CN110334517A - The update method and device of credible strategy, credible and secure management platform - Google Patents

The update method and device of credible strategy, credible and secure management platform Download PDF

Info

Publication number
CN110334517A
CN110334517A CN201910605620.0A CN201910605620A CN110334517A CN 110334517 A CN110334517 A CN 110334517A CN 201910605620 A CN201910605620 A CN 201910605620A CN 110334517 A CN110334517 A CN 110334517A
Authority
CN
China
Prior art keywords
period
kth
credible
abnormal behavior
variance
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910605620.0A
Other languages
Chinese (zh)
Other versions
CN110334517B (en
Inventor
孙瑜
洪宇
田文慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING HUATECH TRUSTED COMPUTING INFORMATION TECHNOLOGY Co Ltd
Original Assignee
BEIJING HUATECH TRUSTED COMPUTING INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING HUATECH TRUSTED COMPUTING INFORMATION TECHNOLOGY Co Ltd filed Critical BEIJING HUATECH TRUSTED COMPUTING INFORMATION TECHNOLOGY Co Ltd
Priority to CN201910605620.0A priority Critical patent/CN110334517B/en
Publication of CN110334517A publication Critical patent/CN110334517A/en
Application granted granted Critical
Publication of CN110334517B publication Critical patent/CN110334517B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Abstract

The invention discloses the update methods and device, credible and secure management platform of a kind of credible strategy.Wherein, this method comprises: the abnormal behavior rate in each period of the statistics destination application in the preceding k period, wherein, abnormal behavior rate is the ratio of abnormal behaviour number and behavior sum, abnormal behaviour refers to the behavior in addition to having indicated that behavior set in credible strategy, and credible strategy is the strategy learnt according to the access behavioral data of destination application in the preceding k period;Calculate the average value and variance yields of the abnormal behavior rate in each period;The average value and variance yields of abnormal behavior rate based on each period, determine target interval, wherein target interval is used to indicate whether credible strategy needs to update;Based on target interval, the abnormal behavior rate in+2 periods of+1 period of kth and kth after the preceding k period is utilized, it is determined whether need to update credible strategy.

Description

The update method and device of credible strategy, credible and secure management platform
Technical field
The present invention relates to credible administrative skill field, update method and device in particular to a kind of credible strategy, Credible and secure management platform.
Background technique
In the related art, trust computing needs to carry out credible measurement according to credible strategy, currently, credible strategy is usually Safety officer is based on itself cognition manual configuration to application routine access behavior, if credible strategy needs to update, It is to be updated by safety officer's manual configuration.But it is this in such a way that safety officer updates credible strategy manually, It is not only larger to the subjective consciousness dependence of safety officer, but also since safety officer recognizes using routine access behavior Know the problem of there may be one-sided, it will cause credible policy update speed compared with slow, accuracy is lower, updated credible plan Effective security protection slightly can not be often carried out, causes security protection elam error rate high or the unsafe problem of security protection, this Outside, credible policy update is carried out by safety officer manually, it is lower to update efficiency.
For above-mentioned problem, currently no effective solution has been proposed.
Summary of the invention
The embodiment of the invention provides the update methods and device, credible and secure management platform of a kind of credible strategy, so that It is few to solve to update credible strategy manually by safety officer, it will lead to and update the lower technical problem of efficiency.
According to an aspect of an embodiment of the present invention, a kind of update method of credible strategy is provided, comprising: statistics target The abnormal behavior rate in each period of the application program in the preceding k period, wherein the abnormal behavior rate be abnormal behaviour number with The ratio of behavior sum, abnormal behaviour refer to the behavior in addition to having indicated that behavior set in credible strategy, the credible strategy It is the strategy learnt according to the access behavioral data of the destination application in the preceding k period;It calculates described every The average value and variance yields of the abnormal behavior rate in a period;The average value and variance of abnormal behavior rate based on each period Value, determines target interval, wherein the target interval is used to indicate whether the credible strategy needs to update;Based on the mesh Section is marked, the abnormal behavior rate in+2 periods of+1 period of kth and kth after the preceding k period is utilized, it is determined whether is needed Update the credible strategy.
Optionally, it is based on the target interval, utilizes+1 period of kth and+2 week of kth after the preceding k period The abnormal behavior rate of phase, it is determined whether need to update the step of the credible strategy, comprising: judge+1 period of kth and kth+2 Whether the abnormal behavior rate in a period exceeds the target interval;If exceeding the target interval, it is determined that the credible strategy Fluctuation of service, and the credible strategy is updated with the access behavioral data in+2 periods of+1 period of kth and kth;If not surpassing The target interval out is then determined the need for more with the variance changing value and average value in+2 periods of+1 period of kth and kth The new credible strategy.
Optionally, it determines the need for updating with the variance changing value and average value in+2 periods of+1 period of kth and kth The step of the credible strategy, comprising: judge whether the variance changing value in+2 periods of+1 period of the kth and kth is less than Equal to variance change threshold, and it is default flat to judge whether the average value in+2 periods of+1 period of the kth and kth is less than or equal to Equal threshold value;If the variance changing value in+2 periods of+1 period of kth and kth is less than or equal to the variance change threshold, and kth+1 The average value in+2 periods of a period and kth is less than or equal to default average threshold, it is determined that the credible strategy is stablized, nothing The credible strategy need to be updated;If+1 periodic variance changing value of the kth is greater than the variance change threshold, alternatively, described The variance changing value in+2 periods of kth is greater than the variance change threshold, alternatively, the average value in+1 period of the kth is greater than The default average threshold, alternatively, the average value in+2 periods of the kth is greater than the default average threshold, it is determined that described Credible strategy is unstable, and updates the credible strategy with the access behavioral data in+2 periods of+1 period of kth and kth.
Optionally, the step of the credible strategy is updated with the access behavioral data in+2 periods of+1 period of kth and kth Suddenly, comprising: using the access behavioral data in+1 period of kth ,+2 periods of kth and preceding k period as initial treatment number According to;Based on the initial treatment data, study obtains new credible strategy.
Optionally, judging whether the variance changing value in+2 periods of+1 period of the kth and kth is less than or equal to variance Before change threshold, the update method further include: statistics destination application is in preceding k+1 period and preceding k+2 period Each period abnormal behavior rate;Based on the abnormal behavior rate in each period, k+1 period and preceding k+2 are a before calculating The average value of the abnormal behavior rate in each period in the period;The average value of abnormal behavior rate based on each period, k before calculating The variance yields of the abnormal behavior rate in+1 period and each period in the preceding k+2 period;Behavior based on each period The variance yields of abnormal rate, the variance variation of the abnormal behavior rate in k+1 period and each period in the preceding k+2 period before calculating Value;The variance changing value for choosing the smallest abnormal behavior rate is compared with preset variance restriction threshold value, determines the variance Change threshold;The average value for choosing the smallest abnormal behavior rate is compared with preset average threshold limit, default to determine Average threshold.
Optionally, it is based on the target interval, calculates the average value and variance yields of the abnormal behavior rate in each period Later, the update method further include: the variation that the average value based on the abnormal behavior rate assesses the abnormal behavior rate becomes Gesture;And/or the variance yields based on the abnormal behavior rate assesses the stability of the abnormal behavior rate.
According to another aspect of an embodiment of the present invention, a kind of updating device of credible strategy is additionally provided, comprising: statistics is single Member, for counting the abnormal behavior rate in each period of the destination application in the preceding k period, wherein the abnormal behavior Rate is the ratio of abnormal behaviour number and behavior sum, and abnormal behaviour refers to the row in addition to having indicated that behavior set in credible strategy For the credible strategy is learnt according to the access behavioral data of the destination application in the preceding k period Strategy;Computing unit, the average value and variance yields of the abnormal behavior rate for calculating each period;First determination unit, For the average value and variance yields of the abnormal behavior rate based on each period, target interval is determined, wherein the target area Between be used to indicate whether the credible strategy needs to update;Second determination unit, for being based on the target interval, using described The abnormal behavior rate in+2 periods of+1 period of kth and kth after the preceding k period, it is determined whether need to update described credible Strategy.
Optionally, second determination unit includes: first judgment module, for judging+1 period of kth and kth+2 Whether the abnormal behavior rate in period exceeds the target interval;First determining module is used for when exceeding the target interval, really The fixed credible tactful fluctuation of service, and can described in the access behavioral data update with+2 periods of+1 period of kth and kth Letter strategy;Second determining module is used for when without departing from the target interval, with the side in+2 periods of+1 period of kth and kth Poor changing value and average value determine the need for updating the credible strategy.
Optionally, the second determining module includes: the first judging submodule, for judging+1 period of the kth and kth+2 Whether the variance changing value in a period is less than or equal to variance change threshold, and judges+2 periods of+1 period of the kth and kth Average value whether be less than or equal to default average threshold;First determines submodule, in+1 period of kth and+2 week of kth The variance changing value of phase is less than or equal to the variance change threshold, and the average value in+2 periods of+1 period of kth and kth When less than or equal to default average threshold, determine that the credible strategy is stablized, without updating the credible strategy;If the kth+1 A periodic variance changing value is greater than the variance change threshold, alternatively, the variance changing value in+2 periods of the kth is greater than described Variance change threshold, alternatively, the average value in+1 period of the kth is greater than the default average threshold, alternatively, the kth+2 The average value in a period is greater than the default average threshold, it is determined that the credible strategy is unstable, and with+1 period of kth with The access behavioral data in+2 periods of kth updates the credible strategy.
Optionally, it first determines that submodule includes: the second determining submodule, is used for+1 period of kth ,+2 week of kth Access behavioral data in phase and preceding k period is as initial treatment data;Learn submodule, for being based on the initial place Data are managed, study obtains new credible strategy.
Optionally, the updating device of the credible strategy further include: the first statistical module, for judging the kth+1 Whether the variance changing value in+2 periods of a period and kth is less than or equal to before variance change threshold, counts destination application The abnormal behavior rate in each period in preceding k+1 period and preceding k+2 period;First computing module, for based on described The abnormal behavior rate in each period, the abnormal behavior rate in k+1 period and each period in the preceding k+2 period is flat before calculating Mean value;Second computing module, for the average value of the abnormal behavior rate based on each period, k+1 period and preceding k+2 before calculating The variance yields of the abnormal behavior rate in each period in a period;Third computing module, for the row based on each period For the variance yields of abnormal rate, the variance of the abnormal behavior rate in k+1 period and each period in the preceding k+2 period becomes before calculating Change value;First comparison module, for choosing the variance changing value of the smallest abnormal behavior rate, with preset variance restriction threshold value into Row compares, and determines the variance change threshold;Second comparison module, for choosing the average value of the smallest abnormal behavior rate, with Preset average threshold limit is compared, to determine default average threshold.
Optionally, the updating device of the credible strategy further include: the first assessment unit, for being based on the target area Between, after the average value and variance yields that calculate the abnormal behavior rate in each period, based on being averaged for the abnormal behavior rate Value assesses the variation tendency of the abnormal behavior rate;And/or second assessment unit, for the side based on the abnormal behavior rate The stability of abnormal behavior rate described in difference evaluation.
According to another aspect of an embodiment of the present invention, a kind of credible and secure management platform is additionally provided, comprising: memory, The processor coupled with the memory, the memory and the processor are communicated by bus system;The memory For storing program, wherein equipment where described program controls the memory when being executed by processor executes above-mentioned any The update method of credible strategy described in one, the processor is for running program, wherein executes when described program is run State the update method of credible strategy described in any one.
According to another aspect of an embodiment of the present invention, a kind of processor is additionally provided, the processor is used to run program, Wherein, the update method of credible strategy described in above-mentioned any one is executed when described program is run.
In embodiments of the present invention, the abnormal behavior rate in each period in the preceding k period determines target interval, to this Target interval utilizes the abnormal behavior rate in+2 periods of+1 period of kth and kth, it is determined whether needs to update credible strategy, benefit The degree learnt to credible strategy is not met with the history access behavior of abnormal rate performance application program, can first carry out target Section (i.e. abnormal section) determines and judge whether the strategy learnt is abundant or whether strategy needs using the target interval It updates, automatically updates credible strategy to realize, when determining that credible strategy is unreasonable, updated in time according to new data credible Strategy improves the update efficiency of credible strategy, to solve to update credible strategy manually by safety officer, will lead to update The lower technical problem of efficiency.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is a kind of flow chart of the update method of optional credible strategy according to embodiments of the present invention;
Fig. 2 is a kind of schematic diagram of the updating device of optional credible strategy according to an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work It encloses.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, " Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to illustrating herein or Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product Or other step or units that equipment is intrinsic.
The executing subject of the update method of credible strategy in various embodiments of the present invention is credible and secure management platform, credible Safety management platform is used for the multiple credible calculating platforms of support maintenance, and credible calculating platform includes parallel computing subsystem and prevents Protect subsystem, wherein computing subsystem protects subsystem for according to credible tactful to calculating for completing calculating task System carries out active measurement, and credible calculating platform is responsible for the access behavioral data of acquisition applications program, and is reported to credible and secure Platform is managed, credible and secure management platform is based on these access behavioral datas and learns to obtain credible strategy, is obtaining credible strategy Afterwards, credible strategy can be updated in the abnormal behavior rate in each period based on application program.Below with reference to each embodiment pair The present invention is described in detail.
Embodiment one
According to embodiments of the present invention, a kind of update method embodiment of credible strategy is provided, it should be noted that attached The step of process of figure illustrates can execute in a computer system such as a set of computer executable instructions, though also, So logical order is shown in flow charts, but in some cases, it can be to be different from shown by sequence execution herein Or the step of description.
Fig. 1 is a kind of flow chart of the update method of optional credible strategy according to embodiments of the present invention, as shown in Figure 1, This method comprises the following steps:
Step S102 counts the abnormal behavior rate in each period of the destination application in the preceding k period, wherein row Be the ratio of abnormal behaviour number Yu behavior sum for abnormal rate, abnormal behaviour refer to except had indicated that in credible strategy behavior set it Outer behavior, credible strategy are the strategies learnt according to the access behavioral data of destination application in the preceding k period;
Step S104 calculates the average value and variance yields of the abnormal behavior rate in each period;
Step S106, the average value and variance yields of the abnormal behavior rate based on each period, determines target interval, wherein Target interval is used to indicate whether credible strategy needs to update;
Step S108 is based on target interval, utilizes the row in+2 periods of+1 period of kth and kth after the preceding k period For abnormal rate, it is determined whether need to update credible strategy.
It through the above steps, can be different using the behavior in each period of the statistics destination application in the preceding k period Normal rate, wherein abnormal behavior rate is the ratio of abnormal behaviour number and behavior sum, abnormal behaviour refer to except it is credible it is tactful in referred to Show the behavior except behavior set, credible strategy is the access behavioral data study according to destination application in the preceding k period Then obtained strategy calculates the average value and variance yields of the abnormal behavior rate in each period, and the behavior based on each period The average value and variance yields of abnormal rate, determine target interval, wherein target interval is used to indicate whether credible strategy needs more Newly, it is then based on target interval, using the abnormal behavior rate in+2 periods of+1 period of kth and kth after the preceding k period, It determines the need for updating credible strategy.In this embodiment it is possible to utilize the abnormal behavior in each period in the preceding k period Rate determines target interval, and to the target interval, using the abnormal behavior rate in+2 periods of+1 period of kth and kth, determination is It is no to need to update credible strategy, it is not met and has been learnt to credible strategy using the history access behavior of abnormal rate performance application program Degree, can first carry out target interval (i.e. abnormal section) and determine, then utilize the credible plan of target interval judgement study Slightly whether abundant or strategy needs to update, and automatically updates credible strategy to realize, is determining that credible strategy is unreasonable When, credible strategy is updated according to new data in time, improves the update efficiency of credible strategy, to solve to pass through safety officer Credible strategy is updated manually, be will lead to and is updated the lower technical problem of efficiency.
Above steps of the present invention is described in detail below.
Step S102 counts the abnormal behavior rate in each period of the destination application in the preceding k period, wherein row Be the ratio of abnormal behaviour number Yu behavior sum for abnormal rate, abnormal behaviour refer to except had indicated that in credible strategy behavior set it Outer behavior, credible strategy are the strategies learnt according to the access behavioral data of destination application in the preceding k period.
Daily program behavior is showed by abnormal rate in the embodiment of the present invention and does not meet the rule learnt to credible strategy Degree, abnormal rate is that the ratio of inductive set is not met using behavior.Study is assessed by the variation of abnormal behavior rate To credible strategy whether need to update.In embodiments of the present invention, it is assessed with the fixed cycle until abnormal behavior rate Variance is stablized.
Optionally, the abnormal behavior rate in each period before the present invention can be counted first in k period, the duration in each period Can voluntarily be adjusted according to the application program operating condition of each credible calculating platform, for example, setting a cycle be 5 days, 6 It, 7 days;And the amount of cycles k chosen is pre-set, and for example, choose preceding 6 periods, 5 days a length of, elder generation when a cycle Statistical induction analysis is carried out to the history access behavioral data of destination application in this 30 days, obtains corresponding credible strategy, Then the credible strategy is assessed, it is determined whether need to update.
As a kind of optional embodiment of the present invention, with aiIndicate abnormal rate, the abnormal rate of instruction i-th day;With SiExpression side Difference, the variance in i-th of period;It is expressed as the time cycle with T, unit day may be configured as 5 integer multiple;Access is indicated with M Behavioral data, is first M days data, and settable M is more than or equal to 30, and is the integer multiple of T.The M indicates the visit in preceding 6 periods Ask behavioral data, k is 6 at this time, counts a in each period of the destination application in preceding 6 periodsi
Step S104 calculates the average value and variance yields of the abnormal behavior rate in each period.
Step S106, the average value and variance yields of the abnormal behavior rate based on each period, determines target interval, wherein Target interval is used to indicate whether credible strategy needs to update.
For example, indicating target interval with RateD, which can be expressed as RateD=[μk- 2 σ, μk+ 2 σ], whereinSkIndicate the variance yields of the abnormal behavior rate in k-th of period, μkIndicate being averaged for the abnormal behavior rate in k-th of period Value.
After obtaining above-mentioned target interval, the abnormal behavior in+2 periods of+1 period of new kth and kth can use Rate, to assess whether the credible strategy needs to update.
Step S108 is based on target interval, utilizes the row in+2 periods of+1 period of kth and kth after the preceding k period For abnormal rate, it is determined whether need to update credible strategy.
As a kind of optional embodiment of the present invention, it is based on target interval, utilizes+1 week of kth after the preceding k period The abnormal behavior rate in+2 periods of phase and kth, it is determined whether need to update the step of credible strategy, comprising: judge+1 week of kth Whether the abnormal behavior rate in+2 periods of phase and kth exceeds target interval;If exceeding target interval, it is determined that credible strategy operation It is unstable, and credible strategy is updated with the access behavioral data in+2 periods of+1 period of kth and kth;If without departing from target area Between, then it determines the need for updating credible strategy with the variance changing value and average value in+2 periods of+1 period of kth and kth.
Target interval can be first passed through and indicate whether credible strategy is stable, if new period (+1 period of kth and kth+2 A period) there are the data not fallen in this target interval in data, then explanation is certain unstable, then utilizes+1 period of kth Credible strategy is updated with the data in+2 periods of kth.If the data in new period fall in this section ,+1 week of kth can be passed through The variance changing value and average value in+2 periods of phase and kth further determine whether to need to update credible strategy.
In an alternative embodiment of the present invention, with the variance changing value in+2 periods of+1 period of kth and kth and Average value determines the need for updating the step of credible strategy, comprising: judges the variance in+2 periods of+1 period of kth and kth Whether changing value is less than or equal to variance change threshold, and judges whether the average value in+2 periods of+1 period of kth and kth is less than Equal to default average threshold;If the variance changing value in+2 periods of+1 period of kth and kth is less than or equal to variance change threshold, And the average value in+2 periods of+1 period of kth and kth is less than or equal to default average threshold, it is determined that credible strategy is stablized, nothing Credible strategy need to be updated;If+1 periodic variance changing value of kth is greater than variance change threshold, alternatively, the variance in+2 periods of kth Changing value is greater than variance change threshold, alternatively, the average value in+1 period of kth is greater than default average threshold, alternatively, kth+2 The average value in period is greater than default average threshold, it is determined that credible strategy is unstable, and with+1 period of kth and+2 week of kth The access behavioral data of phase updates credible strategy.
As a kind of optional embodiment of the present invention, in the variance changing value for judging+2 periods of+1 period of kth and kth Whether it is less than or equal to before variance change threshold, update method further include: statistics destination application is in the preceding k+1 period with before The abnormal behavior rate in each period in k+2 period;Abnormal behavior rate based on each period, before calculating k+1 period with The average value of the abnormal behavior rate in each period in the preceding k+2 period;The average value of abnormal behavior rate based on each period, The variance yields of the abnormal behavior rate in k+1 period and each period in the preceding k+2 period before calculating;Row based on each period For the variance yields of abnormal rate, the variance of the abnormal behavior rate in k+1 period and each period in the preceding k+2 period becomes before calculating Change value;The variance changing value for choosing the smallest abnormal behavior rate is compared with preset variance restriction threshold value, determines that variance becomes Change threshold value;The average value for choosing the smallest abnormal behavior rate is compared with preset average threshold limit, default flat to determine Equal threshold value.
For example, with SDDk+1Changing value of+1 period of kth relative to k-th of periodic variance is indicated, with SDDk+2Indicate kth Changing value of+2 periods relative to+1 periodic variance of kth.When judging whether to need to update credible strategy, including following four Judge inequality:
First, SDDk+1≤ Min (Min (SDDi),0.2);Min (the SDDi) indicate the variance variation in preceding k period most Small value, and 0.2 is in order to avoid Min (SDDi) and μiThe excessive limit threshold values provided, in relatively Min (SDDi) and 0.2 after select The smallest variance changing value, the smallest variance changing value can be interpreted as above-mentioned variance change threshold.
Second, SDDk+2≤ Min (Min (SDDi),0.2);
Third, μk+1≤ Min (μk,0.2);μkFor the average value of abnormal behavior rate, in relatively μkAfter numerical value and 0.2, choosing The smallest average value is taken, which can be interpreted as above-mentioned default average threshold.
4th, μk+2≤ Min (μk,0.2)。
By aforementioned four inequality, judge whether credible strategy is stable, and is determined the need for more based on judging result New credible strategy;If all meeting aforementioned four inequality, it is determined that without updating credible strategy, otherwise it is judged as unstable, Need to update credible strategy, and the access in access+2 periods of+1 period of behavioral data and kth and kth in k period in the past Behavioral data updates credible strategy, obtains newest credible strategy.
In embodiments of the present invention, credible strategy is updated with the access behavioral data in+2 periods of+1 period of kth and kth The step of, further includes: using the access behavioral data in+1 period of kth ,+2 periods of kth and preceding k period as initial Handle data;Based on initial treatment data, study obtains new credible strategy.
It is another optional, be based on target interval, calculate the abnormal behavior rate in each period average value and variance yields it Afterwards, update method further include: the variation tendency of the average value assessment abnormal behavior rate of Behavior-based control abnormal rate;And/or based on row The stability of abnormal behavior rate is assessed for the variance yields of abnormal rate.
In the embodiment of the present invention, statistical induction analysis, statistics are carried out to the history access behavioral data of destination application It is to determine average value, the variance yields of abnormal behavior rate by statisticalling analyze based on full terminal data, pass through the average value of abnormal rate The trend of variation assessment abnormal rate, the stability of abnormal rate variation is assessed by the variance variation of abnormal rate, to judge plan Slightly learn whether sufficiently or strategy whether need to update.
Embodiment two
Fig. 2 is a kind of schematic diagram of the updating device of optional credible strategy according to an embodiment of the present invention, such as Fig. 2 institute Show, which may include: statistic unit 21, computing unit 23, the first determination unit 25, the second determination unit 27,
Statistic unit 21, for counting the abnormal behavior rate in each period of the destination application in the preceding k period, In, abnormal behavior rate is the ratio of abnormal behaviour number and behavior sum, abnormal behaviour refer to except it is credible it is tactful in have indicated that behavior Behavior except set, credible strategy are learnt according to the access behavioral data of destination application in the preceding k period Strategy;
Computing unit 23, the average value and variance yields of the abnormal behavior rate for calculating each period;
First determination unit 25 determines target for the average value and variance yields of the abnormal behavior rate based on each period Section, wherein target interval is used to indicate whether credible strategy needs to update;
Second determination unit 27, for be based on target interval, using after the preceding k period+1 period of kth and kth+2 The abnormal behavior rate in a period, it is determined whether need to update credible strategy.
The updating device of above-mentioned credible strategy can count destination application in the preceding k period by statistic unit 21 In each period abnormal behavior rate, wherein abnormal behavior rate be abnormal behaviour number and behavior sum ratio, abnormal behaviour Refer to the behavior in addition to having indicated that behavior set in credible strategy, credible strategy is according to target application journey in the preceding k period Then the strategy that the access behavioral data of sequence learns calculates the abnormal behavior rate in each period by computing unit 23 Average value and variance yields, and pass through the average value and variance yields of abnormal behavior rate of first determination unit 25 based on each period, Determine target interval, wherein target interval is used to indicate whether credible strategy needs to update, and then passes through the second determination unit 27 Based on target interval, the abnormal behavior rate in+2 periods of+1 period of kth and kth after the preceding k period is utilized, it is determined whether Need to update credible strategy.In this embodiment it is possible to be determined using the abnormal behavior rate in each period in the preceding k period Target interval utilizes the abnormal behavior rate in+2 periods of+1 period of kth and kth to the target interval, it is determined whether needs more New credible strategy does not meet the degree learnt to credible strategy using the history access behavior of abnormal rate performance application program, Target interval (i.e. abnormal section) can be first carried out to determine, then using the target interval judge study strategy it is whether abundant or Whether person's strategy, which needs, updates, and automatically updates credible strategy to realize, when determining that credible strategy is unreasonable, in time according to new Data update credible strategy, improve the update efficiency of credible strategy, thus solve to pass through safety officer update manually it is credible Strategy will lead to and update the lower technical problem of efficiency.
Optionally, the second determination unit includes: first judgment module, for judging+2 periods of+1 period of kth and kth Abnormal behavior rate whether exceed target interval;First determining module, for when exceeding target interval, determining credible strategy fortune Row is unstable, and updates credible strategy with the access behavioral data in+2 periods of+1 period of kth and kth;Second determining module, For when without departing from target interval, determined whether with the variance changing value and average value in+2 periods of+1 period of kth and kth Need to update credible strategy.
Optionally, the second determining module includes: the first judging submodule to another kind, for judging+1 period of kth and kth Whether the variance changing value in+2 periods is less than or equal to variance change threshold, and judges+2 periods of+1 period of kth and kth Whether average value is less than or equal to default average threshold;First determines submodule, in+2 periods of+1 period of kth and kth Variance changing value be less than or equal to variance change threshold, and the average value in+2 periods of+1 period of kth and kth be less than or equal to it is pre- If when average threshold, determining that credible strategy is stablized, without updating credible strategy;If+1 periodic variance changing value of kth is greater than side Poor change threshold, alternatively, the variance changing value in+2 periods of kth is greater than variance change threshold, alternatively ,+1 period of kth is flat Mean value is greater than default average threshold, alternatively, the average value in+2 periods of kth is greater than default average threshold, it is determined that credible strategy It is unstable, and credible strategy is updated with the access behavioral data in+2 periods of+1 period of kth and kth.
As an of the invention optional embodiment, first determines that submodule includes: second to determine submodule, for by kth+ Access behavioral data in 1 period ,+2 periods of kth and preceding k period is as initial treatment data;Learn submodule, For being based on initial treatment data, study obtains new credible strategy.
The updating device of credible strategy further include: the first statistical module, for judging+1 period of kth and kth+2 Whether the variance changing value in period is less than or equal to before variance change threshold, statistics destination application the preceding k+1 period with The abnormal behavior rate in each period in the preceding k+2 period;First computing module, for the abnormal behavior based on each period Rate, the average value of the abnormal behavior rate in k+1 period and each period in the preceding k+2 period before calculating;Second computing module, Each period for the average value of the abnormal behavior rate based on each period, before calculating in k+1 period and preceding k+2 period Abnormal behavior rate variance yields;Third computing module, for the variance yields of the abnormal behavior rate based on each period, before calculating The variance changing value of the abnormal behavior rate in k+1 period and each period in the preceding k+2 period;First comparison module, is used for The variance changing value for choosing the smallest abnormal behavior rate is compared with preset variance restriction threshold value, determines that variance changes threshold Value;Second comparison module is compared for choosing the average value of the smallest abnormal behavior rate with preset average threshold limit Compared with to determine default average threshold.
The updating device of above-mentioned credible strategy further include: the first assessment unit calculates each week for being based on target interval After the average value and variance yields of the abnormal behavior rate of phase, the variation of the average value assessment abnormal behavior rate of Behavior-based control abnormal rate Trend;And/or second assessment unit, the stability of the variance yields assessment abnormal behavior rate for Behavior-based control abnormal rate.
The updating device of above-mentioned credible strategy can also include processor and memory, and above-mentioned statistic unit 21 calculates Unit 23, the first determination unit 25, the second determination unit 27 is equal to be stored in memory as program unit, is held by processor Above procedure unit stored in memory go to realize corresponding function.
Include kernel in above-mentioned processor, is gone in memory to transfer corresponding program unit by kernel.Kernel can be set One or more is assessed credible strategy by adjusting kernel parameter, to determine the need for updating credible strategy.
Above-mentioned memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or the forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM), memory includes extremely A few storage chip.
According to another aspect of an embodiment of the present invention, a kind of credible and secure management platform is additionally provided, comprising: memory, The processor coupled with memory, memory and processor are communicated by bus system;Memory is used to store program, In, equipment where program controls memory when being executed by processor executes the update side of the credible strategy of above-mentioned any one Method, processor is for running program, wherein program executes the update method of the credible strategy of above-mentioned any one when running.
According to another aspect of an embodiment of the present invention, a kind of processor is additionally provided, processor is used to run program, In, program executes the update method of the credible strategy of above-mentioned any one when running.
Present invention also provides a kind of computer program products, when executing on data processing equipment, are adapted for carrying out just The program of beginningization there are as below methods step: the abnormal behavior rate in each period of the statistics destination application in the preceding k period, Wherein, abnormal behavior rate is the ratio of abnormal behaviour number and behavior sum, abnormal behaviour refer to except it is credible it is tactful in have indicated that row For the behavior except set, credible strategy is to learn to obtain according to the access behavioral data of destination application in the preceding k period Strategy;Calculate the average value and variance yields of the abnormal behavior rate in each period;Abnormal behavior rate based on each period is put down Mean value and variance yields, determine target interval, wherein target interval is used to indicate whether credible strategy needs to update;Based on target Section utilizes the abnormal behavior rate in+2 periods of+1 period of kth and kth after the preceding k period, it is determined whether need to update Credible strategy.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
In the above embodiment of the invention, it all emphasizes particularly on different fields to the description of each embodiment, does not have in some embodiment The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, Ke Yiwei A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple On unit.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the present invention whole or Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code Medium.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (10)

1. a kind of update method of credible strategy characterized by comprising
Count the abnormal behavior rate in each period of the destination application in the preceding k period, wherein the abnormal behavior rate is The ratio of abnormal behaviour number and behavior sum, abnormal behaviour refer to the behavior in addition to having indicated that behavior set in credible strategy, The credible strategy is the plan learnt according to the access behavioral data of the destination application in the preceding k period Slightly;
Calculate the average value and variance yields of the abnormal behavior rate in each period;
The average value and variance yields of abnormal behavior rate based on each period, determine target interval, wherein the target area Between be used to indicate whether the credible strategy needs to update;
Based on the target interval, the behavior using+2 periods of+1 period of kth and kth after the preceding k period is different Normal rate, it is determined whether need to update the credible strategy.
2. update method according to claim 1, which is characterized in that be based on the target interval, utilize the preceding k week The abnormal behavior rate in+2 periods of+1 period of kth and kth after the phase, it is determined whether need to update the step of the credible strategy Suddenly, comprising:
Judge whether the abnormal behavior rate in+2 periods of+1 period of kth and kth exceeds the target interval;
If exceeding the target interval, it is determined that the credible tactful fluctuation of service, and with+1 period of kth and kth+2 The access behavioral data in period updates the credible strategy;
If being determined without departing from the target interval with the variance changing value in+2 periods of+1 period of kth and kth and average value Whether need to update the credible strategy.
3. update method according to claim 2, which is characterized in that with the variance in+2 periods of+1 period of kth and kth Changing value and average value determine the need for updating the step of the credible strategy, comprising:
Judge whether the variance changing value in+2 periods of+1 period of the kth and kth is less than or equal to variance change threshold, and sentences Whether the average value in+2 periods of+1 period of the kth of breaking and kth is less than or equal to default average threshold;
If the variance changing value in+2 periods of+1 period of kth and kth is less than or equal to the variance change threshold, and kth+1 The average value in+2 periods of period and kth is less than or equal to default average threshold, it is determined that the credible strategy is stablized, and is not necessarily to Update the credible strategy;
If+1 periodic variance changing value of the kth is greater than the variance change threshold, alternatively, the side in+2 periods of the kth Poor changing value is greater than the variance change threshold, alternatively, the average value in+1 period of the kth is greater than the default average threshold Value, alternatively, the average value in+2 periods of the kth is greater than the default average threshold, it is determined that the credible strategy is unstable, And the credible strategy is updated with the access behavioral data in+2 periods of+1 period of kth and kth.
4. update method according to claim 3, which is characterized in that with the access in+2 periods of+1 period of kth and kth Behavioral data updates the step of the credible strategy, comprising:
Using the access behavioral data in+1 period of kth ,+2 periods of kth and preceding k period as initial treatment data;
Based on the initial treatment data, study obtains new credible strategy.
5. update method according to claim 3, which is characterized in that judging+1 period of the kth and+2 week of kth Whether the variance changing value of phase is less than or equal to before variance change threshold, the update method further include:
Count the abnormal behavior rate in each period of the destination application in preceding k+1 period and preceding k+2 period;
Based on the abnormal behavior rate in each period, the row in k+1 period and each period in the preceding k+2 period before calculating For the average value of abnormal rate;
The average value of abnormal behavior rate based on each period, each period before calculating in k+1 period and preceding k+2 period Abnormal behavior rate variance yields;
The variance yields of abnormal behavior rate based on each period, each of k+1 period and preceding k+2 period before calculating The variance changing value of the abnormal behavior rate in period;
The variance changing value for choosing the smallest abnormal behavior rate is compared with preset variance restriction threshold value, determines the side Poor change threshold;
The average value for choosing the smallest abnormal behavior rate is compared with preset average threshold limit, default average to determine Threshold value.
6. update method according to claim 1, which is characterized in that be based on the target interval, calculate each week After the average value and variance yields of the abnormal behavior rate of phase, the update method further include:
Average value based on the abnormal behavior rate assesses the variation tendency of the abnormal behavior rate;And/or
Variance yields based on the abnormal behavior rate assesses the stability of the abnormal behavior rate.
7. a kind of updating device of credible strategy characterized by comprising
Statistic unit, for counting the abnormal behavior rate in each period of the destination application in the preceding k period, wherein institute State the ratio that abnormal behavior rate is abnormal behaviour number and behavior sum, abnormal behaviour refer to except it is credible it is tactful in have indicated that behavior collection Behavior except conjunction, the credible strategy are the access behavioral datas according to the destination application in the preceding k period Learn obtained strategy;
Computing unit, the average value and variance yields of the abnormal behavior rate for calculating each period;
First determination unit determines target area for the average value and variance yields of the abnormal behavior rate based on each period Between, wherein the target interval is used to indicate whether the credible strategy needs to update;
Second determination unit, for be based on the target interval, using after the preceding k period+1 period of kth and kth The abnormal behavior rate in+2 periods, it is determined whether need to update the credible strategy.
8. updating device according to claim 7, which is characterized in that second determination unit includes:
First judgment module, for judging whether the abnormal behavior rate in+2 periods of+1 period of kth and kth exceeds the target Section;
First determining module, for when exceeding the target interval, determining the credible tactful fluctuation of service, and with kth+ The access behavioral data in+2 periods of 1 period and kth updates the credible strategy;
Second determining module is used for when without departing from the target interval, with the variance in+2 periods of+1 period of kth and kth Changing value and average value determine the need for updating the credible strategy.
9. a kind of credible and secure management platform characterized by comprising
Memory, the processor coupled with the memory, the memory and the processor are communicated by bus system;
The memory is for storing program, wherein described program is set where controlling the memory when being executed by processor The update method of credible strategy described in any one of standby perform claim requirement 1 to 6,
The processor is for running program, wherein perform claim requires described in any one of 1 to 6 when described program is run Credible strategy update method.
10. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run Benefit require any one of 1 to 6 described in credible strategy update method.
CN201910605620.0A 2019-07-05 2019-07-05 Trusted policy updating method and device and trusted security management platform Active CN110334517B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910605620.0A CN110334517B (en) 2019-07-05 2019-07-05 Trusted policy updating method and device and trusted security management platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910605620.0A CN110334517B (en) 2019-07-05 2019-07-05 Trusted policy updating method and device and trusted security management platform

Publications (2)

Publication Number Publication Date
CN110334517A true CN110334517A (en) 2019-10-15
CN110334517B CN110334517B (en) 2021-05-14

Family

ID=68143805

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910605620.0A Active CN110334517B (en) 2019-07-05 2019-07-05 Trusted policy updating method and device and trusted security management platform

Country Status (1)

Country Link
CN (1) CN110334517B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103516727A (en) * 2013-09-30 2014-01-15 重庆电子工程职业学院 Network active defense system and updating method thereof
CN103559591A (en) * 2013-11-20 2014-02-05 北京可信华泰信息技术有限公司 Software management system and management method based on trusted computing
CN105046138A (en) * 2015-07-13 2015-11-11 山东超越数控电子有限公司 FT-processor based trust management system and method
CN107657170A (en) * 2016-07-25 2018-02-02 北京计算机技术及应用研究所 The Trusted Loading for supporting intelligently to repair starts control system and method
US20180183799A1 (en) * 2016-12-28 2018-06-28 Nanning Fugui Precision Industrial Co., Ltd. Method and system for defending against malicious website
CN108388793A (en) * 2018-01-09 2018-08-10 南瑞集团有限公司 A kind of virtual machine escape means of defence based on Initiative Defense
CN108632097A (en) * 2018-05-14 2018-10-09 平安科技(深圳)有限公司 Recognition methods, terminal device and the medium of abnormal behaviour object
CN108696486A (en) * 2017-04-10 2018-10-23 中国移动通信集团公司 A kind of abnormal operation behavioral value processing method and processing device
CN109560984A (en) * 2018-11-13 2019-04-02 苏宁易购集团股份有限公司 A kind of network service response time method for detecting abnormality and device
CN109660502A (en) * 2018-09-28 2019-04-19 平安科技(深圳)有限公司 Detection method, device, equipment and the storage medium of abnormal behaviour
US20190123903A1 (en) * 2017-10-25 2019-04-25 Alibaba Group Holding Limited Trusted remote proving method, apparatus and system
CN109688166A (en) * 2019-02-28 2019-04-26 新华三信息安全技术有限公司 A kind of exception outgoing behavioral value method and device
CN109714185A (en) * 2017-10-26 2019-05-03 阿里巴巴集团控股有限公司 Policy deployment method, apparatus, system and the computing system of trusted servers

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103516727A (en) * 2013-09-30 2014-01-15 重庆电子工程职业学院 Network active defense system and updating method thereof
CN103559591A (en) * 2013-11-20 2014-02-05 北京可信华泰信息技术有限公司 Software management system and management method based on trusted computing
CN105046138A (en) * 2015-07-13 2015-11-11 山东超越数控电子有限公司 FT-processor based trust management system and method
CN107657170A (en) * 2016-07-25 2018-02-02 北京计算机技术及应用研究所 The Trusted Loading for supporting intelligently to repair starts control system and method
US20180183799A1 (en) * 2016-12-28 2018-06-28 Nanning Fugui Precision Industrial Co., Ltd. Method and system for defending against malicious website
CN108696486A (en) * 2017-04-10 2018-10-23 中国移动通信集团公司 A kind of abnormal operation behavioral value processing method and processing device
US20190123903A1 (en) * 2017-10-25 2019-04-25 Alibaba Group Holding Limited Trusted remote proving method, apparatus and system
CN109714185A (en) * 2017-10-26 2019-05-03 阿里巴巴集团控股有限公司 Policy deployment method, apparatus, system and the computing system of trusted servers
CN108388793A (en) * 2018-01-09 2018-08-10 南瑞集团有限公司 A kind of virtual machine escape means of defence based on Initiative Defense
CN108632097A (en) * 2018-05-14 2018-10-09 平安科技(深圳)有限公司 Recognition methods, terminal device and the medium of abnormal behaviour object
CN109660502A (en) * 2018-09-28 2019-04-19 平安科技(深圳)有限公司 Detection method, device, equipment and the storage medium of abnormal behaviour
CN109560984A (en) * 2018-11-13 2019-04-02 苏宁易购集团股份有限公司 A kind of network service response time method for detecting abnormality and device
CN109688166A (en) * 2019-02-28 2019-04-26 新华三信息安全技术有限公司 A kind of exception outgoing behavioral value method and device

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
WEI OU 等: "Research on Trustworthy Mechanism Based on Agent", 《2010 SECOND INTERNATIONAL CONFERENCE ON COMPUTER ENGINEERING AND APPLICATIONS》 *
杨蓓: "基于可信计算的动态完整性度量模型研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
田俊峰 等: "基于TPM联盟的可信云平台管理模型", 《通信学报》 *

Also Published As

Publication number Publication date
CN110334517B (en) 2021-05-14

Similar Documents

Publication Publication Date Title
US7890297B2 (en) Predictive monitoring method and system
CN103490956A (en) Self-adaptive energy-saving control method, device and system based on traffic predication
CN107066365A (en) The monitoring method and device of a kind of system exception
US10878324B2 (en) Problem analysis and priority determination based on fuzzy expert systems
WO2002014989A2 (en) Permission level generation based on adaptive learning
CN108985553A (en) A kind of recognition methods and equipment of abnormal user
CN104468161A (en) Configuration method and apparatus of firewall rule set, and firewall
CN105719045A (en) Retention risk determiner
CN107689956A (en) The intimidation estimating method and device of a kind of anomalous event
CN111198799A (en) Machine room power consumption early warning method, system, terminal and storage medium based on LSTM
CN109409764A (en) Production monitoring method and terminal device
CN106447051A (en) System selective maintenance decision-making method for multitask stage
CN106202280A (en) A kind of information processing method and server
CN110334517A (en) The update method and device of credible strategy, credible and secure management platform
CN107423881A (en) task distribution method and device
CN104537224B (en) Multi-state System Reliability analysis method and system based on adaptive learning algorithm
CN110175068A (en) Host number elastic telescopic method, apparatus and computer equipment in distributed system
CN109460644A (en) A kind of determination method and apparatus of user right
CN112925608A (en) Intelligent capacity expansion and contraction method, device and equipment based on machine learning and storage medium
CN109586952B (en) Server capacity expansion method and device
CN107332707A (en) A kind of acquisition method and device of SDN measurement data
CN107316056B (en) Automatic evaluation system and automatic evaluation method for network security level
CN109800085A (en) Detection method, device, storage medium and the electronic equipment of resource distribution
Winacott et al. Limited lookahead supervisory control of probabilistic discrete-event systems
Huang et al. Optimal control of a multi-state manufacturing system: Control of production rate and temporary increase in capacity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant