CN113282654A - System fusion system based on non-network penetration - Google Patents

System fusion system based on non-network penetration Download PDF

Info

Publication number
CN113282654A
CN113282654A CN202110561175.XA CN202110561175A CN113282654A CN 113282654 A CN113282654 A CN 113282654A CN 202110561175 A CN202110561175 A CN 202110561175A CN 113282654 A CN113282654 A CN 113282654A
Authority
CN
China
Prior art keywords
module
database
network
instruction
closed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110561175.XA
Other languages
Chinese (zh)
Other versions
CN113282654B (en
Inventor
钟月珠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202110561175.XA priority Critical patent/CN113282654B/en
Publication of CN113282654A publication Critical patent/CN113282654A/en
Application granted granted Critical
Publication of CN113282654B publication Critical patent/CN113282654B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/252Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor

Abstract

The invention discloses a system fusion system based on non-network penetration, which comprises a closed business system presentation layer operation program module and a database external access agent service module, wherein the closed business system presentation layer operation program module is connected with a KVB (KVB) docking equipment I, a closed business system business layer rear-end service module, a database and a network flow audit module, the KVB docking equipment I is connected with an artificial intelligent video image decoding and identifying module, and the artificial intelligent video image decoding and identifying module is connected with a screen behavior data module. Has the advantages that: under the condition of not destroying the safety of a closed network of the original system, establishing an interface interaction model based on a presentation layer, and acquiring a corresponding data item; under the condition of not destroying the safety of a closed network of the original system, a network instruction model based on network instructions of a service layer and a data layer is established, and data in the network instruction model is extracted through corresponding instruction analysis.

Description

System fusion system based on non-network penetration
Technical Field
The invention relates to the technical field of system fusion in the IT industry, in particular to a system based on non-network penetration system fusion.
Background
The invention adopts non-network technical means to realize the butt-joint fusion of two systems without physical network butt-joint, and currently, the design which can be used as potential reference is temporarily unavailable, so the invention is named as 'a system fusion method based on non-network penetration'
Specifically, the system automatically analyzes the implementation logic of the target scene based on the natural language of Chinese, and then automatically generates program codes based on the technical standard of a programming language.
The present invention is equivalent to a machine tool in machine manufacturing industry, and has no concept as a precedent, so that the present invention is named as "non-network penetration system fusion".
The current mainstream system fusion method can not get rid of the common fusion mode basically no matter what language is adopted for the system to realize fusion: (1) fusing database interfaces; (2) fusing system interfaces; (3) code embedding and fusing; (4) and (6) exporting and carrying data. The method for integrating the systems is based on the mutual cooperation of the two parties, the original system provides interfaces, codes, transformation, access rights and other methods, and except that the 'data export and transportation' can be realized only by requiring the network communication of the two parties.
Because the current systems of a plurality of owner units are more and more, the network security requirement is continuously improved, and the capital budget is tense, but the expected standard of the subsequent informatization system construction is continuously improved, and the newly-built system is often required to be fused with the original system. The very common situation is: (1) the original system cannot be modified in a matching way and cannot provide an interface for various reasons, and finally, the result of coordination can only obtain the account number and the password (not the account number and the password of the database) of the service operator of the original system; (2) the original system needs to continue to work normally, and internal data determines that even if a set of new replacement system with complete functions is newly built, the new replacement system cannot meet the business requirements of owners under the condition that the data of the original system is not obtained; (3) the original system is in a closed network, and the subsequent new informatization system needs to break through a plurality of closed networks to realize the butt joint with a plurality of original systems, so that a large data center is established, but the safety of the original closed network cannot be influenced. In this case, often, the system convergence work cannot be carried out directly because the suppliers of the original systems have died or the technical teams thereof have left their jobs; even if the original supplier can provide technical support, the difficulty of coordination work and the rapid rise of budget of invested funds, the owner unit is also overloaded, and the project implementation difficulty is extremely large.
The invention can effectively solve the problems: (1) under the condition of not destroying the safety of a closed network of the original system, the audit of the original system is realized; (2) under the condition of not destroying the safety of a closed network of the original system, establishing an interface interaction model based on a presentation layer, and acquiring a corresponding data item; (3) under the condition of not destroying the safety of a closed network of the original system, a network instruction model based on network instructions of a service layer and a data layer is established, and data in the network instruction model is extracted through corresponding instruction analysis; (4) under the condition of not destroying the safety of a closed network of an original system, a database model based on a data layer is established, and data of a database network instruction is obtained; (5) under the condition that the original system architecture allows, a database proxy server is established, and an external system is allowed to directly acquire data in the original system database through a non-network penetration mode. (6) Based on the various capabilities, the capabilities of KVB simulation operation fusion, database docking fusion and presentation layer reconstruction fusion are provided.
Through the realization of the system, the problems of programming language, interface service, system transformation, original system supplier support, database password hiding protection and the like of the original system can be ignored in the scene of system fusion, and non-network penetration is directly realized under the condition of not destroying the safety of a closed network of the original system, so that the system fusion is realized.
An effective solution to the problems in the related art has not been proposed yet.
Disclosure of Invention
The present invention is directed to a system based on non-network penetration system fusion, so as to solve the problems in the background art.
In order to achieve the purpose, the invention provides the following technical scheme: a system based on non-network penetration system fusion comprises a closed business system presentation layer operation program module and a database external access agent service module, wherein the closed business system presentation layer operation program module is connected with a KVB butt joint device I, a closed business system business layer rear end service module, a database and a network flow auditing module, the KVB butt joint device I is connected with an artificial intelligent video image decoding and identifying module, the artificial intelligent video image decoding and identifying module is connected with a screen behavior data module, the closed business system business layer rear end service module is connected with a closed business system database module, the closed business system business layer rear end service module is connected with the database and the network flow auditing module, the database and the network flow auditing module are connected with a network flow data and database instruction primary flow module, the network flow data and database instruction primary flow module and the screen behavior data module are both connected with a merging analysis module, the merging analysis module is connected with an interface interaction element judgment module and a network instruction element judgment module, the network flow data and database instruction primary flow module is also connected with a database instruction element judgment module, the database instruction element judgment module is connected with a database element module, the database element module is connected with a database model module, the interface interaction element judgment module is connected with an interface interaction element module, the interface interaction element module is connected with an interface interaction primary flow module, the interface interaction primary flow module is connected with an interface interaction path diagram intelligent analysis module, the interface interaction path diagram intelligent analysis module is connected with an interface interaction model module, the network instruction element module is connected with a network instruction primary flow module, the network instruction primary flow module is connected with an instruction packet slice matching intelligent analysis module, the instruction subpackaging slice matching intelligent analysis module is connected with a network instruction model module, the database model module, the interface interaction model module and the network instruction model module are all connected with a cross intelligent analysis module, the cross intelligent analysis module is connected with a closed service system model module, the closed service system model module is connected with a presentation layer reconstruction fusion module, a database butt-joint fusion module and a KVB simulation operation fusion module, the database external access proxy service module is connected with a KVB docking device II, the KVB docking device II is connected with a database internal proxy module, the database internal agent module is connected with the database module of the closed service system.
Furthermore, the closed service system presentation layer operation program module is connected with a KVB first docking device through a KVB.
Further, the database element module comprises a database type module, a database instance module, the database account module, an adding, deleting, modifying and checking type module, a database table module, a database field module and a data recording module.
Further, the interface interaction element module comprises an interface window, a user operation event, an interface input item and an interface output item.
Further, the network instruction element module comprises an instruction sub-packaging module, an instruction category segmentation module, an instruction content segmentation module and an instruction pairing module.
Further, the KVB second docking equipment is connected with the database internal agent module through the KVB.
Compared with the prior art, the invention has the following beneficial effects:
(1) under the condition of not destroying the safety of a closed network of the original system, the audit of the original system is realized;
(2) under the condition of not destroying the safety of a closed network of the original system, establishing an interface interaction model based on a presentation layer, and acquiring a corresponding data item;
(3) under the condition of not destroying the safety of a closed network of the original system, a network instruction model based on network instructions of a service layer and a data layer is established, and data in the network instruction model is extracted through corresponding instruction analysis;
(4) under the condition of not destroying the safety of a closed network of an original system, a database model based on a data layer is established, and data of a database network instruction is obtained;
(5) under the condition that the original system architecture allows, a database proxy server is established, and an external system is allowed to directly acquire data in the original system database through a non-network penetration mode.
Based on the various capabilities, the capabilities of KVB simulation operation fusion, database docking fusion and presentation layer reconstruction fusion are provided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a system architecture diagram of a non-network penetration based system convergence, in accordance with an embodiment of the present invention;
FIG. 2 is a system network architecture diagram of a non-network penetration based system convergence, according to an embodiment of the present invention;
FIG. 3: the login window of the embodiment interface frame;
FIG. 4: example warehouse shelf management of interface frames;
FIG. 5: example interface frame for new warehouse and shelf;
FIG. 6: the new shelf interval of the interface frame of the embodiment;
FIG. 7: example modification of the interface frame shelf spacing;
FIG. 8: the material summary query of the interface frame is implemented;
FIG. 9: implementing the replenishment warehousing management of the interface frame;
FIG. 10: example new article warehousing management of interface frames;
FIG. 11: implementing the material availability management of the interface frame;
FIG. 12: the embodiment is a login window login button HTTP network command request of the network command;
FIG. 13: the login window login button of the network command of the embodiment is HTTP network command response success;
FIG. 14: the login window login button of the network command of the embodiment fails to respond to the network command HTTP;
FIG. 15: the embodiment is a login window login button TCP/JSON network instruction request of a network instruction;
FIG. 16: the login window login button TCP/JSON network command response of the network command of the embodiment is successful;
FIG. 17: the embodiment has failed to respond to the network command by the login window login button TCP/JSON network command;
FIG. 18: the database requests to inquire a password corresponding to the account;
FIG. 19: the database returns the result of inquiring the account number and the password;
FIG. 20: database instance information;
FIG. 21: database operation information;
FIG. 22: summarizing database operation information;
FIG. 23: establishing a database model t _ account;
FIG. 24: control elements of the login interface;
FIG. 25: a system interface area of the login interface;
FIG. 26: logging in the characteristic data of the interface;
FIG. 27 is a schematic view showing: a node flow diagram of an internal warehouse management system;
FIG. 28: a network command model;
FIG. 29: the interface interaction network instruction database instruction corresponds to the interface interaction network instruction database instruction;
FIG. 30: data records of the closed business system model.
Reference numerals:
110. a closed service system shows a layer operation program module; 120. a back-end service module of a business layer of a closed business system; 130. a database module of a data layer of a closed service system; 140. a database and a network flow auditing module; 150. a database internal agent module; 210. KVB first butt joint equipment; 211. a KVB docking device II; 310. an artificial intelligent video image decoding and identifying module; 410. a screen behavior data module; 420. a network flow data and database instruction primary flow module; 510. a merging analysis module; 610. an interface interactive element judgment module; 611. an interface interaction element module; 620. a network instruction element decision module; 621. a network instruction element module; 630. a database instruction element judgment module; 631. a database element module; 710. interface interaction primary flow module; 720. a network instruction primary flow module; 810. an interface interaction path diagram intelligent analysis module; 820. an instruction subpackage slice matching intelligent analysis module; 910. an interface interaction model module; 920. a network instruction model module; 930. a database model module; 1010. a cross intelligent analysis module; 1110. a closed business system model module; 1210. a presentation layer reconstruction fusion module; 1220. a database docking and fusing module; 1230. a KVB simulation operation fusion module; 1240. the outside of the database accesses the proxy service module.
Detailed Description
The invention is further described with reference to the following drawings and detailed description:
example (b):
referring to fig. 1-30, a system for non-network-penetration-based system fusion according to an embodiment of the present invention includes a closed service system presentation layer operating program module 110 and a database external access proxy service module 1240, where the closed service system presentation layer operating program module 110 is connected to a KVB docking device 210, a closed service system service layer back-end service module 120, and a database and network traffic auditing module 140, the KVB docking device 210 is connected to an artificial intelligence video image decoding and identifying module 310, the artificial intelligence video image decoding and identifying module 310 is connected to a screen behavior data module 410, the closed service system service layer back-end service module 120 is connected to a closed service system database module 130, and the closed service system service layer back-end service module 120 is connected to the database and network traffic auditing module 140, the database and network traffic auditing module 140 is connected with a network traffic data and database instruction primary flow module 420, the network traffic data and database instruction primary flow module 420 and the screen behavior data module 410 are both connected with a merge analysis module 510, the merge analysis module 510 is connected with an interface interaction element determination module 610 and a network instruction element determination module 620, the network traffic data and database instruction primary flow module 420 is further connected with a database instruction element determination module 630, the database instruction element determination module 630 is connected with a database element module 631, the database element module 631 is connected with a database model module 930, the interface interaction element determination module 610 is connected with an interface interaction element module 611, the interface interaction element module 611 is connected with an interface interaction primary flow module 710, the interface interaction primary flow module 710 is connected with an interface interaction path diagram intelligent analysis module 810, the interface interaction path diagram intelligent analysis module 810 is connected with an interface interaction model module 910, the network instruction element module 621 is connected with a network instruction primary flow module 720, the network instruction primary flow module 720 is connected with an instruction subpackaging slice matching intelligent analysis module 820, the instruction subpackaging slice matching intelligent analysis module 820 is connected with a network instruction model module 920, the database model module 930, the interface interaction model module 910 and the network instruction model module 920 are all connected with a cross intelligent analysis module 1010, the cross intelligent analysis module 1010 is connected with a closed service system model module 1110, the closed service system model module 1110 is connected with a presentation layer reconstruction fusion module 1210, a database butt fusion module 1220 and a KVB simulation operation fusion module 1230, the database external access proxy service module 1240 is connected with a second KVB docking device 211, the second KVB docking device 211 is connected with a database internal proxy module 150, and the database internal proxy module 150 is connected with the data layer database module 130 of the closed service system.
The "closed service system presentation layer operating program module 110" represents an interface interactive system for service personnel to operate on a front-end operating terminal of an original system in a closed network. The "back-end service module 120 of the service layer of the closed service system" represents a back-end service in a closed network, and mainly receives a network instruction from a front-end interface interactive system, processes the network instruction according to service logic, and then requests a database of the data layer to perform data operation through the network instruction. The "closed business system database module 130" represents a database in a closed network, and mainly accepts network commands for data operations from business layer backend services and then changes data in the persistent data store.
The database and network traffic auditing module 140 is a standardized product in the current information security industry, and can be divided into two independent products: 1, database audit; 2, network flow auditing. The database auditing function of the module monitors all network instructions of a target database in the monitored network environment, and obtains specific operation instructions by analyzing the protocol. The network traffic auditing function of the module monitors and records network traffic data messages which meet the conditions, such as source, target, protocol and the like, in the monitored network environment.
After the database audit obtains the "network traffic data and database command primary flow module 420", a complete "database model module 930" can be built step by step through accumulated learning through the following series of steps.
a) The database audit can capture the database operation request sent by the closed service system service layer back-end service module 120 to the closed service system database module 130, referring to: FIG. 18: the database requests to query the password corresponding to the account, and may capture the database operation result returned from the database module 130 of the closed service system to the back-end service module 120 of the service layer of the closed service system, please refer to: FIG. 19: the database returns the result of inquiring the account number and the password. Database auditing can be realized by capturing relevant information of a database instance used by database connection corresponding to a database operation request, and referring to the following steps: FIG. 20: database instance information.
b) The "database command element determination module 630" determines whether the network traffic data and database command elementary stream module 420 "is the same as the database operation request: FIG. 18: the database requests to query the password corresponding to the account and the database operation result, please refer to: FIG. 19: the database returns the result of inquiring the account number and the password for syntactic analysis, and further database operation detail information is obtained by referring to: FIG. 21: database operation information. After the database instance information and the database operation information are correspondingly merged, the "database element module 631" may be obtained to include the following key information: the database type, the database example, the database account number, the adding, deleting, modifying and checking type, the database table, the database field and the database record.
c) Collecting the captured database operation requests and the corresponding database operation results according to database examples and database tables, summarizing the operation requests and the operation results corresponding to the same database table together, and referring to the following steps: FIG. 22: summarizing database operation information, and forming a basically complete database table structure model by acquiring all acquired fields through the collection and combination operation of all the fields; modeling and collecting the obtained records of each database operation, obtaining corresponding records in the whole audit period, and recording the records into a data table to form data records, so as to form a database table model with the data records, please refer to: FIG. 23: and establishing a database model t _ account.
For the operation process of the "closed service system presentation layer operation program module 110", under the condition of keeping the security of network isolation, the video signal of the computer where the closed service system presentation layer operation program module is located is obtained through the "KVB docking device one 210", and under the condition of monitoring to obtain data in a single direction, only the computer corresponding to the "closed service system presentation layer operation program module 110" needs to be docked by a video interface, and the data in the single direction is output to the computer where the "artificial intelligent video image decoding and identifying module 310" is located. Then, through the following series of steps, a complete "interface interaction model module 910" can be built up step by step through accumulated learning.
a) The "artificial intelligence video image decoding and identifying module 310" will capture all the data displayed on the screen of the computer where the closed business system display layer operation program module 110 "is located, obtain the data of the corresponding frame after decoding, and then obtain the feature data in the frame picture through the capability of artificial intelligence image identification, including but not limited to: region segmentation of the screen, window boundaries please refer to the window concept programmed by the core of the Windows operating system, control elements Header, font, minimize icon, zoom icon, close icon, prompt text, input component input box, drop-down box, check box, etc., output component text, text box, form, picture, and other common interface interaction components. The data captured in the login window corresponding to the interface frame of the embodiment of fig. 3 can be analyzed to obtain the following screen behavior data as reference: FIG. 24: control elements of the login interface, FIG. 25: system interaction interface area of login interface, fig. 26: logging in the characteristic data of the interface.
b) After the recognition is completed, the description of the interface interaction content is formed through a digital format, and the information is named as a screen behavior data module 410 as follows: logging in the characteristic data of the interface.
c) The merge analysis module 510 captures, decodes and identifies the interface frame of the embodiment of fig. 3, the login window of the interface frame of the embodiment of fig. 3, the warehouse shelf management of the interface frame of the embodiment of fig. 4, the newly built warehouse and shelf of the interface frame of the embodiment of fig. 5, the newly built shelf interval of the interface frame of the embodiment of fig. 6, the modified shelf interval of the interface frame of the embodiment of fig. 7, the material summary query of the interface frame of the embodiment of fig. 8, the replenishment warehousing management of the interface frame of the embodiment of fig. 9, the new warehousing management of the interface frame of the embodiment of fig. 10, and the material receiving management of the interface frame of the embodiment of fig. 11, all completely, and analyzes the feature data therein successfully. And obtaining corresponding process node login windows, warehouse shelf management, newly-built warehouse shelves, newly-built shelf intervals, modification of shelf intervals, material query and summary, replenishment warehousing management, new product warehousing management and material utilization management through model induction of browser window titles and corresponding characteristic data of each interface. In the process, the interface interaction element determination module 610 continuously accumulates and learns the acquired interface data to gradually form an accurate list of interface interaction elements, forms a determination rule with high reliability for the screen behavior data and the interface interaction characteristics corresponding to each process node, and obtains determination with high accuracy for an interface window area of each node, user operation event button clicking, menu clicking, inputting, and other types of operations, interface input items and interface output items, so as to form a data record of the interface interaction element module 611.
d) The interface interaction elementary flow module 710 is a time sequence record of each node in the whole operation process, and forms the same kind of terms after summarizing each node: and a plurality of 'warehouse shelf management' interfaces which appear before and after are all summarized into 'warehouse shelf management' link nodes, and transformation event button click events and menu click events in the 'warehouse shelf management' link nodes are classified and linked.
e) The "intelligent analysis module 810 for interface interaction path diagram" can establish a flow chart of each node by summarizing the mouse click event of the interface operation process of each node through the mouse cursor stay, the button form change and the menu form change in combination with the logic judgment of interface transformation, and summarizing the same button or menu of the same type of click event, please refer to: fig. 27 is a node flow diagram of an internal warehouse management system, thereby obtaining an "interface interaction model module 910".
After the network flow audit obtains the network flow data and database instruction primary flow module 420, through the following series of steps, a complete network instruction model module 920 can be gradually established through accumulation learning.
a) The network traffic audit can capture the network traffic data packet sent by the closed service system presentation layer operating program module 110 to the closed service system service layer back-end service module 120, please refer to: fig. 12 is a login window login button HTTP network command request, fig. 15: the login window login button TCP/JSON network instruction request can capture the network traffic data packet request reference returned by the "closed service system service layer back-end service module 120" to the "closed service system presentation layer operating program module 110": FIG. 13: login window login button HTTP network command response is successful, fig. 16: login window login button TCP/JSON network command response is successful, fig. 17: the login window login button TCP/JSON network instruction response fails. In this process, a "network traffic data preliminary flow" in the "network traffic data and database instruction preliminary flow module 420" is formed.
b) The general network command sub-packets have clear and repetitive separation. Such as HTTP commands, contain a request and a corresponding response through the establishment of a connection. Such as TCP commands, over a long connection, there are obvious "go-back" sequence pairs of "request-response" in timing when access pressure is low. Such as TCP commands, for a long connection, where there is No-Delay concurrent interaction, each complete command would have a specific start, end tag such as '\ x 01' tag start, '\ x 01' tag end, or a specific format header such as < Cmd:4Bytes > < Serial:4Bytes > < Len:4Bytes > followed by a corresponding length of < Body dy: N Bytes >.
c) A general network command has strict syntax rules for the segments in the command. Such as HTTP requests, are classified as explicit Header, Body. And wherein the Header uses "Header itemmame + ', ' n ' + ' \\ r '" to assemble each packet.
d) A general network command has strict syntax rules for the segments in the command. For example, the JSON format takes "Key-Value grouping" as a basic unit, and then the basic unit is encapsulated layer by layer through a tree structure.
e) The system can identify the instruction of the target system by accumulating the decoding standards of various common instruction packaging modes or by manual assistance and specifying the data packet decoding rule through the rule.
f) By comparing and classifying the instructions captured by the same target system, the system can identify command word segments therein such as: FIG. 12 is a URL Command word "POST/system/Login" requested by the Login window Login button HTTP network Command, and FIG. 15 is a "Command": Login "requested by the Login window Login button TCP/JSON network Command.
g) Through comparison and classification of the same type of command word instructions captured by the same target system, parameter segments such as 'UserName': 'administerer', 'passed': 'Pwd _ 123456' requested by a login window login button TCP/JSON network instruction of FIG. 15 can be identified.
h) The instruction pairing refers to matching a group of 'request-response', and corresponding pairing is mainly performed according to the protocol type. HTTP uses direct pairing of requests and responses within a session. TCP performs a "request-response" pairing in time sequence if it determines that DELAY mode is being used. TCP should be paired with sequence + < Serial > packet sequence numbers if it is determined that NO-DELAY mode is used. There are other pairing logics, which are set according to the corresponding rules.
i) The "merge analysis module 510" first forms a basic network instruction element judgment based on the above-mentioned method of sub-packaging and segmenting, and generates a corresponding data instruction sub-package, instruction category segmentation, instruction content segmentation, and instruction pairing of the "network instruction element module 621" for each network instruction.
j) After all network instruction data are preliminarily identified, all parameter segments of instruction contents are not required to be identified temporarily, and instruction sub-packets, instruction categories, namely command types, instruction contents, namely instruction data loads, and instruction pairing are mainly completed, so that the network instruction primary flow module 720 can be formed.
k) The "instruction packet slice matching intelligent analysis module 820" needs to rely on the "interface interaction primary pipeline module 710" to compare the time sequence record of each node in the whole operation process, the interface window, the user operation event, the interface input item and content, the interface output item and content of each node of the "interface interaction element module 611" corresponding to the node, and the parameter segment of the request instruction packet of the network instruction corresponding to the data of the "interface interaction element module 611", especially the content of the input item, with the grouping rule of the current instruction packet, especially the parameter segment of the response instruction packet of the network instruction corresponding to the content of the output item. For example, "administeror" in "UserName" in the login window login button TCP/JSON network command request of fig. 15, will correspond to the data "administeror" of the entry "login account" in the login window of the interface frame of the embodiment of fig. 3. If the input item 'login Password' in the login window of the interface frame in the embodiment of fig. 3 is displayed in the clear text instead of the interactive manner of 'star encryption', the input item 'login Password' corresponds to 'passed' in the network instruction request 'Pwd _ 123456'.
l) through the above process, pairing the network instructions that can form commonalities to form a "network instruction model module 920" please refer to: FIG. 28 network command model.
The "cross intelligent analysis module 1010" performs inspection and analysis on the currently obtained interface interaction model module 910, the corresponding interface interaction preliminary flow module 710, the network instruction model module 920, the network instruction preliminary flow module 720, the database model, the network traffic data and database instruction preliminary flow module 420 and other data based on the time sequence, and then forms a "closed business system model module 1110".
a) According to the fact that the running water occurrence time with high precision is accurate to millisecond or higher precision, based on information such as classification of operation events of all nodes on the interface interaction model, instruction category segmentation of network instructions of the network instruction model, increasing and deleting modification types/database tables/database fields of database operation information of the database model, the corresponding relation between the interface interaction operation event, the network instructions and the database instructions can be obtained through comparison of distribution convergence corresponding relation. The corresponding relationship between the network command database command and the interface of fig. 29 can be referred to. After formatting the data records of the relationship between the three, a further data model closed business system model module 1110 can be obtained, which can refer to the data records of the closed business system model of fig. 30.
b) Based on the data record of the closed service system model module 1110, the interface communication running water, the network instruction running water and the database instruction running water in the running process of the closed system are all identified and summarized, and correspond to the standardized record of the closed service system model module 1110, and then the running time, the parameter data, the result data and the like in the running water are stored in an associated manner, so that the complete record for retrospective tracing and analog reproduction can be obtained.
Based on the obtained "closed service system model module 1110", the following multiple reconstructions can be developed to realize system module replacement at different levels and realize fusion access to the original system.
a) The "presentation layer reconstruction fusion module 1210" uses the "interface interaction model module 910" as an interface prototype according to the content of interface interaction in the "closed service system model module 1110", and can reconstruct corresponding presentation layer codes by methods such as manual writing or low code generation, so as to achieve basic matching, complete the main input and output items in the "interface interaction model module 910", and submit the corresponding input and output elements to the data thereof and other operation events such as: mouse click, button submission and the like, and the input events are called correspondingly to the corresponding instructions in the network instruction model module 920, and the output time is as follows: the content in the text box updates the corresponding instruction response instruction in the corresponding network instruction model module 920 ″. Based on the system model obtained before, the system reconstruction can be realized by reconstructing codes of the presentation layer and integrating the original network instructions and the original database.
b) The database docking and merging module 1220 combs out the service logic according to the interface interaction model, the network instruction model, the database model and the corresponding relationship among the three in the closed service system model module 1110 to form a design document for the current closed service system. Based on the design document, the original interface interaction code and network instruction code can be abandoned, based on the current new technical architecture and the available frame code, the service presentation layer interaction and the network instruction interaction are realized again, the existing data of the original system is carried through the new database access frame or API, and the original service system is replaced by the new service system. By the implementation mode, the simultaneous access of the original closed service system and the reconstruction of the newly implemented service system to the same database can be supported. By the implementation mode, the limitation that codes of an original closed service system are not opened and secondary development cannot be carried out can be completely eliminated, corresponding service functions can be expanded according to needs in reconstructing a newly-implemented service system, and even new data objects are added in an original database, so that the original system is subjected to brand-new expansion on the service functions.
c) The KVB simulation operation fusion module 1230 does not replace any code module in the original closed service system, but operates the original closed service system by concurrently or instead inputting a keyboard, a mouse and an output image of an output screen, and simulating the input of the keyboard and the mouse through a proxy computer. The control program of the agent computer is driven based on the obtained "closed business system model module 1110". After the interface interaction model module 910 forms a model, it confirms that the operation process covering the original closed service system is covered, and after further normalization, clearly combs the interface content identification rule output by the key process node, the input interface operation area, the corresponding operation result branch operation success and operation failure, and forms a clear state machine flow chart of the data-driven logic script similar to a compiler, so that the control program specially designed can be understood and executed. The control program designs an external interface API according to the service flow of the closed service system, and appoints a fusion operation instruction for the closed service system, such as: 1 inserting a new data record into the closed business system; 2, inquiring the existing data record in the closed service system according to the condition; and 3, modifying a certain data record in the closed service system. The control program allows another system to initiate a command to the control program through an external interface API, receives a command, understands the command and executes the command within the range appointed by the interface API, and the execution of the command influences the closed service system, so that the docking of the closed service system is realized through an agent mode. The control program realizes input in the presentation layer interaction of the closed business system by simulating the input events of the keyboard and the data, thereby driving the closed business system to execute the business behavior of the preset logic and outputting the operation result data through the preset logic, and the control program reads and identifies the output operation result data through identifying the screen output image and then responds to another business system through an interface API.
The "database external access agent service module 1240" is mainly based on the "database model module 930" in the "closed business system model module 1110", and is based on the standardization of the database, so that the "access agent service" can be more easily provided in a standardized framework.
a) First, the number of the database systems in the current mainstream is very limited, and even if the versions of the databases of the same manufacturer are different, the data in the databases can be operated by using the interface API of the latest version. Even if a database of one vendor needs to use different versions of the interface API because of the difference in version, the number is within a controllable range.
b) Based on the "database model module 930", the version of the database, the access account and password of the database instance, and the relevant connection parameters of the database instance are already available.
c) The current mainstream databases basically support dynamic access based on the technology of "database dynamic SQL" or by the technology of self-assembling SQL statements.
d) The "database internal agent module 150" is an agent program specially developed for network security and possible network security constraints of the database, such as allowing only computers from specific sources to use a certain access account and credential, and is specially used for running in the environment of a closed business system, so as to obtain a legal computer network node environment, thereby ensuring that subsequent database access can be normally performed. The "database internal agent module 150" may execute specific database operation logic compiled after analysis according to the business logic of the "closed business system model module 1110", such as: the 'dynamic SQL' can also be executed for copying the operation logic of a certain original database, or for combining the operation logics of a plurality of original databases, and the like. The "database internal agent module 150" can directly receive the call request of other service systems through the network interface API when the closed service system does not need special network constraint. The "database internal agent module 150" supports that in order to ensure that the network security of the closed service system is not affected, the call of the external system is accepted through the "KVB docking device two 211". When in the KVB docking mode, the external system simulates input events of a keyboard and a mouse, and request parameters needing to be transmitted are as follows: the dynamic SQL statements required by the call are transferred to a specific interface interaction module of the "database internal agent module 150", such as: a text box and input by specific convention such as: in semicolon "; "end; mouse click button "execute"; informing the "database internal agent module 150" that the request has been delivered. And when the KVB is in the butt joint mode, the external system identifies the execution result of the calling request and extracts result data through monitoring and analyzing the output image of the output screen. For the case of large output data volume, the database internal agent module 150 outputs data in the conventional manners of "text box with scroll bar", "form with page turning", and the like, and the external system needs to further invoke events of the mouse and the keyboard after analyzing the output image of the output screen to trigger consolation of scroll bar movement, page turning, and the like to obtain subsequent data.
The "database external access proxy service module 1240" mainly accomplishes the following work: 1, communicating a computer where the database internal agent module 150 is located through a KVB docking device II 211, and simulating operation events of a mouse and a keyboard according to current operation requirements and sending the operation events to the computer where the database internal agent module 150 is located; monitoring screen image data of the database internal agent module 150 through a KVB docking device II 211, and analyzing in real time to obtain data; 2 monitoring whether the target computer has started the 'database internal agent module 150', if not, starting the 'database internal agent module 150' of the target computer by simulating the operation events of a mouse and a keyboard through remote operation time; 3 waiting for the database internal agent module 150 to start and confirming that the connection is accessed to the target database; 4, providing a proxy service API, and receiving an access request of an external system according to the API; based on appointed copy of an original database operation logic, or combination of original database operation logics, etc., sending an access request to a database internal agent module 150 for execution, analyzing execution result data into digital data after monitoring and acquiring the execution result, and responding to an external system; based on the dynamic SQL, receiving an operation request SQL statement of an external system, sending an access request to a database internal agent module 150 for execution, analyzing execution result data into digital data after monitoring and obtaining an execution result, and responding to the external system; and 5, forming a database mirror image locally based on the database model, extracting all records of all database tables of the database in the closed business system through the database internal agent module 150 in a mode of periodic traversal, storing the records in the local database, and providing the records to an external system for access through the local database.
By means of the above-mentioned solution of the present invention,
(1) under the condition of not destroying the safety of a closed network of the original system, the audit of the original system is realized;
(2) under the condition of not destroying the safety of a closed network of the original system, establishing an interface interaction model based on a presentation layer, and acquiring a corresponding data item;
(3) under the condition of not destroying the safety of a closed network of the original system, a network instruction model based on network instructions of a service layer and a data layer is established, and data in the network instruction model is extracted through corresponding instruction analysis;
(4) under the condition of not destroying the safety of a closed network of an original system, a database model based on a data layer is established, and data of a database network instruction is obtained;
(5) under the condition that the original system architecture allows, a database proxy server is established, and an external system is allowed to directly acquire data in the original system database through a non-network penetration mode.
Based on the various capabilities, the capabilities of KVB simulation operation fusion, database docking fusion and presentation layer reconstruction fusion are provided.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (6)

1. A system based on non-network penetration system fusion is characterized by comprising a closed business system presentation layer operation program module (110) and a database external access agent service module (1240), wherein the closed business system presentation layer operation program module (110) is connected with a KVB (KVB) docking equipment I (210), a closed business system business layer back-end service module (120) and a database and network flow auditing module (140), the KVB docking equipment I (210) is connected with an artificial intelligent video image decoding and identifying module (310), the artificial intelligent video image decoding and identifying module (310) is connected with a screen behavior data module (410), the closed business system business layer back-end service module (120) is connected with a closed business system data layer database module (130), and the closed business system business layer back-end service module (120) is connected with the database and the network flow auditing module (140), the database and network flow auditing module (140) is connected with a network flow data and database instruction primary flow module (420), the network flow data and database instruction primary flow module (420) and the screen behavior data module (410) are both connected with a merging analysis module (510), the merging analysis module (510) is connected with an interface interaction element judgment module (610) and a network instruction element judgment module (620), the network flow data and database instruction primary flow module (420) is also connected with a database instruction element judgment module (630), the database instruction element judgment module (630) is connected with a database element module (631), the database element module (930) is connected with a database modeling module (631), the interface interaction element judgment module (610) is connected with an interface interaction element module (611), the interface interaction element module (611) is connected with an interface interaction primary flow module (710), the interface interaction primary flow module (710) is connected with an interface interaction path diagram intelligent analysis module (810), the interface interaction path diagram intelligent analysis module (810) is connected with an interface interaction model module (910), the network instruction element module (621) is connected with a network instruction primary flow module (720), the network instruction primary flow module (720) is connected with an instruction subpackaging slice matching intelligent analysis module (820), the instruction subpackaging slice matching intelligent analysis module (820) is connected with a network instruction model module (920), the database model module (930), the interface interaction module (910) and the network instruction model module (920) are all connected with a cross intelligent analysis module (1010), and the cross intelligent analysis module (1010) is connected with a closed service system model module (1110), the closed service system model module (1110) is connected with a presentation layer reconstruction fusion module (1210), a database docking fusion module (1220) and a KVB simulation operation fusion module (1230), the database external access agent service module (1240) is connected with a KVB docking device II (211), the KVB docking device II (211) is connected with a database internal agent module (150), and the database internal agent module (150) is connected with the closed service system database module (130).
2. The system for non-network penetration based system convergence according to claim 1, wherein the closed service system presentation layer operating program module (110) is connected with a KVB first docking device (210) through a KVB.
3. The system of claim 1, wherein the database element module (631) comprises a database type module, a database instance module, the database account module, an add-delete-modify-check type module, a database table module, a database field module, and a data record module.
4. The non-network penetration based system fusion of claim 1, wherein the interface interaction element module (611) comprises an interface window, a user operation event, an interface input item and an interface output item.
5. The system of claim 1, wherein the network command element module (621) comprises a command packet module, a command category segment, a command content segment module, and a command pairing module.
6. The system of claim 1, wherein the KVB second docking device (211) is connected with the database internal agent module (150) through a KVB.
CN202110561175.XA 2021-05-22 2021-05-22 System fusion system based on non-network penetration Active CN113282654B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110561175.XA CN113282654B (en) 2021-05-22 2021-05-22 System fusion system based on non-network penetration

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110561175.XA CN113282654B (en) 2021-05-22 2021-05-22 System fusion system based on non-network penetration

Publications (2)

Publication Number Publication Date
CN113282654A true CN113282654A (en) 2021-08-20
CN113282654B CN113282654B (en) 2022-07-22

Family

ID=77280864

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110561175.XA Active CN113282654B (en) 2021-05-22 2021-05-22 System fusion system based on non-network penetration

Country Status (1)

Country Link
CN (1) CN113282654B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020156756A1 (en) * 2000-12-06 2002-10-24 Biosentients, Inc. Intelligent molecular object data structure and method for application in heterogeneous data environments with high data density and dynamic application needs
US7123974B1 (en) * 2002-11-19 2006-10-17 Rockwell Software Inc. System and methodology providing audit recording and tracking in real time industrial controller environment
CN101639879A (en) * 2008-07-28 2010-02-03 成都市华为赛门铁克科技有限公司 Database security monitoring method, device and system
CN107995444A (en) * 2017-12-12 2018-05-04 华南理工大学 It is a kind of towards industrial general isomeric data harvester and method
US20180232456A1 (en) * 2017-02-14 2018-08-16 Brian Arthur Sherman System for creating data-connected applications
CN108989427A (en) * 2018-07-20 2018-12-11 北京开普云信息科技有限公司 A kind of public service system and its construction method based on multi-source information polymerization
CN109411073A (en) * 2018-10-11 2019-03-01 北京医鸣技术有限公司 Medical data integrated system
CN111125213A (en) * 2019-11-29 2020-05-08 北京数起科技有限公司 Data acquisition method, device and system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020156756A1 (en) * 2000-12-06 2002-10-24 Biosentients, Inc. Intelligent molecular object data structure and method for application in heterogeneous data environments with high data density and dynamic application needs
US7123974B1 (en) * 2002-11-19 2006-10-17 Rockwell Software Inc. System and methodology providing audit recording and tracking in real time industrial controller environment
CN101639879A (en) * 2008-07-28 2010-02-03 成都市华为赛门铁克科技有限公司 Database security monitoring method, device and system
US20180232456A1 (en) * 2017-02-14 2018-08-16 Brian Arthur Sherman System for creating data-connected applications
CN107995444A (en) * 2017-12-12 2018-05-04 华南理工大学 It is a kind of towards industrial general isomeric data harvester and method
CN108989427A (en) * 2018-07-20 2018-12-11 北京开普云信息科技有限公司 A kind of public service system and its construction method based on multi-source information polymerization
CN109411073A (en) * 2018-10-11 2019-03-01 北京医鸣技术有限公司 Medical data integrated system
CN111125213A (en) * 2019-11-29 2020-05-08 北京数起科技有限公司 Data acquisition method, device and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
博为小帮软件机器人: """大数据时代这3种数据采集方法必须get!""", 《HTTPS://WWW.SOHU.COM/A/194684895_827717》 *

Also Published As

Publication number Publication date
CN113282654B (en) 2022-07-22

Similar Documents

Publication Publication Date Title
US7962495B2 (en) Creating data in a data store using a dynamic ontology
CN105786998B (en) Database middleware system and the method for handling data using it
US20020073119A1 (en) Converting data having any of a plurality of markup formats and a tree structure
CN107506451A (en) abnormal information monitoring method and device for data interaction
JPH0981445A (en) Information controller
CN111324619B (en) Object updating method, device, equipment and storage medium in micro-service system
CN113238740A (en) Code generation method, code generation device, storage medium, and electronic apparatus
CN114338364B (en) Business process management system, method and electronic equipment
CN115857886A (en) Low code development platform for basic government affair application
CN114173355B (en) Method and system for dynamically executing network instruction with separated design running states
CN115167972A (en) Cloud native platform integration method and system
US20230037297A1 (en) Robotics Process Automation Automatic Enhancement System
CN113934832A (en) Interactive processing method, device, equipment, medium and program product based on session
CN113282654B (en) System fusion system based on non-network penetration
US20230060787A1 (en) System and Method for Real-Time, Dynamic Creation, Delivery, and Use of Customizable Web Applications
CN116360735A (en) Form generation method, device, equipment and medium
US20040153871A1 (en) Automatic analysis of the properties of a system based on runtime logs
CN114185928A (en) Universal interface docking system, method, device and storage medium
CN110889013B (en) Data association method, device, server and storage medium based on XML
CN113064987A (en) Data processing method, apparatus, electronic device, medium, and program product
Wei et al. Design and implementation of public opinion monitoring system based on cloud platform
KR102638529B1 (en) Ontology data management system and method for interfacing with power system applications
Busson et al. Embedding deep learning models into hypermedia applications
Farias et al. Event-driven Architecture and REST Architectural Style: An Exploratory Study on Modularity
Haidar et al. A Graph based Approach to Automatically Chain Distributed Multimedia Indexing Services.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant