phone number " etc., then can determine whether that user inquires is
Sensitive information obtains operation mark corresponding with matched sensitive keys word.It can also be according to use corresponding with information inquiry operation
Family mark, time identifier, operation mark and searching keyword generate operation log.
Operation log can be made of multiple fields.For example, it may include [user account] field, [IP address] field,
[time identifier] field, [operation mark] field etc..[operation mark] field such as information inquiry operation can corresponding field " look into
It askes ".Each action event can also be numbered, for example, parent action event may include register number be 001, information
Inquiry operation number is 002, information down operation number is 003.And parent action event can be also subdivided into subclass operation thing
Part, for example including logining successfully, Case Number is 001a to the subclass action event of register and login failure Case Number is
001b.[inquiry] field can be also directed to and preset [sensitive keys word] field, for example sensitive keys word can be " customer name ", " hand
Machine number " etc..
In one embodiment, after reducing the corresponding user right of user identifier according to the default monitoring condition of triggering,
Further include:The operation log corresponding to default monitoring condition according to triggering generates warning mail and is sent to operation system correspondence
Management mailbox.Wherein, it alerts and may include multiple fields in operation log in mail, such as [user account] field, [IP
Location] field, [time identifier] field, [preset duration] field, [operation mark] field, [sensitive keys word] field etc. wherein one
Kind or a variety of combinations alert in mail and may also include [operation amount] field.Such as preset monitoring condition when user triggers
" inquiry client-aware information number is more than 30 times in user 1 hour ", the content for alerting mail can be the default monitoring condition and
“user5022017/9/15 22:10-23:10 inquiry customer name/phone numbers 50 times ", wherein " user502 " is [user
Account] field, " 2017/9/15 " be [time identifier] field, " 22:10-23:10 " be [preset duration] field, and " inquiry " is
[operation mark] field, " customer name/phone number " are [sensitive keys word] field, and " 50 times " are [operation amount] field.
It is corresponding by the way that the default monitoring condition of triggering and relevant field information are sent to operation system in the form of alerting mail
Manage mailbox so that the administrative staff of operation system can alert and manage to the user for triggering default monitoring condition in time
Deng.
In one embodiment, further include after the operation log of multiple operation systems in acquisition preset duration:Pass through
Preset Encryption Algorithm encrypts operation log;Encrypted operation log is stored to default disk.Such as it will be after encryption
Operation log be stored in a unified NAS (Network Attached Storage, network attached storage can pass through association
View is connect with server, for storing exclusive data) or mobile hard disk, for backing up and subsequent retrospect.
In one embodiment, as shown in figure 3, providing a kind of permission control device 300, which includes:Operate day
Will acquisition module 302, the operation log for obtaining multiple operation systems in preset duration;Operation log include user identifier and
There are correspondences for operation mark, user identifier and operation mark;Operation amount statistical module 304, for same subscriber mark
Know corresponding operation mark and carry out quantity statistics, obtains the operation amount of operation mark;Monitoring module 306 is operated, for detecting
Same subscriber identifies corresponding operation mark and whether the operation amount of operation mark triggers default monitoring condition;Permission controls mould
Block 308, when monitoring condition is preset in the operation amount triggering for identifying corresponding operation mark and operation mark when same subscriber,
The corresponding user right of user identifier is reduced according to the default monitoring condition of triggering;User right is to be operated to operation system
Permission.
In one embodiment, operation log acquisition module 302 is additionally operable to capture multiple in multiple operation systems preset bury
The corresponding action event of point, and extract user identifier corresponding with action event and time identifier;Action event is solved
Analysis, obtains operation mark corresponding with action event;According to user identifier corresponding with action event, time identifier and operation mark
Know and generates operation log;According to the time identifier in operation log, the operation log of multiple operation systems in preset duration is extracted.
In one embodiment, operation log acquisition module 302 is additionally operable to multiple operation logs being sent to buffer queue
In, it is stored successively according to the generated time of operation log;The extraction operation daily record from buffer queue every preset duration.
In one embodiment, operation log acquisition module 302 is additionally operable to judge whether action event is sensitive operation thing
Part;Sensitive operation event includes at least one of register, information inquiry operation and information down operation;If so, obtaining
Take operation mark corresponding with action event.
In one embodiment, action event is logon operation, and operation log acquisition module 302, which is additionally operable to obtain, logs in behaviour
The login result parameter of work;Login result parameter includes logining successfully parameter and/or login failure parameter;Acquisition and login result
The corresponding operation mark of parameter;It logins successfully parameter and corresponds to the first operation mark;Login failure parameter corresponds to the second operation mark;
Operation amount statistical module 304 is additionally operable to be counted to obtain the first operation to corresponding first operation mark of same subscriber mark
Number, and/or corresponding second operation mark is identified to same subscriber and is counted to obtain the second number of operations.
In one embodiment, action event operates for information inquiry, and operation log acquisition module 302 is additionally operable to obtain letter
Cease the corresponding searching keyword of inquiry operation;Judge whether searching keyword matches with preset sensitive keys word;If so, obtaining
Take operation mark corresponding with matched sensitive keys word;According to user identifier corresponding with information inquiry operation, time identifier,
Operation mark and searching keyword generate operation log.
In one embodiment, operation amount statistical module 304 is additionally operable to identify corresponding operation log when same subscriber
In when including a variety of operation marks, quantity statistics are carried out to the operation mark of identical type, obtain the operation of each operation mark
Quantity;Operation monitoring module 306 is additionally operable to judge whether the operation amount of each operation mark is more than corresponding preset quantity;If
It is then to judge triggering and the default monitoring condition corresponding to the operation mark more than corresponding preset quantity.
Specific about permission control device limits the restriction that may refer to above for authority control method, herein not
It repeats again.Modules in above-mentioned permission control device can be realized fully or partially through software, hardware and combinations thereof.On
Stating each module can be embedded in or independently of in the processor in computer equipment, can also store in a software form in the form of hardware
In memory in computer equipment, the corresponding operation of the above modules is executed in order to which processor calls.
In one embodiment, a kind of computer equipment is provided, which can be server, internal junction
Composition can be as shown in Figure 4.The computer equipment include the processor connected by system bus, memory, network interface and
Database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory packet of the computer equipment
Include non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program and data
Library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating
The database of machine equipment is used to store the operation log of multiple operation systems.The network interface of the computer equipment is used for and outside
Terminal communicated by network connection.To realize a kind of authority control method when the computer program is executed by processor.
It will be understood by those skilled in the art that structure shown in Fig. 4, is only tied with the relevant part of application scheme
The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment
May include either combining certain components than more or fewer components as shown in the figure or being arranged with different components.
In one embodiment, a kind of computer equipment, including memory and processor are provided, memory is stored with meter
Calculation machine program, realizes following steps when computer program is executed by processor:Obtain the behaviour of multiple operation systems in preset duration
Make daily record;Operation log includes user identifier and operation mark, and there are correspondences for user identifier and operation mark;To identical use
Family identifies corresponding operation mark and carries out quantity statistics, obtains the operation amount of operation mark;Same subscriber mark is detected to correspond to
Operation mark and the operation amount of operation mark whether trigger default monitoring condition;If so, according to the default monitoring of triggering
Condition reduces the corresponding user right of user identifier;User right is the permission operated to operation system.
In one embodiment, when computer program is executed by processor, multiple industry in the acquisition preset duration realized
The step of operation log of business system, including:Capture in multiple operation systems it is multiple it is preset bury a little corresponding action event, and
Extraction user identifier corresponding with action event and time identifier;Action event is parsed, is obtained corresponding with action event
Operation mark;Operation log is generated according to user identifier corresponding with action event, time identifier and operation mark;According to behaviour
Make the time identifier in daily record, extracts the operation log of multiple operation systems in preset duration.
In one embodiment, when computer program is executed by processor, realized according to the time in operation log
The step of identifying, extracting the operation log of multiple operation systems in preset duration, including:Multiple operation logs are sent to caching
In queue, stored successively according to the generated time of operation log;The extraction operation daily record from buffer queue every preset duration.
In one embodiment, when computer program is executed by processor, that is realized parses action event, obtains
The step of to operation mark corresponding with action event, including:Judge whether action event is sensitive operation event;Sensitive operation
Event includes at least one of register, information inquiry operation and information down operation;If so, acquisition and action event
Corresponding operation mark.
In one embodiment, action event is logon operation;When computer program is executed by processor, that is realized obtains
The step of taking operation mark corresponding with action event, including:Obtain the login result parameter of register;Login result parameter
Including logining successfully parameter and/or login failure parameter;Obtain operation mark corresponding with login result parameter;Login successfully ginseng
Corresponding first operation mark of number;Login failure parameter corresponds to the second operation mark;Being identified to same subscriber for being realized is corresponding
Operation mark carries out quantity statistics, the step of obtaining the operation amount of operation mark, including:To same subscriber mark corresponding the
One operation mark is counted to obtain the first number of operations, and/or is identified corresponding second operation mark to same subscriber and carried out
Statistics obtains the second number of operations.
In one embodiment, action event operates for information inquiry;When computer program is executed by processor, realized
Acquisition corresponding with action event operation mark the step of, including:It obtains information inquiry and operates corresponding searching keyword;Sentence
Whether disconnected searching keyword matches with preset sensitive keys word;If so, obtaining behaviour corresponding with matched sensitive keys word
It makes a check mark;The basis realized user identifier corresponding with action event, time identifier and operation mark generate operation log
Step, including:It is generated according to user identifier corresponding with information inquiry operation, time identifier, operation mark and searching keyword
Operation log.
In one embodiment, when computer program is executed by processor, being identified to same subscriber for being realized is corresponding
Operation mark carries out quantity statistics, the step of obtaining the operation amount of operation mark, including:When same subscriber identifies corresponding behaviour
When making in daily record comprising a variety of operation marks, quantity statistics are carried out to the operation mark of identical type, obtain each operation mark
Operation amount;The detection same subscriber realized identifies corresponding operation mark and whether the operation amount of operation mark triggers
The step of default monitoring condition, including:Judge whether the operation amount of each operation mark is more than corresponding preset quantity;If
It is then to judge triggering and the default monitoring condition corresponding to the operation mark more than corresponding preset quantity.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program realizes following steps when being executed by processor:Obtain the operation log of multiple operation systems in preset duration;Operate day
Will includes user identifier and operation mark, and there are correspondences for user identifier and operation mark;Same subscriber is identified corresponding
Operation mark carries out quantity statistics, obtains the operation amount of operation mark;Detect same subscriber identify corresponding operation mark and
Whether the operation amount of operation mark triggers default monitoring condition;If so, reducing user according to the default monitoring condition of triggering
Identify corresponding user right;User right is the permission operated to operation system.
In one embodiment, when computer program is executed by processor, multiple industry in the acquisition preset duration realized
The step of operation log of business system, including:Capture in multiple operation systems it is multiple it is preset bury a little corresponding action event, and
Extraction user identifier corresponding with action event and time identifier;Action event is parsed, is obtained corresponding with action event
Operation mark;Operation log is generated according to user identifier corresponding with action event, time identifier and operation mark;According to behaviour
Make the time identifier in daily record, extracts the operation log of multiple operation systems in preset duration.
In one embodiment, when computer program is executed by processor, realized according to the time in operation log
The step of identifying, extracting the operation log of multiple operation systems in preset duration, including:Multiple operation logs are sent to caching
In queue, stored successively according to the generated time of operation log;The extraction operation daily record from buffer queue every preset duration.
In one embodiment, when computer program is executed by processor, that is realized parses action event, obtains
The step of to operation mark corresponding with action event, including:Judge whether action event is sensitive operation event;Sensitive operation
Event includes at least one of register, information inquiry operation and information down operation;If so, acquisition and action event
Corresponding operation mark.
In one embodiment, action event is logon operation;When computer program is executed by processor, that is realized obtains
The step of taking operation mark corresponding with action event, including:Obtain the login result parameter of register;Login result parameter
Including logining successfully parameter and/or login failure parameter;Obtain operation mark corresponding with login result parameter;Login successfully ginseng
Corresponding first operation mark of number;Login failure parameter corresponds to the second operation mark;Being identified to same subscriber for being realized is corresponding
Operation mark carries out quantity statistics, the step of obtaining the operation amount of operation mark, including:To same subscriber mark corresponding the
One operation mark is counted to obtain the first number of operations, and/or is identified corresponding second operation mark to same subscriber and carried out
Statistics obtains the second number of operations.
In one embodiment, action event operates for information inquiry;When computer program is executed by processor, realized
Acquisition corresponding with action event operation mark the step of, including:It obtains information inquiry and operates corresponding searching keyword;Sentence
Whether disconnected searching keyword matches with preset sensitive keys word;If so, obtaining behaviour corresponding with matched sensitive keys word
It makes a check mark;The basis realized user identifier corresponding with action event, time identifier and operation mark generate operation log
Step, including:It is generated according to user identifier corresponding with information inquiry operation, time identifier, operation mark and searching keyword
Operation log.
In one embodiment, when computer program is executed by processor, being identified to same subscriber for being realized is corresponding
Operation mark carries out quantity statistics, the step of obtaining the operation amount of operation mark, including:When same subscriber identifies corresponding behaviour
When making in daily record comprising a variety of operation marks, quantity statistics are carried out to the operation mark of identical type, obtain each operation mark
Operation amount;The detection same subscriber realized identifies corresponding operation mark and whether the operation amount of operation mark triggers
The step of default monitoring condition, including:Judge whether the operation amount of each operation mark is more than corresponding preset quantity;If
It is then to judge triggering and the default monitoring condition corresponding to the operation mark more than corresponding preset quantity.
One of ordinary skill in the art will appreciate that realizing all or part of flow in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the flow of the embodiment of above-mentioned each method.Wherein,
Any reference to memory, storage, database or other media used in each embodiment provided herein,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include
Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms,
Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing
Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above example can be combined arbitrarily, to keep description succinct, not to above-described embodiment
In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance
Shield is all considered to be the range of this specification record.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, under the premise of not departing from the application design, various modifications and improvements can be made, these belong to the protection of the application
Range.Therefore, the protection domain of the application patent should be determined by the appended claims.
Claims (10)
1. a kind of authority control method, the method includes:
Obtain the operation log of multiple operation systems in preset duration;The operation log includes user identifier and operation mark,
There are correspondences with the operation mark for the user identifier;
Corresponding operation mark is identified to same subscriber and carries out quantity statistics, obtains the operation amount of the operation mark;
Detection same subscriber identifies corresponding operation mark and whether the operation amount of the operation mark triggers default monitoring item
Part;
If so, reducing the corresponding user right of the user identifier according to the default monitoring condition of triggering;The user right
For the permission operated to the operation system.
2. according to the method described in claim 1, it is characterized in that, the operation for obtaining multiple operation systems in preset duration
Daily record, including:
Capture in multiple operation systems it is multiple it is preset bury a little corresponding action event, and extract corresponding with the action event
User identifier and time identifier;
The action event is parsed, operation mark corresponding with the action event is obtained;
Operation log is generated according to user identifier corresponding with the action event, time identifier and operation mark;
According to the time identifier in operation log, the operation log of multiple operation systems in preset duration is extracted.
3. according to the method described in claim 2, it is characterized in that, the time identifier according in operation log, extraction are pre-
If the operation log of multiple operation systems in duration, including:
Multiple operation logs are sent in buffer queue, are stored successively according to the generated time of operation log;
The extraction operation daily record from the buffer queue every preset duration.
4. according to the method described in claim 2, it is characterized in that, described parse the action event, obtain and institute
The corresponding operation mark of action event is stated, including:
Judge whether the action event is sensitive operation event;The sensitive operation event includes register, information inquiry
At least one of operation and information down operation;
If so, obtaining operation mark corresponding with the action event.
5. according to the method described in claim 4, it is characterized in that, the action event is logon operation;The acquisition and institute
The corresponding operation mark of action event is stated, including:
Obtain the login result parameter of the register;The login result parameter includes logining successfully parameter and/or login
Failure parameter;
Obtain operation mark corresponding with the login result parameter;The parameter that logins successfully corresponds to the first operation mark;Institute
It states login failure parameter and corresponds to the second operation mark;
It is described that corresponding operation mark progress quantity statistics are identified to same subscriber, the operation amount of the operation mark is obtained,
Including:
Corresponding first operation mark is identified to same subscriber to be counted to obtain the first number of operations, and/or to same subscriber
Corresponding second operation mark is identified to be counted to obtain the second number of operations.
6. according to the method described in claim 4, it is characterized in that, the action event operates for information inquiry;The acquisition
Operation mark corresponding with the action event, including:
Obtain the corresponding searching keyword of described information inquiry operation;
Judge whether the searching keyword matches with preset sensitive keys word;
If so, obtaining operation mark corresponding with matched sensitive keys word;
Basis user identifier corresponding with the action event, time identifier and operation mark generate operation log, including:
It is generated and is grasped according to user identifier corresponding with described information inquiry operation, time identifier, operation mark and searching keyword
Make daily record.
7. according to the method described in claim 1 to 6 any one, which is characterized in that described corresponding to same subscriber mark
Operation mark carries out quantity statistics, obtains the operation amount of the operation mark, including:
When it includes a variety of operation marks that same subscriber, which identifies in corresponding operation log, the operation mark of identical type is carried out
Quantity statistics obtain the operation amount of each operation mark;
The detection same subscriber identifies corresponding operation mark and whether the operation amount of the operation mark triggers default prison
Control condition, including:
Judge whether the operation amount of each operation mark is more than corresponding preset quantity;
If so, judgement triggering and the default monitoring condition corresponding to the operation mark more than corresponding preset quantity.
8. a kind of permission control device, which is characterized in that described device includes:
Operation log acquisition module, the operation log for obtaining multiple operation systems in preset duration;The operation log packet
User identifier and operation mark are included, there are correspondences with the operation mark for the user identifier;
Operation amount statistical module carries out quantity statistics for identifying corresponding operation mark to same subscriber, obtains the behaviour
The operation amount to make a check mark;
Monitoring module is operated, the operation amount of corresponding operation mark and the operation mark is identified for detecting same subscriber is
Monitoring condition is preset in no triggering;
Permission control module, the operation amount triggering for identifying corresponding operation mark and the operation mark when same subscriber
When default monitoring condition, the corresponding user right of the user identifier is reduced according to the default monitoring condition of triggering;The user
Permission is the permission operated to the operation system.
9. a kind of computer equipment, including memory and processor, the memory are stored with computer program, feature exists
In when the computer program is executed by the processor the step of any one of realization claim 1 to 7 the method.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step of method described in any one of claim 1 to 7 is realized when being executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810122839.0A CN108304704B (en) | 2018-02-07 | 2018-02-07 | Authority control method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810122839.0A CN108304704B (en) | 2018-02-07 | 2018-02-07 | Authority control method and device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108304704A true CN108304704A (en) | 2018-07-20 |
| CN108304704B CN108304704B (en) | 2021-02-09 |
Family
ID=62864605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810122839.0A Active CN108304704B (en) | 2018-02-07 | 2018-02-07 | Authority control method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108304704B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109032819A (en) * | 2018-07-27 | 2018-12-18 | 郑州云海信息技术有限公司 | Synchronous method, device, equipment and the storage medium of message event between a kind of system |
| CN109657485A (en) * | 2018-12-13 | 2019-04-19 | 广州虎牙信息科技有限公司 | Permission processing method, device, terminal device and storage medium |
| CN109684863A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | Data leakage prevention method, device, equipment and storage medium |
| CN109840693A (en) * | 2019-01-04 | 2019-06-04 | 平安科技(深圳)有限公司 | It attends a banquet behavior safety monitoring method, device, computer equipment and storage medium |
| CN109858735A (en) * | 2018-12-14 | 2019-06-07 | 深圳壹账通智能科技有限公司 | Consumer's risk scoring assessment method, device, computer equipment and storage medium |
| CN109871211A (en) * | 2019-01-28 | 2019-06-11 | 平安科技(深圳)有限公司 | Information displaying method and device |
| CN110647512A (en) * | 2019-09-29 | 2020-01-03 | 北京思维造物信息科技股份有限公司 | Data storage and analysis method, device, equipment and readable medium |
| CN110708495A (en) * | 2019-10-15 | 2020-01-17 | 广州国音智能科技有限公司 | Video conference monitoring method, terminal and readable storage medium |
| CN111124830A (en) * | 2019-12-24 | 2020-05-08 | 个体化细胞治疗技术国家地方联合工程实验室(深圳) | Monitoring method and device for micro-service |
| CN111224920A (en) * | 2018-11-23 | 2020-06-02 | 珠海格力电器股份有限公司 | Method, device, equipment and computer storage medium for preventing illegal login |
| CN111353163A (en) * | 2018-12-24 | 2020-06-30 | 华为技术有限公司 | Method, device and storage medium for determining access authority |
| CN111800295A (en) * | 2020-06-23 | 2020-10-20 | 四川虹美智能科技有限公司 | Server audit management method, device and system |
| WO2023280053A1 (en) * | 2021-07-07 | 2023-01-12 | 阿里云计算有限公司 | Data processing method and system, and electronic device and storage medium |
| CN115967521A (en) * | 2022-09-08 | 2023-04-14 | 平安银行股份有限公司 | Sensitive information operation monitoring method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102082704A (en) * | 2009-11-30 | 2011-06-01 | 中国移动通信集团河北有限公司 | Safety monitoring method and system |
| CN102946319A (en) * | 2012-09-29 | 2013-02-27 | 焦点科技股份有限公司 | System and method for analyzing network user behavior information |
| US8516107B2 (en) * | 2010-05-28 | 2013-08-20 | Computer Associates Think, Inc. | Privileged activity monitoring through privileged user password management and log management systems |
| CN106295388A (en) * | 2015-06-04 | 2017-01-04 | 中国移动通信集团山东有限公司 | A kind of data desensitization method and device |
| CN107409126A (en) * | 2015-02-24 | 2017-11-28 | 思科技术公司 | System and method for protecting enterprise computing environment safety |
-
2018
- 2018-02-07 CN CN201810122839.0A patent/CN108304704B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102082704A (en) * | 2009-11-30 | 2011-06-01 | 中国移动通信集团河北有限公司 | Safety monitoring method and system |
| US8516107B2 (en) * | 2010-05-28 | 2013-08-20 | Computer Associates Think, Inc. | Privileged activity monitoring through privileged user password management and log management systems |
| CN102946319A (en) * | 2012-09-29 | 2013-02-27 | 焦点科技股份有限公司 | System and method for analyzing network user behavior information |
| CN107409126A (en) * | 2015-02-24 | 2017-11-28 | 思科技术公司 | System and method for protecting enterprise computing environment safety |
| CN106295388A (en) * | 2015-06-04 | 2017-01-04 | 中国移动通信集团山东有限公司 | A kind of data desensitization method and device |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109032819A (en) * | 2018-07-27 | 2018-12-18 | 郑州云海信息技术有限公司 | Synchronous method, device, equipment and the storage medium of message event between a kind of system |
| CN109032819B (en) * | 2018-07-27 | 2021-10-29 | 郑州云海信息技术有限公司 | Method, device, equipment and storage medium for synchronizing message events between systems |
| CN109684863A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | Data leakage prevention method, device, equipment and storage medium |
| CN109684863B (en) * | 2018-09-07 | 2024-01-19 | 平安科技(深圳)有限公司 | Data leakage prevention method, device, equipment and storage medium |
| CN111224920A (en) * | 2018-11-23 | 2020-06-02 | 珠海格力电器股份有限公司 | Method, device, equipment and computer storage medium for preventing illegal login |
| CN111224920B (en) * | 2018-11-23 | 2021-04-20 | 珠海格力电器股份有限公司 | Method, device, equipment and computer storage medium for preventing illegal login |
| CN109657485A (en) * | 2018-12-13 | 2019-04-19 | 广州虎牙信息科技有限公司 | Permission processing method, device, terminal device and storage medium |
| CN109858735A (en) * | 2018-12-14 | 2019-06-07 | 深圳壹账通智能科技有限公司 | Consumer's risk scoring assessment method, device, computer equipment and storage medium |
| CN111353163A (en) * | 2018-12-24 | 2020-06-30 | 华为技术有限公司 | Method, device and storage medium for determining access authority |
| CN109840693A (en) * | 2019-01-04 | 2019-06-04 | 平安科技(深圳)有限公司 | It attends a banquet behavior safety monitoring method, device, computer equipment and storage medium |
| CN109871211A (en) * | 2019-01-28 | 2019-06-11 | 平安科技(深圳)有限公司 | Information displaying method and device |
| CN109871211B (en) * | 2019-01-28 | 2024-05-07 | 平安科技(深圳)有限公司 | Information display method and device |
| CN110647512A (en) * | 2019-09-29 | 2020-01-03 | 北京思维造物信息科技股份有限公司 | Data storage and analysis method, device, equipment and readable medium |
| CN110708495A (en) * | 2019-10-15 | 2020-01-17 | 广州国音智能科技有限公司 | Video conference monitoring method, terminal and readable storage medium |
| CN111124830A (en) * | 2019-12-24 | 2020-05-08 | 个体化细胞治疗技术国家地方联合工程实验室(深圳) | Monitoring method and device for micro-service |
| CN111124830B (en) * | 2019-12-24 | 2024-01-19 | 个体化细胞治疗技术国家地方联合工程实验室(深圳) | Micro-service monitoring method and device |
| CN111800295A (en) * | 2020-06-23 | 2020-10-20 | 四川虹美智能科技有限公司 | Server audit management method, device and system |
| WO2023280053A1 (en) * | 2021-07-07 | 2023-01-12 | 阿里云计算有限公司 | Data processing method and system, and electronic device and storage medium |
| CN115967521A (en) * | 2022-09-08 | 2023-04-14 | 平安银行股份有限公司 | Sensitive information operation monitoring method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108304704B (en) | 2021-02-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108304704A (en) | Authority control method, device, computer equipment and storage medium | |
| US11188619B2 (en) | Single click delta analysis | |
| US9202189B2 (en) | System and method of fraud and misuse detection using event logs | |
| KR101883400B1 (en) | detecting methods and systems of security vulnerability using agentless | |
| US8032489B2 (en) | Log collection, structuring and processing | |
| US9262519B1 (en) | Log data analysis | |
| CN112631913B (en) | Method, device, equipment and storage medium for monitoring operation faults of application program | |
| IL275042A (en) | Self-adaptive application programming interface level security monitoring | |
| CN108304308A (en) | User behavior monitoring method, device, computer equipment and storage medium | |
| CA2629279C (en) | Log collection, structuring and processing | |
| US20020184532A1 (en) | Method and system for implementing security devices in a network | |
| US9876813B2 (en) | System and method for web-based log analysis | |
| US20030188194A1 (en) | Method and apparatus for real-time security verification of on-line services | |
| JP2003216576A (en) | Method and system for monitoring weak points | |
| CN110083391A (en) | Call request monitoring method, device, equipment and storage medium | |
| CN112217835A (en) | Message data processing method and device, server and terminal equipment | |
| CN111835737B (en) | WEB attack protection method based on automatic learning and related equipment thereof | |
| CN111274276A (en) | Operation auditing method and device, electronic equipment and computer-readable storage medium | |
| CN111767173A (en) | Network equipment data processing method and device, computer equipment and storage medium | |
| CN109684863B (en) | Data leakage prevention method, device, equipment and storage medium | |
| CN110020262A (en) | Pushed information sending method, device, computer equipment and storage medium | |
| US10915510B2 (en) | Method and apparatus of collecting and reporting database application incompatibilities | |
| KR101973728B1 (en) | Integration security anomaly symptom monitoring system | |
| US7653742B1 (en) | Defining and detecting network application business activities | |
| CN115632879B (en) | Log management method, system, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |