CN109617887A - Information processing method, device and storage medium - Google Patents
Information processing method, device and storage medium Download PDFInfo
- Publication number
- CN109617887A CN109617887A CN201811573833.1A CN201811573833A CN109617887A CN 109617887 A CN109617887 A CN 109617887A CN 201811573833 A CN201811573833 A CN 201811573833A CN 109617887 A CN109617887 A CN 109617887A
- Authority
- CN
- China
- Prior art keywords
- node
- normal
- abnormal nodes
- topological diagram
- influence power
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 25
- 238000003672 processing method Methods 0.000 title claims abstract description 13
- 238000003860 storage Methods 0.000 title claims abstract description 13
- 230000002159 abnormal effect Effects 0.000 claims abstract description 170
- 238000000034 method Methods 0.000 claims abstract description 33
- 238000010586 diagram Methods 0.000 claims description 143
- 230000006399 behavior Effects 0.000 claims description 42
- 238000004590 computer program Methods 0.000 claims description 17
- 230000001186 cumulative effect Effects 0.000 claims description 8
- 230000006870 function Effects 0.000 description 4
- 230000002265 prevention Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- KLDZYURQCUYZBL-UHFFFAOYSA-N 2-[3-[(2-hydroxyphenyl)methylideneamino]propyliminomethyl]phenol Chemical compound OC1=CC=CC=C1C=NCCCN=CC1=CC=CC=C1O KLDZYURQCUYZBL-UHFFFAOYSA-N 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 201000001098 delayed sleep phase syndrome Diseases 0.000 description 1
- 208000033921 delayed sleep phase type circadian rhythm sleep disease Diseases 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000011435 rock Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the invention discloses an information processing method, an information processing device and a storage medium, wherein the method comprises the following steps: when at least one abnormal node is determined, determining at least one target node topological graph containing a first abnormal node from at least one node topological graph; determining the influence of the first abnormal node on at least one normal node in the at least one target node topological graph based on the influence of adjacent nodes in the at least one target node topological graph; determining the probability that the at least one normal node is an abnormal node based on the influence of the first abnormal node on the at least one normal node in the at least one target node topological graph. Therefore, potential abnormal nodes in the network can be predetermined, potential safety hazards can be prevented in advance, and the network safety protection force is improved.
Description
Technical field
The present invention relates to Internet technology more particularly to a kind of information processing methods, device and storage medium.
Background technique
It is directed to the discovery of abnormal nodes at present, is the operation behavior by analyzing user, for example, operating frequency, operation are set
The information such as standby, operation place determine whether user is abnormal nodes.
However the abnormal nodes that the prior art provides determine scheme, abnormal nodes higher for operating frequency can accurately be known
Not, but need artificial setpoint frequency threshold value as the standard for judging abnormal nodes.It and is all operation behavior according to user itself
The judgement for carrying out risk, potential abnormal nodes can not be identified according to existing abnormal nodes, can only be held in abnormal operation
Abnormality processing is carried out after row, not can be carried out advance preventing.
Summary of the invention
In order to solve the above technical problems, an embodiment of the present invention is intended to provide a kind of information processing method, device and storages to be situated between
Matter can predefine potential abnormal nodes in network, improve network security.
The technical scheme of the present invention is realized as follows:
The embodiment of the invention provides a kind of information processing methods, comprising:
When determining at least one abnormal nodes, determine from least one node topology figure comprising the first abnormal nodes
At least one destination node topological diagram;Wherein, first abnormal nodes are any one at least one described abnormal nodes
Abnormal nodes contain at least two the influence power of adjacent node and adjacent node in the node topology figure;
Based on the influence power of adjacent node at least one described destination node topological diagram, at least one described target is determined
Influence power of first abnormal nodes at least one normal node described in node topology figure;
Based on the first abnormal nodes described at least one described destination node topological diagram at least one normal node
Influence power determines that at least one described normal node is the probability of abnormal nodes.
In above scheme, before determining at least one abnormal nodes, the method also includes: it is based at least two nodes
The Internet protocol address (Internet Protocol, IP) and operation log, establish at least one node topology figure;Wherein,
The operation log is used to record the operation behavior of node.
In above scheme, the IP address and operation log based at least two nodes is established at least one node and is opened up
Flutter figure, comprising: be based on the IP address, establish at least one first topological diagram;Wherein, arbitrary neighborhood in first topological diagram
Two node IP address having the same;Based on the operation log, obtained at least from least one described first topological diagram
One node topology figure.
In above scheme, the operation log includes at least the operation behavior of node;It is described to be based on the operation log, from
At least one node topology figure is obtained at least one described first topological diagram, comprising: the operation behavior is based on, described in calculating
Influence power at least one first topological diagram between adjacent node;Based on the operation behavior, each node is obtained extremely
A few operation label;Wherein, the operation label is used to characterize the classification of nodal operation behavior;Extremely based on each node
A few operation label, is divided at least one second topological diagram at least one described first topological diagram;Wherein, each
Two topological diagrams correspond to an operation label;Using at least one second topological diagram comprising influence power as at least one described node
Topological diagram.
In above scheme, the influence power based on adjacent node at least one described destination node topological diagram is determined
Influence power of first abnormal nodes described at least one described destination node topological diagram at least one normal node, comprising:
When node is adjacent with first abnormal nodes if normal, first abnormal nodes are directly acquired from destination node topological diagram
To the influence power of the normal node;When node and first abnormal nodes are non-conterminous if normal, according to the destination node
At least two adjacent nodes between normal node described in topological diagram and first abnormal nodes on each reachable path
Influence power, determine first abnormal nodes to the influence power of the normal node.
In above scheme, the normal node according to the destination node topological diagram and first abnormal nodes
Between at least two adjacent nodes on each reachable path influence power, determine first abnormal nodes to described normal
The influence power of node, comprising: according between normal node described in the destination node topological diagram and first abnormal nodes
The influence power of at least two adjacent nodes on each reachable path determines the described first abnormal section on each reachable path
Influence power of the point to the normal node;To the on each reachable path in the destination node topological diagram described first abnormal section
Point carries out cumulative summation to the influence power of the normal node, obtains influence of first abnormal nodes to the normal node
Power.
In above scheme, the first abnormal nodes described in described at least one destination node topological diagram based on described in are at least
The influence power of one normal node determines that at least one described normal node is the probability of abnormal nodes, comprising: from it is described at least
At least one first object node topology figure comprising the first normal node is determined in one destination node topological diagram;Wherein, institute
Stating the first normal node is any one normal node at least one described normal node;Based on it is described at least one first
First abnormal nodes described in destination node topological diagram determine the described first normal section to the influence power of first normal node
Point is the probability of abnormal nodes.
It is described based on the first abnormal nodes pair described at least one described first object node topology figure in above scheme
The influence power of first normal node determines that first normal node is the probability of abnormal nodes, comprising: to each the
First abnormal nodes described in one destination node topological diagram carry out cumulative summation to the influence power of first normal node, obtain
First normal node is the probability of abnormal nodes.
Additionally provide a kind of information processing unit in the embodiment of the present invention, the information processing unit include: processor and
It is configured to the memory for the computer program that storage can be run on a processor, wherein the processor is configured to operation institute
When stating computer program, the step of executing any one of aforementioned the method.
A kind of computer readable storage medium is additionally provided in the embodiment of the present invention, is stored thereon with computer program,
It is characterized in that, the step of which realizes aforementioned described in any item methods when being executed by processor.
It by adopting the above technical scheme, can be after determining abnormal nodes, according in node topology figure between adjacent node
Influence power, determine abnormal nodes to the influence power of normal node associated with it in node topology figure, so that it is determined that normal section
Point may be potential abnormal nodes probability.It so, it is possible to predefine potential abnormal nodes in network, prevention is potential in advance
Security risk improves network safety prevention power.
Detailed description of the invention
Fig. 1 is the first pass schematic diagram of information processing method in the embodiment of the present invention;
Fig. 2 is the first composed structure schematic diagram of interior joint of embodiment of the present invention topological diagram;
Fig. 3 is the second composed structure schematic diagram of interior joint of embodiment of the present invention topological diagram;
Fig. 4 is the second procedure schematic diagram of information processing method in the embodiment of the present invention;
Fig. 5 is the third composed structure schematic diagram of interior joint of embodiment of the present invention topological diagram;
Fig. 6 is the third flow diagram of information processing method in the embodiment of the present invention;
Fig. 7 is the composed structure schematic diagram of information processing unit in the embodiment of the present invention.
Specific embodiment
The characteristics of in order to more fully hereinafter understand the embodiment of the present invention and technology contents, with reference to the accompanying drawing to this hair
The realization of bright embodiment is described in detail, appended attached drawing purposes of discussion only for reference, is not used to limit the embodiment of the present invention.
Embodiment one
As shown in Figure 1, information processing method includes:
Step 101: when determining at least one abnormal nodes, being determined from least one node topology figure different comprising first
At least one destination node topological diagram of Chang Jiedian;Wherein, the first abnormal nodes are any one at least one abnormal nodes
Abnormal nodes contain at least two the influence power of adjacent node and adjacent node in node topology figure;
Step 102: the influence power based on adjacent node at least one destination node topological diagram determines at least one target
Influence power of first abnormal nodes at least one normal node in node topology figure;
Step 103: based on the first abnormal nodes at least one destination node topological diagram at least one normal node
Influence power determines that at least one normal node is the probability of abnormal nodes.
Here, the executing subject of step 101 to step 103 can be the processor in information processing unit.
In practical application, this method before step 101 further include: IP address and operation day based at least two nodes
Will establishes at least one node topology figure;Wherein, operation log is used to record the operation behavior of node.Here, IP address can be with
It is the public ip address for the distribution of different nodes, operation behavior refers to various data manipulations of user's using terminal to network system
And service condition, such as: downloading, is made comments, e-payment etc. at browsing webpage.
Node topology figure is established according to the IP address of node, the influence of adjacent node is determined according to the operation log of node
Power.In practical application, adjacent node is set by the node with identical IP address, the operation log between adjacent node
Similarity is higher, and the interactional probability between the node of two, surface is bigger.The similarity of operation log can be understood as holding
The ratio of row same operation, for example, access same web site, browsing same page etc..
Specifically, IP address and operation log based at least two nodes, establish at least one node topology figure, packet
It includes: based on IP address, establishing at least one first topological diagram;Wherein, two nodes of arbitrary neighborhood have phase in the first topological diagram
Same IP address;Based on operation log, at least one node topology figure is obtained from least one first topological diagram.
In practical application, the operation log includes at least the operation behavior of node.Correspondingly, it is based on operation log, from
At least one node topology figure is obtained at least one first topological diagram, comprising: be based on the operation behavior, calculating is described at least
Influence power in one the first topological diagram between adjacent node;Based on the operation behavior, at least the one of each node is obtained
A operation label;Wherein, the operation label is used to characterize the classification of nodal operation behavior;At least one based on each node
At least one described first topological diagram is divided at least one second topological diagram by a operation label;Wherein, each second is opened up
Flutter the corresponding operation label of figure;Using at least one second topological diagram comprising influence power as at least one described node topology
Figure.
As shown in Fig. 2, the first topological diagram includes: this 10 nodes of node a, b, c, d, e, f, g, h, i, j, adjacent node it
Between IP address having the same, i.e., IP address having the same between a and b, a and e, a and j do not have phase between different nodes
Same IP address does not have identical IP address, according to the operation of a that is, between a and g, a and f, a and i, a and h, a and b, a and c
The operation log of log and d, f, j determine the influence power between adjacent node.It is connected in influence power such as figure between adjacent node
Shown in the top or right of arrow.
In practical application, the influence power that other side is mutually given between adjacent node can be identical, as shown in Figure 2.Adjacent segments
The influence power that other side is mutually given between point can not also be identical, for example, node a is 0.2, d pairs of node to the influence power of node d
The influence power of node a is 0.1.
After the completion of the first topological diagram is established, marked according at least one the corresponding operation of the operation behavior flag node of node
Label, according to the operation label of node by the node division with same operation label in the same topological diagram, with different behaviour
Make the node division of label in different topological diagrams, as shown in figure 3, node a and other nodes do not have identical operation
Label, then node a is 0 to the influence power of other nodes, then by the connection edge contract of node a and surroundings nodes, therefore, according to
First topological diagram of script is divided into three the second topological diagrams by the operation label of node, and the second topological diagram includes the first topological diagram
At least partly node.It specifically includes: the second topological diagram being made of node c, d, e, f, g, second be individually composed by node a
Topological diagram, the second topological diagram being made of node b, h, i, j.
Using at least one second topological diagram comprising influence power as at least one node topology figure, according to abnormal nodes from
It is determined at least one node topology figure.Destination node topological diagram is by node b, h, i, j group if being abnormal nodes if node b
At the second topological diagram determine node b to the influence power of node h, i, j according to the influence power between node.
Here, it is only exemplary and illustrates the acquisition methods of node topology figure, in practical applications, node can be with
Comprising many operation labels, and the granularity of division for operating label may be set according to actual conditions.Each label corresponding one
A second topological diagram determines abnormal nodes to the second topological diagram according to corresponding one or more second topological diagrams of abnormal nodes
The influence of middle normal node.
It should be noted that normal node therein can just be had an impact when abnormal nodes belong to some topological diagram,
When abnormal nodes are not belonging to some topological diagram, just any one node therein will not be had an impact.
In practical application, the determination method of abnormal nodes is according to existing detection means, when the operation row for detecting node
When being abnormal, determine that the node is abnormal nodes, to judge that other are normal using the above method that the embodiment of the present invention provides
The impacted probability of node.
It by adopting the above technical scheme, can be after determining abnormal nodes, according in node topology figure between adjacent node
Influence power, determine abnormal nodes to the influence power of normal node associated with it in node topology figure, so that it is determined that normal section
Point may be potential abnormal nodes probability.It so, it is possible to predefine potential abnormal nodes in network, prevention is potential in advance
Security risk improves network safety prevention power.
Embodiment two
In order to more embody the purpose of the present invention, on the basis of the above embodiment of the present invention, further lifted
Example explanation, as shown in figure 4, information processing method specifically includes:
Step 401: when determining at least one abnormal nodes, being determined from least one node topology figure different comprising first
At least one destination node topological diagram of Chang Jiedian;
Step 402: when node is adjacent with the first abnormal nodes if normal, directly acquiring first from destination node topological diagram
Influence power of the abnormal nodes to the normal node;Node and when non-conterminous the first abnormal nodes if normal, according to destination node
The influence power of at least two adjacent nodes in topological diagram between normal node and the first abnormal nodes on each reachable path,
Determine the first abnormal nodes to the influence power of normal node;
Step 403: based on the first abnormal nodes at least one destination node topological diagram at least one normal node
Influence power determines that at least one normal node is the probability of abnormal nodes.
Here, the executing subject of step 401 to step 403 can be the processor in information processing unit.First is abnormal
Node is any one abnormal nodes at least one abnormal nodes, contains at least two adjacent node and phase in node topology figure
The influence power of neighbors.
In practical application, this method before step 401 further include: IP address and operation day based at least two nodes
Will establishes at least one node topology figure;Wherein, operation log is used to record the operation behavior of node.Therefore, in operation log
Including at least the operation behavior of node.
Specifically, IP address and operation log based at least two nodes, establish at least one node topology figure, packet
It includes: based on IP address, establishing at least one first topological diagram;Wherein, two nodes of arbitrary neighborhood have phase in the first topological diagram
Same IP address;Based on operation behavior, the influence power at least one first topological diagram between adjacent node is calculated;Based on operation
Behavior obtains at least one operation label of each node;Further, based on operation label, at least one first is opened up
It flutters figure and is divided at least one second topological diagram;Wherein, the corresponding operation label of each second topological diagram;It will be comprising influencing
At least one second topological diagram of power is as at least one node topology figure.
When establishing node topology figure, the used IP address of unit interval interior nodes can be first determined, and will use
The node for crossing identical IP address is determined as the node with incidence relation, i.e., is adjacent node in topological diagram;Then, according to list
The operation log of position period interior nodes, such as watch content, make comments, to determine the influence power between adjacent node, from
And it generates using user as the first topological diagram of node.
Illustratively, determine that the calculation formula of influence power Pi between adjacent node can be with are as follows:
Pi=(1+mi/M+ni/N) * 1/d
Wherein, Pi be destination node to i-th of node to the influence power of adjacent node;Di is the degree of destination node, degree
Number is specifically used for the quantity that characterization destination node has adjacent node;Mi is that i-th of adjacent node is identical as destination node viewing
The quantity of content;M is the total quantity that all nodes watch content under identical IP address;Ni is i-th of adjacent node and target section
Point delivers the quantity of identical comment;N is the total quantity that all nodes are made comments under identical IP address.
It should be noted that exemplary only two provided kind behaviour of above-mentioned viewing content, this two information of making comments
Make behavior, specific operation behavior can flexibly be set according to actual needs.
Further, it is based on operation behavior, obtains at least one operation label of each node;Wherein, label is operated
For characterizing the classification of nodal operation behavior.Specifically, parsing operation behavior;By the operation behavior and preset operation after parsing
Tag library is matched, and determines at least one operation label of operation behavior.
Here, operation label is that the operation behavior of user is classified, and can be the keyword in operation behavior information,
It is used to indicate the key messages such as operation object, class of operation.Such as: 1 music application 1 of Video Applications etc.;Further Video Applications 1
TV play, film, amusement, sport etc. can also be corresponded to, music application 2 can also correspond to pop music, rock music, allusion
Music etc..At least one the operation label being had according to each node, the first topological diagram is divided into different operation mark
Second topological diagram of label, node are located in corresponding second topological diagram according to an operation label.
It is specifically included in step 402: when node is adjacent with the first abnormal nodes if normal, in addition to direct reachable path also
Including at least one indirect reachable path;According to the influence power between adjacent normal node and the first abnormal nodes, Yi Jizheng
The influence power of at least two adjacent nodes between Chang Jiedian and the first abnormal nodes at least one indirect reachable path determines
Influence power of first abnormal nodes to normal node.
Node and when non-conterminous the first abnormal nodes if normal, it is different according to normal node in destination node topological diagram and first
The influence power of at least two adjacent nodes between Chang Jiedian on each reachable path, determines first on each reachable path
Influence power of the abnormal nodes to normal node;To the first abnormal nodes on each reachable path in destination node topological diagram to just
The influence power of Chang Jiedian carries out cumulative summation, obtains the first abnormal nodes to the influence power of normal node.
Illustratively, node and when non-conterminous the first abnormal nodes if normal, is normally saved according in destination node topological diagram
The influence power of at least two adjacent nodes between point and the first abnormal nodes on each reachable path determines the first abnormal section
Influence power of the point to normal node.As shown in figure 5, the reachable path between node a and node f includes acf, adf, reachable path
The upper node a of acf is P to the influence power of node fi ac*Pi cf, node a is P to the influence power of node f on reachable path adfi ad*
Pi df, then influence power P of i-th of destination node topological diagram interior joint a to node fi af=Pi ac*Pi cf+Pi ad*Pi df。
When node is adjacent with the first abnormal nodes if normal, the first abnormal nodes are directly acquired from destination node topological diagram
To the influence power of normal node.As shown in figure 5, node a is P to the influence power of node bi ac, Pi acIt can be from target topological diagram
It directly obtains, node a is P to the influence power of node ei e=Pi eae+Pi ab*Pi be+Pi ac*Pi ce。
Further, according to the first abnormal nodes in each destination node topological diagram to the influence power of normal node, meter
The first abnormal nodes are calculated to total influence power of normal node, total influence power is used to characterize the probability that normal node is abnormal nodes.
By adopting the above technical scheme, after excavating abnormal nodes, the operation label according to belonging to abnormal nodes is obtained each
Corresponding node topology figure under label is operated, each operation label abnormal nodes is then calculated to the influence power of normal node, incites somebody to action
Influence power under all operation labels is added, and obtains these abnormal nodes to total influence power of normal node, so that it is determined that normally
Node is the probability of abnormal nodes.
Embodiment three
In order to more embody the purpose of the present invention, on the basis of the above embodiment of the present invention, further lifted
Example explanation, as shown in fig. 6, information processing method specifically includes:
Step 601: when determining at least one abnormal nodes, being determined from least one node topology figure different comprising first
At least one destination node topological diagram of Chang Jiedian;
Step 602: the influence power based on adjacent node at least one destination node topological diagram determines at least one target
Influence power of first abnormal nodes at least one normal node in node topology figure;
Step 603: from least one destination node topological diagram determine comprising the first normal node at least one first
Destination node topological diagram;Wherein, the first normal node is any one normal node at least one normal node;
Step 604: based on the first abnormal nodes at least one first object node topology figure to the first normal node
Influence power determines that the first normal node is the probability of abnormal nodes.
Here, the executing subject of step 601 to step 604 can be the processor in information processing unit.First is abnormal
Node is any one abnormal nodes at least one abnormal nodes, contains at least two adjacent node and phase in node topology figure
The influence power of neighbors.
The influence power of adjacent node and adjacent node, destination node are contained at least two in practical application, in destination node
Classify according to the operation label of node, the corresponding operation label of each destination node topology.First abnormal nodes position
It further include at least one normal node in destination node topological diagram at least one destination node topological diagram.
It is specifically included in step 602: according to the influence power between adjacent node, determining the first abnormal nodes to all normal
The influence power of node.
It should be noted that the influence power between adjacent node can have directionality.For example, node a and node b is phase
When neighbors, node a is P to the influence power of node bab, node b is P to the influence power of node aba, PabWith PbaIt is equal or not
Deng.
Here, the first abnormal nodes and the first normal node are contained in first object node topology figure, calculates each
The first abnormal nodes are to the influence power of the first normal node in destination node topological diagram, by all first object node topology figures
In the first abnormal nodes cumulative summation is carried out to the influence power of the first normal node, obtain the first abnormal nodes to the first normal section
Total influence power of point, total influence power are the probability that the first normal node is abnormal nodes.
Illustratively, as shown in figure 5, if node a is abnormal nodes, influence power of the node a to node c
Wherein, k is the quantity for operating label, i.e. node a is the sum of influence power under k operation label to total influence power of node c.
In practical application, after determining abnormal nodes, determine that the exception is saved according to the node topology figure pre-established
Influence power of the point to other users.Then, abnormal nodes are determined from no abnormal node according to the influence power determined
The biggish node of probability, and high level risk management and control is executed to these nodes.It follows that by adopting the above technical scheme can be with
In the case where node is not carried out abnormal operation behavior, the risk that node executes abnormal operation behavior is predefined and prevents,
So as to effectively solve the problems, such as that potential abnormal nodes can not be determined in advance in the prior art.
Example IV
Based on the same inventive concept, the embodiment of the invention also provides a kind of information processing units.Fig. 7 is that the present invention is implemented
The composed structure schematic diagram of information processing unit in example, as shown in fig. 7, the information processing unit 70 includes: processor 701 and matches
It is set to the memory 702 for the computer program that storage can be run on processor 701,
Processor 701 is for executing the program stored in memory 702, to perform the steps of
When determining at least one abnormal nodes, determine from least one node topology figure comprising the first abnormal nodes
At least one destination node topological diagram;Wherein, the first abnormal nodes are any one abnormal nodes at least one abnormal nodes,
The influence power of adjacent node and adjacent node is contained at least two in node topology figure;
Based on the influence power of adjacent node at least one destination node topological diagram, at least one destination node topology is determined
Influence power of first abnormal nodes at least one normal node in figure;
Based on the first abnormal nodes at least one destination node topological diagram to the influence power of at least one normal node, really
At least one fixed normal node is the probability of abnormal nodes.
In some embodiments, processor 701 is also used to execute the program stored in memory 702, to realize following step
Rapid: IP address and operation log based at least two nodes establish at least one node topology figure;Wherein, operation log is used
In the operation behavior of record node.
In some embodiments, processor 701 is also used to execute the program stored in memory 702, to realize following step
It is rapid: to be based on IP address, establish at least one first topological diagram;Wherein, two nodes of arbitrary neighborhood have phase in the first topological diagram
Same IP address;Based on operation log, at least one node topology figure is obtained from least one first topological diagram.
In some embodiments, the operation log includes at least the operation behavior of node;
Processor 701 is specifically used for executing the program stored in memory 702, is based on the behaviour to perform the steps of
Make behavior, calculates the influence power at least one described first topological diagram between adjacent node;Based on the operation behavior, obtain
At least one operation label of each node;Wherein, the operation label is used to characterize the classification of nodal operation behavior;It is based on
At least one described first topological diagram is divided at least one second topology by least one operation label of each node
Figure;Wherein, the corresponding operation label of each second topological diagram;Using at least one second topological diagram comprising influence power as
At least one described node topology figure.
In some embodiments, processor 701 is specifically used for executing the program stored in memory 702, following to realize
Step: when node is adjacent with the first abnormal nodes if normal, the described first abnormal section is directly acquired from destination node topological diagram
Influence power of the point to the normal node;Node and when non-conterminous the first abnormal nodes if normal, according to destination node topological diagram
The influence power of at least two adjacent nodes between middle normal node and the first abnormal nodes on each reachable path determines
Influence power of one abnormal nodes to normal node.
In some embodiments, processor 701 is specifically used for executing the program stored in memory 702, following to realize
Step: according in destination node topological diagram between normal node and the first abnormal nodes on each reachable path at least two
The influence power of adjacent node determines that the first abnormal nodes are to the influence power of normal node on each reachable path;To target section
The first abnormal nodes carry out cumulative summation to the influence power of normal node on each reachable path in point topological diagram, obtain first
Influence power of the abnormal nodes to normal node.
In some embodiments, processor 701 is specifically used for executing the program stored in memory 702, following to realize
Step: at least one first object node topology comprising the first normal node is determined from least one destination node topological diagram
Figure;Wherein, the first normal node is any one normal node at least one normal node;Based at least one the first mesh
It marks the first abnormal nodes in node topology figure and the first normal node, which is abnormal nodes, to be determined to the influence power of the first normal node
Probability.
In some embodiments, processor 701 is specifically used for executing the program stored in memory 702, following to realize
Step: cumulative ask is carried out to the influence power of the first normal node to the first abnormal nodes in each first object node topology figure
With, obtain the first normal node be abnormal nodes probability.
In practical applications, above-mentioned memory can be volatile memory (volatile memory), such as deposit at random
Access to memory (RAM, Random-Access Memory);Or nonvolatile memory (non-volatile memory), example
Such as read-only memory (ROM, Read-Only Memory), flash memory (flash memory), hard disk (HDD, Hard
Disk Drive) or solid state hard disk (SSD, Solid-State Drive);Or the combination of the memory of mentioned kind, and to
Processor provides instruction and data.
Above-mentioned processor can be application-specific IC (ASIC, Application Specific Integrated
Circuit), digital signal processing device (DSPD, Digital Signal Processing Device), programmable logic dress
Set (PLD, Programmable Logic Device), field programmable gate array (Field-Programmable Gate
Array, FPGA), controller, at least one of microcontroller, microprocessor.It is to be appreciated that being used for different equipment
In realize the electronic device of above-mentioned processor function can also be it is other, the embodiment of the present invention is not especially limited.
In the exemplary embodiment, the embodiment of the present application also provides a kind of computer readable storage medium, for example including
The memory 702 of computer program, above-mentioned computer program can be executed by processor 701, to complete aforementioned method steps.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, the shape of hardware embodiment, software implementation or embodiment combining software and hardware aspects can be used in the present invention
Formula.Moreover, the present invention, which can be used, can use storage in the computer that one or more wherein includes computer usable program code
The form for the computer program product implemented on medium (including but not limited to magnetic disk storage and optical memory etc.).
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Schematic diagram and/or block diagram describe.It should be understood that can be realized by computer program instructions in flow diagram and/or block diagram
Each flow and/or block and process and/or box in flow diagram and/or block diagram combination.It can provide this
A little computer program instructions are to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices
Processor to generate a machine so that the finger executed by the processor of computer or other programmable data processing devices
It enables generating and refer to for realizing in flow diagram one process or multiple processes and/or block diagrams one box or multiple boxes
The device of fixed function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
The manufacture of device is enabled, which realizes in one side of flow diagram one process or multiple processes and/or block diagrams
The function of being specified in frame or multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one process of flow diagram or multiple processes and/or box
The step of function of being specified in figure one box or multiple boxes.
More than, only presently preferred embodiments of the present invention is not intended to limit the scope of the present invention.
Claims (10)
1. a kind of information processing method, which is characterized in that the described method includes:
When determining at least one abnormal nodes, determined comprising the first abnormal nodes at least from least one node topology figure
One destination node topological diagram;Wherein, first abnormal nodes are any one exception at least one described abnormal nodes
Node contains at least two the influence power of adjacent node and adjacent node in the node topology figure;
Based on the influence power of adjacent node at least one described destination node topological diagram, at least one described destination node is determined
Influence power of first abnormal nodes at least one normal node described in topological diagram;
Based on influence of first abnormal nodes at least one normal node described at least one described destination node topological diagram
Power determines that at least one described normal node is the probability of abnormal nodes.
2. the method according to claim 1, wherein before determining at least one abnormal nodes, the method
Further include:
IP address and operation log based at least two nodes establish at least one node topology figure;Wherein, the operation day
Will is used to record the operation behavior of node.
3. according to the method described in claim 2, it is characterized in that, the IP address based at least two nodes and operation day
Will establishes at least one node topology figure, comprising:
Based on the IP address, at least one first topological diagram is established;Wherein, arbitrary neighborhood two sections in first topological diagram
Point IP address having the same;
Based on the operation log, at least one node topology figure is obtained from least one described first topological diagram.
4. according to the method described in claim 3, it is characterized in that, the operation log includes at least the operation behavior of node;
It is described to be based on the operation log, at least one node topology figure is obtained from least one described first topological diagram, is wrapped
It includes:
Based on the operation behavior, the influence power at least one described first topological diagram between adjacent node is calculated;
Based on the operation behavior, at least one operation label of each node is obtained;Wherein, the operation label is used for table
Levy the classification of nodal operation behavior;
At least one operation label based on each node, by least one described first topological diagram be divided at least one the
Two topological diagrams;Wherein, the corresponding operation label of each second topological diagram;
Using at least one second topological diagram comprising influence power as at least one described node topology figure.
5. the method according to claim 1, wherein described based at least one described destination node topological diagram
The influence power of adjacent node determines the first abnormal nodes described at least one described destination node topological diagram at least one just
The influence power of Chang Jiedian, comprising:
When node is adjacent with first abnormal nodes if normal, it is abnormal that described first is directly acquired from destination node topological diagram
Influence power of the node to the normal node;
When node and first abnormal nodes are non-conterminous if normal, according to normal node described in the destination node topological diagram
The influence power of at least two adjacent nodes between first abnormal nodes on each reachable path, determines described first
Influence power of the abnormal nodes to the normal node.
6. according to the method described in claim 5, it is characterized in that, described normal according to the destination node topological diagram
The influence power of at least two adjacent nodes between node and first abnormal nodes on each reachable path, determine described in
Influence power of first abnormal nodes to the normal node, comprising:
According to each reachable path between normal node described in the destination node topological diagram and first abnormal nodes
On at least two adjacent nodes influence power, determine that first abnormal nodes are to the normal section on each reachable path
The influence power of point;
To first abnormal nodes on each reachable path in the destination node topological diagram to the shadow of the normal node
It rings power and carries out cumulative summation, obtain first abnormal nodes to the influence power of the normal node.
7. the method according to claim 1, wherein described based at least one described destination node topological diagram
First abnormal nodes determine that at least one described normal node is abnormal nodes to the influence power of at least one normal node
Probability, comprising:
At least one first object node comprising the first normal node is determined from least one described destination node topological diagram
Topological diagram;Wherein, first normal node is any one normal node at least one described normal node;
Based on the first abnormal nodes described at least one described first object node topology figure to first normal node
Influence power determines that first normal node is the probability of abnormal nodes.
8. the method according to the description of claim 7 is characterized in that described based at least one described first object node topology
First abnormal nodes described in figure determine that first normal node is abnormal nodes to the influence power of first normal node
Probability, comprising:
To the first abnormal nodes described in each first object node topology figure to the influence power of first normal node into
The cumulative summation of row, obtains the probability that first normal node is abnormal nodes.
9. a kind of information processing unit, the information processing unit include: processor and be configured to storage can be on a processor
The memory of the computer program of operation,
Wherein, when the processor is configured to run the computer program, perform claim requires any one of 1 to 8 the method
The step of.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program quilt
The step of claim 1 to 8 described in any item methods are realized when processor executes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811573833.1A CN109617887B (en) | 2018-12-21 | 2018-12-21 | Information processing method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811573833.1A CN109617887B (en) | 2018-12-21 | 2018-12-21 | Information processing method, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109617887A true CN109617887A (en) | 2019-04-12 |
| CN109617887B CN109617887B (en) | 2021-06-15 |
Family
ID=66010328
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811573833.1A Active CN109617887B (en) | 2018-12-21 | 2018-12-21 | Information processing method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109617887B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110120893A (en) * | 2019-05-13 | 2019-08-13 | 恒安嘉新(北京)科技股份公司 | A kind of method and device positioning network system security problem |
| CN111343161A (en) * | 2020-02-14 | 2020-06-26 | 平安科技(深圳)有限公司 | Abnormal information processing node analysis method, abnormal information processing node analysis device, abnormal information processing node analysis medium and electronic equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106355506A (en) * | 2016-08-15 | 2017-01-25 | 中南大学 | Method for selecting the initial node with maximum influence in online social network |
| CN106411904A (en) * | 2016-10-10 | 2017-02-15 | 华侨大学 | Network risk control method based on microstate prediction |
| CN106713354A (en) * | 2017-01-23 | 2017-05-24 | 全球能源互联网研究院 | Method for evaluating vulnerability node of electric cyber-physical system based on undetectable information attack pre-warning technology |
| CN107679716A (en) * | 2017-09-19 | 2018-02-09 | 西南交通大学 | Consider the risk assessment of interconnected network cascading failure and the alarm method of communication fragile degree |
| CN108768949A (en) * | 2018-04-28 | 2018-11-06 | 广东电网有限责任公司 | Random geometry data exception localization method based on markov random file theory |
| EP3400678A1 (en) * | 2016-01-08 | 2018-11-14 | Telefonaktiebolaget LM Ericsson (PUBL) | Graph construction for computed spring multicast |
-
2018
- 2018-12-21 CN CN201811573833.1A patent/CN109617887B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3400678A1 (en) * | 2016-01-08 | 2018-11-14 | Telefonaktiebolaget LM Ericsson (PUBL) | Graph construction for computed spring multicast |
| CN106355506A (en) * | 2016-08-15 | 2017-01-25 | 中南大学 | Method for selecting the initial node with maximum influence in online social network |
| CN106411904A (en) * | 2016-10-10 | 2017-02-15 | 华侨大学 | Network risk control method based on microstate prediction |
| CN106713354A (en) * | 2017-01-23 | 2017-05-24 | 全球能源互联网研究院 | Method for evaluating vulnerability node of electric cyber-physical system based on undetectable information attack pre-warning technology |
| CN107679716A (en) * | 2017-09-19 | 2018-02-09 | 西南交通大学 | Consider the risk assessment of interconnected network cascading failure and the alarm method of communication fragile degree |
| CN108768949A (en) * | 2018-04-28 | 2018-11-06 | 广东电网有限责任公司 | Random geometry data exception localization method based on markov random file theory |
Non-Patent Citations (1)
| Title |
|---|
| 王浩然: "社交网络中基于竞争的影响力最大化研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110120893A (en) * | 2019-05-13 | 2019-08-13 | 恒安嘉新(北京)科技股份公司 | A kind of method and device positioning network system security problem |
| CN110120893B (en) * | 2019-05-13 | 2022-12-13 | 恒安嘉新(北京)科技股份公司 | Method and device for positioning network system security problem |
| CN111343161A (en) * | 2020-02-14 | 2020-06-26 | 平安科技(深圳)有限公司 | Abnormal information processing node analysis method, abnormal information processing node analysis device, abnormal information processing node analysis medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109617887B (en) | 2021-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7441582B2 (en) | Methods, devices, computer-readable storage media and programs for detecting data breaches | |
| US11710131B2 (en) | Method and apparatus of identifying a transaction risk | |
| US11223625B2 (en) | System and method for detecting malicious device by using a behavior analysis | |
| US20220014556A1 (en) | Cybersecurity profiling and rating using active and passive external reconnaissance | |
| US11218510B2 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| US10594714B2 (en) | User and entity behavioral analysis using an advanced cyber decision platform | |
| EP3700147B1 (en) | System and method for classifying network traffic | |
| US10936717B1 (en) | Monitoring containers running on container host devices for detection of anomalies in current container behavior | |
| US10055582B1 (en) | Automated detection and remediation of ransomware attacks involving a storage device of a computer network | |
| CN110383278A (en) | The system and method for calculating event for detecting malice | |
| US20210360032A1 (en) | Cybersecurity risk analysis and anomaly detection using active and passive external reconnaissance | |
| US20180219919A1 (en) | Rating organization cybersecurity using active and passive external reconnaissance | |
| US10135862B1 (en) | Testing security incident response through automated injection of known indicators of compromise | |
| US20160019395A1 (en) | Adapting decoy data present in a network | |
| US20210281609A1 (en) | Rating organization cybersecurity using probe-based network reconnaissance techniques | |
| US10255434B2 (en) | Detecting software attacks on processes in computing devices | |
| US10628587B2 (en) | Identifying and halting unknown ransomware | |
| US10579797B2 (en) | Program integrity monitoring and contingency management system and method | |
| US10979446B1 (en) | Automated vulnerability chaining | |
| WO2019136850A1 (en) | Risk behavior recognition method and system, and storage medium and device | |
| CN112769775B (en) | Threat information association analysis method, system, equipment and computer medium | |
| JP5739034B1 (en) | Attack detection system, attack detection device, attack detection method, and attack detection program | |
| CN111770047A (en) | Abnormal group detection method, device and equipment | |
| US10614215B2 (en) | Malware collusion detection | |
| CN109617887A (en) | Information processing method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |