CN117539875A - Exercise question bank periodic updating on-line management method - Google Patents
Exercise question bank periodic updating on-line management method Download PDFInfo
- Publication number
- CN117539875A CN117539875A CN202311430016.1A CN202311430016A CN117539875A CN 117539875 A CN117539875 A CN 117539875A CN 202311430016 A CN202311430016 A CN 202311430016A CN 117539875 A CN117539875 A CN 117539875A
- Authority
- CN
- China
- Prior art keywords
- risk
- data
- question bank
- technical
- points
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 17
- 230000000737 periodic effect Effects 0.000 title abstract description 5
- 230000003993 interaction Effects 0.000 claims abstract description 83
- 230000006870 function Effects 0.000 claims abstract description 79
- 238000000034 method Methods 0.000 claims abstract description 52
- 230000002452 interceptive effect Effects 0.000 claims abstract description 51
- 238000005516 engineering process Methods 0.000 claims abstract description 43
- 238000012502 risk assessment Methods 0.000 claims abstract description 32
- 238000011156 evaluation Methods 0.000 claims abstract description 28
- 230000008569 process Effects 0.000 claims abstract description 19
- 238000012216 screening Methods 0.000 claims abstract description 15
- 230000004927 fusion Effects 0.000 claims abstract description 11
- 238000012360 testing method Methods 0.000 claims description 55
- 238000012545 processing Methods 0.000 claims description 54
- 238000004458 analytical method Methods 0.000 claims description 33
- 230000000694 effects Effects 0.000 claims description 24
- 238000010586 diagram Methods 0.000 claims description 22
- 230000002159 abnormal effect Effects 0.000 claims description 21
- 238000012549 training Methods 0.000 claims description 21
- 238000004422 calculation algorithm Methods 0.000 claims description 17
- 238000003066 decision tree Methods 0.000 claims description 14
- 238000011161 development Methods 0.000 claims description 14
- 238000012550 audit Methods 0.000 claims description 12
- 238000012544 monitoring process Methods 0.000 claims description 12
- 238000013079 data visualisation Methods 0.000 claims description 11
- 230000003068 static effect Effects 0.000 claims description 11
- 238000007637 random forest analysis Methods 0.000 claims description 10
- 230000008439 repair process Effects 0.000 claims description 9
- 102100039718 Gamma-secretase-activating protein Human genes 0.000 claims description 8
- 101710184700 Gamma-secretase-activating protein Proteins 0.000 claims description 8
- 238000013524 data verification Methods 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 7
- 230000002708 enhancing effect Effects 0.000 claims description 7
- 238000001914 filtration Methods 0.000 claims description 6
- 239000011159 matrix material Substances 0.000 claims description 6
- 238000002790 cross-validation Methods 0.000 claims description 5
- 230000010354 integration Effects 0.000 claims description 5
- 238000013145 classification model Methods 0.000 claims description 4
- 239000004744 fabric Substances 0.000 claims description 4
- 238000007781 pre-processing Methods 0.000 claims description 4
- 238000002360 preparation method Methods 0.000 claims description 4
- 230000001681 protective effect Effects 0.000 claims description 4
- 230000005856 abnormality Effects 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000008859 change Effects 0.000 claims description 3
- 238000004140 cleaning Methods 0.000 claims description 3
- 230000000670 limiting effect Effects 0.000 claims description 3
- 230000003321 amplification Effects 0.000 claims description 2
- 238000006243 chemical reaction Methods 0.000 claims description 2
- 238000013500 data storage Methods 0.000 claims description 2
- 238000003199 nucleic acid amplification method Methods 0.000 claims description 2
- 238000011076 safety test Methods 0.000 claims 2
- 238000005457 optimization Methods 0.000 claims 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 20
- 238000012795 verification Methods 0.000 description 13
- 230000006399 behavior Effects 0.000 description 12
- 239000000243 solution Substances 0.000 description 12
- 238000002347 injection Methods 0.000 description 7
- 239000007924 injection Substances 0.000 description 7
- 230000004044 response Effects 0.000 description 7
- 230000007246 mechanism Effects 0.000 description 6
- 238000007689 inspection Methods 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 4
- 238000013474 audit trail Methods 0.000 description 3
- 230000007774 longterm Effects 0.000 description 3
- 230000002829 reductive effect Effects 0.000 description 3
- 230000002787 reinforcement Effects 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 241000218691 Cupressaceae Species 0.000 description 1
- BUGBHKTXTAQXES-UHFFFAOYSA-N Selenium Chemical compound [Se] BUGBHKTXTAQXES-UHFFFAOYSA-N 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000008846 dynamic interplay Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 229910052711 selenium Inorganic materials 0.000 description 1
- 239000011669 selenium Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
- G06F18/232—Non-hierarchical techniques
- G06F18/2321—Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions
- G06F18/23213—Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions with fixed number of clusters, e.g. K-means clustering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
- G06F18/24323—Tree-organised classifiers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/20—Education
- G06Q50/205—Education administration or guidance
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Human Resources & Organizations (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- General Engineering & Computer Science (AREA)
- Educational Administration (AREA)
- Economics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Marketing (AREA)
- Evolutionary Computation (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Educational Technology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Artificial Intelligence (AREA)
- Entrepreneurship & Innovation (AREA)
- General Business, Economics & Management (AREA)
- Evolutionary Biology (AREA)
- Probability & Statistics with Applications (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Databases & Information Systems (AREA)
- Game Theory and Decision Science (AREA)
- Development Economics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Primary Health Care (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides an exercise question bank periodic update on-line management method, which comprises the following steps: determining the type and the presentation form of the newly added interactive questions according to the updated content of the online Internet exercise question bank; determining tools and technologies to be used according to the presentation form and the interaction mode of the newly added interactive questions; aiming at the new functions of the online internet exercise question bank and tools to be used, technology fusion is carried out, and compatibility of updated contents is ensured; performing security evaluation on the updated content of the online Internet exercise question bank to generate a risk report; screening out high-risk technical points existing in the question bank updating according to the risk report; in the process of updating the question bank, repeating the risk assessment until the risk level of all technical points of the content of the question bank is not high; and finishing the update of the online Internet exercise question bank, and recording all technical indexes and risk conditions related to the update.
Description
Technical Field
The invention relates to the technical field of information, in particular to an on-line management method for regularly updating an exercise question bank.
Background
With the rapid development of internet technology, the online education and exercise question bank platform rises rapidly, and provides rich learning resources and a large number of questions for users to exercise. However, as time goes by and technology advances, many conventional exercise question banks begin to exhibit their limitations. First, most of the conventional exercise question banks are static, and the content of the questions is rarely updated, so that students may encounter repeated or outdated questions during repeated exercises, and learning effects and interests are reduced. Secondly, static topics cannot meet the diversified and personalized learning requirements of modern students, and cannot provide real and dynamic interaction experience for the students. Furthermore, with the continued innovation of educational modes, more and more educational institutions and individual educators are beginning to recognize the importance of interactive themes. The interactive questions can better simulate the real scenes, so that students can be more invested, and the practice and thinking ability of the students can be enhanced. However, with rapid advances in technology and continual updating of teaching content, maintenance and management of question banks face a series of technical challenges. The trend in modern internet applications is moving from single, page-type applications to component-based modular directions. In this context, each component represents a specific function or piece of content. These components may be independently updated, replaced, or recombined. This provides great convenience for updating and managing exercise question banks, but brings new technical problems. First, when referring to component-based approaches, we are discussing various complex libraries and frameworks that support building and assembling components in a modular fashion. Compatibility issues may be encountered when adding new functions, especially when the new functions rely on different versions or different types of libraries. Thus, solutions may require extensive investigation of the nature and manner of operation of these libraries, as well as their interoperability, to determine the best fusion strategy. Second, interactions between components increase security concerns. Data and information may face a variety of potential attacks during transmission and processing between components, such as cross-site scripting attacks or SQL injection. For this reason, identifying and enhancing key security points for component interactions becomes critical. This means that the data input at each location needs to be tightly validated and processed while ensuring that data acquired from untrusted sources is restricted and monitored. In addition to these, a powerful version management strategy is required as the exercise question bank content is continuously updated and expanded. Such a policy not only ensures the stability and compatibility of each update, but also helps to quickly track, debug, and fix any potential problems. Therefore, the development of the exercise question bank periodic updating on-line management method capable of ensuring the real-time performance, interactivity, safety and compatibility of updated contents has important practical significance.
Disclosure of Invention
The invention provides an exercise question bank periodic update on-line management method, which mainly comprises the following steps:
determining the type and the presentation form of the newly added interactive questions according to the updated content of the online Internet exercise question bank; determining tools and technologies to be used according to the presentation form and the interaction mode of the newly added interactive questions; aiming at the new functions of the online internet exercise question bank and tools to be used, technology fusion is carried out, and compatibility of updated contents is ensured; performing security evaluation on the updated content of the online Internet exercise question bank to generate a risk report; screening out high-risk technical points existing in the question bank updating according to the risk report; for the high-risk technical points, an One-class SVM is adopted to process, identify and process abnormal or unusual high-risk technical points, and perform security encryption processing to ensure the security of the question bank content; in the process of updating the question bank, repeating the risk assessment until the risk level of all technical points of the content of the question bank is not high; and finishing the update of the online Internet exercise question bank, and recording all technical indexes and risk conditions related to the update.
Further optionally, the determining the type and the presentation form of the newly added interactive questions according to the updated content of the online internet exercise question bank includes:
Acquiring updated contents of the exercise question bank, and determining the type and the presentation form of the newly added questions; the type of the questions comprises single choice questions, multiple choice questions, gap filling questions, sorting questions, matching questions or question-answering questions, and the presentation forms of the questions comprise a text form, a picture form, an audio form, a video form or an interactive form; if the added title comprises an interactive title, determining the type, the presentation form and the interaction mode of the newly added interactive title, wherein the interaction mode comprises dragging, connecting lines and animation demonstration.
Further optionally, the determining the tools and techniques to be used according to the presentation form and the interaction mode of the newly added interactive questions includes:
determining whether the newly added title relates to text, picture, audio and video type contents according to the presentation form of the interactive title; for text content, layout and style setting is performed using HTML and CSS, and interaction logic is implemented using JavaScript; for the picture content, HTML and CSS are used for displaying and layout, and JavaScript is used for realizing click and drag interaction operation of the picture; for audio content, embedding an audio file by using an audio tag of HTML5, and realizing a play and pause control function of audio by using JavaScript; for video content, embedding a video file by using a video tag of HTML5, and realizing the functions of playing, pausing and full screen control of the video by using JavaScript; for interactive operation input and selection by a user, monitoring the behavior of the user by using JavaScript, and carrying out corresponding processing and judgment according to the operation of the user; for data processing and judgment, a back-end development technology is used, wherein the back-end development technology comprises Java and Python for realizing related algorithms and logic, and is used for processing input or selection of a user and generating corresponding feedback or results; if the data visualization requirement of large data volume is involved, data visualization tools including Djs and ECharts are used for displaying the data in the interactive questions and realizing interactive data exploration and analysis; if audio and video processing and presentation are involved, audio and video processing tools, including ffmpeg, openCV, are used to perform the relevant processing and operations to meet the needs of the interactive title; the dragcable and Droppable components of the jQueryUI are used for realizing the drag-and-drop function of the elements; SVG or canvas is combined with JavaScript, goJS or fabric. Js library to realize the connection interaction requirement of the user; using CSS3 animation or JavaScript animation library to realize smooth animation effect; according to the combination of the presentation form and the interaction mode, further determining the selection of tools and technologies, and if the questions simultaneously need the picture dragging and the connection, combining the jQueryUI with the GoJS library; if the corresponding animation feedback is needed to be input or selected by the user, combining GSAP and JavaScript logic to realize interactive animation; if audio or video needs to be played after a specific animation or drag operation, smooth play is ensured in combination with ffmpeg and JavaScript logic.
Further optionally, the technology integration is performed for a new function of the online internet exercise question bank and a tool to be used, so as to ensure compatibility of updated contents, including:
acquiring a technical interface and a data format of a new function and an existing tool according to a framework diagram and a component interaction diagram of an online Internet exercise question bank; adopting a technical interface list to be used, and comparing interface parameters, return values and expected behaviors one by one to obtain a conflict or incompatible interface list and specific description thereof; simulating a real service scene through the incompatible interface list, calling and testing each incompatible interface, and obtaining a test result and an incompatible description of each interface according to response data and an error log of system behavior; frequency statistics is carried out according to the difference between the error log and the response data, and the statistics is carried out to obtain a high-frequency incompatible interface ranking table and an influence analysis report thereof, wherein the high-frequency incompatible interfaces are high-frequency and the influence of the high-frequency incompatible interfaces is larger than a preset threshold value; according to the high-frequency incompatible interface ranking table, selecting the compatibility problem which is preferentially solved by the first N interfaces from high to low; for each incompatible interface, an adapter mode or middleware is designed to achieve compatibility; fusing policy documents by adopting a technology, and executing code implementation; writing an adapter or middleware code for each incompatible interface, and performing unit test to obtain a compatibility code packet and a unit test result thereof; according to the compatibility code package, carrying out an integration test to obtain an integration test result and a new incompatibility problem; according to the problem of display or functional failure caused by technical updating of the topic content and format, technical adjustment or code reconstruction is carried out on the technical conflict or compatibility problem; comparing the test result with the expected behavior by integrating the test result, and determining whether the new function is completely compatible with the tool; further comprises: and estimating possible compatibility problems according to the specific implementation mode of the JavaScript library in the new function, and obtaining a solution proposal.
According to a specific implementation mode of the JavaScript library in the new function, estimating a possible compatibility problem, and obtaining a solution suggestion, the method specifically comprises the following steps:
based on the technical framework of the online Internet exercise question library, the implementation details and version information of front-end HTML, CSS and JavaScript are acquired, and the technical dependence of each question is identified. And analyzing the compatibility of the new function requirement of the question bank and the current technical stack by utilizing the version of the Java and Python back-end development framework and the API document, and providing a back-end technical updating scheme. According to Djs and the official documents of ECharts, a proper data visualization scheme is designed for the new function of the question bank. And designing a compatibility scheme for the audio and video part with the new function of the question bank according to the technical documents of ffmpeg and OpenCV. And according to the requirement document of the new function of the question bank and the technical specification of the JavaScript bank, comprising jQueryUI, goJS, GSAP and animal. Js, the corresponding relation between the function and the technology is formulated. And estimating possible compatibility problems according to the specific implementation mode of the JavaScript library in the new function, and obtaining a solution proposal. And using the collected technical fusion data to construct a comprehensive development environment. In this environment, various technical components and new functions are integrated, and interactivity and stability of the technical components are evaluated. Based on the evaluation result, technical adjustment or code reconstruction is performed on the technical conflict or compatibility problem. A set of comprehensive test cases is designed, an automatic test tool is adopted to test the functionality and compatibility of the new function of the question bank, and necessary adjustment is carried out according to the test result.
Further optionally, the performing security evaluation on the updated content of the online internet exercise question bank, and generating a risk report includes:
acquiring updated content data of an online internet exercise question bank, carrying out standardized processing on the original data, processing missing values and converting classification variables; dividing data into a training set and a testing set by using a Scikit-learn library, and training a random forest model by using the training set; obtaining a security evaluation result through a random forest model, and classifying risk levels; generating preliminary data output according to the risk level and the associated security criteria; summarizing the results of the security assessment and the risk classification according to the data output and the preset report format, and noting the generation time of the report in the risk report; triggering a preparation stage of the next round of security assessment by using the result of the current risk report; comparing the previous data output with the newly acquired data input source, and if significant changes or unexpected model performances are found, updating parameters of the random forest or retraining the model by using the new data; according to the interaction characteristics of the components, safety evaluation and reinforcement are carried out, so that the safety of the whole online internet exercise question bank is ensured; further comprises: and confirming key points of the component interaction according to the characteristics of the component interaction, and enhancing the security of the key points.
The method for confirming the key points of the component interaction according to the characteristics of the component interaction and enhancing the safety of the key points specifically comprises the following steps:
according to the architecture diagram and the component interaction diagram of the online internet exercise question bank, the component set is set as C= { C1, C2,..ci,..cj,..cn }, the interaction between the components can be expressed as a relation matrix M, mij=1 indicates that the components ci interact with cj, otherwise, the interaction is 0, and data interaction, API call and other key interaction points between the components are determined. The interaction between the components is subjected to static and dynamic analysis by using a static analysis tool SonarQube and a dynamic analysis tool BurpSuite, a potential safety hazard set is set to be H= { H1, H2,..hi,..hm }, the potential safety hazard relation with each component can be expressed as a matrix H1, H1 = 1 indicates that the component ci has the potential hazard hi, and otherwise, the potential safety hazard is identified by 0. Security reviews are made for the external interface of each component. Component for monitoring data inflow and outflow through Splunk log analysis toolAssuming that Din (ci) and Dout (ci) represent the data inflow and outflow of the component ci, respectively, the data flow between the components may be represented as Dtotal (ci) =din (ci) +dout (ci), and the data flow between the different components is tracked to confirm that all sensitive data is protected during the transmission and processing. The security test is carried out not only for a single component, but also for the integrated parts of a plurality of components, and the attack and risk under the real service scene are simulated. Let k= { K1, K2,..ki,..kp } be all key interaction points. For each key point ki, its enhanced security metric may be represented as a function S (ki), where a higher value indicates a stronger security. After confirming the key points of component interaction, the security of the key points is particularly enhanced, including encrypting key data, using security tokens, and limiting interface access frequency. For an individual risk point, its relevance to other risk points is further determined, let R (ci, cj) be the risk of linkage due to interactions between components ci and cj. The overall risk may be expressed as the sum of the risks between all component pairs, The risk of chain reaction or amplification due to component interaction is identified; and obtaining a special risk report aiming at component interaction, and describing potential risks and suggested protective measures brought by the interaction.
Further optionally, the screening the high-risk technical points existing in the question bank update according to the risk report includes:
extracting risk grade evaluation data in question bank updating through a risk report, and carrying out standardized processing on the data; classifying risk grade data by using a K-means algorithm, determining an optimal K value by using a plurality of K values and using an elbow rule, marking various risk grades, and determining a high risk class; screening out high-risk records highly related to the update of the question bank according to the clustering result, and determining high-risk technical points directly related to the update of the question bank; training a decision tree model by using risk grade assessment data of the extracted question bank to further classify high-risk technical points; traversing the tree structure to extract decision paths by using the trained decision tree model, and converting the paths into clear rules; identifying high risk technical points in the data and specific attributes and features thereof using rules extracted from the decision tree; carrying out logic judgment on the attributes and the features extracted from the decision tree, and confirming whether the attributes and the features are consistent with preset data processing link conditions or not; and if the attributes and the characteristics are consistent with the preset conditions of the data processing link, performing data verification on the high-risk technical points, and confirming the associated high-risk technical points.
Further optionally, for the high risk technical points, an One-ClassSVM is adopted to process, identify and process abnormal or unusual high risk technical points, and perform secure encryption processing to ensure the security of the question bank content, including:
determining access credentials and interface information of a central data store, and extracting a data set related to a high risk technical point from the central data store by using an API interface; data preprocessing is carried out on the data acquired from the central data storage, and repeated, missing or abnormal data are deleted; according to a data set related to the high-risk technical points, an One-class SVM is adopted to obtain the possibility that the technical points are abnormal or unusual high-risk technical points, and the abnormal or unusual high-risk technical points are identified; performing cross verification through an internal evaluation mechanism and known risk cases, and performing effect evaluation on the One-classSVM; if the algorithm effect is poor, adjusting the super parameters by using a grid searching method; applying a data filtering rule on the information after data cleaning to acquire the filtered information, and filtering if the technical points are matched with the known sensitive vocabulary; performing audit trail by using the obtained filtered information, and recording all operations and events related to the high-risk technical points; carrying out standardized processing on the audit record and marking whether the audit record is abnormal or not; training an anomaly detection model based on an isolated forest algorithm by using the partially marked audit record; adjusting model parameters through cross validation to optimize anomaly detection effects; applying the trained model to a complete audit record, and marking an abnormal or suspicious record according to the output of the model; manually verifying the detected abnormality or suspicious record; according to the result of manual verification, feeding back to the model, and further optimizing and adjusting the model; and (3) adopting an encryption mechanism to carry out final security encryption processing on the high-risk technical point information identified as security.
Further optionally, in the process of updating the question bank, the risk assessment is repeated until the risk level of all technical points of the content of the question bank is not high, including:
acquiring all technical points of the question bank content according to a long-term security maintenance strategy of the system, and obtaining a technical point list needing repeated risk assessment; determining interaction logic and potential risk points of technical points needing repeated risk assessment and new functions by adopting a technical architecture diagram and an assembly interaction diagram of a question bank new function; performing automated risk assessment through OWASPAMass, and performing deep risk source analysis aiming at each technical point to obtain a risk assessment report of each technical point; screening by adopting a risk scoring standard according to the risk assessment report, judging the risk level of each technical point, and setting out high risk points; adopting a static analysis tool SonarQube and a dynamic analysis tool BurpSuite to carry out detailed code inspection on high risk points to determine code logic, data flow and potential safety hazards; matching a repair strategy for each high risk point through a known repair method library or a safety patch database to obtain a specific repair proposal and an implementation scheme; repairing each high-risk point according to the repairing suggestion, and verifying the repairing effect by using a regression testing tool Junit; confirming whether each risk point is repaired or not through a test result; adopting an ELKStack safety log analysis tool to continuously monitor the running state of the question bank system, and counting the running data related to the high-risk technical points and the new risk points; and re-executing the risk assessment through the counted runtime data and the risk points, if the risk level of all the technical points is not high, ending, otherwise, acquiring a technical point list needing to be repeatedly subjected to the risk assessment, and repeating the risk assessment operation until the risk level of all the technical points is not high.
Further optionally, the updating of the online internet exercise question bank is completed, and all technical indexes and risk conditions related to the updating are recorded, including:
calling an API to capture topic data to be updated from an online internet exercise topic library, and ensuring that the data is in a unified JSON format; if the grabbed data is not empty, removing irrelevant characters and formatting the data by using a regular expression, and eliminating redundancy in the data; performing data verification on the cleaned data, including integrity verification, format consistency verification, grammar and spelling verification, repeatability detection and answer logic inspection, and judging whether the questions and options meet the preset specification; after the data passes the verification, the version control tool Git is utilized to acquire the version information of the current question bank; under the condition of confirming no conflict, inserting the cleaned and verified question data into a main database, and triggering the update of the content of the question database; converting the content of the question library into a vector form by using TF-IDF, training a question label classification model by adopting a decision tree algorithm, and classifying the labels of the questions, wherein the labels comprise question difficulty and subjects; updating the user interface by using the label information of the new questions so that the new questions can be displayed according to label classification; after new topic data is inserted into the database, triggering a data backup process immediately; automatically generating a log record of the update, wherein the content comprises all related technical indexes and risk conditions, and storing the log record into a special log database.
The technical scheme provided by the embodiment of the invention can have the following beneficial effects:
the invention discloses an on-line management method for regularly updating exercise question banks. Based on the updated content, the type and presentation form of the newly added interactive title are determined. According to the presentation form and the interaction mode of the questions, corresponding tools and technologies are selected for implementation.
To ensure compatibility of updated content, technology fusion has been performed, with seamless integration of different tools and technologies. The updated content is evaluated for security and a risk report is generated.
And screening out high-risk technical points existing in the question bank updating according to the risk report. In order to deal with these high-risk technical points, one-class SVM is adopted to identify and deal with abnormal or unusual technical points, and secure encryption processing is carried out to ensure the security of the question bank content.
In the process of updating the question bank, risk assessment is repeated until the risk level of all technical points is not high. Finally, the update of the online internet exercise question bank is completed, and all technical indexes and risk conditions related to the update are recorded.
In conclusion, the method integrates various technologies and tools, and ensures the updating effect and the safety of the online Internet exercise question bank.
Drawings
FIG. 1 is a flowchart of a method for managing regular update of exercise question bank according to the present invention.
FIG. 2 is a schematic diagram of a method for managing regular update of exercise question bank according to the present invention.
FIG. 3 is a schematic diagram of a method for managing regular update of exercise question bank according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.
The method for managing the regular update of the exercise question bank on line in the embodiment specifically comprises the following steps:
s101, determining the type and the presentation form of the newly added interactive questions according to the updated content of the online Internet exercise question bank.
Acquiring updated contents of the exercise question bank, and determining the type and the presentation form of the newly added questions; the types of the questions comprise single-choice questions, multi-choice questions, gap-filling questions, sorting questions, matching questions or question-answering questions, and the presentation forms of the questions comprise a text form, a picture form, an audio form, a video form or an interactive form. If the added title comprises an interactive title, determining the type, the presentation form and the interaction mode of the newly added interactive title, wherein the interaction mode comprises dragging, connecting lines and animation demonstration. For example, the updated content of the exercise question bank includes 100 new questions. Wherein, 50 channels are single choice questions, 30 channels are multiple choice questions, 10 channels are blank filling questions, 5 channels are sorting questions, 3 channels are matching questions, and 2 channels are question-answering questions. The presentation forms of the questions include text forms, picture forms, audio forms and interactive forms. Wherein 80 topics are in text form, 10 topics are in picture form, 5 topics are in audio form, and 5 topics are in interactive form. In the 5-channel interactive questions, 3 channels are drag interactive modes, 1 channel is a connecting line interactive mode, and 1 channel is an animation demonstration interactive mode.
S102, determining tools and technologies to be used according to the presentation form and the interaction mode of the newly added interactive questions.
For example, a newly added title may relate to text, picture, audio, video type content. For text content, a text entry box may be created, layout and style settings may be made using HTML and CSS, allowing the user to enter answers, and JavaScript to determine if the user's answer is correct. For picture content, one picture may be created, displayed and laid out using HTML and CSS, and JavaScript to enable triggering some event when the user clicks on the picture, or changing its position when the user drags the picture. For audio content, an audio player can be created, audio files are embedded using an audio tag of HTML5, a user is allowed to click a play button to play audio, and JavaScript is used to monitor the user's operation to control the play state of the audio. For video content, a video player can be created, a video file is embedded by using a video tag of HTML5, the playing, pause and full screen control functions of the video are realized by using JavaScript, a user clicks a play button to play the video, and the operation of the user is monitored by using JavaScript to control the playing state and full screen display of the video. For the interactive operation input and selected by the user, a selection question can be created, javaScript is used for monitoring the behavior of the user, corresponding processing and judgment are carried out according to the operation of the user, the user clicks the option, and the JavaScript is used for judging whether the answer selected by the user is correct or not. For data processing and judgment, a function for judging whether the number input by the user is prime or not can be written by using Python, and related algorithms and logic are realized by using a back-end development technology such as Java and Python and are used for processing the input or selection of the user, generating corresponding feedback or result and calling the function to judge after the user inputs. If a large data visualization need is involved, a bar graph can be created by using Djs, data in interactive topics can be presented by using data visualization tools including Djs and ECharts, interactive data exploration and analysis can be realized, a user can drag a column to change the height of the column, and JavaScript is used for monitoring the operation of the user to update the graph. If processing and presentation of audio and video are involved, the audio file uploaded by the user can be converted into a specified format using ffmpeg, related processing and operations can be performed using an audio-video processing tool, such as ffmpeg, openCV, to meet the requirements of the interactive title, and the corresponding play control can be invoked using JavaScript to play the audio. By using the JavaScript library, a dragable component of the jQueryUI can be used to enable a user to drag one element, such as a dragable component and a dragable component of the jQueryUI, so that a drag-and-drop function of the element can be realized, and JavaScript is used to monitor the operation of the user to judge whether the drag-and-drop is successful. The SVG or canvas is combined with JavaScript, goJS or fabric. Js library to realize the connection interaction requirement of the user, for example, the SVG can be used for creating some graphics, and the JavaScript can be used for monitoring the operation of the user to realize that the user can drag the line to connect the graphics. By using a CSS3 animation or a JavaScript animation library, such as GreenSockAnimation platform or animation. Js, a smooth animation effect can be realized, such as creating an animation by using the CSS3 animation or the JavaScript animation library, so that the user triggers the animation effect after clicking a button. The choice of tools and techniques is further determined based on a combination of presentation forms and interactions. If the title requires both picture dragging and wiring, a jQueryUI and GoJS library can be used in combination. If the corresponding animation feedback is needed to be input or selected by the user, the GSAP and JavaScript logic can be combined to realize the interactive animation. If audio or video needs to be played after a particular animation or drag operation, smooth play can be ensured in conjunction with ffmpeg and JavaScript logic. For example, the newly added title may relate to text, picture, audio, video type content. For text content, a text entry box may be created, layout and style settings may be made using HTML and CSS, allowing the user to enter answers, and JavaScript to determine if the user's answer is correct. For picture content, one picture may be created, displayed and laid out using HTML and CSS, and JavaScript to enable triggering some event when the user clicks on the picture, or changing its position when the user drags the picture. For audio content, an audio player can be created, audio files are embedded using an audio tag of HTML5, a user is allowed to click a play button to play audio, and JavaScript is used to monitor the user's operation to control the play state of the audio. For video content, a video player can be created, a video file is embedded by using a video tag of HTML5, the playing, pause and full screen control functions of the video are realized by using JavaScript, a user clicks a play button to play the video, and the operation of the user is monitored by using JavaScript to control the playing state and full screen display of the video. For the interactive operation input and selected by the user, a selection question can be created, javaScript is used for monitoring the behavior of the user, corresponding processing and judgment are carried out according to the operation of the user, the user clicks the option, and the JavaScript is used for judging whether the answer selected by the user is correct or not. For data processing and judgment, a function for judging whether the number input by the user is prime or not can be written by using Python, and related algorithms and logic are realized by using a back-end development technology such as Java and Python and are used for processing the input or selection of the user, generating corresponding feedback or result and calling the function to judge after the user inputs. If a large data visualization need is involved, a bar graph can be created by using Djs, data in interactive topics can be presented by using data visualization tools including Djs and ECharts, interactive data exploration and analysis can be realized, a user can drag a column to change the height of the column, and JavaScript is used for monitoring the operation of the user to update the graph. If processing and presentation of audio and video are involved, the audio file uploaded by the user can be converted into a specified format using ffmpeg, related processing and operations can be performed using an audio-video processing tool, such as ffmpeg, openCV, to meet the requirements of the interactive title, and the corresponding play control can be invoked using JavaScript to play the audio. By using the JavaScript library, a dragable component of the jQueryUI can be used to enable a user to drag one element, such as a dragable component and a dragable component of the jQueryUI, so that a drag-and-drop function of the element can be realized, and JavaScript is used to monitor the operation of the user to judge whether the drag-and-drop is successful. The SVG or canvas is combined with JavaScript, goJS or fabric. Js library to realize the connection interaction requirement of the user, for example, the SVG can be used for creating some graphics, and the JavaScript can be used for monitoring the operation of the user to realize that the user can drag the line to connect the graphics. By using a CSS3 animation or a JavaScript animation library, such as GreenSockAnimation platform or animation. Js, a smooth animation effect can be realized, such as creating an animation by using the CSS3 animation or the JavaScript animation library, so that the user triggers the animation effect after clicking a button. The choice of tools and techniques is further determined based on a combination of presentation forms and interactions. If the title requires both picture dragging and wiring, a jQueryUI and GoJS library can be used in combination. If the corresponding animation feedback is needed to be input or selected by the user, the GSAP and JavaScript logic can be combined to realize the interactive animation. If audio or video needs to be played after a particular animation or drag operation, smooth play can be ensured in conjunction with ffmpeg and JavaScript logic.
S103, aiming at the new function of the online internet exercise question bank and tools required to be used, technology fusion is carried out, and compatibility of updated contents is ensured.
And acquiring technical interfaces and data formats of new functions and existing tools according to the architecture diagram and the component interaction diagram of the online Internet exercise question bank. And adopting a technical interface list to be used, and comparing interface parameters, return values and expected behaviors one by one to obtain a conflict or incompatible interface list and a specific description thereof. And simulating a real service scene through the incompatible interface list, calling and testing each incompatible interface, and obtaining a test result and an incompatible description of each interface according to response data and an error log of system behavior. And carrying out frequency statistics according to the difference between the error log and the response data, and counting which of the incompatible interfaces are high-frequency, and which are affected by the high-frequency interfaces which are greater than a preset threshold value to obtain a high-frequency incompatible interface ranking table and an impact analysis report thereof. According to the high-frequency incompatible interface ordering table, the compatibility problem which is preferentially solved by the first N interfaces is selected from high to low. For each incompatible interface, an adapter mode or middleware is designed to achieve compatibility. And fusing the policy documents by adopting a technology, and executing code implementation. And writing an adapter or middleware code for each incompatible interface, and performing unit test to obtain a compatibility code package and a unit test result thereof. And carrying out integrated test according to the compatibility code package to obtain an integrated test result and a new incompatibility problem. According to the problem of display or functional failure caused by technical updating of the topic content and format, technical adjustment or code reconstruction is carried out on the technical conflict or compatibility problem; by integrating the test results, the test results are compared with expected behavior to determine whether the new functionality is fully compatible with the tool. For example, the architecture diagram of the online internet exercise question bank comprises a question management component and a user management component, which interact through an API. The technical interfaces and data formats of the new functions and existing tools are obtained. If new functionality requires the addition of an interface in the user management component for marking the title as a collection. The parameters of the interface include a user ID and a title ID. The return value of the interface may be a message that successfully marks the collection. In the existing tool, the data format returned by the acquisition topic interface of the topic management component is JSON, and the data format comprises topic ID, topic content and options. The data format returned by the user information acquisition interface of the user management component is JSON and comprises a user ID, a user name and a mailbox. By comparing interface parameters, return values and expected behaviors one by one, a list of conflicting or incompatible interfaces and their detailed description can be obtained. If the data formats returned by the acquired user information interface of the user management component and the acquired topic interface of the topic management component are inconsistent, the user information and the topic information cannot be displayed on the user interface at the same time. The lack of parameter verification of the new feature's tag collection interface may result in an illegal user ID or title ID being entered. And calling and testing each incompatible interface by simulating a real service scene, and obtaining a test result and detailed incompatible description of each interface according to response data, system behaviors and possible error logs. When the mark collection interface is invoked, a response to a parameter error may be received, or the system may log the error. Frequency statistics is performed according to the difference between the error log and the response data, so that it is possible to count which of the incompatible interfaces are high-frequency and which are affected by the frequency greater than a preset threshold. If there are a large number of parameter errors in the record mark collection interface in the error log, this is a high frequency problem. The order of preference for solving the compatibility problem may be selected based on the high frequency incompatible interface ranking table. If the tag collection interface is a high frequency problem and affects the core functionality of the user, it can be placed in a preferred solution. For each incompatible interface, an adapter mode or middleware may be designed to achieve compatibility. The adapter mode may convert an incompatible interface to a compatible interface and the middleware may convert and pass data between the incompatible interface and the system. When the execution code is implemented, an adapter or middleware code can be written for each incompatible interface according to the technology fusion strategy document, and unit test is carried out to obtain a compatibility code package and a unit test result thereof. When designing the adapter for marking the collection interface, the validity of the input parameters can be verified and converted into a format meeting the interface requirements. And carrying out integrated test according to the compatibility code package to obtain an integrated test result and a new incompatibility problem. According to the problem of display or functional failure caused by technical updating of the topic content and format, technical adjustment or code reconstruction is carried out on the technical conflict or compatibility problem; by integrating the test results, the test results can be compared to expected behavior to determine if the new functionality is fully compatible with the tool.
And estimating possible compatibility problems according to the specific implementation mode of the JavaScript library in the new function, and obtaining a solution proposal.
Based on the technical framework of the online Internet exercise question library, the implementation details and version information of front-end HTML, CSS and JavaScript are acquired, and the technical dependence of each question is identified. And analyzing the compatibility of the new function requirement of the question bank and the current technical stack by utilizing the version of the Java and Python back-end development framework and the API document, and providing a back-end technical updating scheme. According to Djs and the official documents of ECharts, a proper data visualization scheme is designed for the new function of the question bank. And designing a compatibility scheme for the audio and video part with the new function of the question bank according to the technical documents of ffmpeg and OpenCV. And according to the requirement document of the new function of the question bank and the technical specification of the JavaScript bank, comprising jQueryUI, goJS, GSAP and animal. Js, the corresponding relation between the function and the technology is formulated. And estimating possible compatibility problems according to the specific implementation mode of the JavaScript library in the new function, and obtaining a solution proposal. And using the collected technical fusion data to construct a comprehensive development environment. In this environment, various technical components and new functions are integrated, and interactivity and stability of the technical components are evaluated. Based on the evaluation result, technical adjustment or code reconstruction is performed on the technical conflict or compatibility problem. A set of comprehensive test cases is designed, an automatic test tool is adopted to test the functionality and compatibility of the new function of the question bank, and necessary adjustment is carried out according to the test result. For example, a technical framework based on an online internet exercise question bank has 1000 user accesses per day, with an average of 10 exercises per user. From this data, a total of 10000 exercises per day can be calculated. When analyzing the compatibility of the new function requirement of the question bank and the current technology stack, the Java back-end framework currently used is assumed to be SpringBoot4 version, and the Python back-end framework is assumed to be Django2 version. From the official document, the API interfaces and functions of these frameworks are known and the requirements for new functions are compared with the compatibility of the current technology stack. If the new function of the question bank needs to realize a function of real-time data statistics, djs and ECharts are utilized to display the question answering condition of the questions. Based on Djs and the official documents of echorts, a chart can be designed showing the ratio of the answer pair and the number of wrong answers for each question. The histogram can show the answer pairs and the answer mistakes of each question, and the pie chart can show the whole answer condition. If the new function of the question bank also needs to realize an audio and video part, the audio and video file is processed by utilizing ffmpeg and OpenCV. According to the technical document, the audio and video formats and processing methods supported by ffmpeg and OpenCV can be known, and a compatibility scheme is designed according to the requirements of new functions of the question bank, so that the audio and video files can be normally processed and played. The question library new function also needs to realize some interactive effects, if jQueryUI is used for realizing dragging and ordering question types, goJS is used for realizing drawing of a flow chart, and GSAP and animation. Js are used for realizing animation effects. According to the technical specifications of the libraries, the corresponding relation between functions and technologies can be formulated, and the new functions can be ensured to be realized according to requirements. In integrating the various technical components and new functionality, some technical conflicts or compatibility issues may be encountered. The version of a certain library is not compatible with other libraries or a certain function does not work properly on a certain browser. Based on the collected technical fusion data, these problems can be evaluated and a solution suggested, such as updating the version of the library or using other library alternatives. An automated test tool, such as a Selenium or Cypress, may be used to design a comprehensive set of test cases when testing the functionality and compatibility of new functions. Based on the test results, necessary adjustments are made to the function, such as repairing bugs or improving interaction effects.
S104, carrying out security evaluation on the updated content of the online internet exercise question bank, and generating a risk report.
And acquiring content data updated by the online internet exercise question bank, carrying out standardized processing on the original data, processing the missing value and converting the classification variable. The Scikit-learn library was used to divide the data into training and testing sets, and the training set was used to train a random forest model. And obtaining a security evaluation result through the random forest model, and classifying the risk level. A preliminary data output is generated based on the risk level and associated security criteria. According to the data output and the preset report format, summarizing the results of the security assessment and the risk classification, and noting the generation time of the report in the risk report. And triggering the preparation stage of the next round of security evaluation by using the result of the current risk report. Based on the previous data output and the newly acquired data input sources, if significant changes are found or the expected model performance is not met, the parameters of the random forest are updated or the model is retrained using the new data. And carrying out safety evaluation and reinforcement according to the interaction characteristics of the components, and ensuring the safety of the whole online Internet exercise question bank. For example, a batch of data, including IP addresses, is captured from a web site of a web-security-related exercise question bank, and the version of software used is subject to attack; examples of data are (IP address, software version, whether attacked or not),
(192.168.0.1, v1.0, yes), (192.168.0.2, v1.5, no), normalized processing of the original data, processing of missing values, converting the classification variable to convert all IP addresses to integer numbers, software version "v" prefix removal retaining only numbers, converting the "if attacked" columns to numbers, yes = 1, no = 0. Examples of the processed data are 19216801,1.0,1 and 19216802,1.5,0; the Scikit-learn library was used to divide the data into training and test sets, the training set was used to train the random forest model assuming 1000 pieces of data, 700 of which were used as the training set, and 300 as the test set. And (3) obtaining a safety evaluation result through a random forest model, and performing risk level classification setting, wherein an evaluation value of more than 0.8 is classified into high risk, 0.5-0.8 is medium risk, and less than 0.5 is low risk. After model evaluation, the risk level classification result is that 250 pieces of data are high risk, 30 pieces are medium risk and 20 pieces are low risk. And generating preliminary data output according to the risk level and the associated security standard, and obtaining a table which lists the risk levels corresponding to the IP addresses. Based on the data output and the predetermined report format, the results of the security assessment and risk classification are summarized, and the report generation time is shown in the risk report to be at 2023, 10 and 13, and a report is generated, wherein the risk level of each IP address and the related solution advice are contained. And triggering a preparation stage of the next round of security evaluation to prepare for collecting more data by using the result of the current risk report, and performing the next round of evaluation. Based on the previous data output versus the newly acquired data input source, if significant changes are found or the expected model performance is not met, the parameters of the random forest are updated or the model is retrained with new data, and a large number of new software versions are found in the next data collection, which may mean that the parameters of the model need to be updated or adjusted to better accommodate these new data. And carrying out safety evaluation and reinforcement according to the interaction characteristics of the components, and ensuring the safety of the whole online Internet exercise question bank.
And confirming key points of the component interaction according to the characteristics of the component interaction, and enhancing the security of the key points.
Illustratively, the method comprises the steps of obtaining a component set of C= { C1, C2, C3} according to a structural diagram and a component interaction diagram of an online internet exercise question bank, the relation matrix m= |011|101|110| which means that component C1 interacts with C2, C3, component C2 interacts with C1, C3, and component C3 interacts with C1, C2. The interaction between the components is analyzed statically and dynamically by a static analysis tool SonarQube and a dynamic analysis tool BurpSuite, the potential safety hazard is found to exist, H1 is equal to or higher than 101 and 010 and 101, this indicates that component c1 has a hidden danger H1. The external interface of each component is subjected to security inspection, the components with data inflow and outflow are monitored through a Splunk log analysis tool, and assuming that the data inflow Din (c 1) of the component c1 is 100 and the data outflow Dout (c 1) is 50, the data flow between the components c1 is converted into
Dtotal (c 1) =din (c 1) +dout (c 1) =150. When the security test is performed, the attack and risk under the real service scene are simulated, and the key interaction point set K= { K1, K2}, wherein the security measure of the key point K1 is S (K1) =80, and the security measure of the key point K2 is S (K2) =90. For the linkage risk of component interaction, if the linkage risk between components c1 and c2 is R (c 1, c 2) =7, the linkage risk between components c1 and c3 is R (c 1, c 3) =5, and the linkage risk between components c2 and c3 is R (c 2, c 3) =6. The overall risk is calculated if there is a sum of risks between the three components of rtotal=r (c 1, c 2) +r (c 1, c 3) +r (c 2, c 3) =18. According to the data, a special risk report aiming at component interaction can be obtained, and potential risks and suggested protective measures brought by the interaction are described. It is suggested to strengthen the security of the key points k1 and k2, encrypt key data, use security tokens, limit the frequency of interface access, etc. Is listed in, according to the architecture diagram and the component interaction diagram of the online internet exercise question bank, the resulting component set is c= { C1, C2, C3}, the relation matrix m= |011|101|110|, this means that component C1 interacts with C2, C3, component C2 interacts with C1, C3, and component C3 interacts with C1, C2. The interaction between the components is analyzed statically and dynamically by a static analysis tool SonarQube and a dynamic analysis tool BurpSuite, the potential safety hazard is found to exist, H1 is equal to or higher than 101 and 010 and 101, this indicates that component c1 has a hidden danger H1. The external interface of each component is subjected to security inspection, the components with data inflow and outflow are monitored through a Splunk log analysis tool, and assuming that the data inflow Din (c 1) of the component c1 is 100 and the data outflow Dout (c 1) is 50, the data flow between the components c1 is converted into
Dtotal (c 1) =din (c 1) +dout (c 1) =150. When the security test is performed, the attack and risk under the real service scene are simulated, and the key interaction point set K= { K1, K2}, wherein the security measure of the key point K1 is S (K1) =80, and the security measure of the key point K2 is S (K2) =90. For the linkage risk of component interaction, if the linkage risk between components c1 and c2 is R (c 1, c 2) =7, the linkage risk between components c1 and c3 is R (c 1, c 3) =5, and the linkage risk between components c2 and c3 is R (c 2, c 3) =6. The overall risk is calculated if there is a sum of risks between the three components of rtotal=r (c 1, c 2) +r (c 1, c 3) +r (c 2, c 3) =18. According to the data, a special risk report aiming at component interaction can be obtained, and potential risks and suggested protective measures brought by the interaction are described. It is suggested to strengthen the security of the key points k1 and k2, encrypt key data, use security tokens, limit the frequency of interface access, etc.
S105, screening out high-risk technical points existing in the question bank updating according to the risk report.
And extracting risk grade evaluation data in the question bank update through the risk report, and carrying out standardized processing on the data. Classifying the risk grade data by using a K-means algorithm, determining an optimal K value by using a plurality of K values and using an elbow rule, marking various risk grades, and determining a high risk class. And screening out high-risk records highly related to the question bank update according to the clustering result, and determining high-risk technical points directly related to the question bank update. And training a decision tree model by using risk grade assessment data of the extracted question bank, and further classifying the high-risk technical points. The trained decision tree model is used to traverse the tree structure to extract decision paths, which are converted into explicit rules. Using rules extracted from the decision tree, high risk technical points in the data and their specific attributes and features are identified. And carrying out logic judgment on the attributes and the features extracted from the decision tree, and confirming whether the attributes and the features are consistent with preset data processing link conditions. And if the attributes and the characteristics are consistent with the preset conditions of the data processing link, performing data verification on the high-risk technical points, and confirming the associated high-risk technical points. For example, from the risk report, the name of each technology and its corresponding risk score is obtained, with a risk score from 1 to 10, 10 representing the highest risk. After normalizing the risk scores, the techniques are classified using K-means. By trying different K values and using the elbow rule, the best K value is determined and several technical risk class groups are separated therefrom. If the average risk score for one of the categories is particularly high, then the techniques in that category are considered to be high risk techniques, such as automatic topic generation techniques. A decision tree model is trained using historical data and risk scores to determine under what conditions a technology may pose a higher risk. Traversing the decision tree structure results in a rule that if the automatic topic generation technique uses more than 1000 topics in a single domain topic library and is not manually reviewed, it is a particularly high risk point. And according to the rules, finding out all technical application examples meeting the conditions. For the found technical application examples, checking whether the technical application examples are consistent with preset conditions of other data processing links, such as 'whether subsequent machine learning difficulty verification is performed'. If the above attributes and features match the preset conditions, then these technical application instances are further validated to confirm whether they are indeed associated with high risk.
S106, for the high-risk technical points, an One-class SVM is adopted to process, identify and process abnormal or unusual high-risk technical points, and secure encryption processing is carried out to ensure the security of the question bank content.
Access credentials and interface information for the central data store are determined, and a data set associated with the high risk technology point is extracted from the central data store using the API interface. Data preprocessing is performed on data acquired from a central data store to remove duplicate, missing or anomalous data. According to a data set related to the high-risk technical points, an One-class SVM is adopted to obtain the possibility that the technical points are abnormal or unusual high-risk technical points, and the abnormal or unusual high-risk technical points are identified; and performing cross validation on the One-class SVM through an internal evaluation mechanism and known risk cases, and performing effect evaluation on the One-class SVM. If the algorithm effect is poor, adjusting the super parameters by using a grid searching method; and applying a data filtering rule on the information after data cleaning to acquire the filtered information, and filtering if the technical points are matched with the known sensitive vocabulary. And (3) carrying out audit trail by using the obtained filtered information, and recording all operations and events related to the high-risk technical points. Carrying out standardized processing on the audit record and marking whether the audit record is abnormal or not; training an anomaly detection model based on an isolated forest algorithm by using the partially marked audit record; the model parameters are adjusted by cross-validation to optimize the anomaly detection effect. And applying the trained model to the complete audit record, and marking out abnormal or suspicious records according to the output of the model. And manually verifying the detected abnormality or the suspicious record. And feeding back the result to the model according to the result of manual verification, and further optimizing and adjusting the model. Adopting an encryption mechanism to carry out final security encryption processing on the high-risk technical point information identified as security; for example, there is a central database that stores data related to high risk points of technology. Obtaining API access credentials: username= "admin" sum
Password= "Password123". Extracting a data set related to the high risk technology point from the central data store using the API interface obtains 10000 pieces of data related to the high risk technology point using the API. Preprocessing the data to find that 50 pieces of data are duplicated, 100 pieces of data have missing values, deleting the data, and remaining 9850 pieces of effective data. 200 pieces of data were found to be marked as abnormal using One-ClassSVM. Cross-validation by internal evaluation mechanisms compared with 100 risk cases known at hand found only 70% of the effect of One-class SVM. The grid search is used for adjusting the super parameters, and the algorithm effect is improved to 85%. Applying the data filtering rules in 9850 pieces of data, 50 records matching the "sensitive vocabulary" were found and filtered out. The audit trail records all operations related to the high risk technical points, and a total of 2000 operation events are recorded. The audit record is normalized in that 20 operations are marked as abnormal. Using the partially labeled audit records, 100 operations were found to be labeled as abnormal after training the model based on the isolated forest algorithm. After the model parameters are adjusted through cross verification, the anomaly detection effect is improved to 90%. The trained model was applied to an audit record where 150 operations were marked as abnormal by the model. Manual verification of the detected anomalies is verified to confirm that 130 of the operations are indeed anomalies. And according to the result of manual verification, feeding back the result to the model to further optimize the isolated forest model. The remaining 9720 pieces of secure high-risk technical point information are encrypted by an encryption mechanism.
And S107, in the process of updating the question bank, repeating the risk assessment until the risk level of all technical points of the content of the question bank is not high.
And acquiring all technical points of the question bank content according to a long-term security maintenance strategy of the system, and obtaining a technical point list needing repeated risk assessment. And determining interaction logic and potential risk points of the technical points needing repeated risk assessment and the new function by adopting a technical architecture diagram and a component interaction diagram of the new function of the question bank. And performing automatic risk assessment through OWASPAMass, and performing deep risk source analysis on each technical point to obtain a risk assessment report of each technical point. And screening by adopting a risk scoring standard according to the risk assessment report, judging the risk grade of each technical point, and setting out high risk points. And adopting a static analysis tool SonarQube and a dynamic analysis tool BurpSuite to carry out detailed code inspection on the high risk points and determine code logic, data flow and potential safety hazards. And matching the repair strategy for each high-risk point through a known repair method library or a safety patch database to obtain specific repair suggestions and implementation modes. And repairing each high-risk point according to the repairing suggestion, and verifying the repairing effect by using a regression testing tool Junit. From the test results, it is confirmed whether each risk point has been repaired. And (3) continuously monitoring the running state of the question bank system by adopting an ELKStack safety log analysis tool, and counting the running data related to the high-risk technical points and the new risk points. And re-executing the risk assessment through the counted runtime data and the risk points, if the risk level of all the technical points is not high, ending, otherwise, acquiring a technical point list needing to be repeatedly subjected to the risk assessment, and repeating the risk assessment operation until the risk level of all the technical points is not high. For example, according to the long-term security maintenance policy of the system, all technical points of the question bank content are acquired, and a list including 5 technical points is obtained, which is database access, user verification, API interface, front-end JS frame and file uploading. And determining that interaction logic exists between the API interface and the new function by adopting a technical architecture diagram and a component interaction diagram of the question library new function, and identifying potential risk points such as SQL injection and cross-site scripting attack. Through OWASPAMASS, automatic risk assessment is performed for an API interface, and deep source analysis is performed on SQL injection risks, so that a risk assessment report of the technical point is obtained. According to the risk assessment report, a CVSS risk scoring standard is adopted, and the risk level of SQL injection is judged to be 9.8 and 10 at the highest, so that a high risk point is confirmed. The static analysis tool SonarQube is adopted to check the database access codes in the API interface, and the fact that code logic for directly splicing user input into SQL query exists is determined, so that the method is a potential SQL injection hidden trouble. By the aid of a known repair method library, a repair strategy is found for SQL injection problems: precompiled SQL statements and parameterized queries are employed. According to the restoration suggestion, restoring codes in the API interface, introducing parameterized query, and verifying by using a regression testing tool Junit. Through the test results, it is confirmed that the SQL injection risk has been successfully repaired, and the API interface can resist such attacks. And an ELKStack safety log analysis tool is adopted to continuously monitor the running state of the question bank system, count the running data related to the API interface, particularly the data input by a user, and ensure that no abnormal behavior exists. Through the statistical runtime data and risk points, it is decided to perform a complete risk assessment once a month, maintaining a continuous understanding of system risk. After the first re-execution of the risk assessment, it is found that the risk level of all technical points is not high, thus ending the cycle, but the examination is still performed regularly.
S108, finishing updating of the online Internet exercise question bank, and recording all technical indexes and risk conditions related to the updating.
Illustratively, for example, call an API to grab the question data to be updated from an online Internet exercise question library, grabbing JSON data for 100 questions. The regular expression is used to remove extraneous characters, format the data, and eliminate redundancy in the data. And carrying out data verification on the cleaned data, such as verifying whether the questions are complete, whether the options meet the specifications, whether the answers are reasonable, and the like. If validated, all 100 topics were validated. And acquiring version information of the current question bank by using a version control tool Git, and knowing that the current version is 3. And under the condition of confirming no conflict, inserting the cleaned and verified question data into a main database, triggering the updating of the content of the question library, and if the 100 questions are successfully inserted. The content of the question bank is converted into a vector form using TF-IDF, and each question is converted into a 300-dimensional vector representation. A decision tree algorithm is adopted to train a question difficulty classification model, and questions are classified into three difficulty levels of simple, medium and difficult. The topics are labeled for classification, each topic is labeled as a difficulty level and a subject, for example, a first topic is labeled as simple and mathematical, and a second topic is labeled as medium and physical. And updating the user interface by using the label information of the new topic, and adding a screening item in the topic list to screen and display according to the difficulty and the topic. And after the new topic data is inserted into the database, triggering a data backup process immediately. The data of the new title is backed up to another server. A log record of this update is automatically generated, the record including all technical indicators and risk situations involved. If the record updates 100 tracks of titles and updates the title library version to 4, the risk condition is that the performance of the database is reduced due to the fact that data are inserted. The log records are stored in a special log database, so that subsequent inquiry and analysis are facilitated. The log record is saved to a database table named "topic library update log". For example, calling an API to capture the question data to be updated from an online Internet exercise question library, and capturing JSON data of 100 questions. The regular expression is used to remove extraneous characters, format the data, and eliminate redundancy in the data. And carrying out data verification on the cleaned data, such as verifying whether the questions are complete, whether the options meet the specifications, whether the answers are reasonable, and the like. If validated, all 100 topics were validated. And acquiring version information of the current question bank by using a version control tool Git, and knowing that the current version is 3. And under the condition of confirming no conflict, inserting the cleaned and verified question data into a main database, triggering the updating of the content of the question library, and if the 100 questions are successfully inserted. The content of the question bank is converted into a vector form using TF-IDF, and each question is converted into a 300-dimensional vector representation. A decision tree algorithm is adopted to train a question difficulty classification model, and questions are classified into three difficulty levels of simple, medium and difficult. The topics are labeled for classification, each topic is labeled as a difficulty level and a subject, for example, a first topic is labeled as simple and mathematical, and a second topic is labeled as medium and physical. And updating the user interface by using the label information of the new topic, and adding a screening item in the topic list to screen and display according to the difficulty and the topic. And after the new topic data is inserted into the database, triggering a data backup process immediately. The data of the new title is backed up to another server. A log record of this update is automatically generated, the record including all technical indicators and risk situations involved. If the record updates 100 tracks of titles and updates the title library version to 4, the risk condition is that the performance of the database is reduced due to the fact that data are inserted. The log records are stored in a special log database, so that subsequent inquiry and analysis are facilitated. The log record is saved to a database table named "topic library update log".
The above embodiments are merely for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.
Claims (9)
1. An online management method for regularly updating exercise question bank, which is characterized by comprising the following steps:
determining the type and the presentation form of the newly added interactive questions according to the updated content of the online Internet exercise question bank; determining tools and technologies to be used according to the presentation form and the interaction mode of the newly added interactive questions; aiming at the new functions of the online internet exercise question bank and tools to be used, technology fusion is carried out, and compatibility of updated contents is ensured; performing security evaluation on the updated content of the online Internet exercise question bank to generate a risk report; screening out high-risk technical points existing in the question bank updating according to the risk report; for the high-risk technical points, an One-class SVM is adopted to process, identify and process abnormal or unusual high-risk technical points, and perform security encryption processing to ensure the security of the question bank content; in the process of updating the question bank, repeating the risk assessment until the risk level of all technical points of the content of the question bank is not high; and finishing the update of the online Internet exercise question bank, and recording all technical indexes and risk conditions related to the update.
2. The method of claim 1, wherein the determining the type and presentation form of the newly added interactive title based on the updated contents of the online internet exercise title library comprises:
acquiring updated contents of a training question bank, and determining the types and presentation forms of newly added questions, wherein the types of the questions comprise single-choice questions, multi-choice questions, blank-filling questions, sorting questions and matching questions or question-answering questions; the presentation forms of the questions include text forms, picture forms, audio forms and video forms or interactive forms.
3. The method of claim 1, wherein the determining tools and techniques to be used according to the presentation form and interaction style of the newly added interactive title comprises:
determining whether the newly added title relates to text, picture, audio and video type contents according to the presentation form of the interactive title; for text content, layout and style setting is performed using HTML and CSS, and interaction logic is implemented using JavaScript; for the picture content, HTML and CSS are used for displaying and layout, and JavaScript is used for realizing click and drag interaction operation of the picture; for audio content, embedding an audio file by using an audio tag of HTML5, and realizing a play and pause control function of audio by using JavaScript; for video content, embedding a video file by using a video tag of HTML5, and realizing the functions of playing, pausing and full screen control of the video by using JavaScript; for interactive operation input and selection by a user, monitoring the behavior of the user by using JavaScript, and carrying out corresponding processing and judgment according to the operation of the user; for data processing and judgment, a back-end development technology is used, wherein the back-end development technology comprises Java and Python for realizing related algorithms and logic, and is used for processing input or selection of a user and generating corresponding feedback or results; if the data visualization requirement of large data volume is involved, data visualization tools including Djs and ECharts are used for displaying the data in the interactive questions and realizing interactive data exploration and analysis; if audio and video processing and presentation are involved, audio and video processing tools, including ffmpeg, openCV, are used to perform the relevant processing and operations to meet the needs of the interactive title; the dragcable and Droppable components of the jQueryUI are used for realizing the drag-and-drop function of the elements; SVG or canvas is combined with JavaScript, goJS or fabric. Js library to realize the connection interaction requirement of the user; using CSS3 animation or JavaScript animation library to realize smooth animation effect; according to the combination of the presentation form and the interaction mode, further determining the selection of tools and technologies, and if the questions simultaneously need the picture dragging and the connection, combining the jQueryUI with the GoJS library; if the corresponding animation feedback is needed to be input or selected by the user, combining GSAP and JavaScript logic to realize interactive animation; if audio or video needs to be played after a specific animation or drag operation, smooth play is ensured in combination with ffmpeg and JavaScript logic.
4. The method of claim 1, wherein the performing technology integration for the new function of the online internet exercise question bank and the tools to be used, to ensure compatibility of updated contents, comprises:
acquiring a new function and a technical interface of an existing tool according to a framework diagram of an exercise question bank; determining a conflicting or incompatible interface by comparing the interface parameters with the return values; designing an adapter or middleware to solve the compatibility problem, and performing relevant test and code implementation; further comprises: according to the specific implementation of the JavaScript library in the new function, possible compatibility problems are estimated,
and obtaining a solution proposal;
according to a specific implementation mode of the JavaScript library in the new function, estimating a possible compatibility problem, and obtaining a solution suggestion, the method specifically comprises the following steps: acquiring implementation details and version information of front-end HTML, CSS and JavaScript based on a technical framework of an online Internet exercise question library, and identifying technical dependence of each question; analyzing the compatibility of the new function requirement of the question bank and the current technical stack by utilizing the version of the Java and Python back-end development framework and the API document, and providing a back-end technology updating scheme; according to Djs and the official document of ECharts, a proper data visualization scheme is designed for the new function of the question bank; according to the technical documents of ffmpeg and OpenCV, a compatibility scheme is designed for the audio and video part with the new function of the question bank; according to the requirement document of the new function of the question bank and the technical specification of the JavaScript bank, comprising jQueryUI, goJS, GSAP and animal. Js, the corresponding relation between the function and the technology is formulated; estimating possible compatibility problems according to the specific implementation mode of the JavaScript library in the new function, and obtaining a solution proposal; using the collected technical fusion data to construct a comprehensive development environment; integrating various technical components and new functions in the environment, and evaluating the interactivity and the stability of the technical components; based on the evaluation result, performing technical adjustment or code reconstruction on the technical conflict or compatibility problem; a set of comprehensive test cases is designed, an automatic test tool is adopted to test the functionality and compatibility of the new function of the question bank, and necessary adjustment is carried out according to the test result.
5. The method of claim 1, wherein the security assessment of the content of the online internet practice question bank update, generating a risk report, comprises:
acquiring content data updated by an online internet exercise question bank, performing standardized processing, processing missing values, and converting classification variables; dividing the data into a training set and a testing set by using a Scikit-learn library; training the random forest model by using a training set; obtaining a safety evaluation result through the model, and classifying risk levels; generating preliminary data output, and noting the generation time in a risk report; triggering preparation of the next round of security assessment by using the risk report; if the data change or the model performance abnormality is found, updating model parameters or retraining the model; further comprises: confirming key points of component interaction according to the characteristics of the component interaction, and enhancing the safety of the key points;
the method for confirming the key points of the component interaction according to the characteristics of the component interaction and enhancing the safety of the key points specifically comprises the following steps: according to the architecture diagram and the component interaction diagram of the online internet exercise question bank, the component set is set as C= { C1,
c2..ci..cj..cn }, the interactions between the components can be represented as a relationship matrix M, mij=1 indicating that the components ci interact with cj, whereas 0, determining the data interactions, API calls and other key interaction points between the components; using a static analysis tool SonarQube and a dynamic analysis tool BurpSuite to perform static and dynamic analysis on interaction among the components, setting potential safety hazard sets as H= { H1, H2,..hi,..hm }, wherein the potential safety hazard relation between the potential safety hazard sets and each component can be expressed as a matrix H1, H1 = 1 indicates that the potential safety hazard hi exists in the component ci, otherwise, the potential safety hazard is identified as 0; security scrutiny is performed for the external interface of each component; components for monitoring data inflow and outflow through Splunk log analysis tool, din (ci) and Dout (ci) are set to respectively represent data inflow and flow of component ci The data flow between the components can be expressed as Dtotal (ci) =Din (ci) +Dout (ci), the data flow between different components is tracked, and all sensitive data is confirmed to be protected in the transmission and processing processes; not only is a safety test carried out on a single component, but also the safety test is carried out on the integrated parts of a plurality of components, so that the attack and the risk under the real service scene are simulated; let k= { K1, K2,..ki,..kp } be all key interaction points; for each key point ki, its enhanced security metric may be represented as a function S (ki), where a higher value indicates a stronger security; after confirming the key points of component interaction, particularly enhancing the security of the key points, including encrypting key data, using a security token and limiting the access frequency of an interface; for an individual risk point, further determining the relevance of the individual risk point to other risk points, and setting R (ci, cj) as a linkage risk caused by interaction between components ci and cj; the overall risk may be expressed as the sum of the risks between all component pairs,the risk of chain reaction or amplification due to component interaction is identified; and obtaining a special risk report aiming at component interaction, and describing potential risks and suggested protective measures brought by the interaction.
6. The method of claim 1, wherein the screening out high risk points present in the question bank update based on the risk report comprises:
extracting and standardizing risk grade evaluation data in question bank updating; classifying risk class data by using a K-means algorithm, and determining a high risk class; screening high risk records highly relevant to the update of the question bank; training a decision tree model to classify high-risk technical points; traversing the tree structure to extract a decision path and converting the decision path into rules; identifying high-risk technical point attributes and features in the rule; and if the attribute accords with the preset condition, executing data verification to confirm the high risk technical point.
7. The method of claim 1, wherein the processing with One-ClassSVM for high risk technology points, identifying and handling abnormal or unusual high risk technology points, and performing secure encryption processing to ensure security of question bank content, comprises:
extracting a high-risk technical point related data set from a central data storage and preprocessing; identifying abnormal or unusual high-risk technical points by adopting One-class SVM; performing cross-validation to evaluate the effects of the One-class SVM, including adjusting parameters if the effects are poor; filtering the technical points matched with the sensitive vocabulary; recording operations and events related to the high-risk technical points, and performing standardized processing; training an anomaly detection model of an isolated forest algorithm; applying a model to the audit record, marking the abnormal or suspicious record, and manually verifying; feeding back to the model for optimization; and encrypting the safe technical point information.
8. The method of claim 1, wherein the repeating the risk assessment during the question bank update until all technical point risk levels of the question bank content are not high comprises:
acquiring all technical points of the question bank content; determining interaction logic of a technical point needing repeated risk assessment and a new function; executing automatic risk assessment to obtain a risk assessment report of each technical point; screening out high risk points and checking detailed codes; matching the repairing strategy of each high risk point to obtain a specific repairing suggestion; performing risk point repair and verifying effects according to the suggestions; continuously monitoring the running state of the question bank system, and counting related running data; the risk assessment is re-performed until the risk level is not high for all technical points.
9. The method of claim 1, wherein the step of completing the update of the online internet exercise question bank and recording all technical indexes and risk conditions related to the update comprises the steps of:
capturing the topic data to be updated from the online topic database, and ensuring the unification of data formats; cleaning and formatting the captured data; data verification is performed to ensure compliance of the title and options; acquiring the version information of the current question bank and inserting new question data; converting the content of the question bank and training a question label classification model; updating the user interface with the new tag information; triggering a data backup process and automatically generating an update log record.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311430016.1A CN117539875A (en) | 2023-10-31 | 2023-10-31 | Exercise question bank periodic updating on-line management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311430016.1A CN117539875A (en) | 2023-10-31 | 2023-10-31 | Exercise question bank periodic updating on-line management method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117539875A true CN117539875A (en) | 2024-02-09 |
Family
ID=89792865
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311430016.1A Pending CN117539875A (en) | 2023-10-31 | 2023-10-31 | Exercise question bank periodic updating on-line management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117539875A (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120030251A1 (en) * | 2010-07-27 | 2012-02-02 | Wolters Klumer United States Inc. | Computer-implemented system and methods for distributing content pursuant to audit-based processes |
| CN106649223A (en) * | 2016-12-23 | 2017-05-10 | 北京文因互联科技有限公司 | Financial report automatic generation method based on natural language processing |
| CN109753616A (en) * | 2019-01-07 | 2019-05-14 | 深圳中兴网信科技有限公司 | Exam pool resource construction method, system and computer readable storage medium |
| CN113468377A (en) * | 2021-07-01 | 2021-10-01 | 同方知网(北京)技术有限公司 | Video and literature association and integration method |
| CN114647682A (en) * | 2022-04-11 | 2022-06-21 | 北京高途云集教育科技有限公司 | Exercise arrangement method and device, electronic equipment and storage medium |
| WO2022135485A1 (en) * | 2020-12-23 | 2022-06-30 | 花瓣云科技有限公司 | Electronic device, theme configuration method therefor, and medium |
| CN114995342A (en) * | 2022-06-07 | 2022-09-02 | 深圳市桑达无线通讯技术有限公司 | C3 wireless communication timeout analysis method and system based on big data technology |
| WO2022232791A1 (en) * | 2021-04-27 | 2022-11-03 | Digital Seat Media, Inc. | Interactive and dynamic digital event program |
| CN115391316A (en) * | 2022-07-27 | 2022-11-25 | 湖南工商大学 | Financial risk tracking management system, equipment and storage medium based on big data |
| CN116882735A (en) * | 2023-06-28 | 2023-10-13 | 刘汉波 | Chemical risk correction early warning method based on process safety index |
-
2023
- 2023-10-31 CN CN202311430016.1A patent/CN117539875A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120030251A1 (en) * | 2010-07-27 | 2012-02-02 | Wolters Klumer United States Inc. | Computer-implemented system and methods for distributing content pursuant to audit-based processes |
| CN106649223A (en) * | 2016-12-23 | 2017-05-10 | 北京文因互联科技有限公司 | Financial report automatic generation method based on natural language processing |
| CN109753616A (en) * | 2019-01-07 | 2019-05-14 | 深圳中兴网信科技有限公司 | Exam pool resource construction method, system and computer readable storage medium |
| WO2022135485A1 (en) * | 2020-12-23 | 2022-06-30 | 花瓣云科技有限公司 | Electronic device, theme configuration method therefor, and medium |
| WO2022232791A1 (en) * | 2021-04-27 | 2022-11-03 | Digital Seat Media, Inc. | Interactive and dynamic digital event program |
| CN113468377A (en) * | 2021-07-01 | 2021-10-01 | 同方知网(北京)技术有限公司 | Video and literature association and integration method |
| CN114647682A (en) * | 2022-04-11 | 2022-06-21 | 北京高途云集教育科技有限公司 | Exercise arrangement method and device, electronic equipment and storage medium |
| CN114995342A (en) * | 2022-06-07 | 2022-09-02 | 深圳市桑达无线通讯技术有限公司 | C3 wireless communication timeout analysis method and system based on big data technology |
| CN115391316A (en) * | 2022-07-27 | 2022-11-25 | 湖南工商大学 | Financial risk tracking management system, equipment and storage medium based on big data |
| CN116882735A (en) * | 2023-06-28 | 2023-10-13 | 刘汉波 | Chemical risk correction early warning method based on process safety index |
Non-Patent Citations (1)
| Title |
|---|
| 张月等: ""教育数字化转型背景下高职院校在线课程数字资源开发与应用研究"", 《教育与职业》, 31 January 2023 (2023-01-31), pages 87 - 94 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021088724A1 (en) | Testing method and apparatus | |
| Zanaty et al. | An empirical study of design discussions in code review | |
| Moran et al. | Detecting and summarizing GUI changes in evolving mobile apps | |
| CN107251024A (en) | Tracking and data generation are performed for diagnosing the data base querying of executive problem | |
| Kleiner et al. | Automated grading and tutoring of SQL statements to improve student learning | |
| Mori et al. | Evaluating domain-specific metric thresholds: an empirical study | |
| US20080269921A1 (en) | System and Method for Providing Support Assistance | |
| US20160328986A1 (en) | Systems, methods and devices for call center simulation | |
| CN107340954A (en) | A kind of information extracting method and device | |
| CN112433948A (en) | Simulation test system and method based on network data analysis | |
| Paiva et al. | Test case generation based on mutations over user execution traces | |
| Martino et al. | Temporal outlier analysis of online civil trial cases based on graph and process mining techniques | |
| Sousa et al. | An exploratory study on cooccurrence of design patterns and bad smells using software metrics | |
| Caton et al. | What fails once, fails again: Common repeated errors in introductory programming automated assessments | |
| Nie et al. | A systematic mapping study for graphical user interface testing on mobile apps | |
| Anuar et al. | A simplified systematic literature review: Improving Software Requirements Specification quality with boilerplates | |
| de Gier et al. | Offline oracles for accessibility evaluation with the TESTAR tool | |
| CN117539875A (en) | Exercise question bank periodic updating on-line management method | |
| Biffl et al. | Building Empirical Software Engineering Bodies of Knowledge with Systematic Knowledge Engineering. | |
| Luke | Continuously collecting software development event data as students program | |
| Wu et al. | Automated identification of uniqueness in junit tests | |
| CN114529134A (en) | Examination question management system, platform, terminal and method for electric power post evaluation | |
| Su et al. | Constructing a system knowledge graph of user tasks and failures from bug reports to support soap opera testing | |
| Vaidya et al. | Business intelligence system for banking and finance | |
| TWI797541B (en) | Interactive record parsing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: No. 231 Helong Qi Road, Renhe Town, Baiyun District, Guangzhou City, Guangdong Province, 510000 (Airport Baiyun) Applicant after: Guangdong North District Technology Co.,Ltd. Address before: Room 101, Building A1, Block A, Xueshan Cultural and Creative Valley, No. 79 Xueshantang Street, Yongping Street, Baiyun District, Guangzhou City, Guangdong Province, 510000 Applicant before: Guangdong North District Education Technology Co.,Ltd. Country or region before: China |