CN105049228B - A kind of O&M operation auditing method and device - Google Patents

A kind of O&M operation auditing method and device Download PDF

Info

Publication number
CN105049228B
CN105049228B CN201510325715.9A CN201510325715A CN105049228B CN 105049228 B CN105049228 B CN 105049228B CN 201510325715 A CN201510325715 A CN 201510325715A CN 105049228 B CN105049228 B CN 105049228B
Authority
CN
China
Prior art keywords
violation
risk
rule
database
log
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510325715.9A
Other languages
Chinese (zh)
Other versions
CN105049228A (en
Inventor
蒋凯
王路
蔡玉光
刘浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Hongxiang Technical Service Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201510325715.9A priority Critical patent/CN105049228B/en
Publication of CN105049228A publication Critical patent/CN105049228A/en
Application granted granted Critical
Publication of CN105049228B publication Critical patent/CN105049228B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a kind of O&M operation auditing method and devices, this method comprises: risk of the first kind rule is pre-stored in the first risk rule database;The operation log that appointing system generates is obtained in real time, the operation log obtained in real time is matched with the risk of the first kind rule in the first risk rule database, if there is occurrence, it is determined that the case where being operated there are system by invasion situation or violation O&M;In the operation log deposit log database that will acquire;Off-line analysis is carried out to the operation log in log database, judges whether there is the case where system is operated by invasion situation and violation O&M.Real-time analysis in technical solution provided by the invention can targetedly determine various forms of unreasonable O&M operation behaviors with off-line analysis, it is complementary to one another and supports, further expansion audit scope, improve audit accuracy, timely and effectively invasion situation and violation O&M operational circumstances present in discovery system, meet system administration demand.

Description

A kind of O&M operation auditing method and device
Technical field
The present invention relates to internet cloud monitoring fields, and in particular to a kind of O&M operation auditing method and device.
Background technique
The normal operation of one system depends on operation maintenance of a large amount of operation maintenance personnels to the system, operation maintenance it is perfect Degree determines the various aspects of performance of the system, if system invaded or the operation maintenance personnel of system in there are offender, The unreasonable O&M operation behavior that invader or offender implement system, will lead to system operating occur it is abnormal, to being The user of system and the manager of system make troubles and lose.
Therefore, how efficiently and accurately to audit to the O&M operation inside appointing system, timely and effectively discovery system Invasion situation and violation O&M operational circumstances present in system all have for the manager of the user of system and system There is important meaning.
Summary of the invention
In view of the above problems, it proposes on the present invention overcomes the above problem or at least be partially solved in order to provide one kind State a kind of O&M operation auditing method and device of problem.
According to one aspect of the present invention, a kind of O&M operation auditing method is provided, this method comprises:
Risk of the first kind rule is pre-stored in the first risk rule database;
The operation log that appointing system generates is obtained in real time, by the operation log obtained in real time and the first risk rule data Risk of the first kind rule in library is matched, if there is occurrence, it is determined that there are systems to transport by invasion situation or in violation of rules and regulations The case where dimension operation;
In the operation log deposit log database that will acquire;
Off-line analysis is carried out to the operation log in log database, judges whether there is system by invasion situation and violation The case where O&M operates.
Optionally, this method further comprises: beta risk rule is pre-stored in the second risk rule database;
The operation log in log database carries out off-line analysis, judge whether there is system by invasion situation and The case where violation O&M operates includes: the operation log analyzed in log database, is judged whether there is and the second risk rule It the case where beta risk rule match in database, is that determining there are systems to be operated by invasion situation and violation O&M Situation.
Optionally, correspondence preserves risk of the first kind rule and risk title in the first risk rule database;Institute It states correspondence in the second risk rule database and preserves beta risk rule and risk title;
Risk title are as follows: the description title for the various situations that system is invaded or the title of all kinds of violation O&Ms operation.
Optionally, first risk rule includes one or more in following:
Register is carried out in point singularly;
Modify the operation of specified file;
Second risk rule includes one or more in following:
Within the time of preset length, register is carried out in different location;
Within the preset length time, two kinds of mutual exclusion or more is carried out and have operated.
Optionally, this method further comprises:
When judgement there are violation O&M operate the case where when, according to log database determine the violation O&M operation operation Person, and the O&M operation note of the operator is further recalled according to log database, it carries out further violation operation and sentences It is disconnected.
Optionally, the O&M operation note that the operator is further recalled according to log database carries out further Violation operation judgement include:
According to the risk rule in the first risk rule database and/or the second risk rule database, judgement is traced back to The operator O&M operation note in whether there is violation operation.
Optionally, this method further comprises:
The case where being operated to the system judged by invasion situation and violation O&M is for statistical analysis, learns about system The rule operated by invasion and violation O&M;
According to the rule learnt, countermeasure is determined.
Optionally, the study includes one of following or more by the rule that invasion and violation O&M operate about system Kind:
Which system is frequently occurred by invasion situation;
Which violation O&M frequent operation occurs;
System is by the high-incidence period of invasion situation;
The high-incidence period of O&M violation operation.
Optionally, according to the rule learnt, determine that countermeasure includes one of following or a variety of:
Situation is invaded for the system frequently occurred, the interception operation or raising verifying dynamics being pointedly arranged;
For the violation O&M operation frequently occurred, improves O&M operating right threshold or close down to frequently occur and transport in violation of rules and regulations Tie up the operation account of the operator of operation;
In system by the high-incidence period of invasion situation, pointedly setting intercepts operation and improves verifying dynamics;
In the high-incidence period of O&M violation operation, improves O&M operating right threshold or close down to frequently occur and transport in violation of rules and regulations Tie up the operation account of the operator of operation.
According to another aspect of the invention, a kind of O&M operation audit device is provided, which includes:
Acquiring unit, the operation log suitable for obtaining appointing system generation in real time is sent to real-time auditing unit and storage is single Member;
The real-time auditing unit, suitable for by first in the operation log obtained in real time and the first risk rule database Class risk rule is matched, if there is occurrence, it is determined that there are the feelings that system is operated by invasion situation or violation O&M Condition;
The storage unit is suitable for the first risk rule database of storage, and the first risk rule database is for protecting Risk of the first kind rule is deposited, and is suitable for storing daily record data library, the log database is for saving operation log;
Offline auditable unit judges whether there is suitable for carrying out off-line analysis to the operation log in log database and is The case where system is operated by invasion situation and violation O&M.
Optionally, the storage unit is further adapted for the second risk rule database of storage, second risk rule Database is for saving beta risk rule;
The offline auditable unit judges whether there is and the second wind suitable for analyzing the operation log in log database The case where beta risk rule match in dangerous rule database, be that determining there are systems by invasion situation and violation O&M The case where operation.
Optionally, correspondence preserves risk of the first kind rule and risk title in the first risk rule database;Institute It states correspondence in the second risk rule database and preserves beta risk rule and risk title;
Risk title are as follows: the description title for the various situations that system is invaded or the title of all kinds of violation O&Ms operation.
Optionally, first risk rule includes one or more in following:
Register is carried out in point singularly;
Modify the operation of specified file;
Second risk rule includes one or more in following:
Within the time of preset length, register is carried out in different location;
Within the preset length time, two kinds of mutual exclusion or more is carried out and have operated.
Optionally, which further comprises:
Violation trace unit, suitable for when there are violation O&M operation the case where when, which is determined according to log database The operator of O&M operation, and the O&M operation note suitable for further recalling the operator according to log database, carry out Further violation operation judgement.
Optionally, the violation trace unit is suitable for according to the first risk rule database and/or the second risk rule number According to the risk rule in library, judge in the O&M operation note of the operator traced back to the presence or absence of violation operation.
Optionally, which further comprises:
Unit, suitable for carrying out statistical by the case where invasion situation and the operation of violation O&M to the system judged Analysis learns the rule operated about system by invasion and violation O&M;
Unit is coped with, suitable for determining countermeasure according to the rule learnt.
Optionally, the unit, suitable for learning about system by the following rule of invasion and the operation of violation O&M It is one or more:
Which system is frequently occurred by invasion situation;
Which violation O&M frequent operation occurs;
System is by the high-incidence period of invasion situation;
The high-incidence period of O&M violation operation.
Optionally, the countermeasure that the reply unit determines includes one of following or a variety of:
Situation is invaded for the system frequently occurred, the interception operation or raising verifying dynamics being pointedly arranged;
For the violation O&M operation frequently occurred, improves O&M operating right threshold or close down to frequently occur and transport in violation of rules and regulations Tie up the operation account of the operator of operation;
In system by the high-incidence period of invasion situation, the interception operation and raising verifying dynamics that are pointedly arranged;
In the high-incidence period of O&M violation operation, improves O&M operating right threshold or close down to frequently occur and transport in violation of rules and regulations Tie up the operation account of the operator of operation.
It can be seen from the above, technical solution provided by the invention is by by real-time operation log and risk of the first kind rule phase Match, it is then determining presence that whether the O&M operation behavior for determining that current time system is occurred, which is unreasonable O&M operation behavior, The case where system is operated by invasion situation or violation O&M;On this basis, since in some embodiments, unreasonable O&M is operated Behavior is formed by multinomial reasonable O&M operation behavior synthesis, can not be determined by real-time matching risk of the first kind rule, is This, this programme also carries out off-line analysis to the operation log in a period in log database, and then determines whether to deposit The case where system is operated by invasion situation and violation O&M.As it can be seen that this O&M operation audit program in real-time analytical plan with Off-line analysis scheme can targetedly determine various forms of unreasonable O&M operation behaviors, transport to system It is complementary to one another and supports during dimension operation audit, further expansion audit scope improves audit accuracy, timely and effectively It was found that invasion situation and violation O&M operational circumstances present in system, meet system administration demand.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows a kind of flow chart of O&M operation auditing method according to an embodiment of the invention;
Fig. 2 shows a kind of schematic diagrames of O&M operation audit device according to an embodiment of the invention;
Fig. 3 shows a kind of schematic diagram of O&M operation audit device in accordance with another embodiment of the present invention.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure It is fully disclosed to those skilled in the art.
With the continuous development of internet, Internet data center (IDC, Internet Data Center) meet the tendency of and It is raw, become an important ring indispensable in new century Internet industry.IDC be ICP, enterprise, media and All kinds of websites provide extensive, high quality, safe and reliable proficient service device trustship, space rental, network bandwidth, using clothes Business supply (ASP, Application Service Provider) and e-commerce (EC, Electronic Commerce) Etc. business.
For having for the system of monitoring demand, system to be monitored is carried out to public cloud monitoring in IDC and disposes, is privately owned Cloud monitoring deployment or mixed cloud monitoring deployment, can be obtained a variety of monitoring services that cloud monitoring provides, including in system The monitoring for the O&M operation that portion is occurred.Background is deployed as with the cloud monitoring on IDC herein, monitored internal system is occurred O&M operation audit, propose O&M operation auditing method and device.
Fig. 1 shows a kind of flow chart of O&M operation auditing method according to an embodiment of the invention.Such as Fig. 1 institute Show, this method comprises:
Risk of the first kind rule is pre-stored in the first risk rule database by step S110.
In this step, the risk of the first kind rule describes the abundant item for determining unreasonable O&M operation behavior in real time Part.
Step S120 obtains the operation log that appointing system generates, by the operation log obtained in real time and the first wind in real time Risk of the first kind rule in dangerous rule database is matched, if there is occurrence, it is determined that there are systems by invasion feelings The case where condition or violation O&M operate.
In this step, the operation log that the appointing system obtained in real time generates reflects current time appointing system and is occurred O&M operation behavior, the operation log and above-mentioned risk of the first kind rule are matched, if there is occurrence, then determine to work as The O&M operation behavior that preceding moment appointing system is occurred is unreasonable O&M operation behavior, it can determines that there are systems to be entered The case where invading situation or the operation of violation O&M.
Step S130, the operation log that will acquire are stored in log database.
Every operation log obtained in real time is stored into log database, operation log to whom at what time, warp Cross whose authorization, perform what operation, operation the result is that has all carried out detailed record, so as to follow-up audit and return It traces back.Corresponding a plurality of operation log of multiple moment is saved in log database described in this step, is referred to in a period Determine the backtracking for the O&M operation behavior that system is occurred.
Step S140 carries out off-line analysis to the operation log in log database, judges whether there is system and invaded The case where situation and violation O&M operate.
As it can be seen that method shown in FIG. 1 is by matching real-time operation log and risk of the first kind rule, when determining current Whether the O&M operation behavior that etching system is occurred is unreasonable O&M operation behavior, is, determining there are systems by invasion situation Or the case where violation O&M operation;On this basis, since in some embodiments, unreasonable O&M operation behavior is by multinomial conjunction Reason O&M operation behavior synthesis forms, and can not be determined by real-time matching risk of the first kind rule, for this purpose, side shown in FIG. 1 Method also carries out off-line analysis to the operation log in a period in log database, and then determines whether that deposit system is entered The case where invading situation and the operation of violation O&M.Real-time analytical plan and off-line analysis scheme in this method can be to different forms Unreasonable O&M operation behavior targetedly determined, O&M operation audit process in be complementary to one another and support, into one Step expands audit scope, improves audit accuracy, timely and effectively invasion situation present in discovery system and violation O&M behaviour Make situation, meets system administration demand.
In one embodiment of the invention, method shown in FIG. 1 further comprises: beta risk rule is pre-stored in In second risk rule database.In this step, the beta risk rule describes unreasonable in one period of judgement O&M operates the adequate condition of comprehensive behavior.
On this basis, then step S140 carries out off-line analysis to the operation log in log database, judges whether to deposit Include: the operation log analyzed in log database the case where system is operated by invasion situation and violation O&M, judges whether The case where in the presence of with beta risk rule match in the second risk rule database, be that determining there are systems by invasion feelings The case where condition and violation O&M operate.
For example, carrying out O&M operation audit to appointing system A according to system administration demand.On the one hand it is analyzed in real time: A plurality of risk of the first kind rule, in this example, every risk of the first kind rule are saved in the first risk rule database in advance An as unreasonable O&M operation behavior.The operation log that appointing system A is generated, current operation log reflection are obtained in real time The O&M operation behavior that appointing system A is occurred, if the above-mentioned a plurality of risk of the first kind rule of O&M operation behavior hit In one, i.e. there is the occurrence to match with current O&M operation behavior in the first vulnerability database, determine exist it is specified The case where system A is operated by invasion situation or violation O&M.On the other hand off-line analysis is carried out: in advance in the second risk rule number According to a plurality of beta risk rule is saved in library, in this example, every beta risk rule is multinomial fortune in a period Tie up the combination of operation behavior.The operation log in the log database of appointing system A is analyzed, which is to a time The backtracking for the O&M operation behavior that appointing system is occurred in section, if the O&M that appointing system A is occurred in a period One in the above-mentioned a plurality of beta risk rule of the combination hit of operation behavior, that is, exist in the second risk rule database The case where beta risk rule match, it is determined that the case where being operated there are appointing system A by invasion situation and violation O&M.? In one specific embodiment, appointing system A is X in the O&M operation behavior that current time is occurred, if certain first kind Risk rule is also X, it is determined that the case where being operated there are appointing system A by invasion situation and violation O&M;Otherwise continue to collect Operation log is occurring O&M operation behavior X after a certain period of time, O&M operation behavior Y has occurred again in appointing system A, then should In certain period of time, the O&M operation behavior combination that appointing system A is occurred is X+Y, if certain beta risk rule is The combination of O&M operation behavior X and O&M operation behavior Y within a certain period of time, it is determined that there are appointing system A by invasion feelings The case where condition and violation O&M operate.
In one embodiment of the invention, corresponding in above-mentioned first risk rule database to preserve risk of the first kind rule Then with risk title;Correspondence preserves beta risk rule and risk title in above-mentioned second risk rule database;.Its In, risk title refers to: the description title for the various situations that system is invaded or the title of all kinds of violation O&Ms operation.
During carrying out operation maintenance to appointing system, for operation maintenance personnel, the place of some registers It is fixed and some specified files is the modification of no permission, logging in the behaviors such as place is abnormal, specified file is modified is The unreasonable O&M operation behavior that can be directly determined indicates that the class behavior is by outside invasion personnel or internal offender institute Implement.Therefore, in one embodiment of the invention, above-mentioned first risk rule includes one or more in following: Point carries out register singularly;Modify the operation of specified file.
In addition, during carrying out operation maintenance to appointing system, for operation maintenance personnel, although some logins are grasped The place of work is variation, but variation range and change frequency are all conditional;And some O&M operation behaviors are mutual exclusions , it is unreasonable in section at the same time;Therefore, in one embodiment of the invention, above-mentioned second risk rule Then include one or more in following: within the time of preset length, carrying out register in different location;In preset length In time, two kinds of mutual exclusion or more is carried out and have operated.
In one embodiment of the invention, method shown in FIG. 1 further comprises: step S150, disobeys when judgement exists When the case where advising O&M operation, the operator of violation O&M operation is determined according to log database, and further according to day Will database recalls the O&M operation note of the operator, carries out further violation operation judgement.
In the present embodiment, since the real-time analytical plan and off-line analysis scheme that are mentioned above are for a time point Or the O&M operation in a period is audited, the globality of audit maximizes not yet.And it is returned according to log database Trace back an operator O&M operation note can reappear the operator to appointing system carry out O&M operation complete procedure chain, And then the intention for the O&M operation that the operator is implemented out more can be reappeared to globality, help further to analyze and know The degree of appointing system operated by Invasive degree and violation O&M, convenient for formulating subsequent reply, solution and precautionary measures.Tool Body, above-mentioned steps S150 further recalls the O&M operation note of the operator according to log database, carries out further Violation operation judgement includes: to be sentenced according to the risk rule in the first risk rule database and/or the second risk rule database With the presence or absence of violation operation in the O&M operation note of the disconnected operator traced back to.
In one embodiment of the invention, method shown in FIG. 1 further comprises step S160, is divided into following two step:
Step S161, to the system judged by for statistical analysis, the case where invasion situation and the operation of violation O&M Practise the rule operated about system by invasion and violation O&M.
In this step, the study about system by the rule that invasion and violation O&M operate include it is one of following or A variety of: which system is frequently occurred by invasion situation;Which violation O&M frequent operation occurs;System is high-incidence by invasion situation Period;The high-incidence period of O&M violation operation.
Step S162 determines countermeasure according to the rule learnt.
It is described according to the rule learnt in this step, determine that countermeasure includes one of following or a variety of: Situation is invaded for the system frequently occurred, the interception operation or raising verifying dynamics being pointedly arranged;For frequent hair Raw violation O&M operation improves O&M operating right threshold or closes the behaviour for frequently occurring the operator of violation O&M operation down Make account;In system by the high-incidence period of invasion situation, pointedly setting intercepts operation and improves verifying dynamics;In O&M The high-incidence period of violation operation improves O&M operating right threshold or closes the operator for frequently occurring the operation of violation O&M down Operation account.
Fig. 2 shows a kind of schematic diagrames of O&M operation audit device according to an embodiment of the invention.Such as Fig. 2 institute Show, O&M operation audit device 200 includes:
Acquiring unit 210, the operation log suitable for obtaining appointing system generation in real time are sent to 220 He of real-time auditing unit Storage unit 230.
Real-time auditing unit 220, suitable for by first in the operation log obtained in real time and the first risk rule database Class risk rule is matched, if there is occurrence, it is determined that there are the feelings that system is operated by invasion situation or violation O&M Condition.
Storage unit 230 is suitable for the first risk rule database of storage, and the first risk rule database is for saving Risk of the first kind rule, and it is suitable for storing daily record data library, the log database is for saving operation log.
Offline auditable unit 240 is judged whether there is suitable for carrying out off-line analysis to the operation log in log database The case where system is operated by invasion situation and violation O&M.
As it can be seen that device shown in Fig. 2 is by matching real-time operation log and risk of the first kind rule, when determining current Whether the O&M operation behavior that etching system is occurred is unreasonable O&M operation behavior, is, determining there are systems by invasion situation Or the case where violation O&M operation;On this basis, since in some embodiments, unreasonable O&M operation behavior is by multinomial conjunction Reason O&M operation behavior synthesis forms, and can not be determined by real-time matching risk of the first kind rule, for this purpose, dress shown in Fig. 2 It sets and off-line analysis also is carried out to the operation log in a period in log database, and then determine whether that deposit system is entered The case where invading situation and the operation of violation O&M.Real-time analytical plan and off-line analysis scheme in this programme can be to different forms Unreasonable O&M operation behavior targetedly determined, O&M operation audit process in be complementary to one another and support, into one Step expands audit scope, improves audit accuracy, timely and effectively invasion situation present in discovery system and violation O&M behaviour Make situation, meets system administration demand.
In one embodiment of the invention, the storage unit 230 of Fig. 2 shown device is further adapted for the second wind of storage Dangerous rule database, the second risk rule database is for saving beta risk rule.Offline auditable unit 240, is fitted Operation log in analysis log database, judges whether there is and advises with the beta risk in the second risk rule database The case where then matching is determining the case where being operated there are system by invasion situation and violation O&M.
In one embodiment of the invention, corresponding in above-mentioned first risk rule database to preserve risk of the first kind rule Then with risk title;Correspondence preserves beta risk rule and risk title in above-mentioned second risk rule database.Wherein, Risk title are as follows: the description title for the various situations that system is invaded or the title of all kinds of violation O&Ms operation.
Specifically, above-mentioned first risk rule may include one or more in following: be logged in point singularly Operation;Modify the operation of specified file.Above-mentioned second risk rule may include one or more in following: in preset length Time in, different location carry out register;Within the preset length time, two kinds of mutual exclusion or more is carried out and have operated.
Fig. 3 shows a kind of schematic diagram of O&M operation audit device in accordance with another embodiment of the present invention.Such as Fig. 3 institute Show, O&M operation audit device 300 includes: acquiring unit 310, real-time auditing unit 320, the storage unit 330, offline Auditable unit 340, violation trace unit 350, unit 360 and reply unit 370.
Wherein, acquiring unit 310, real-time auditing unit 320, the storage unit 330, offline auditable unit 340 and Fig. 2 Shown in acquiring unit 210, real-time auditing unit 220, the storage unit 230, offline auditable unit 240 correspondence it is identical, This is repeated no more.
Violation trace unit 350, suitable for when there are violation O&M operation the case where when, according to log database determine this disobey The operator of O&M operation, and the O&M operation note suitable for further recalling the operator according to log database are advised, into The further violation operation judgement of row.
In a specific embodiment, the violation trace unit 350, be suitable for according to the first risk rule database and/ Or the second risk rule in risk rule database, judge to whether there is in the O&M operation note of the operator traced back to Violation operation.
Unit 360, suitable for being counted to the system judged by the case where invasion situation and the operation of violation O&M Analysis learns the rule operated about system by invasion and violation O&M.
In a specific embodiment, the unit 360 is suitable for study and is grasped about system by invasion and violation O&M One of following rule made is a variety of: which system is frequently occurred by invasion situation;Which violation O&M frequent operation hair It is raw;System is by the high-incidence period of invasion situation;The high-incidence period of O&M violation operation.
Unit 370 is coped with, suitable for determining countermeasure according to the rule learnt.
In a specific embodiment, the countermeasure which determines includes one of following or more Kind: situation is invaded for the system frequently occurred, the interception operation or raising verifying dynamics being pointedly arranged;For frequent The violation O&M of generation operates, and improves O&M operating right threshold or closes the operator's for frequently occurring the operation of violation O&M down Operate account;In system by the high-incidence period of invasion situation, the interception operation and raising verifying dynamics that are pointedly arranged;? The high-incidence period of O&M violation operation improves O&M operating right threshold or closes the behaviour for frequently occurring the operation of violation O&M down The operation account of author.
Each embodiment of Fig. 2-Fig. 3 shown device and each embodiment of method shown in Fig. 1 are corresponding identical, above in detail Illustrate, details are not described herein.
In conclusion technical solution provided by the invention is by by real-time operation log and risk of the first kind rule phase Match, it is then determining presence that whether the O&M operation behavior for determining that current time system is occurred, which is unreasonable O&M operation behavior, The case where system is operated by invasion situation or violation O&M;On this basis, since in some embodiments, unreasonable O&M is operated Behavior is formed by multinomial reasonable O&M operation behavior synthesis, can not be determined by real-time matching risk of the first kind rule, is This, device shown in Fig. 2 also carries out off-line analysis to the operation log in a period in log database, and then determines The case where whether deposit system is operated by invasion situation and violation O&M.As it can be seen that real-time analytical plan in the technical program with from Line analysis scheme can targetedly determine various forms of unreasonable O&M operation behaviors, audit in O&M operation It is complementary to one another and supports in journey, expand audit scope, improve audit accuracy, timely and effectively invaded present in discovery system Situation and violation O&M operational circumstances, and the backtracking further operated by the O&M to operator, and by system The study of existing invasion situation and the rule of violation O&M operational circumstances, search problem reason, formulates corresponding resolution policy And preventative strategies, the audit security performance of monitored system is improved, system administration demand is met.
It should be understood that
Algorithm and display be not inherently related to any certain computer, virtual bench or other equipment provided herein. Various fexible units can also be used together with teachings based herein.As described above, it constructs required by this kind of device Structure be obvious.In addition, the present invention is also not directed to any particular programming language.It should be understood that can use various Programming language realizes summary of the invention described herein, and the description done above to language-specific is to disclose this hair Bright preferred forms.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects, Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protect Shield the present invention claims features more more than feature expressly recited in each claim.More precisely, as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself All as a separate embodiment of the present invention.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed Meaning one of can in any combination mode come using.
Various component embodiments of the invention can be implemented in hardware, or to run on one or more processors Software module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practice Microprocessor or digital signal processor (DSP) are realized in a kind of O&M operation audit device according to an embodiment of the present invention Some or all components some or all functions.The present invention is also implemented as executing side as described herein Some or all device or device programs (for example, computer program and computer program product) of method.It is such It realizes that program of the invention can store on a computer-readable medium, or can have the shape of one or more signal Formula.Such signal can be downloaded from an internet website to obtain, and perhaps be provided on the carrier signal or with any other shape Formula provides.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame Claim.
The present invention provides A1, a kind of O&Ms to operate auditing method, wherein this method comprises:
Risk of the first kind rule is pre-stored in the first risk rule database;
The operation log that appointing system generates is obtained in real time, by the operation log obtained in real time and the first risk rule data Risk of the first kind rule in library is matched, if there is occurrence, it is determined that there are systems to transport by invasion situation or in violation of rules and regulations The case where dimension operation;
In the operation log deposit log database that will acquire;
Off-line analysis is carried out to the operation log in log database, judges whether there is system by invasion situation and violation The case where O&M operates.
A2, method as described in a1, wherein this method further comprises: beta risk rule is pre-stored in the second wind In dangerous rule database;
The operation log in log database carries out off-line analysis, judge whether there is system by invasion situation and The case where violation O&M operates includes: the operation log analyzed in log database, is judged whether there is and the second risk rule It the case where beta risk rule match in database, is that determining there are systems to be operated by invasion situation and violation O&M Situation.
A3, as described in A2 method, wherein
Correspondence preserves risk of the first kind rule and risk title in the first risk rule database;Second wind Correspondence preserves beta risk rule and risk title in dangerous rule database;
Risk title are as follows: the description title for the various situations that system is invaded or the title of all kinds of violation O&Ms operation.
A4, as described in A2 method, wherein
First risk rule includes one or more in following:
Register is carried out in point singularly;
Modify the operation of specified file;
Second risk rule includes one or more in following:
Within the time of preset length, register is carried out in different location;
Within the preset length time, two kinds of mutual exclusion or more is carried out and have operated.
A5, as described in A2 method, wherein this method further comprises:
When judgement there are violation O&M operate the case where when, according to log database determine the violation O&M operation operation Person, and the O&M operation note of the operator is further recalled according to log database, it carries out further violation operation and sentences It is disconnected.
A6, method as described in a5, wherein described further to be operated according to the O&M that log database recalls the operator Record, carrying out further violation operation judgement includes:
According to the risk rule in the first risk rule database and/or the second risk rule database, judgement is traced back to The operator O&M operation note in whether there is violation operation.
A7, method as described in a1, wherein this method further comprises:
The case where being operated to the system judged by invasion situation and violation O&M is for statistical analysis, learns about system The rule operated by invasion and violation O&M;
According to the rule learnt, countermeasure is determined.
A8, the method as described in A7, wherein the study is invaded about system and the rule of violation O&M operation includes It is one of following or a variety of:
Which system is frequently occurred by invasion situation;
Which violation O&M frequent operation occurs;
System is by the high-incidence period of invasion situation;
The high-incidence period of O&M violation operation.
A9, the method as described in A8, wherein according to the rule learnt, determine that countermeasure includes in following It is one or more:
Situation is invaded for the system frequently occurred, the interception operation or raising verifying dynamics being pointedly arranged;
For the violation O&M operation frequently occurred, improves O&M operating right threshold or close down to frequently occur and transport in violation of rules and regulations Tie up the operation account of the operator of operation;
In system by the high-incidence period of invasion situation, pointedly setting intercepts operation and improves verifying dynamics;
In the high-incidence period of O&M violation operation, improves O&M operating right threshold or close down to frequently occur and transport in violation of rules and regulations Tie up the operation account of the operator of operation.
The present invention also provides B10, a kind of O&Ms to operate audit device, wherein the device includes:
Acquiring unit, the operation log suitable for obtaining appointing system generation in real time is sent to real-time auditing unit and storage is single Member;
The real-time auditing unit, suitable for by first in the operation log obtained in real time and the first risk rule database Class risk rule is matched, if there is occurrence, it is determined that there are the feelings that system is operated by invasion situation or violation O&M Condition;
The storage unit is suitable for the first risk rule database of storage, and the first risk rule database is for protecting Risk of the first kind rule is deposited, and is suitable for storing daily record data library, the log database is for saving operation log;
Offline auditable unit judges whether there is suitable for carrying out off-line analysis to the operation log in log database and is The case where system is operated by invasion situation and violation O&M.
B11, the device as described in B10, wherein
The storage unit is further adapted for the second risk rule database of storage, the second risk rule database For saving beta risk rule;
The offline auditable unit judges whether there is and the second wind suitable for analyzing the operation log in log database The case where beta risk rule match in dangerous rule database, be that determining there are systems by invasion situation and violation O&M The case where operation.
B12, device as described in b11, wherein
Correspondence preserves risk of the first kind rule and risk title in the first risk rule database;Second wind Correspondence preserves beta risk rule and risk title in dangerous rule database;
Risk title are as follows: the description title for the various situations that system is invaded or the title of all kinds of violation O&Ms operation.
B13, device as described in b11, wherein
First risk rule includes one or more in following:
Register is carried out in point singularly;
Modify the operation of specified file;
Second risk rule includes one or more in following:
Within the time of preset length, register is carried out in different location;
Within the preset length time, two kinds of mutual exclusion or more is carried out and have operated.
B14, device as described in b11, wherein the device further comprises:
Violation trace unit, suitable for when there are violation O&M operation the case where when, which is determined according to log database The operator of O&M operation, and the O&M operation note suitable for further recalling the operator according to log database, carry out Further violation operation judgement.
B15, the device as described in B14, wherein
The violation trace unit is suitable for according in the first risk rule database and/or the second risk rule database Risk rule, judge in the O&M operation note of the operator traced back to the presence or absence of violation operation.
B16, the device as described in B10, wherein the device further comprises:
Unit, suitable for carrying out statistical by the case where invasion situation and the operation of violation O&M to the system judged Analysis learns the rule operated about system by invasion and violation O&M;
Unit is coped with, suitable for determining countermeasure according to the rule learnt.
B17, the device as described in B16, wherein the unit is suitable for study and transports about system by invasion and in violation of rules and regulations Tie up one of following rule of operation or a variety of:
Which system is frequently occurred by invasion situation;
Which violation O&M frequent operation occurs;
System is by the high-incidence period of invasion situation;
The high-incidence period of O&M violation operation.
B18, the device as described in B17, wherein the countermeasure that the reply unit determines include it is one of following or It is a variety of:
Situation is invaded for the system frequently occurred, the interception operation or raising verifying dynamics being pointedly arranged;
For the violation O&M operation frequently occurred, improves O&M operating right threshold or close down to frequently occur and transport in violation of rules and regulations Tie up the operation account of the operator of operation;
In system by the high-incidence period of invasion situation, the interception operation and raising verifying dynamics that are pointedly arranged;
In the high-incidence period of O&M violation operation, improves O&M operating right threshold or close down to frequently occur and transport in violation of rules and regulations Tie up the operation account of the operator of operation.

Claims (16)

1. a kind of O&M operates auditing method, wherein this method comprises:
Risk of the first kind rule is pre-stored in the first risk rule database;It is real that the risk of the first kind rule describes judgement When unreasonable O&M operation behavior adequate condition;
The operation log that appointing system generates is obtained in real time, it will be in the operation log that obtained in real time and the first risk rule database Risk of the first kind rule matched, if there is occurrence, it is determined that there are systems to be grasped by invasion situation or violation O&M The case where making;
In the operation log deposit log database that will acquire;
Off-line analysis is carried out to the operation log in log database, judges whether there is system by invasion situation and violation O&M The case where operation;
This method further comprises: beta risk rule is pre-stored in the second risk rule database;The second class wind Dangerous rule describes the adequate condition for determining the unreasonable comprehensive behavior of O&M operation in a period;
The operation log in log database carries out off-line analysis, judges whether there is system by invasion situation and violation The case where O&M operates includes: the operation log analyzed in log database, is judged whether there is and the second risk rule data It the case where beta risk rule match in library, is that determining there are the feelings that system is operated by invasion situation and violation O&M Condition.
2. the method for claim 1, wherein
Correspondence preserves risk of the first kind rule and risk title in the first risk rule database;The second risk rule Then correspondence preserves beta risk rule and risk title in database;
Risk title are as follows: the description title for the various situations that system is invaded or the title of all kinds of violation O&Ms operation.
3. the method for claim 1, wherein
First risk rule includes one or more in following:
Register is carried out in point singularly;
Modify the operation of specified file;
Second risk rule includes one or more in following:
Within the time of preset length, register is carried out in different location;
Within the preset length time, two kinds of mutual exclusion or more is carried out and have operated.
4. the method for claim 1, wherein this method further comprises:
When judgement there are violation O&M operate the case where when, according to log database determine the violation O&M operation operator, And the O&M operation note of the operator is further recalled according to log database, carry out further violation operation judgement.
5. method as claimed in claim 4, wherein described further to be grasped according to the O&M that log database recalls the operator It notes down, carrying out further violation operation judgement includes:
According to the risk rule in the first risk rule database and/or the second risk rule database, judge to trace back to is somebody's turn to do It whether there is violation operation in the O&M operation note of operator.
6. the method for claim 1, wherein this method further comprises:
The case where being operated to the system judged by invasion situation and violation O&M is for statistical analysis, and study is entered about system Invade the rule with the operation of violation O&M;
According to the rule learnt, countermeasure is determined.
7. method as claimed in claim 6, wherein the study is wrapped about system by the rule that invasion and violation O&M operate It includes one of following or a variety of:
Which system is frequently occurred by invasion situation;
Which violation O&M frequent operation occurs;
System is by the high-incidence period of invasion situation;
The high-incidence period of O&M violation operation.
8. the method for claim 7, wherein according to the rule learnt, determine that countermeasure includes in following It is one or more:
Situation is invaded for the system frequently occurred, the interception operation or raising verifying dynamics being pointedly arranged;
For the violation O&M operation frequently occurred, improves O&M operating right threshold or close down and frequently occur violation O&M behaviour The operation account of the operator of work;
In system by the high-incidence period of invasion situation, pointedly setting intercepts operation and improves verifying dynamics;
In the high-incidence period of O&M violation operation, improves O&M operating right threshold or close down and frequently occur violation O&M behaviour The operation account of the operator of work.
9. a kind of O&M operates audit device, wherein the device includes:
Acquiring unit, the operation log suitable for obtaining appointing system generation in real time are sent to real-time auditing unit and storage unit;
The real-time auditing unit, suitable for by the first kind wind in the operation log obtained in real time and the first risk rule database Dangerous rule is matched, if there is occurrence, it is determined that the case where being operated there are system by invasion situation or violation O&M;Institute It states risk of the first kind rule and describes the adequate condition for determining unreasonable O&M operation behavior in real time;
The storage unit is suitable for the first risk rule database of storage, and the first risk rule database is for saving the A kind of risk rule, and it is suitable for storing daily record data library, the log database is for saving operation log;
Offline auditable unit judges whether there is system quilt suitable for carrying out off-line analysis to the operation log in log database The case where invading situation and the operation of violation O&M;
The storage unit, is further adapted for the second risk rule database of storage, and the second risk rule database is used for Save beta risk rule;The beta risk rule, which describes, determines unreasonable O&M operation synthesis in a period The adequate condition of behavior;
The offline auditable unit is judged whether there is and is advised with the second risk suitable for analyzing the operation log in log database It then the case where beta risk rule match in database, is that determining there are systems to be operated by invasion situation and violation O&M The case where.
10. device as claimed in claim 9, wherein
Correspondence preserves risk of the first kind rule and risk title in the first risk rule database;The second risk rule Then correspondence preserves beta risk rule and risk title in database;
Risk title are as follows: the description title for the various situations that system is invaded or the title of all kinds of violation O&Ms operation.
11. device as claimed in claim 9, wherein
First risk rule includes one or more in following:
Register is carried out in point singularly;
Modify the operation of specified file;
Second risk rule includes one or more in following:
Within the time of preset length, register is carried out in different location;
Within the preset length time, two kinds of mutual exclusion or more is carried out and have operated.
12. device as claimed in claim 9, wherein the device further comprises:
Violation trace unit, suitable for when there are violation O&M operation the case where when, which is determined according to log database The operator of operation, and the O&M operation note suitable for further recalling the operator according to log database, carry out into one The violation operation of step judges.
13. device as claimed in claim 12, wherein
The violation trace unit, suitable for according to the wind in the first risk rule database and/or the second risk rule database Danger rule judges in the O&M operation note of the operator traced back to the presence or absence of violation operation.
14. device as claimed in claim 9, wherein the device further comprises:
Unit, suitable for being operated to the system judged by invasion situation and violation O&M the case where, are for statistical analysis, learn Practise the rule operated about system by invasion and violation O&M;
Unit is coped with, suitable for determining countermeasure according to the rule learnt.
15. device as claimed in claim 14, wherein the unit, be suitable for study invade about system and violation One of following rule of O&M operation is a variety of:
Which system is frequently occurred by invasion situation;
Which violation O&M frequent operation occurs;
System is by the high-incidence period of invasion situation;
The high-incidence period of O&M violation operation.
16. device as claimed in claim 15, wherein the countermeasure that the reply unit determines includes one of following Or it is a variety of:
Situation is invaded for the system frequently occurred, the interception operation or raising verifying dynamics being pointedly arranged;
For the violation O&M operation frequently occurred, improves O&M operating right threshold or close down and frequently occur violation O&M behaviour The operation account of the operator of work;
In system by the high-incidence period of invasion situation, the interception operation and raising verifying dynamics that are pointedly arranged;
In the high-incidence period of O&M violation operation, improves O&M operating right threshold or close down and frequently occur violation O&M behaviour The operation account of the operator of work.
CN201510325715.9A 2015-06-12 2015-06-12 A kind of O&M operation auditing method and device Active CN105049228B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510325715.9A CN105049228B (en) 2015-06-12 2015-06-12 A kind of O&M operation auditing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510325715.9A CN105049228B (en) 2015-06-12 2015-06-12 A kind of O&M operation auditing method and device

Publications (2)

Publication Number Publication Date
CN105049228A CN105049228A (en) 2015-11-11
CN105049228B true CN105049228B (en) 2019-05-10

Family

ID=54455450

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510325715.9A Active CN105049228B (en) 2015-06-12 2015-06-12 A kind of O&M operation auditing method and device

Country Status (1)

Country Link
CN (1) CN105049228B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105426780A (en) * 2015-11-24 2016-03-23 北京华夏威科软件技术有限公司 Classification auditing method and system applied to operation behavior auditing system
CN106651183B (en) * 2016-12-26 2020-04-10 英赛克科技(北京)有限公司 Communication data security audit method and device of industrial control system
CN107103470B (en) * 2017-03-03 2021-08-13 九次方大数据信息集团有限公司 Method and system for improving information security in spot transaction process
CN108076063A (en) * 2017-12-25 2018-05-25 天津理工大学 Network O&M auditing method, server terminal and client based on block chain
CN108768997A (en) * 2018-05-23 2018-11-06 郑州信大天瑞信息技术有限公司 A kind of application operating safe early warning processing method
CN108829857A (en) * 2018-06-21 2018-11-16 成都安恒信息技术有限公司 A kind of automatic O&M method based on O&M auditing system
CN109033813B (en) * 2018-07-09 2020-10-16 携程旅游信息技术(上海)有限公司 Linux operation log auditing system and method
CN109582537A (en) * 2018-11-07 2019-04-05 阿里巴巴集团控股有限公司 Service security means of defence and its system
CN109600271B (en) * 2019-02-21 2021-10-15 成都安恒信息技术有限公司 Mixed cloud management method based on operation and maintenance auditing system
CN113568807A (en) * 2021-07-23 2021-10-29 中信银行股份有限公司 Compliance operation detection method and device
CN113986843A (en) * 2021-11-02 2022-01-28 青岛海尔工业智能研究院有限公司 Data risk early warning processing method and device and electronic equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103310375A (en) * 2013-04-23 2013-09-18 四川天翼网络服务有限公司 Intelligent skynet behavior audit analyzing system
CN104298586A (en) * 2014-10-15 2015-01-21 青岛海尔软件有限公司 Web system exception analytical method and device based on system log

Also Published As

Publication number Publication date
CN105049228A (en) 2015-11-11

Similar Documents

Publication Publication Date Title
CN105049228B (en) A kind of O&M operation auditing method and device
Myers et al. Anomaly detection for industrial control systems using process mining
CN105183625B (en) A kind of daily record data treating method and apparatus
US11218510B2 (en) Advanced cybersecurity threat mitigation using software supply chain analysis
US20220210200A1 (en) Ai-driven defensive cybersecurity strategy analysis and recommendation system
Kordy et al. DAG-based attack and defense modeling: Don’t miss the forest for the attack trees
AU2016201330B2 (en) Multi-sensor data summarization
CN104991854B (en) A kind of monitoring statisticss method and system of server resource
Nanda et al. Making defect-finding tools work for you
CN110752969B (en) Performance detection method, device, equipment and medium
US20220210202A1 (en) Advanced cybersecurity threat mitigation using software supply chain analysis
US9716704B2 (en) Code analysis for providing data privacy in ETL systems
US20170116616A1 (en) Predictive tickets management
CN105223943A (en) For supporting the system and method for overall effect analysis
Soares et al. Varxplorer: Lightweight process for dynamic analysis of feature interactions
Jureczko et al. Cross–project defect prediction with respect to code ownership model: An empirical study
KR20220116410A (en) Security compliance automation method
Naeem et al. Using V-Model methodology, UML process-based risk assessment of software and visualization
Albert et al. Multi‐scale detection of variance changes in renewal processes in the presence of rate change points
EP2960837A1 (en) System and method for supporting global effect analysis
Ivan et al. Security of collaborative processes in large data sets applications
Lamp et al. Exsol: Collaboratively assessing cybersecurity risks for protecting energy delivery systems
CN105814546A (en) Method and system for assisting in the verification and validation of an algorithm chain
Al-Sudani et al. The method of IMECA-based security assessment: case study for building automation system
CN117891749B (en) API application safety monitoring method, device, equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220719

Address after: 300450 No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science Park, Binhai New Area, Tianjin

Patentee after: 3600 Technology Group Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230713

Address after: 1765, floor 17, floor 15, building 3, No. 10 Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: Beijing Hongxiang Technical Service Co.,Ltd.

Address before: 300450 No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science Park, Binhai New Area, Tianjin

Patentee before: 3600 Technology Group Co.,Ltd.

TR01 Transfer of patent right