CN107911232A - A kind of method and device of definite business operation rule - Google Patents
A kind of method and device of definite business operation rule Download PDFInfo
- Publication number
- CN107911232A CN107911232A CN201711022301.4A CN201711022301A CN107911232A CN 107911232 A CN107911232 A CN 107911232A CN 201711022301 A CN201711022301 A CN 201711022301A CN 107911232 A CN107911232 A CN 107911232A
- Authority
- CN
- China
- Prior art keywords
- historical requests
- business operation
- sequence
- business
- history service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0876—Aspects of the degree of configuration automation
- H04L41/0883—Semiautomatic configuration, e.g. proposals from system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/5041—Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the time relationship between creation and deployment of a service
- H04L41/5048—Automatic or semi-automatic definitions, e.g. definition templates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Algebra (AREA)
- Automation & Control Theory (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Pure & Applied Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the present invention provides a kind of method and device of definite business operation rule, for solving the technical problem that prior art arrangement business operation rule difficulty is big, accuracy is poor.Method includes:M are obtained by Client-initiated historical requests;Extract the M determinant attribute fields by each historical requests in Client-initiated historical requests;The M historical requests are clustered and sorted according to the determinant attribute field of each historical requests, obtain the corresponding business operation sequence of each secondary history service operation behavior in n times history service operation behavior and the n times history service operation behavior;Wherein, a history service operation behavior corresponds to a business operation sequence, and a business operation sequence pair answers at least one historical requests, N<M;The business operation sequence for meeting preset condition is determined from the corresponding each business operation sequence of the n times history service operation behavior;According to the business operation sequence generation business operation rule determined.
Description
Technical field
The present invention relates to field of information processing, more particularly to a kind of method and device of definite business operation rule.
Background technology
As advanced continuation threatens spreading unchecked for (Advanced Persistent Threat, APT), for operation system
Security threat it is increasing.Currently, the safety monitoring product of operation system, as operating system (Operating System,
OS) drain sweep system, Web drain sweeps system, database (Database, DB) drain sweep system etc., can only be to operation system network level
Security threat be detected and protect, and for the security threat of service application aspect, such as identifying code is guessed, password violence is broken
Solution, key business operating procedure missing etc., without any protection effect.
The prior art is monitored the security threat of service application aspect to realize, the technical solution used for:People
It is that each business formulates a business operation rule for ground, by judging whether the business operation flow that user performs meets phase
Answer business operation rule and then determine whether to provide the alarm of user's abnormal operation business.
But the method for existing this human configuration business operation rule requires administrator must be to the non-Changshu of operation system
Know, thus realize that difficulty is very big;Secondly, fully rely on manually to configure to carry out the accuracy of business operation rule and cannot obtain
Ensure well.
The content of the invention
The embodiment of the present invention provides a kind of method and device of definite business operation rule, for solving prior art arrangement
The technical problem that business operation rule difficulty is big, accuracy is poor.
First aspect of the embodiment of the present invention provides a kind of method of definite business operation rule, including:
M are obtained by Client-initiated historical requests;
Extract the M determinant attribute fields by each historical requests in Client-initiated historical requests;
The M historical requests are clustered and sorted according to the determinant attribute field of each historical requests, obtain n times
The corresponding business behaviour of each secondary history service operation behavior in history service operation behavior and the n times history service operation behavior
Make sequence;Wherein, a history service operation behavior corresponds to a business operation sequence, and a business operation sequence pair should be at least
One historical requests, N<M;
Determine to meet preset condition from the corresponding each business operation sequence of the n times history service operation behavior
Business operation sequence;
According to the business operation sequence generation business operation rule determined.
In such scheme, statistical analysis is carried out by the historical requests data initiated a large number of users, extracts satisfaction
The business operation sequence of preset condition, and based on business operation sequence generation business operation rule, effectively reduce management
The workload of member, reduces the configuration difficulty of business operation rule, improves the accuracy of business operation rule configuration.
Optionally, the acquisition M are included by Client-initiated historical requests:It is initial by Client-initiated from the P
The hypertext transfer protocol (HyperText Transfer Protocol, HTTP) of M POST type is filtered out in historical requests
Request is as the M by Client-initiated historical requests.Pass through the manner, it is possible to achieve to the HTTP requests of POST types into
Row statistical analysis, and then determine the business operation rule of business handling class, the workload of administrator is effectively reduced, reduces industry
The configuration difficulty of business operation rules, improves the accuracy of the configuration of business operation rule.
Optionally, the time identifier of the determinant attribute field including each historical requests, user identifier, session identification with
And service identification;The determinant attribute field according to each historical requests is clustered and is sorted to the M historical requests,
Each secondary history service operation behavior in n times history service operation behavior and the n times history service operation behavior is obtained to correspond to
Business operation sequence, including:According to the user identifier of each historical requests, session identification and service identification by the M
The historical requests initiated when handling same item business in the same session by same user in historical requests condense together, and obtain
N number of classification, history service operation behavior of a categorized representation;The historical requests of each classification in N number of classification are pressed
It is ranked up according to time identifier, obtains N number of historical requests sequence;Determined each time according to the corresponding historical requests sequence of each classification
The corresponding business operation sequence of history service operation behavior.Pass through the manner, it is possible to achieve historical requests are clustered and are arranged
Sequence, generates multiple historical requests sequences, and then determines that each secondary history service operation behavior corresponds to according to each historical requests sequence
Business operation sequence, ensure business operation rule configuration accuracy.
Optionally, the determinant attribute field further includes the universal resource locator (Uniform of each historical requests
Resource Locator, URL) identify and required parameter attribute-bit;After being clustered to the M historical requests,
Before the historical requests of each classification are ranked up according to time identifier, the method further includes:Determine in N number of classification
URL marks, the historical requests of required parameter attribute-bit all same in the other historical requests of any sort;To URL marks, request ginseng
The historical requests of number attribute mark all same carry out duplicate removal processing, so that each history please in the other historical requests of any sort
URL marks, the required parameter attribute-bit difference asked.By the manner, minimal service during user's transacting business can be obtained
The sequence of operation, further improves the accuracy of definite business operation rule and method.
Optionally, it is described to determine that each secondary history service operation behavior corresponds to according to the corresponding historical requests sequence of each classification
Business operation sequence, including:According to the corresponding URL marks sequence of each historical requests sequence, required parameter attribute-bit sequence
Row, generate the corresponding business operation sequence of each secondary history service operation behavior., can be according to each historical requests by the manner
Sequence obtains the corresponding business operation sequence of each secondary history service operation behavior, ensures to determine the accurate of business operation rule and method
Property.
Optionally, determined in corresponding each business operation sequence from the n times history service operation behavior full
The business operation sequence of sufficient preset condition, including:Using hidden Markov model (Hidden Markov Model, HMM) to each
The corresponding business operation sequence of secondary history service operation behavior carries out long sequence separates processing, obtains K short business operation sequences,
K>=N;The short business operation sequence for meeting preset condition is determined from the K short business operation sequences.By the manner,
It can be multiple short business operation sequences by long business operation sequence separates, and then realize the accurate subdivision of business operation sequence,
Further improve the accuracy of definite business operation rule and method.
Optionally, the preset condition includes:Frequency of occurrence exceedes predetermined value;Or frequency of occurrence is most.
By the manner, the accuracy of definite business operation rule and method can be improved.
Optionally, after according to the business operation sequence determined generation business operation rule, the method further includes:
The business operation rule of generation is sent to administrator to confirm;After the confirmation message of administrator's feedback is received, make
The business operation taking effect rules.By the manner, the accuracy of definite business operation rule and method can be improved.
Second aspect of the embodiment of the present invention provides a kind of device of definite business operation rule, including:Acquiring unit, is used for
M are obtained by Client-initiated historical requests;Processing unit, for extracting the M by each in Client-initiated historical requests
The determinant attribute field of a historical requests;The M historical requests are carried out according to the determinant attribute field of each historical requests
Cluster and sequence, obtain each secondary history service behaviour in n times history service operation behavior and the n times history service operation behavior
Make the corresponding business operation sequence of behavior;Wherein, a history service operation behavior corresponds to a business operation sequence, an industry
The business sequence of operation corresponds at least one historical requests, N<M;From the corresponding each business behaviour of the n times history service operation behavior
Make to determine the business operation sequence for meeting preset condition in sequence;Generation unit, for according to the business operation sequence determined
Column-generation business operation rule.
Optionally, the acquiring unit is used for:Obtain P to be asked by Client-initiated initial history, P>=M;From the P
The HTTP request that M POST type is filtered out in a request by Client-initiated initial history is initiated as the M by user
Historical requests.
Optionally, the time identifier of the determinant attribute field including each historical requests, user identifier, session identification with
And service identification;The processing unit is used for:Will according to the user identifier of each historical requests, session identification and service identification
The historical requests initiated when handling same item business in the same session by same user in the M historical requests are aggregated in one
Rise, obtain N number of classification, history service operation behavior of a categorized representation;By the history of each classification in N number of classification
Request is ranked up according to time identifier, obtains N number of historical requests sequence;It is true according to the corresponding historical requests sequence of each classification
Determine the corresponding business operation sequence of each secondary history service operation behavior.
Optionally, the determinant attribute field further includes the URL marks and required parameter attribute-bit of each historical requests;
The processing unit is additionally operable to:After being clustered to the M historical requests, by the historical requests of each classification according to when
Between before mark is ranked up, determine in N number of classification URL marks, required parameter attribute in the other historical requests of any sort
Identify the historical requests of all same;Duplicate removal processing is carried out to URL marks, the historical requests of required parameter attribute-bit all same,
So that the URL marks of each historical requests, required parameter attribute-bit are different in the other historical requests of any sort.
Optionally, the processing unit is used for:According to the corresponding URL marks sequence of each historical requests sequence, request ginseng
Number attribute identifies sequence, generates the corresponding business operation sequence of each secondary history service operation behavior.
Optionally, the processing unit is used for:Using HMM to the corresponding business operation sequence of each secondary history service operation behavior
Row carry out long sequence separates processing, obtain K short business operation sequences, K>=N;From the K short business operation sequences really
Make the short business operation sequence for meeting preset condition.
Optionally, described device further includes:Transmitting element, in the processing unit according to the business operation determined
After sequence generation business operation rule, the business operation rule of generation is sent to administrator and is confirmed;Receiving unit, is used
In the confirmation message for receiving administrator's feedback;The processing unit, is additionally operable to receive the administrator in the receiving unit
After the confirmation message of feedback, make the business operation taking effect rules.
The third aspect of the embodiment of the present invention also provides a kind of equipment of definite business operation rule, including:At least one place
Manage device, and be connected with least one processor communication memory, communication interface;Wherein, the memory storage has
The instruction that can be performed by least one processor, at least one processor is by performing the finger of the memory storage
Order, the method described in first aspect of the embodiment of the present invention is performed using the communication interface.
Fourth aspect of the embodiment of the present invention also provides a kind of computer-readable recording medium, the computer-readable storage medium
Matter is stored with computer instruction, when the computer instruction is run on computers so that computer, which performs the present invention, to be implemented
Method described in example first aspect.
The one or more technical solutions provided in the embodiment of the present invention, have at least the following technical effects or advantages:
1st, the embodiment of the present invention carries out statistical analysis by the historical requests data initiated a large number of users, extracts satisfaction
The business operation sequence of preset condition, and based on business operation sequence generation business operation rule, and then realize and business is grasped
Make the newly-increased or renewal of rule, effectively reduce the workload of administrator, reduce the configuration difficulty of business operation rule, improve
The accuracy and promptness of the configuration of business operation rule;
2nd, the embodiment of the present invention is to URL marks, the historical requests of required parameter attribute-bit all same in each classification
Carrying out duplicate removal processing so that the URL marks of each historical requests, required parameter attribute-bit are different in each classification, and then
Minimal service sequence of operation during user's transacting business is obtained, further improves the accuracy of definite business operation rule and method;
3rd, the embodiment of the present invention uses HMM by long business operation sequence separates for multiple short business operation sequences, Jin Ershi
The accurate subdivision of existing business operation sequence, improves the accuracy of definite business operation rule and method;
4th, the embodiment of the present invention is also sent it to before the business operation determined rule is added to system come into force
Administrator confirms, after the confirmation message of administrator's feedback is received, then is added in system and uses, further improves
The accuracy and reliability of business operation rule configuration.
Brief description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill in field, without having to pay creative labor, it can also be obtained according to these attached drawings
His attached drawing.
Fig. 1 is the flow diagram for the method that business operation rule is determined in the embodiment of the present invention;
Fig. 2 is the structure diagram for the device that business operation rule is determined in the embodiment of the present invention;
Fig. 3 is the structure diagram for the equipment that business operation rule is determined in the embodiment of the present invention.
Embodiment
Currently, the safety detection class product for enterprise operation system has operating system (Operating System, abbreviation
OS) drain sweep, Web drain sweeps, database (Database, DB) drain sweep system etc., but these equipment cannot be all found from development and application
Safety problem, the safety problem in terms of service logic;Intruding detection system (the Intrusion Detection disposed at present
Systems, IDS) etc. detection kind equipment, be based primarily upon feature database or heuristic rule be detected, for being patrolled for business
Collect class attack, the attack of APT classes has no to perceive;Traditional firewall system often just for five-tuple (source IP address, source port,
Purpose IP address, destination interface and transport layer protocol) it is detected, to upper layer application almost without protection effect;Web applications are anti-
Protecting system (Web Application Firewall, WAF) is protected mainly for web attacks, to service logic, business number
It is helpless according to the attack such as forgery;Sandbox class APT attack detection systems are mainly to detect the malice generation for threatening OS or some applications
Code, it is also helpless to the detection for service application data.In conclusion safety detection, protection kind equipment are directed to industry at present
The security threat of business application there is no protection effect.
Safe different from network level, the characteristics of service application aspect is safe is that the business operation behavior of user meets visit
Ask control rule, to every single stepping of business handling all without obvious attack signature, such as there is no structuralized query language
Say (Structured Query Language, SQL) injection, without cross-site scripting attack (Cross Site Scripting,
The attack signature such as XSS).The usual form of expression of the security threat of service application aspect has:Disabled user is using abnormal business
Operating process carries out business handling, such as identifying code conjecture, password Brute Force, key business operating procedure missing etc..
Technical solution is general used by the prior art is detected and protects to the security threat of service application aspect:
The corresponding business operation rule of each business of human configuration, establishes out the normal users behavior baseline of each single item business handling,
By judge user perform business operation flow whether meet business operation rule determine whether to abnormal traffic behavior into
Row alarm.
But the method for this human configuration needs specific behaviour of the administrator to the class of business in operation system and business
It is very familiar to make flow, realizes that difficulty is very big, cost of labor is also higher;Meanwhile it is easy to industry occur by manually completely
Key operation step of being engaged in configuration missing, or the problems such as the missing of attribute field, therefore accuracy is difficult to be guaranteed;Furthermore
If system has new business to add, or when have the business to change, manually it cannot be guaranteed that discovery in time and to business
Operation rules is increased newly or changed.It can be seen from the above that there are difficulty is big, accuracy for prior art arrangement business operation rule
Difference, the technical problem such as not in time.
For above-mentioned technical problem existing in the prior art, the embodiment of the present invention provides a kind of definite business operation rule
Method and device, carries out statistical analysis by the historical requests data initiated a large number of users, extracts and meet preset condition
Business operation sequence, based on business operation sequence generation business operation rule, and the business operation rule of generation is sent to
Administrator confirms that the business operation rule is increased newly in operation system or advised using the business operation by member to be managed after confirming
Then old service operation rules is updated, effectively reduces the workload of administrator, reduces the configuration of business operation rule
Difficulty, improves the accuracy and promptness of the configuration of business operation rule.
Technical solution of the present invention is described in detail below by attached drawing and specific embodiment, it should be understood that the present invention
Specific features in embodiment and embodiment are the detailed description to technical solution of the present invention, rather than to the technology of the present invention
The restriction of scheme, in the case where there is no conflict, the technical characteristic in the embodiment of the present invention and embodiment can be mutually combined.
An embodiment of the present invention provides a kind of method of definite business operation rule, with reference to Fig. 1, this method mainly include with
Lower step:
Step 101:M are obtained by Client-initiated historical requests;
User is generally sent during the carry out business operation to operation system using web browser to server
HTTP request, realization and server communication.Existing HTTP request mainly has GET and POST two types, for business handling
For the operation of class, user needs to submit association requests parameter to server, therefore business handling generic operation committed step corresponds to
HTTP request be typically all POST types HTTP request.
In consideration of it, in embodiments of the present invention, the acquisition M specific implementations by Client-initiated historical requests
It can include:Obtain P to be asked by Client-initiated initial history, P>=M;From the P by Client-initiated initial history
The HTTP request of M POST type is filtered out in request, using the HTTP request of the M POST types as the M by with
The historical requests that family is initiated.Wherein, the P acquisition modes asked by Client-initiated initial history can be directly working
Obtained in the business operation log data of business system storage.
Step 102:Extract the M determinant attribute fields by each historical requests in Client-initiated historical requests;
Specifically, extract the time identifier of each historical requests, user identifier, session identification and service identification.
In specific implementation process, HTTP request generally comprised request initiate the time, HTTP request type, body,
The information such as cookie, referer.Wherein, HTTP request type can identify the request be the HTTP request of POST types also
It is the HTTP request of GET types;Body and cookie information can identify the corresponding user information of the request and session information,
Referer information can be used for identifying the corresponding service resources information of the request.Therefore, the time identifier is specifically as follows
The field where the time is initiated in request, and the user identifier and session identification can be the word where body and cookie information
Section, the service identification can be the field where referer information.
Step 103:The M historical requests are clustered and arranged according to the determinant attribute field of each historical requests
Sequence, obtains each secondary history service operation behavior pair in n times history service operation behavior and the n times history service operation behavior
The business operation sequence answered.Wherein, a history service operation behavior corresponds to a business operation sequence, a business operation sequence
The corresponding at least one historical requests of row, N<M.
It is possible, firstly, to according to the user identifier of each historical requests, session identification and service identification by the M history
The historical requests initiated when handling same item business in the same session by same user in request condense together, a classification
Characterize a history service operation behavior.In specific implementation process, the concrete methods of realizing of cluster may comprise steps of:
According to the user identifier of each historical requests, same Client-initiated historical requests are condensed together;Then it is directed to each
Client-initiated historical requests, are classified using session identification, please by the history initiated in the same session by same user
Ask and condense together;Then classified for historical requests of each user in each session using service identification, will be same
One user condenses together with the historical requests that same item business initiation is handled in a session, finally obtains N number of classification.
Then, each classification in the N number of classification obtained for cluster, by the historical requests in each classification according to the time
Mark is ranked up according to time order and function order, obtains N number of historical requests sequence according to time sequence.
Finally, the corresponding business of each secondary history service operation behavior is determined according to the corresponding historical requests sequence of each classification
The sequence of operation.
In specific implementation process, in each historical requests sequence that ranked processing obtains, include user identifier
With the information such as session identification, but in practical applications, judge whether customer service operation behavior is normal and be generally only concerned business behaviour
Make flow in itself, it is not necessary to which it is whom to be concerned about user, or which time session session is, it is therefore desirable to removes user and session letter
Breath, i.e., determine the corresponding business operation sequence of each secondary history service operation behavior according to the corresponding historical requests sequence of each classification
Row.
In embodiments of the present invention, business operation sequence is by URL sequences, and the body in sequence corresponding to each URL
Attribute-name information (i.e. required parameter attribute-bit) composition in information.Why to include the attribute-name information in body, be
Because the business of somewhat different species may have identical URL sequences, the request ginseng that difference is simply submitted in every single stepping
Several attributes is different, for example request sequence A and request sequence B has identical URL sequences:URL1 → URL2 → URL3, still
The corresponding body information of the corresponding URL1 of request sequence A is " telephone number ", and the corresponding body of the corresponding URL1 of request sequence B
Information is " email address ".In consideration of it, above-mentioned determine that each secondary history service is grasped according to the corresponding historical requests sequence of each classification
Making the concrete methods of realizing of the corresponding business operation sequence of behavior can include:Determine the corresponding URL of each historical requests sequence
Identify sequence, required parameter attribute-bit sequence;According to the corresponding URL marks sequence of each historical requests sequence, required parameter
Attribute-bit sequence, generates the corresponding business operation sequence of each secondary history service operation behavior.
Step 104:Determine to meet from the corresponding each business operation sequence of the n times history service operation behavior pre-
If the business operation sequence of condition.
In embodiments of the present invention, the preset condition can have a variety of implementations, include but not limited to following several:
The first:Frequency of occurrence exceedes predetermined value.
For example, it is assumed that predetermined value is 1000, if some business operation sequence is in the above-mentioned N number of business operation determined
Frequency of occurrence is more than 1000 times in sequence, it was demonstrated that at least 1000 customer service operation behaviors correspond to the business operation sequence
Row, then be determined as the business operation sequence for meeting preset condition.Under this implementation, it can determine at the same time multiple
Meet the business operation sequence of preset condition.
Second:Frequency of occurrence is most.
For example, the occurrence number of each business operation sequence in N number of business operation sequence can be counted, and according to going out
The various businesses sequence of operation is ranked up by the order of occurrence number from big to small, and the most business operation sequence of occurrence number is
Meet the business operation sequence of preset condition.Under this implementation, a kind of business for meeting preset condition can only be determined
The sequence of operation.
The third:Belong to preceding W of frequency of occurrence at most, W>=2.
For example, the occurrence number of each business operation sequence in N number of business operation sequence can be counted, and according to going out
The various businesses sequence of operation is ranked up by the order of occurrence number from big to small, the business operation sequence of the at most preceding W of occurrence number
In any business operation sequence be satisfied by preset condition.Under this implementation, multiple meet in advance can be determined at the same time
If the business operation sequence of condition.
Step 105:According to the business operation sequence generation business operation rule determined.
Specifically, using the business operation sequence for meeting preset condition determined as business operation rule, it is used for
Whether the business operation sequence that detection user initiates in transacting business is normal, if what some user initiated in transacting business
Business operation sequence is not inconsistent with the business operation rule, then provides service exception alarm
In specific implementation process, if system can incite somebody to action in itself without the corresponding business operation rule of corresponding service
The business operation rule of above-mentioned generation is added directly into system, it is come into force in systems;If there is corresponding industry in system originally
Be engaged in corresponding business operation rule, then can use by the business operation rule of above-mentioned generation to original business operation rule into
Row renewal.
In specific implementation process, after business operation rule is generated, before it is come into force in systems, it can also incite somebody to action
The business operation rule of generation is sent to administrator's confirmation, after the confirmation message of administrator's feedback is received, then will
It, which is added in system, uses, and ensures the reliability of business operation rule with this.
In such scheme, statistical analysis is carried out by the historical requests data initiated a large number of users, extracts satisfaction
The business operation sequence of preset condition, and based on business operation sequence generation business operation rule, and then realize and business is grasped
Make the newly-increased or renewal of rule, effectively reduce the workload of administrator, reduce the configuration difficulty of business operation rule, carry
The high accuracy and promptness of business operation rule configuration.
Optionally, in specific implementation process, it is possible that the URL much repeated during user's transacting business
Data are redirected, such as repeatedly just input is correct for identifying code.In consideration of it, after being clustered to the M historical requests, incite somebody to action respectively
Before the historical requests of a classification are ranked up according to time identifier, aggregated good request can also be carried out at duplicate removal
Reason, is carried out operating as follows to each classification in N number of classification:Determine the other history of any sort in N number of classification
URL marks, the historical requests of required parameter attribute-bit all same in request;It is homogeneous to URL marks, required parameter attribute-bit
Same historical requests carry out duplicate removal processing, so that the URL of each historical requests is identified, asked in the other historical requests of any sort
Ask parameter attribute mark different.
Specifically, when in same classification at least two requests include identical URL, while each corresponding to URL
Attribute-name information in body information is also identical, then proves that at least two request is the request repeated, then only need to retain
Wherein any one is asked, remaining identical request is deleted.So allow for sequence generation business operation sequence be
Minimal service sequence of operation during user's transacting business, i.e., the business according to time order and function sequence of no repetitive operation data are grasped
Make sequence.
By the manner, minimal service sequence of operation during user's transacting business can be obtained, further improves definite industry
The accuracy for operation rules method of being engaged in.
Optionally, during actual business handling, it may appear that a user is directed to identical industry in a session
Business resource repeatedly handles the situation of different business, such as is given again after being downloaded to a song user oneself and give other good friends.
In this case, it is difficult to different separation of traffic is come according to service identification referer information, therefore above-mentioned steps 103 are given birth to
Into business operation sequence may substantially correspond to multinomial subservice.
In consideration of it, being ranked up by the historical requests of each classification according to time identifier, each secondary history service behaviour is obtained
After making the corresponding business operation sequence of behavior, the method can further include:Each secondary history service is grasped using HMM
Make the corresponding business operation sequence of behavior and carry out long sequence separates processing, obtain K short business operation sequences, K>=N.
Correspondingly, determined in corresponding each business operation sequence from the n times history service operation behavior full
The business operation sequence of sufficient preset condition, specifically includes:Determine to meet preset condition from the K short business operation sequences
Short business operation sequence.
Correspondingly, the business operation sequence generation business operation rule that the basis is determined, specifically includes:According to definite
The short business operation sequence generation business operation rule gone out.
In specific implementation process, HMM is by status switch, observation sequence, initial probability distribution, state transition probability square
Battle array, observation probability matrix determine jointly.In embodiments of the present invention, HMM inputs is long business operation sequence, and output is to separate
Short operation sequence afterwards, therefore HMM problems in embodiments of the present invention are being broadly divided into problem concerning study and forecasting problem two
Point.
Wherein, problem concerning study is the process for the model parameter that HMM is estimated according to observation sequence, and the model parameter of HMM includes
Initial probability distribution, state transition probability matrix, observation probability matrix.In embodiments of the present invention, it is every in a URL sequence
One step, it may be possible to the beginning step (B) during a business handling, or intermediate steps (M), or the step of ending
(E), therefore the state set of HMM is (B, M, E), each step business operation corresponding states set in each business operation sequence
In a state.Baum-Welch algorithms are used in learning process, the input of algorithm is the short business by manual confirmation
The sequence of operation, state set, initial value, the output of algorithm are the model parameter of HMM, i.e. state transition probability matrix, observation is general
Rate matrix and initial probability distribution.
Wherein, forecasting problem is according to the model parameter of the above-mentioned HMM estimated, is calculated using Viterbi (Viterbi)
The process that method is separated long business operation sequence.The input of forecasting problem is long business operation sequence, is exported as in sequence
Each step corresponding to state.After the state corresponding to each step is obtained, behind state (E) or state (B)
Above long business operation sequence is separated, it is the short operation sequence corresponding to each business handling that sequence is obtained after separation
Row.
Can be multiple short business operation sequences by long business operation sequence separates, and then realize business by the manner
The accurate subdivision of the sequence of operation, further improves the accuracy of definite business operation rule and method.
Based on same inventive concept, the embodiment of the present invention additionally provides a kind of device of definite business operation rule, reference
Fig. 2, the device include:
Acquiring unit 201, for obtaining M by Client-initiated historical requests;
Processing unit 202, is belonged to for extracting the M by the crucial of each historical requests in Client-initiated historical requests
Property field;The M historical requests are clustered and sorted according to the determinant attribute field of each historical requests, obtain n times
The corresponding business behaviour of each secondary history service operation behavior in history service operation behavior and the n times history service operation behavior
Make sequence;Wherein, a history service operation behavior corresponds to a business operation sequence, and a business operation sequence pair should be at least
One historical requests, N<M;Determine to meet from the corresponding each business operation sequence of the n times history service operation behavior
The business operation sequence of preset condition;
Generation unit 203, for according to the business operation sequence generation business operation rule determined.
Optionally, the acquiring unit 201 is used for:Obtain P to be asked by Client-initiated initial history, P>=M;From institute
P are stated to be sent out by user as the M by the HTTP request for filtering out M POST type in the request of Client-initiated initial history
The historical requests risen.
Optionally, the time identifier of the determinant attribute field including each historical requests, user identifier, session identification with
And service identification;The processing unit 202 is used for:According to the user identifier of each historical requests, session identification and business mark
Know and polymerize the historical requests initiated when handling same item business in the same session by same user in the M historical requests
Together, N number of classification, history service operation behavior of a categorized representation are obtained;By each classification in N number of classification
Historical requests are ranked up according to time identifier, obtain N number of historical requests sequence;According to the corresponding historical requests sequence of each classification
Row determine the corresponding business operation sequence of each secondary history service operation behavior.
Optionally, the determinant attribute field further includes the URL marks and required parameter attribute-bit of each historical requests;
The processing unit 202 is additionally operable to:After being clustered to the M historical requests, by the historical requests of each classification by
Before being ranked up according to time identifier, URL marks, required parameter in the other historical requests of any sort are determined in N number of classification
The historical requests of attribute-bit all same;URL marks, the historical requests of required parameter attribute-bit all same are carried out at duplicate removal
Reason, so that the URL marks of each historical requests, required parameter attribute-bit are different in the other historical requests of any sort.
Optionally, the processing unit 202 is used for:According to the corresponding URL marks sequence of each historical requests sequence, request
Parameter attribute identifies sequence, generates the corresponding business operation sequence of each secondary history service operation behavior.
Optionally, the processing unit 202 is used for:The corresponding business of each secondary history service operation behavior is grasped using HMM
Long sequence separates processing is carried out as sequence, obtains K short business operation sequences, K>=N;From the K short business operation sequences
In determine the short business operation sequence that meets preset condition.
Optionally, described device further includes:Transmitting element, in the processing unit 202 according to the business determined
After sequence of operation generation business operation rule, the business operation rule of generation is sent to administrator and is confirmed;Receive single
Member, for receiving the confirmation message of administrator's feedback;The processing unit 202, is additionally operable to receive institute in the receiving unit
After the confirmation message for stating administrator's feedback, make the business operation taking effect rules.
Based on same inventive concept, the embodiment of the present invention additionally provides a kind of equipment of definite business operation rule, reference
Fig. 3, the equipment include:
At least one processor 301, and
Memory 302, communication interface 303 with least one communication connection of processor 301;
Wherein, the memory 302 is stored with the instruction that can be performed by least one processor 301, it is described at least
The instruction that one processor 301 is stored by performing the memory 302, is performed of the invention real using the communication interface 303
Apply and business operation rule and method is determined in example.
Based on same inventive concept, the embodiment of the present invention additionally provides a kind of computer-readable recording medium, the calculating
Machine readable storage medium storing program for executing is stored with computer instruction, when the computer instruction is run on computers so that computer is held
The method that business operation rule is determined described in the row embodiment of the present invention.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program
Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more
The computer program production that usable storage medium is implemented on (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or square frame in journey and/or square frame and flowchart and/or the block diagram.These computer programs can be provided
The processors of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices, which produces, to be used in fact
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
God and scope.In this way, if these modifications and changes of the present invention belongs to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising including these modification and variations.
Claims (14)
- A kind of 1. method of definite business operation rule, it is characterised in that including:M are obtained by Client-initiated historical requests;Extract the M determinant attribute fields by each historical requests in Client-initiated historical requests;The M historical requests are clustered and sorted according to the determinant attribute field of each historical requests, obtain n times history The corresponding business operation sequence of each secondary history service operation behavior in business operation behavior and the n times history service operation behavior Row;Wherein, a history service operation behavior corresponds to a business operation sequence, and a business operation sequence pair should be at least one Historical requests, N<M;The business for meeting preset condition is determined from the corresponding each business operation sequence of the n times history service operation behavior The sequence of operation;According to the business operation sequence generation business operation rule determined.
- 2. the method as described in claim 1, it is characterised in that the acquisition M are included by Client-initiated historical requests:Obtain P to be asked by Client-initiated initial history, P>=M;From the P hypertext transfer protocol HTTP by filtering out M POST type in the request of Client-initiated initial history Request is as the M by Client-initiated historical requests.
- 3. the method as described in claim 1, it is characterised in that the determinant attribute field includes the time of each historical requests Mark, user identifier, session identification and service identification;The determinant attribute field according to each historical requests is clustered and is sorted to the M historical requests, obtains n times The corresponding business behaviour of each secondary history service operation behavior in history service operation behavior and the n times history service operation behavior Make sequence, including:According to the user identifier of each historical requests, session identification and service identification by the M historical requests by same User handles the historical requests initiated during same item business and condenses together in the same session, obtains N number of classification, a classification Characterize a history service operation behavior;The historical requests of each classification in N number of classification are ranked up according to time identifier, obtain N number of historical requests sequence Row;The corresponding business operation sequence of each secondary history service operation behavior is determined according to the corresponding historical requests sequence of each classification.
- 4. method as claimed in claim 3, it is characterised in that the determinant attribute field further includes the system of each historical requests One Resource Locator URL is identified and required parameter attribute-bit;It is ranked up after being clustered to the M historical requests, by the historical requests of each classification according to time identifier Before, the method further includes:Determine in N number of classification URL marks, the history of required parameter attribute-bit all same in the other historical requests of any sort Request;Duplicate removal processing is carried out to URL marks, the historical requests of required parameter attribute-bit all same, so that any sort is other The URL marks of each historical requests, required parameter attribute-bit are different in historical requests.
- 5. method as claimed in claim 3, it is characterised in that described to be determined according to the corresponding historical requests sequence of each classification The corresponding business operation sequence of each secondary history service operation behavior, including:According to the corresponding URL marks sequence of each historical requests sequence, required parameter attribute-bit sequence, each secondary history industry is generated The corresponding business operation sequence of operation behavior of being engaged in.
- 6. method as claimed in claim 3, it is characterised in that described corresponding each from the n times history service operation behavior The business operation sequence for meeting preset condition is determined in a business operation sequence, including:Long sequence point is carried out to the corresponding business operation sequence of each secondary history service operation behavior using hidden Markov model HMM Every processing, K short business operation sequences, K are obtained>=N;The short business operation sequence for meeting preset condition is determined from the K short business operation sequences.
- 7. such as claim 1-6 any one of them methods, it is characterised in that according to the business operation sequence generation determined After business operation rule, the method further includes:The business operation rule of generation is sent to administrator to confirm;After the confirmation message of administrator's feedback is received, make the business operation taking effect rules.
- A kind of 8. device of definite business operation rule, it is characterised in that including:Acquiring unit, for obtaining M by Client-initiated historical requests;Processing unit, for extracting the M determinant attribute fields by each historical requests in Client-initiated historical requests; The M historical requests are clustered and sorted according to the determinant attribute field of each historical requests, obtain n times history service The corresponding business operation sequence of each secondary history service operation behavior in operation behavior and the n times history service operation behavior; Wherein, a history service operation behavior corresponds to a business operation sequence, and a business operation sequence pair answers at least one go through History is asked, N<M;Determine to meet default bar from the corresponding each business operation sequence of the n times history service operation behavior The business operation sequence of part;Generation unit, for according to the business operation sequence generation business operation rule determined.
- 9. device as claimed in claim 8, it is characterised in that the acquiring unit is used for:Obtain P to be asked by Client-initiated initial history, P>=M;From the P by filtering out the HTTP request of M POST type in the request of Client-initiated initial history as the M By Client-initiated historical requests.
- 10. device as claimed in claim 8, it is characterised in that the determinant attribute field include each historical requests when Between mark, user identifier, session identification and service identification;The processing unit is used for:According to the user identifier of each historical requests, session identification and service identification by the M The historical requests initiated when handling same item business in the same session by same user in historical requests condense together, and obtain N number of classification, history service operation behavior of a categorized representation;The historical requests of each classification in N number of classification are pressed It is ranked up according to time identifier, obtains N number of historical requests sequence;Determined each time according to the corresponding historical requests sequence of each classification The corresponding business operation sequence of history service operation behavior.
- 11. device as claimed in claim 10, it is characterised in that the determinant attribute field further includes each historical requests URL is identified and required parameter attribute-bit;The processing unit is additionally operable to:After being clustered to the M historical requests, by the historical requests of each classification by Before being ranked up according to time identifier, URL marks, required parameter in the other historical requests of any sort are determined in N number of classification The historical requests of attribute-bit all same;URL marks, the historical requests of required parameter attribute-bit all same are carried out at duplicate removal Reason, so that the URL marks of each historical requests, required parameter attribute-bit are different in the other historical requests of any sort.
- 12. device as claimed in claim 10, it is characterised in that the processing unit is used for:According to the corresponding URL marks sequence of each historical requests sequence, required parameter attribute-bit sequence, each secondary history industry is generated The corresponding business operation sequence of operation behavior of being engaged in.
- 13. device as claimed in claim 10, it is characterised in that the processing unit is used for:Long sequence separates processing is carried out to the corresponding business operation sequence of each secondary history service operation behavior using HMM, obtains K Short business operation sequence, K>=N;The short business operation sequence for meeting preset condition is determined from the K short business operation sequences.
- 14. such as claim 8-13 any one of them devices, it is characterised in that described device further includes:Transmitting element, after in the processing unit according to the business operation sequence generation business operation rule determined, The business operation rule of generation is sent to administrator to confirm;Receiving unit, for receiving the confirmation message of administrator's feedback;The processing unit, is additionally operable to after the confirmation message that the receiving unit receives administrator's feedback, makes described Business operation taking effect rules.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711022301.4A CN107911232B (en) | 2017-10-27 | 2017-10-27 | Method and device for determining business operation rule |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711022301.4A CN107911232B (en) | 2017-10-27 | 2017-10-27 | Method and device for determining business operation rule |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107911232A true CN107911232A (en) | 2018-04-13 |
CN107911232B CN107911232B (en) | 2021-04-30 |
Family
ID=61841915
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711022301.4A Active CN107911232B (en) | 2017-10-27 | 2017-10-27 | Method and device for determining business operation rule |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107911232B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110290148A (en) * | 2019-07-16 | 2019-09-27 | 深圳乐信软件技术有限公司 | A kind of defence method, device, server and the storage medium of WEB firewall |
CN110784929A (en) * | 2019-09-05 | 2020-02-11 | 腾讯科技(深圳)有限公司 | Access resource allocation method, device, equipment and system |
CN114416191A (en) * | 2021-12-06 | 2022-04-29 | 奇安信科技集团股份有限公司 | Application configuration utilization rate prediction method and device |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110125509A1 (en) * | 2007-12-21 | 2011-05-26 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and Apparatus for Providing Differentiated Service Levels in a Communication Network |
US20140149409A1 (en) * | 2012-11-26 | 2014-05-29 | Wal-Mart Stores, Inc. | Massive rule-based classification engine |
CN105183809A (en) * | 2015-08-26 | 2015-12-23 | 成都布林特信息技术有限公司 | Cloud platform data query method |
CN105279614A (en) * | 2015-11-11 | 2016-01-27 | 上海熙菱信息技术有限公司 | Business auditing system based on process and method thereof |
CN105302911A (en) * | 2015-11-10 | 2016-02-03 | 珠海多玩信息技术有限公司 | Data screening engine establishing method and data screening engine |
CN105608636A (en) * | 2015-12-17 | 2016-05-25 | 国家电网公司 | Rule mining-based power grid switching operation rule base building method |
CN105786635A (en) * | 2016-03-01 | 2016-07-20 | 国网江苏省电力公司电力科学研究院 | Complex event processing system and method oriented to fault sensitive point dynamic detection |
CN106156791A (en) * | 2016-06-15 | 2016-11-23 | 北京京东尚科信息技术有限公司 | Business datum sorting technique and device |
CN106294091A (en) * | 2016-08-11 | 2017-01-04 | 福建富士通信息软件有限公司 | A kind of without intrusive mood daily record interception method for analyzing performance and system |
CN106529953A (en) * | 2015-09-15 | 2017-03-22 | 阿里巴巴集团控股有限公司 | Method and device for carrying out risk identification on business attributes |
CN106570131A (en) * | 2016-10-27 | 2017-04-19 | 北京途美科技有限公司 | Sensitive data exception access detection method based on clustering analysis |
CN106874943A (en) * | 2017-01-23 | 2017-06-20 | 腾讯科技(深圳)有限公司 | Business object sorting technique and system |
-
2017
- 2017-10-27 CN CN201711022301.4A patent/CN107911232B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110125509A1 (en) * | 2007-12-21 | 2011-05-26 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and Apparatus for Providing Differentiated Service Levels in a Communication Network |
US20140149409A1 (en) * | 2012-11-26 | 2014-05-29 | Wal-Mart Stores, Inc. | Massive rule-based classification engine |
CN105183809A (en) * | 2015-08-26 | 2015-12-23 | 成都布林特信息技术有限公司 | Cloud platform data query method |
CN106529953A (en) * | 2015-09-15 | 2017-03-22 | 阿里巴巴集团控股有限公司 | Method and device for carrying out risk identification on business attributes |
CN105302911A (en) * | 2015-11-10 | 2016-02-03 | 珠海多玩信息技术有限公司 | Data screening engine establishing method and data screening engine |
CN105279614A (en) * | 2015-11-11 | 2016-01-27 | 上海熙菱信息技术有限公司 | Business auditing system based on process and method thereof |
CN105608636A (en) * | 2015-12-17 | 2016-05-25 | 国家电网公司 | Rule mining-based power grid switching operation rule base building method |
CN105786635A (en) * | 2016-03-01 | 2016-07-20 | 国网江苏省电力公司电力科学研究院 | Complex event processing system and method oriented to fault sensitive point dynamic detection |
CN106156791A (en) * | 2016-06-15 | 2016-11-23 | 北京京东尚科信息技术有限公司 | Business datum sorting technique and device |
CN106294091A (en) * | 2016-08-11 | 2017-01-04 | 福建富士通信息软件有限公司 | A kind of without intrusive mood daily record interception method for analyzing performance and system |
CN106570131A (en) * | 2016-10-27 | 2017-04-19 | 北京途美科技有限公司 | Sensitive data exception access detection method based on clustering analysis |
CN106874943A (en) * | 2017-01-23 | 2017-06-20 | 腾讯科技(深圳)有限公司 | Business object sorting technique and system |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110290148A (en) * | 2019-07-16 | 2019-09-27 | 深圳乐信软件技术有限公司 | A kind of defence method, device, server and the storage medium of WEB firewall |
CN110290148B (en) * | 2019-07-16 | 2022-05-03 | 深圳乐信软件技术有限公司 | Defense method, device, server and storage medium for WEB firewall |
CN110784929A (en) * | 2019-09-05 | 2020-02-11 | 腾讯科技(深圳)有限公司 | Access resource allocation method, device, equipment and system |
CN110784929B (en) * | 2019-09-05 | 2021-06-15 | 腾讯科技(深圳)有限公司 | Access resource allocation method, device, equipment and system |
CN114416191A (en) * | 2021-12-06 | 2022-04-29 | 奇安信科技集团股份有限公司 | Application configuration utilization rate prediction method and device |
Also Published As
Publication number | Publication date |
---|---|
CN107911232B (en) | 2021-04-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200412767A1 (en) | Hybrid system for the protection and secure data transportation of convergent operational technology and informational technology networks | |
CN110222525B (en) | Database operation auditing method and device, electronic equipment and storage medium | |
US20200389495A1 (en) | Secure policy-controlled processing and auditing on regulated data sets | |
US11968227B2 (en) | Detecting KERBEROS ticket attacks within a domain | |
US20220210200A1 (en) | Ai-driven defensive cybersecurity strategy analysis and recommendation system | |
Lee et al. | An effective security measures for nuclear power plant using big data analysis approach | |
EP2882159B1 (en) | Profiling cyber threats detected in a target environment and automatically generating one or more rule bases for an expert system usable to profile cyber threats detected in a target environment | |
US8225398B2 (en) | System for regulating host security configuration | |
US9621589B2 (en) | Dynamic provisioning of protection software in a host intrusion prevention system | |
US9386036B2 (en) | Method for detecting and preventing a DDoS attack using cloud computing, and server | |
US20170026390A1 (en) | Identifying Malware Communications with DGA Generated Domains by Discriminative Learning | |
US7930747B2 (en) | Host intrusion prevention server | |
US11487880B2 (en) | Inferring security incidents from observational data | |
US9674210B1 (en) | Determining risk of malware infection in enterprise hosts | |
CN111786950A (en) | Situation awareness-based network security monitoring method, device, equipment and medium | |
Elshoush et al. | An improved framework for intrusion alert correlation | |
CN107911232A (en) | A kind of method and device of definite business operation rule | |
CN110896386B (en) | Method, device, storage medium, processor and terminal for identifying security threat | |
CN114915479B (en) | Web attack stage analysis method and system based on Web log | |
CN114338064B (en) | Method, device, system, equipment and storage medium for identifying network traffic type | |
US20230308459A1 (en) | Authentication attack detection and mitigation with embedded authentication and delegation | |
CN109510800B (en) | Network request processing method and device, electronic equipment and storage medium | |
CN115442159B (en) | Household routing-based risk management and control method, system and storage medium | |
CN115174205B (en) | Network space safety real-time monitoring method, system and computer storage medium | |
Sahin et al. | An efficient firewall for web applications (EFWA) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Applicant after: NSFOCUS Technologies Group Co.,Ltd. Applicant after: NSFOCUS TECHNOLOGIES Inc. Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Applicant before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. Applicant before: NSFOCUS TECHNOLOGIES Inc. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |