CN106487775B - Service data processing method and device based on cloud platform - Google Patents
Service data processing method and device based on cloud platform Download PDFInfo
- Publication number
- CN106487775B CN106487775B CN201510555904.5A CN201510555904A CN106487775B CN 106487775 B CN106487775 B CN 106487775B CN 201510555904 A CN201510555904 A CN 201510555904A CN 106487775 B CN106487775 B CN 106487775B
- Authority
- CN
- China
- Prior art keywords
- processing
- service data
- data
- service
- cloud platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
Abstract
The embodiment of the application provides a service data processing method and device based on a cloud platform, wherein the method comprises the following steps: carrying out security detection based on a cloud platform on the submitted application object; when the application object passes the security detection, searching the service data matched with the application object; carrying out safety processing on the service data based on a cloud platform; and calling the application object in the specified container, and performing service processing on the service data after the safety processing. In addition, the cloud platform integrates the computing capability of big data, can provide the mining function of the big data for the users of the third party, improves the development capability, the big data processing capability and the big data exploration capability of the users of the third party, and accordingly produces effective products or analysis reports.
Description
Technical Field
The present application relates to the field of cloud computing technologies, and in particular, to a method and an apparatus for processing service data based on a cloud platform.
Background
The explosive growth of big data comprehensively tests the data processing and analyzing capability of modern enterprises in the aspects of large capacity, diversity and high acceleration; meanwhile, a great deal of opportunity for enterprises to acquire richer, deeper and more accurate market behaviors is brought.
Typically, the collection of large data requires a wide platform and, therefore, only a small number of enterprises can collect it.
If a user of big data, such as a scientific research institution, excavates the big data, the user needs to request the platform for using the big data.
Currently, some big data providers provide an open platform for the original data required by the big data users.
And after the user of the big data accesses the open platform, calling the interface so as to use the big data.
However, these data are user or service privacy data, and scientific research institutions do not have user-related authorization and cannot directly obtain the data, and need to perform a series of processing, so that finally provided data are less in diversity and basically unavailable, and the value is greatly reduced.
In addition, the user of the big data only obtains the result of the interface output, the processing capacity is low, and the big data is difficult to mine.
Moreover, the provider of big data can only monitor and audit at the calling place of the interface, and the security is poor.
Disclosure of Invention
In view of the foregoing problems, embodiments of the present application are provided to provide a method for processing service data based on a cloud platform and a corresponding device for processing service data based on a cloud platform, which overcome or at least partially solve the foregoing problems.
In order to solve the above problem, an embodiment of the present application discloses a method for processing service data based on a cloud platform, including:
carrying out security detection based on a cloud platform on the submitted application object;
when the application object passes the security detection, searching the service data matched with the application object;
carrying out safety processing on the service data based on a cloud platform;
and calling the application object in the specified container, and performing service processing on the service data after the safety processing.
Optionally, the step of performing cloud platform-based security detection on the submitted application object includes:
judging whether the submitted application object carries out at least one of the following operations:
inquiring sensitive service data, operating a service object to which cross-service data belongs, exporting service data and aggregating the service data;
if yes, confirming that the safety detection is not passed;
if not, the safety detection is confirmed to be passed.
Optionally, the step of performing security processing on the service data based on a cloud platform includes:
judging whether the service data is open service data or not; if yes, inquiring the open content and the open form of the service data;
and according to the open form, carrying out desensitization treatment based on the cloud platform on the service data belonging to the open content.
Optionally, the desensitization treatment comprises one or more of:
encryption processing, fuzzy processing, category comparison and ranking and statistical index normalization.
Optionally, the step of performing security processing on the service data based on a cloud platform includes:
sampling the service data;
and/or the presence of a gas in the gas,
performing risk control processing on the service data;
and/or the presence of a gas in the gas,
and inquiring a container for processing the business data according to the sensitivity of the business data.
Optionally, the step of calling the application object in a specified container and performing service processing on the service data after security processing includes:
outputting the application object and the service data after the safety processing to a specified container;
receiving a processing request;
and calling the application object, and performing service processing on the service data after the safety processing according to the processing request.
Optionally, the container is a remote virtual machine in a cloud platform intranet, or a remote virtual machine in a cloud platform authentication system;
the remote virtual machine is accessed in a designated mode and is not opened to an external network;
the traffic data is prohibited from being exported from the remote virtual machine;
the remote virtual machine provides the processing authority of the service data and does not provide the management authority of the service data.
Optionally, the method further comprises:
monitoring the business processing;
judging whether the business processing is risk processing; if yes, generating alarm information.
Optionally, the step of monitoring the service processing includes:
monitoring the use information of the service data after the safety processing, wherein the use information comprises the calling number and/or calling times of an application programming interface;
and/or the presence of a gas in the gas,
the stored information of the designated container is monitored.
Optionally, the step of determining whether the business process is a risk process includes:
when the difference between the use information and preset sample use information exceeds a preset difference threshold value, judging that risk processing is carried out;
and/or the presence of a gas in the gas,
and when the storage information exceeds a preset storage threshold value, judging that the risk processing is carried out.
Optionally, the method further comprises:
performing cloud security detection on the container;
wherein the cloud security detection comprises one or more of:
DDos defense, host password cracking defense, website backdoor detection, remote login prompt and port security check.
Optionally, the method further comprises:
monitoring the workflow of the business data after the safe processing in the container.
Optionally, the method further comprises:
and outputting the processing report through a preset application programming interface.
The embodiment of the application further discloses a service data processing device based on the cloud platform, which includes:
the safety detection module is used for carrying out safety detection based on the cloud platform on the submitted application object;
the service data searching module is used for searching the service data matched with the application object when passing the safety detection;
the safety processing module is used for carrying out safety processing on the service data based on a cloud platform;
and the service processing module is used for calling the application object in the specified container and carrying out service processing on the service data after the safety processing.
Optionally, the security detection module includes:
the operation judgment submodule is used for judging whether the submitted application object carries out at least one of the following operations:
inquiring sensitive service data, operating a service object to which cross-service data belongs, exporting service data and aggregating the service data;
if yes, calling a first confirmation submodule, and if not, calling a second confirmation submodule;
a first confirmation submodule for confirming that the security check is not passed;
and the second confirming submodule is used for confirming that the safety detection is passed.
Optionally, the secure processing module comprises:
the open type judging submodule is used for judging whether the service data is open service data or not; if yes, opening an information query submodule;
the open information inquiry submodule is used for inquiring the open content and the open form of the service data;
and the desensitization sub-module is used for performing desensitization processing based on the cloud platform on the service data belonging to the open content according to the open form.
In particular implementations, the desensitization treatment may include one or more of:
encryption processing, fuzzy processing, category comparison and ranking and statistical index normalization.
Optionally, the service processing module includes:
the sampling submodule is used for sampling the service data;
and/or the presence of a gas in the gas,
the wind control submodule is used for carrying out risk control processing on the service data;
and/or the presence of a gas in the gas,
and the container query submodule is used for querying a container for processing the business data according to the sensitivity of the business data.
Optionally, the service processing module includes:
the output submodule is used for outputting the application object and the service data after the safety processing to a specified container;
the request receiving submodule is used for receiving a processing request;
and the request response submodule is used for calling the application object and carrying out service processing on the service data after the safety processing according to the processing request.
Optionally, the container is a remote virtual machine in a cloud platform intranet, or a remote virtual machine in a cloud platform authentication system;
the remote virtual machine is accessed in a designated mode and is not opened to an external network;
the traffic data is prohibited from being exported from the remote virtual machine;
the remote virtual machine provides the processing authority of the service data and does not provide the management authority of the service data.
Optionally, the method further comprises:
the processing monitoring module is used for monitoring the business processing;
the risk judgment module is used for judging whether the business processing is risk processing; if yes, calling an alarm module;
and the alarm module is used for generating alarm information.
Optionally, the process monitoring module comprises the block:
the first monitoring submodule is used for monitoring the use information of the service data after the safety processing, wherein the use information comprises the calling number and/or the calling times of an application programming interface;
and/or the presence of a gas in the gas,
and the second monitoring submodule is used for monitoring the storage information of the specified container.
Optionally, the risk judging module includes:
the first judgment submodule is used for judging that risk processing is carried out when the difference between the use information and preset sample use information exceeds a preset difference threshold;
and/or the presence of a gas in the gas,
and the second judging submodule is used for judging that the risk processing is carried out when the storage information exceeds a preset storage threshold value.
Optionally, the method further comprises:
the cloud detection module is used for carrying out cloud security detection on the container;
wherein the cloud security detection comprises one or more of:
DDos defense, host password cracking defense, website backdoor detection, remote login prompt and port security check.
Optionally, the method further comprises:
and the workflow monitoring module is used for monitoring the workflow of the service data after the safety processing in the container.
Optionally, the method further comprises:
and the processing report output module is used for outputting the processing report through a preset application programming interface.
The embodiment of the application has the following advantages:
the embodiment of the application searches for corresponding service data to the application object passing through the safety detection, after the service data is subjected to safety processing, the service processing is carried out in a controllable container, and because the user of the cloud platform authorizes the cloud platform in advance, therefore, the diversity and higher value of the service data can be greatly improved, in addition, the cloud platform integrates the computing capacity of big data, the mining function of the big data can be provided for the user of a third party, the development capacity of the user of the third party is improved, the big data processing capacity and the big data exploration capacity are improved, and therefore effective products or analysis reports are produced.
In the embodiment of the application, through measures such as service processing monitoring, cloud security detection, workflow monitoring and the like, the service data of the whole link is ensured to be open, and meanwhile, the security of the service data is ensured.
Drawings
Fig. 1 is a flowchart illustrating steps of an embodiment of a method for processing service data based on a cloud platform according to the present application;
FIG. 2 is an exemplary diagram of an architecture of a cloud platform according to an embodiment of the present application;
fig. 3 is a block diagram of an embodiment of a cloud platform-based service data processing apparatus according to the present application.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, the present application is described in further detail with reference to the accompanying drawings and the detailed description.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a service data processing method based on a cloud platform according to the present application is shown, which may specifically include the following steps:
it should be noted that the embodiments of the present application may be applied to a cloud platform, that is, a computer cluster, such as a distributed system.
Taking a certain distributed system as an example, the distributed system can be divided into the following parts:
distributed system bottom layer services: and the system provides services of coordination service, remote procedure call, safety management and resource management required in a distributed environment. These underlying services provide support for modules of the distributed file system, task scheduling, etc. of the upper layers.
Distributed file system: providing a mass, reliable and extensible data storage service, aggregating the storage capacity of each node in the cluster, automatically shielding software and hardware faults and providing uninterrupted data access service for users; the method supports incremental capacity and automatic balance of data, provides an Application Programming Interface (API) for user space file access, and supports random read-write and additional write operations.
Task scheduling: providing scheduling Service for tasks in the cluster system, and simultaneously supporting Online Service (Online Service) emphasizing response speed and offline task (Batch Processing Job) emphasizing data throughput; faults and hot spots in the system are automatically detected, and the operation is ensured to be stably and reliably completed by error retry, concurrent backup operation for long-tail operation and other modes.
Cluster monitoring and deployment: monitoring the cluster state, the running state of the upper application service and the performance index, and generating an alarm and recording an abnormal event; the deployment and configuration management of the whole distributed system and the upper-layer application are provided for operation and maintenance personnel, and the capacity expansion and the capacity reduction of an online cluster and the online upgrade of application service are supported.
As shown in fig. 2, in the embodiment of the present application, the cloud Platform serves as a Data Provider (DP) for big Data, provides functions of opening, calculating, and analyzing big Data, integrates functions of a big Data calculation container (e.g., HiveSQL/MapReduce), a big Data mining Platform (e.g., R/Python/Xlab/MySQL), and interfaces with infrastructure of various clouds such as ODPS (Open Data processing Service), cloud shield, RDS (Relational Database Service)/OTS (Open Table Service), and UMP (Unified sql Platform, Database storage Service).
Users of big data, such as scientific research institutions and ISVs (Independent Software developers), can enter the cloud platform after qualification verification and agreement signing, obtain paas (platform as a service) cloud services, and use these resources and services.
The services provided by programs via a network are referred to as saas (software as a service), and the services provided by a server platform or a development environment corresponding to the cloud computing era are PaaS cloud services.
The application objects are submitted to the cloud platform by a big data user, and are generally divided into two procedures for carrying out service processing:
firstly, application;
namely APP (application), the product is directly manufactured through data processing, and the product can be put on the market.
Secondly, analyzing the program;
and directly generating an analysis report through data analysis processing.
As shown in fig. 2, since the application object is submitted by a user of big data and enters the application object container, the monitoring system can perform security detection on the application object, and security of the cloud platform device itself and the service data thereof is ensured.
In one embodiment of the present application, step 101 may comprise the following sub-steps:
and a substep S11 of determining whether the submitted application object performs at least one of the following operations: if yes, performing the substep S12, otherwise, performing the substep S13;
a substep S12 of confirming that the security check is not passed;
and a substep S13 of confirming the passing of the security check.
The detection system of the application object developed by the user of the big data tries to run the application object in the JVM and Python security sandbox (i.e. virtual machine VM) of the ODPS through code static check, such as SQL (Structured Query Language) detection, and after the application object is subjected to security detection, the application object is run through the CMD command of the ODPS.
The following rules may be applied in this process:
1. inquiring sensitive business data;
the cloud platform may rank the business data differently based on the security specifications of the data, e.g., open business data, internal business data, sensitive business data, confidential business data, and so on.
If the application object attempts to query sensitive business data, such as the user's location, transaction amount, etc., privacy of the user may be compromised.
2. Operating across the business object to which the business data belongs;
in the e-commerce field, business objects to which business data belong may be stores, each store being an individual, and analysis is performed across stores, which may cause privacy leakage.
3. Exporting the service data;
business data leakage and uncontrollable risk can be caused by exporting the business data;
4. aggregating the service data;
different providers of large data have different business security principles, and a developer obtains authorized business data in a large enough amount that when data is aggregated as a whole, e.g., summed, averaged, etc., business sensitive data may be revealed, e.g., business-side industry dimension data, category deals, etc.
If the operation is not involved, the security level is considered to be high, and the service data can be provided for the application object.
Of course, the above operations are only examples, and when the embodiment of the present application is implemented, other operations may be set according to practical situations, and the embodiment of the present application is not limited thereto. In addition, besides the above operations, those skilled in the art may also adopt other operations according to actual needs, and the embodiments of the present application are not limited thereto.
102, searching business data matched with the application object when passing the safety detection;
it is possible to have different service data for different service domains, i.e. data with service domain characteristics.
For example, for the news media domain, the business data may be news data; for the mobile communication field, the service data may be mobile communication data; for the field of Electronic Commerce (EC), the business data may be transaction data, and so on.
The service data, although carrying different service characteristics, is still data in nature, e.g., text, image data, audio data, video data, and so on.
The business processing performed on the business data is also substantially processing of the data.
In order to make the embodiment of the present application better understood by those skilled in the art, in the embodiment of the present application, transaction data is explained as an example of business data.
In the embodiment of the present application, the required service data is different due to the different attributes of the application objects.
For example, a scientific research institution analyzes the case of F2O (Focus to Online, parking marketing), that is, the influence and relevance of a certain popular food program on the electronic commerce, by analyzing the purchasing behavior of a commodity containing "tongue tip" by a user.
In this example, the transaction data may be divided into three types:
1. user (buyer) attribute data;
such as user ID, gender, age group, school calendar, etc.
2. User (buyer) behavior data;
such as browsing, collecting, purchasing, etc. on a cloud platform (shopping platform).
3. Order data;
such as a user ID, an order containing a keyword (e.g., "tongue tip"), a product ID, a product rating, a source, etc.
It should be noted that, a user (such as a scientific research institution) of big data puts forward a demand, and the accepted cloud platform performs the combing of the demand, mainly converting the text or the data format understood by the other party into the data format of the cloud platform standard.
In addition, the cloud platform can also judge the value from the perspective of business cooperation and confirm the requirement.
For example, whether the service is positively influenced or not, such as functions of a hammer cloud platform, brand influence improvement, and the like.
If the value is high, cooperation can be performed, and if the value is low, cooperation can be refused.
103, performing security processing on the service data based on a cloud platform;
because the service data is used by the user of the third party, the service data can be safely processed, and the safety of the service data in the cloud platform is ensured.
In one embodiment of the present application, step 103 may comprise the following sub-steps:
substep S21, determining whether the service data is open service data; if yes, go to substep S22;
a substep S22, querying the open content and open form of the service data;
and a substep S23 of desensitizing the service data belonging to the open content based on the cloud platform according to the open form.
After the requirements are combed, the service value is judged and the primary safety detection is carried out, the specific service data which can be provided and what safety means are carried out on the service processing are determined, so that the safety is ensured and the service data is available.
For example, if the service data is in a table structure, it is possible to determine which fields of the open table structure are to be subjected to which desensitization process.
Desensitization processing refers to data deformation of some sensitive information through desensitization rules, so that reliable protection of sensitive private data is realized.
In this way, the desensitized business data is securely used in development, testing, and other non-production and outsourcing environments, preserving data security and compliance with data privacy specifications while preserving the meaning and validity of the business data.
By means of the desensitization process, the business data can still be used and associated with the business without violating relevant regulations and the risk of business data leakage is avoided.
The originally sensitive service data to be provided for the big data user is subjected to dynamic desensitization and static desensitization through uniform desensitization processing, and data safety is guaranteed while the service is feasible.
Dynamic desensitization is a method of masking business data for a specific application object.
Dynamic desensitization can desensitize sensitive fields at any time, and different states or values are presented for users of large data which are not used, so that data are isolated among different users.
For example, for unified traffic data, the a field and the B field are included, but user a may see the a field after desensitization processing, and user B may see the B field after desensitization processing.
Static data desensitization (or "persistent data desensitization") is the permanent modification of business data at the source.
I.e. before the service data is provided to the big data user, the service data is desensitized and all users see the same.
As shown in fig. 2, the bottom layer of the big data in the container of the service data provided by the cloud platform is based on a standard and systematized data warehouse, and when the service data is used in an open environment, the service data is safely processed by the security audit engine, and becomes a service data theme which can be opened to users of the big data after static desensitization processing.
According to different data security policies, after dynamic desensitization is performed on business data according to different open big data users, the business data become visible and usable business data for the big data users after legal authorization (namely sample authorization, such as user authorization and cloud platform official authorization).
In particular implementations, the desensitization process (i.e., data desensitization) includes one or more of the following:
1. encryption processing;
for example, a user nickname and a product name are encrypted.
The encryption algorithm applied in the encryption process may include a symmetric encryption algorithm, an asymmetric encryption algorithm, a HASH algorithm, and the like.
Wherein, the symmetric encryption algorithm comprises: DES, 3DES, Blowfish, IDEA, RC4, RC5, RC6, AES, and the like;
the asymmetric encryption algorithm comprises the following steps: RSA, ECC (for mobile devices), Diffie-Hellman, El Gamal, DSA (for digital signatures), and the like
The HASH algorithm comprises: MD2, MD4, MD5, HAVAL, SHA, etc.
2. Fuzzy processing;
for example, purchase time ranges from milliseconds to hours or minutes, purchase origin ranges from street to city, and so on.
3. Comparing and ranking categories;
for the category-related contrast analysis to be performed, if a user of big data needs service data of an original category, the cloud platform may not directly provide real data, but provide ranking.
4. And (5) normalizing the statistical indexes.
Normalization is one of the standard means of data that can be used here to perform numerical transformations.
For example, if a user of big data requires a flow of a shop or a category, the cloud platform may not directly provide the real value, but provide a variation value processed by a data function or normalization, such as changing the real value to a value between 1 and 100 or 0 and 1.
The same indexes can be compared, the compared attribute is reserved, and the real value is removed, so that the safety of the service data is ensured.
Of course, the desensitization process is only an example, and when the embodiment of the present application is implemented, other desensitization processes may be set according to actual situations, and the embodiment of the present application is not limited thereto. In addition, besides the desensitization treatment described above, other desensitization treatments can be adopted by those skilled in the art according to actual needs, and the embodiment of the present application is not limited thereto.
In another embodiment of the present application, step 103 may comprise the following sub-steps:
a substep S31 of sampling the service data;
the sampling process is to provide part of the service data, including representative service data, instead of providing the full amount of service data, for example, selecting service data in a past certain period of time, selecting service data with highest category ranking, selecting service data of part of stores, and the like.
And/or the presence of a gas in the gas,
substep S32, performing risk control processing on the business data;
and (4) risk control processing, namely judging that the provided service data is smaller than a certain value of a corresponding category or industry, and if so, not providing the service data. Otherwise, the amount of business data provided may be able to locate the individual by a lawless person, resulting in privacy leakage for the individual.
And/or the presence of a gas in the gas,
and a substep S33, querying and processing the container of the business data according to the sensitivity of the business data.
As shown in fig. 2, in the context management and control in data security, data is classified, and different operating contexts are selected according to the security level of service data and the processing mode of the data, so as to perform privilege classification management on the operating contexts.
If the data sensitivity is high, the data is required to be processed in all controllable environments, such as a cloud platform, and business data cannot be exported.
The data sensitivity is high, the data is required to be processed in a cloud platform, and the cloud platform is directly connected with a terminal environment with reliable cloud platform authentication.
Such as an advertisement delivery platform approved by the cloud platform, or an application container end approved by the cloud platform.
And 104, calling the application object in the specified container, and performing service processing on the service data after the safety processing.
In a safe and controllable container, the application object can be called to process the service data according to the service characteristics.
In practical applications, the tasks that the big data user can develop in the cloud platform can be divided into SQL, MR, Xlib and the like.
All the tasks can be operated on an ODPS cluster of the cloud platform, the ODPS cluster is a special ODPS cluster in an intranet environment, a user of big data can access the ODPS cluster in a safe and controllable mode through a website of the cloud platform, and the ODPS cluster cannot be directly accessed in other modes.
Meanwhile, the ODPS cluster also does not expose an IP address for access to the external network.
In one embodiment of the present application, step 104 may include the following sub-steps:
substep S41, outputting the application object and the service data after the security processing to a designated container;
a substep S42 of receiving a processing request;
and a substep S43, calling the application object, and performing service processing on the service data after the security processing according to the processing request.
In the embodiment of the application, the service data to be provided is confirmed and output to a processed container, such as a development platform and a big data mining platform in a cloud platform.
In a specific implementation, a large data mining platform provides modules of mining capabilities, provided in a container fashion.
The container is a Virtual Machine (VM) in a cloud platform intranet, or a remote VM in a cloud platform authentication system;
the remote virtual machine is accessed in a designated mode and is not opened to an external network;
as shown in fig. 2, the service data access mode is not that a user receives a database for operation, but provides scheduling and query permissions in a data service layer (including a scheduling layer and a query layer), and the data is indirectly used and operated on a website through a functional interface packaged by the cloud platform.
The service data is prohibited from being exported from the remote virtual machine;
the remote virtual machine provides the processing authority of the service data and does not provide the management authority of the service data, such as the management authority of a database.
The embodiment of the application searches for corresponding service data to the application object passing through the safety detection, after the service data is subjected to safety processing, the service processing is carried out in a controllable container, and because the user of the cloud platform authorizes the cloud platform in advance, therefore, the diversity and higher value of the service data can be greatly improved, in addition, the cloud platform integrates the computing capacity of big data, the mining function of the big data can be provided for the user of a third party, the development capacity of the user of the third party is improved, the big data processing capacity and the big data exploration capacity are improved, and therefore effective products or analysis reports are produced.
In one embodiment of the present application, the method may further comprise the steps of:
105, monitoring the service processing;
the cloud platform can monitor and monitor the visual service, and can discover or perform early warning and evidence collection afterwards.
As shown in fig. 2, in the embodiment of the present application, the usage of the user resource may be integrally monitored and recorded (i.e., resource monitoring and behavior monitoring), so as to avoid a situation of exporting a large amount of service data.
Which comprises the following steps:
monitoring the use information of the service data after the safety processing, wherein the use information comprises the calling number and/or calling times of an Application Programming Interface (API);
and/or the presence of a gas in the gas,
the storage information (such as database storage condition and data storage magnitude) of the designated container is monitored.
Step 106, judging whether the business processing is risk processing; if yes, go to step 107;
step 107, generating alarm information.
And when risk detection processing is carried out, generating alarm information to prompt technicians in the cloud platform to carry out processing.
Which comprises the following steps:
when the difference between the use information and the preset sample use information exceeds a preset difference threshold value, judging as risk processing;
for example, the API call is abnormal when the API call is ten thousand levels (sample usage information) and suddenly is million levels (usage information).
And/or the presence of a gas in the gas,
and when the storage information exceeds a preset storage threshold value, indicating that the resource occupation is abnormal, and judging that the operation data volume is overlarge and the export risk exists as risk processing.
In one embodiment of the present application, the method may further comprise the steps of:
step 108, carrying out cloud security detection on the container;
as shown in fig. 2, a cloud shield in a cloud platform may provide cloud security detection.
Wherein cloud security detection may include one or more of:
1. DDos defense;
and deploying professional Ddos-preventing equipment to limit the quantity of defending SYN flow denial of service attacks and informing the user of the attacked state of the website at any time.
2. Host password cracking defense;
violent cracking has great harm to the server, and if the violent cracking succeeds, the authority of the administrator can be stolen, so that the information and the rights and interests of the website and the website user are greatly damaged.
The host password brute force cracking defense discovers illegal invasion in real time by scanning an access log, blocks an invaded IP address, informs a user in a short message or mail mode, and the user can log in invasion information such as check time, illegal IP, target cloud servers, interception times and the like.
3. Detecting a backdoor of a website;
the website backdoor is a section of code implanted into a website, runs in a web section, is usually good in concealment, is difficult to find in real time by an administrator, and can steal website information and even lose website control right, and meanwhile, the website backdoor can damage privacy information of website users, so that irreparable loss is caused to the website.
And the backdoor detection finds the backdoor of the website in real time by scanning and accessing the URL, informs the user in a short message or mail mode, and the user can log in and view information such as a cloud host and an address which the backdoor of the website belongs to so as to delete the backdoor in time and eliminate hidden danger.
4. Logging in at different places for reminding;
the method comprises the steps of analyzing and establishing a model according to the login habits of website users, reminding the users in different places to find abnormal login behaviors in real time by scanning access logs, informing the users in a short message or mail mode, and enabling the users to log in and check the login time and place of the users and a target server for confirmation, so that possible damage caused by unauthorized login is avoided.
5. And (6) port security check.
And periodically scanning the high-risk port opened by the server, reducing the risk of system intrusion, and periodically reporting the port opening list to the user.
Of course, the cloud security detection is only used as an example, and when the embodiment of the present application is implemented, other cloud security detections may be set according to an actual situation, which is not limited in the embodiment of the present application. In addition, besides the cloud security detection, a person skilled in the art may also use other cloud security detections according to actual needs, which is not limited in this embodiment of the present application.
In one embodiment of the present application, the method may further comprise the steps of:
and step 109, outputting the processing report through a preset application programming interface.
According to different requirements, if report output is carried out, the business data are operated in a specified container and finally output in the form of API, and then raw materials are provided for the report.
If the service data is relatively sensitive, the service processing is carried out in a fully controllable container, the user directly carries out analysis, and the cloud platform is directly connected to an authentication system, such as an advertisement delivery system, so that the service processing result cannot be exported or even invisible.
In one embodiment of the present application, the method may further comprise the steps of:
and step 110, monitoring the Workflow (Workflow) of the service data after the safety processing in the container.
In the embodiment of the application, the service data is comprehensively monitored based on the workflow of the service data, and the log collection and analysis are performed on the whole link from the processing log of the service data on the platform, the log output by the service data from the API, and the log of the data on the VM machine, so as to set the rule.
For example, if data related to an order is monitored, an alarm can be given to a sudden increase of the amount of orders accessed by a certain user, order leakage can be tracked and located, and the like.
In the embodiment of the application, through measures such as service processing monitoring, cloud security detection, workflow monitoring and the like, the service data of the whole link is ensured to be open, and meanwhile, the security of the service data is ensured.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the embodiments. Further, those skilled in the art will also appreciate that the embodiments described in the specification are presently preferred and that no particular act is required of the embodiments of the application.
Referring to fig. 3, a block diagram of a structure of an embodiment of a cloud platform-based service data processing apparatus according to the present application is shown, and the apparatus may specifically include the following modules:
the security detection module 301 is configured to perform security detection based on a cloud platform on the submitted application object;
a service data searching module 302, configured to search service data matched with the application object when passing security detection;
the security processing module 303 is configured to perform security processing on the service data based on a cloud platform;
and the service processing module 304 is configured to call the application object in the specified container, and perform service processing on the service data after the security processing.
In one embodiment of the present application, the security detection module 301 may include the following sub-modules:
the operation judgment submodule is used for judging whether the submitted application object carries out at least one of the following operations:
inquiring sensitive service data, operating a service object to which cross-service data belongs, exporting service data and aggregating the service data;
if yes, calling a first confirmation submodule, and if not, calling a second confirmation submodule;
a first confirmation submodule for confirming that the security check is not passed;
and the second confirming submodule is used for confirming that the safety detection is passed.
In one embodiment of the present application, the secure processing module 303 may include the following sub-modules:
the open type judging submodule is used for judging whether the service data is open service data or not; if yes, opening an information query submodule;
the open information inquiry submodule is used for inquiring the open content and the open form of the service data;
and the desensitization sub-module is used for performing desensitization processing based on the cloud platform on the service data belonging to the open content according to the open form.
In particular implementations, the desensitization treatment may include one or more of:
encryption processing, fuzzy processing, category comparison and ranking and statistical index normalization.
In an embodiment of the present application, the service processing module 304 may include the following sub-modules:
the sampling submodule is used for sampling the service data;
and/or the presence of a gas in the gas,
the wind control submodule is used for carrying out risk control processing on the service data;
and/or the presence of a gas in the gas,
and the container query submodule is used for querying a container for processing the business data according to the sensitivity of the business data.
In an embodiment of the present application, the service processing module 304 may include the following sub-modules:
the output submodule is used for outputting the application object and the service data after the safety processing to a specified container;
the request receiving submodule is used for receiving a processing request;
and the request response submodule is used for calling the application object and carrying out service processing on the service data after the safety processing according to the processing request.
In practical application, the container is a remote virtual machine in a cloud platform intranet, or a remote virtual machine in a cloud platform authentication system;
the remote virtual machine is accessed in a designated mode and is not opened to an external network;
the traffic data is prohibited from being exported from the remote virtual machine;
the remote virtual machine provides the processing authority of the service data and does not provide the management authority of the service data.
In one embodiment of the present application, the apparatus may further include the following modules:
the processing monitoring module is used for monitoring the business processing;
the risk judgment module is used for judging whether the business processing is risk processing; if yes, calling an alarm module;
and the alarm module is used for generating alarm information.
In one embodiment of the present application, the process monitoring module may include the following sub-modules:
the first monitoring submodule is used for monitoring the use information of the service data after the safety processing, wherein the use information comprises the calling number and/or the calling times of an application programming interface;
and/or the presence of a gas in the gas,
and the second monitoring submodule is used for monitoring the storage information of the specified container.
In an embodiment of the present application, the risk determination module may include the following sub-modules:
the first judgment submodule is used for judging that risk processing is carried out when the difference between the use information and preset sample use information exceeds a preset difference threshold;
and/or the presence of a gas in the gas,
and the second judging submodule is used for judging that the risk processing is carried out when the storage information exceeds a preset storage threshold value.
In one embodiment of the present application, the apparatus may further include the following modules:
the cloud detection module is used for carrying out cloud security detection on the container;
wherein the cloud security detection comprises one or more of:
DDos defense, host password cracking defense, website backdoor detection, remote login prompt and port security check.
In one embodiment of the present application, the apparatus may further include the following modules:
and the workflow monitoring module is used for monitoring the workflow of the service data after the safety processing in the container.
In one embodiment of the present application, the apparatus may further include the following modules:
and the processing report output module is used for outputting the processing report through a preset application programming interface.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one of skill in the art, embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
In a typical configuration, the computer device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory. The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium. Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (fransitory media), such as modulated data signals and carrier waves.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the true scope of the embodiments of the application.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The method for processing the service data based on the cloud platform and the device for processing the service data based on the cloud platform are introduced in detail, and specific examples are applied to explain the principle and the implementation of the method, and the explanation of the embodiments is only used for helping to understand the method and the core idea of the method; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (18)
1. A service data processing method based on a cloud platform is characterized by comprising the following steps:
performing security detection based on a cloud platform on the submitted application object, wherein the security detection mode is code static detection and trial operation on the application object, specifically judging whether the submitted application object performs at least one specific operation, and if so, determining that the application object does not pass the security detection; if not, confirming that the safety detection is passed;
when the application object passes the security detection, searching the service data matched with the application object;
carrying out safety processing on the service data based on a cloud platform;
and calling the application object in the specified container, and performing service processing on the service data after the safety processing.
2. The method of claim 1, wherein the specific operation is:
inquiring sensitive service data, operating across service objects to which the service data belongs, exporting the service data and aggregating the service data.
3. The method of claim 1, wherein the step of performing cloud platform-based security processing on the business data comprises:
judging whether the service data is open service data or not; if yes, inquiring the open content and the open form of the service data;
and according to the open form, carrying out desensitization treatment based on the cloud platform on the service data belonging to the open content.
4. A method according to claim 3, wherein the desensitization treatment comprises one or more of:
encryption processing, fuzzy processing, category comparison and ranking and statistical index normalization.
5. The method according to claim 1, 3 or 4, wherein the step of performing cloud platform-based security processing on the business data comprises:
sampling the service data;
and/or the presence of a gas in the gas,
performing risk control processing on the service data;
and/or the presence of a gas in the gas,
and inquiring a container for processing the business data according to the sensitivity of the business data.
6. The method according to claim 1, 2, 3 or 4, wherein the step of calling the application object in a specified container and performing service processing on the service data after security processing comprises:
outputting the application object and the service data after the safety processing to a specified container;
receiving a processing request;
and calling the application object, and performing service processing on the service data after the safety processing according to the processing request.
7. The method according to claim 6, wherein the container is a remote virtual machine in a cloud platform intranet or a remote virtual machine in a cloud platform certified system;
the remote virtual machine is accessed in a designated mode and is not opened to an external network;
the traffic data is prohibited from being exported from the remote virtual machine;
the remote virtual machine provides the processing authority of the service data and does not provide the management authority of the service data.
8. The method of claim 1, 2, 3 or 4, further comprising:
monitoring the business processing;
judging whether the business processing is risk processing; if yes, generating alarm information.
9. The method of claim 8, wherein the step of monitoring the traffic process comprises:
monitoring the use information of the service data after the safety processing, wherein the use information comprises the calling number and/or calling times of an application programming interface;
and/or the presence of a gas in the gas,
the stored information of the designated container is monitored.
10. The method of claim 9, wherein the step of determining whether the business process is a risk process comprises:
when the difference between the use information and preset sample use information exceeds a preset difference threshold value, judging that risk processing is carried out;
and/or the presence of a gas in the gas,
and when the storage information exceeds a preset storage threshold value, judging that the risk processing is carried out.
11. The method of claim 1, 2, 3, 4, 7, 9, or 10, further comprising:
performing cloud security detection on the container;
wherein the cloud security detection comprises one or more of:
DDos defense, host password cracking defense, website backdoor detection, remote login prompt and port security check.
12. The method of claim 1, 2, 3, 4, 7, 9, or 10, further comprising:
monitoring the workflow of the business data after the safe processing in the container.
13. The method of claim 1, 2, 3, 4, 7, 9, or 10, further comprising:
and outputting the processing report through a preset application programming interface.
14. A service data processing device based on a cloud platform is characterized by comprising:
the safety detection module is used for carrying out safety detection based on the cloud platform on the submitted application object;
the safety detection mode is code static check and trial operation on the application object, specifically, whether the submitted application object carries out at least one specific operation is judged, and if yes, the application object is determined not to pass the safety detection; if not, confirming that the safety detection is passed;
the service data searching module is used for searching the service data matched with the application object when passing the safety detection;
the safety processing module is used for carrying out safety processing on the service data based on a cloud platform;
and the service processing module is used for calling the application object in the specified container and carrying out service processing on the service data after the safety processing.
15. The apparatus of claim 14, further comprising:
the processing monitoring module is used for monitoring the business processing;
the risk judgment module is used for judging whether the business processing is risk processing; if yes, calling an alarm module;
and the alarm module is used for generating alarm information.
16. The apparatus of claim 14, further comprising:
the cloud detection module is used for carrying out cloud security detection on the container;
wherein the cloud security detection comprises one or more of:
DDos defense, host password cracking defense, website backdoor detection, remote login prompt and port security check.
17. The apparatus of claim 14, further comprising:
and the workflow monitoring module is used for monitoring the workflow of the service data after the safety processing in the container.
18. The apparatus of claim 14, 15, 16 or 17, further comprising:
and the processing report output module is used for outputting the processing report through a preset application programming interface.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510555904.5A CN106487775B (en) | 2015-09-01 | 2015-09-01 | Service data processing method and device based on cloud platform |
| PCT/CN2016/096586 WO2017036336A1 (en) | 2015-09-01 | 2016-08-24 | Cloud platform-based service data processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510555904.5A CN106487775B (en) | 2015-09-01 | 2015-09-01 | Service data processing method and device based on cloud platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106487775A CN106487775A (en) | 2017-03-08 |
| CN106487775B true CN106487775B (en) | 2020-01-21 |
Family
ID=58186671
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510555904.5A Active CN106487775B (en) | 2015-09-01 | 2015-09-01 | Service data processing method and device based on cloud platform |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106487775B (en) |
| WO (1) | WO2017036336A1 (en) |
Families Citing this family (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106453492B (en) * | 2016-08-30 | 2019-05-14 | 浙江大学 | Container dispatching method under Docker container cloud platform based on Fuzzy Pattern Recognition |
| KR101807806B1 (en) * | 2017-05-02 | 2017-12-11 | 나무기술 주식회사 | Application containerization method on cloud platform |
| CN107908457B (en) * | 2017-11-08 | 2020-03-17 | 河海大学 | Containerized cloud resource allocation method based on stable matching |
| CN112668547A (en) * | 2018-04-28 | 2021-04-16 | Oppo广东移动通信有限公司 | Image processing method, image processing device, electronic equipment and computer readable storage medium |
| CN110442508B (en) * | 2018-05-03 | 2023-05-23 | 阿里巴巴集团控股有限公司 | Test task processing method, device, equipment and medium |
| CN108763929B (en) * | 2018-05-16 | 2020-08-21 | 有时数联科技(北京)有限公司 | Method and system for performing parallel security audit on data and application |
| CN109214908A (en) * | 2018-07-06 | 2019-01-15 | 深圳市买买提信息科技有限公司 | A kind of monitoring method and relevant apparatus |
| CN109542721B (en) * | 2018-11-05 | 2022-08-12 | 北京炎黄盈动科技发展有限责任公司 | Application state control method and device in application container and storage medium |
| CN110046982B (en) * | 2018-11-28 | 2023-11-07 | 创新先进技术有限公司 | Method and device for processing information data |
| CN109800595A (en) * | 2018-12-26 | 2019-05-24 | 全球能源互联网研究院有限公司 | A kind of electric power data sharing method and system |
| CN111506905A (en) * | 2019-01-31 | 2020-08-07 | 百度在线网络技术(北京)有限公司 | Data processing method, device, server and storage medium |
| CN112825096A (en) * | 2019-11-21 | 2021-05-21 | 北京沃东天骏信息技术有限公司 | Data desensitization method and device |
| CN111143875B (en) * | 2019-12-17 | 2024-03-08 | 航天信息股份有限公司 | Data information desensitization method and system based on big data |
| CN111800432A (en) * | 2020-07-20 | 2020-10-20 | 博为科技有限公司 | Anti-brute force cracking method and device based on log analysis |
| CN112131027A (en) * | 2020-09-29 | 2020-12-25 | 中国银行股份有限公司 | Distributed application cluster and data desensitization method |
| CN112686735A (en) * | 2021-01-08 | 2021-04-20 | 重庆昊沐欣科技有限公司 | Electronic commerce system based on big data and cloud computing |
| CN113079057A (en) * | 2021-03-12 | 2021-07-06 | 北京明略昭辉科技有限公司 | Flow monitoring system |
| CN113204575B (en) * | 2021-05-28 | 2023-08-01 | 西藏宁算科技集团有限公司 | Distributed flow processing solution method and system based on cloud platform |
| CN113613182B (en) * | 2021-08-10 | 2023-03-21 | 中国平安财产保险股份有限公司 | Short message sending method, computer equipment and readable storage medium |
| CN113434489B (en) * | 2021-08-26 | 2021-11-16 | 西安热工研究院有限公司 | Real-time database online capacity expansion method, system, equipment and storage medium |
| CN113920698B (en) * | 2021-11-25 | 2023-08-04 | 杭州安恒信息技术股份有限公司 | Early warning method, device, equipment and medium for interface abnormal call |
| CN115021951A (en) * | 2022-04-13 | 2022-09-06 | 深圳市联软科技股份有限公司 | Service application management method and system |
| CN114866532B (en) * | 2022-04-25 | 2023-11-10 | 安天科技集团股份有限公司 | Method, device, equipment and medium for uploading security check result information of endpoint file |
| CN114979281B (en) * | 2022-07-11 | 2022-11-08 | 成都信息工程大学 | Data interaction method applied to industrial internet cloud service platform |
| CN115374481B (en) * | 2022-10-19 | 2023-03-17 | 支付宝(杭州)信息技术有限公司 | Data desensitization processing method and device, storage medium and electronic equipment |
| CN116938590B (en) * | 2023-08-28 | 2024-02-13 | 广东中山网传媒信息科技有限公司 | Cloud security management method and system based on virtualization technology |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102523246A (en) * | 2011-11-23 | 2012-06-27 | 陈刚 | Cloud computation treating system and method |
| CN102567396A (en) * | 2010-12-30 | 2012-07-11 | 中国移动通信集团公司 | Method, system and device for data mining on basis of cloud computing |
| CN102880475A (en) * | 2012-10-23 | 2013-01-16 | 上海普元信息技术股份有限公司 | Real-time event handling system and method based on cloud computing in computer software system |
| CN103838617A (en) * | 2014-02-18 | 2014-06-04 | 河海大学 | Method for constructing data mining platform in big data environment |
| CN104796412A (en) * | 2014-04-06 | 2015-07-22 | 惠州Tcl移动通信有限公司 | End-to-end cloud service system and method for accessing sensitive data thereof |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9772831B2 (en) * | 2010-04-26 | 2017-09-26 | Pivotal Software, Inc. | Droplet execution engine for dynamic server application deployment |
| US8909781B2 (en) * | 2010-05-24 | 2014-12-09 | Pi-Coral, Inc. | Virtual access to network services |
| US8793766B2 (en) * | 2012-03-13 | 2014-07-29 | International Business Machines Corporation | Method and apparatus for security-aware elasticity of application and services |
| CN103248632A (en) * | 2013-05-29 | 2013-08-14 | 中国人民解放军理工大学 | Synchronous disc data security protection writing and reading method |
| CN104506487B (en) * | 2014-11-21 | 2017-12-08 | 北京工业大学 | The credible execution method of privacy policy under cloud environment |
| CN104504339B (en) * | 2014-12-24 | 2017-11-07 | 北京奇安信科技有限公司 | Virtualize safety detection method and system |
-
2015
- 2015-09-01 CN CN201510555904.5A patent/CN106487775B/en active Active
-
2016
- 2016-08-24 WO PCT/CN2016/096586 patent/WO2017036336A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102567396A (en) * | 2010-12-30 | 2012-07-11 | 中国移动通信集团公司 | Method, system and device for data mining on basis of cloud computing |
| CN102523246A (en) * | 2011-11-23 | 2012-06-27 | 陈刚 | Cloud computation treating system and method |
| CN102880475A (en) * | 2012-10-23 | 2013-01-16 | 上海普元信息技术股份有限公司 | Real-time event handling system and method based on cloud computing in computer software system |
| CN103838617A (en) * | 2014-02-18 | 2014-06-04 | 河海大学 | Method for constructing data mining platform in big data environment |
| CN104796412A (en) * | 2014-04-06 | 2015-07-22 | 惠州Tcl移动通信有限公司 | End-to-end cloud service system and method for accessing sensitive data thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017036336A1 (en) | 2017-03-09 |
| CN106487775A (en) | 2017-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106487775B (en) | Service data processing method and device based on cloud platform | |
| US11928231B2 (en) | Dynamic multi-factor authentication | |
| Alazab et al. | Intelligent mobile malware detection using permission requests and API calls | |
| US10154066B1 (en) | Context-aware compromise assessment | |
| US9930071B2 (en) | System and methods for secure utilization of attestation in policy-based decision making for mobile device management and security | |
| Grover | Android forensics: Automated data collection and reporting from a mobile device | |
| WO2019133453A1 (en) | Platform and method for retroactive reclassification employing a cybersecurity-based global data store | |
| US11050773B2 (en) | Selecting security incidents for advanced automatic analysis | |
| WO2016121348A1 (en) | Anti-malware device, anti-malware system, anti-malware method, and recording medium in which anti-malware program is stored | |
| US11888875B1 (en) | Subscription and key management system | |
| Shrivastava et al. | Android application behavioural analysis for data leakage | |
| EP3172692A1 (en) | Remedial action for release of threat data | |
| CN113177205A (en) | Malicious application detection system and method | |
| Palanivel et al. | Risk-driven security testing using risk analysis with threat modeling approach | |
| CN111241547A (en) | Detection method, device and system for unauthorized vulnerability | |
| US11947694B2 (en) | Dynamic virtual honeypot utilizing honey tokens and data masking | |
| Aldea et al. | Software vulnerabilities integrated management system | |
| CN114579636A (en) | Data security risk prediction method, device, computer equipment and medium | |
| Yang et al. | Static mining and dynamic taint for mobile security threats analysis | |
| US11134090B1 (en) | Network security analysis and malware detection using multiple types of malware information | |
| Orjiude et al. | A multilateral privacy impact analysis method for android applications | |
| Bo et al. | Tom: A threat operating model for early warning of cyber security threats | |
| Pournouri et al. | Improving cyber situational awareness through data mining and predictive analytic techniques | |
| Kimm et al. | Multilevel Security Embedded Information Retrieval and Tracking on Cloud Environments | |
| US11838300B1 (en) | Run-time configurable cybersecurity system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |