CN110363381A - A kind of information processing method and device - Google Patents

A kind of information processing method and device Download PDF

Info

Publication number
CN110363381A
CN110363381A CN201910472632.0A CN201910472632A CN110363381A CN 110363381 A CN110363381 A CN 110363381A CN 201910472632 A CN201910472632 A CN 201910472632A CN 110363381 A CN110363381 A CN 110363381A
Authority
CN
China
Prior art keywords
data
alarm event
trigger parameter
cluster
tables
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910472632.0A
Other languages
Chinese (zh)
Other versions
CN110363381B (en
Inventor
潘思宇
吴君佳
陈露佳
赵文飙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201910472632.0A priority Critical patent/CN110363381B/en
Publication of CN110363381A publication Critical patent/CN110363381A/en
Application granted granted Critical
Publication of CN110363381B publication Critical patent/CN110363381B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2462Approximate or statistical queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2477Temporal data queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Probability & Statistics with Applications (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Strategic Management (AREA)
  • Computational Linguistics (AREA)
  • Game Theory and Decision Science (AREA)
  • Educational Administration (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Computation (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Development Economics (AREA)
  • Evolutionary Biology (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

The present invention provides a kind of information processing method and device, which comprises obtains sample data from monitored data collection system;The trigger parameter for determining alarm event is clustered according to the sample data;According to the trigger parameter of the alarm event, detect whether that alarm event has occurred;In case of alarm event, the alarm notification of the alarm event is issued.Information processing method and device provided by the invention, compared with the prior art for scheme, sample data can be obtained from monitored data collection system, and finally issue the alarm notification of alarm event, whole process is participated in completely without artificial, to realize the intelligence in risk management and control, and then the efficiency in risk management and control is improved, reduces the human cost of risk management and control.

Description

A kind of information processing method and device
Technical field
The present invention relates to information technology field more particularly to a kind of information processing methods and device.
Background technique
More prevalent with network technology and terminal technology, risk present in network trading is more and more, risk pipe All kinds of schemes of control are come into being.
However, there is need a large amount of manpowers and time cost for operating between system and system in existing risk management and control The problem of, therefore, the efficiency during risk management and control how is improved, reduces artificial participation, and then reduce the people of risk management and control Power cost becomes the problem of urgent need to resolve.
Summary of the invention
It is an object of the present invention to provide a kind of information processing method and devices, to solve the intelligence in availability risk control The problem of low efficiency caused by energyization is low and waste of manpower cost.
According to the first aspect of the invention, a kind of information processing method is provided, which comprises
Sample data is obtained from monitored data collection system;
The trigger parameter for determining alarm event is clustered according to the sample data;
According to the trigger parameter of the alarm event, detect whether that alarm event has occurred;
In case of alarm event, the alarm notification of the alarm event is issued.
Further, in method of the present invention, the method is applied in data collection system;It is described according to the sample Notebook data clusters the step of determining alarm event trigger parameter, comprising:
The sample data collected is clustered, cluster result is obtained;
According to the cluster result, it is determined whether it is abnormal that cluster occurs;
It is abnormal in case of cluster, it is determined that abnormal corresponding first alarm event of the cluster;
According to first alarm event, it is described according to cluster result, it is determined whether the abnormal step of cluster, packet occurs Include at least one of:
According to cluster result, it is determined whether it is abnormal that the first kind that the sample data in cluster exception can not cluster occurs;
According to cluster result, it is determined whether the second class that the same event frequency of occurrences in cluster exception is more than threshold value occurs It is abnormal.
Further, in method of the present invention, the method also includes:
The trigger parameter of the alarm event is uploaded in tables of data by the data collection system, for data processing system System accesses.
Further, in method of the present invention, the method is applied to data processing system;It is described according to the sample Data clusters determine the step of alarm event trigger parameter, comprising:
Tables of data is accessed, the alarm event determining according to sample data cluster stored in the tables of data is obtained Trigger parameter.
Further, in method of the present invention, the access tables of data, obtain stored in the tables of data according to institute State the trigger parameter of the determining alarm event of sample data cluster, comprising:
Cycle access tables of data to schedule, obtain stored in the tables of data according to the sample data cluster Determining alarm event trigger parameter.
Further, described that the triggering for determining alarm event is clustered according to the sample data in method of the present invention The step of parameter, comprising:
By comparing history trigger parameter and current trigger parameter in the tables of data, comparison result is obtained;
According to the comparison result, the first trigger parameter of the first alarm event is determined.
Further, in method of the present invention, it is described according to the comparison result, determine the first alarm event The step of first trigger parameter, comprising:
According to the comparison result, current trigger parameter changed parameter letter compared with history trigger parameter is extracted Breath;
According to the changed parameter information, the first trigger parameter of the first alarm event is determined.
According to the second aspect of the invention, a kind of information processing unit is provided, described device includes:
Acquiring unit, for obtaining sample data from monitored data collection system;
Determination unit, for clustering the trigger parameter for determining alarm event according to the sample data;
Detection unit for the trigger parameter according to the alarm event detects whether that alarm event has occurred;
Issue unit, for issuing the alarm notification of the alarm event in case of alarm event.
Further, in device of the present invention, described device is applied in data collection system;The determination unit packet It includes and obtains subelement and determining subelement;
The acquisition subelement obtains cluster result for clustering to the sample data collected;
The determining subelement, for according to the cluster result, it is determined whether it is abnormal that cluster occurs;In case of cluster It is abnormal, it is determined that abnormal corresponding first alarm event of the cluster;According to first alarm event, determine that described first accuses First trigger parameter of alert event.
Further, in device of the present invention, the determining subelement is also used at least one of:
According to cluster result, it is determined whether it is abnormal that the first kind that the sample data in cluster exception can not cluster occurs;
According to cluster result, it is determined whether the second class that the same event frequency of occurrences in cluster exception is more than threshold value occurs It is abnormal.
Further, in device of the present invention, described device is applied to data collection system, described device further include: Uploading unit;
The uploading unit, for the trigger parameter of the alarm event to be uploaded in tables of data, for data processing System access.
Further, in device of the present invention, described device is applied to data processing system, and the determination unit is specific For:
Tables of data is accessed, the alarm event determining according to sample number cluster stored in the tables of data is obtained and joins Number.
Further, in device of the present invention, the determination unit is specifically also used to:
Cycle access tables of data to schedule, obtain stored in the tables of data according to the sample data cluster Determining alarm event trigger parameter.
Further, in device of the present invention, the determination unit is specifically used for:
By comparing history trigger parameter and current trigger parameter in the tables of data, comparison result is obtained;According to institute Comparison result is stated, determines the first trigger parameter of the first alarm event.
Further, in device of the present invention, the determination unit is specifically also used to:
According to the comparison result, current trigger parameter changed parameter letter compared with history trigger parameter is extracted Breath;
According to the changed parameter information, the first trigger parameter of the first alarm event is determined.
According to the third aspect of the invention we, a kind of storage medium is provided, the storage medium stores computer program instructions, The computer program instructions are executed according to method described above.
According to the fourth aspect of the invention, a kind of calculating equipment is provided, comprising: for storing depositing for computer program instructions Reservoir and processor for executing computer program instructions, wherein when the computer program instructions are executed by the processor, It triggers the calculating equipment and executes method of the present invention.
Information processing method and device provided by the invention, in the data processing system applied to risk management and control system, benefit Sample data is obtained with from monitored data collection system;The triggering for determining alarm event is clustered according to the sample data Parameter;According to the trigger parameter of the alarm event, detect whether that alarm event has occurred;In case of alarm event, hair The alarm notification of the alarm event out.Due to the technical solution of the embodiment of the present invention, system can be acquired from monitored data Sample data is obtained in system, and finally issues the alarm notification of alarm event, and whole process is participated in completely without artificial, is compared Compared with the prior art, the work be conducive in risk management and control is intelligent, improves the working efficiency of risk management and control, reduces risk pipe Human cost in control.
Detailed description of the invention
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, of the invention other Feature, objects and advantages will become more apparent upon:
Fig. 1 is the flow diagram of the information processing method of the embodiment of the present invention;
Fig. 2 is the timing flow diagram of the information processing method of the embodiment of the present invention;
Fig. 3 is the schematic diagram of a scenario of the information processing method of the specific embodiment of the invention;
Fig. 4 is the flow diagram of the information processing method of the specific embodiment of the invention;
Fig. 5 is another schematic diagram of a scenario of the information processing method of the specific embodiment of the invention;
Fig. 6 is another flow diagram of the information processing method of the specific embodiment of the invention;
Fig. 7 is the illustrative view of functional configuration of the information processing unit of the embodiment of the present invention.
The same or similar appended drawing reference represents the same or similar component in attached drawing.
Specific embodiment
Present invention is further described in detail with reference to the accompanying drawing.
Fig. 1 is the flow diagram of the information processing method of the embodiment of the present invention, as shown in Figure 1, the embodiment of the present invention mentions The information processing method of confession, which comprises
Step 101, sample data is obtained from monitored data collection system;
Step 102, the trigger parameter for determining alarm event is clustered according to the sample data;
Step 103, it according to the trigger parameter of the alarm event, detects whether that alarm event has occurred;
Step 104, in case of alarm event, the alarm notification of the alarm event is issued.
It should be noted that risk management and control can be based on multiple systematic collaborations completion in risk management and control.The wind Dangerous managing and control system is the system managed with information technology to risk, is the important component of management information system, pipe Reason personnel can borrow information technology tool insertion operation flow, real-time collecting relevant information, to be identified, be divided to risk Analysis, assessment, early warning, identification simultaneously work out corresponding risk management and control strategy, Coping with Reality or potential risks, control and reduce Risk adverse effect.For example, Alipay the 5th generation risk engine Alpharisk.
And risk management and control system is made of one or more systems, is cooperateed with and is made under manual operation between multiple systems Industry realizes the risk management and control of risk management and control system together.For example, Alpharisk, which includes at least Perception, perceives center, use In perception Outer risks situation, the risk that gives warning in advance and black production attack;AI Detect intelligent centre self-test is known for risk Not, the high advantage of risky recognition accuracy;AutoPilot intelligent centre is adaptive, for being based on risk situation adjust automatically Risk policy, it is possible to reduce manual intervention;Evolution evolution center is used for on-line automatic update risk module, can be promoted The antagonism of risk engine.
It in the present embodiment, may include data collection system and data processing system, example for the system of risk management and control Such as, in Alpharisk, the Perception can be understood as data collection system, the AI Detect or described AutoPilot can be understood as data processing system.
It is understood that the alarm event indicates the software monitored in risk management and control or phylogenetic there are wind The event of danger.For example, the complaint event of software or the reporting of user of system, for another example what is occurred in Alipay system steals thing Part, Alipay barcode scanning anomalous event etc..
Here, the alarm event may include known risk case and unknown risk case, can also include The anomalous event etc. in risk case known.
Here, the trigger parameter of alarm event, it can be understood as the relevant parameter or information that triggering alarm event generates, example Such as, Alipay steals report a case to the security authorities data or the calling information that the trigger parameter of event may include stolen brush user, for example including branch Pay the information such as precious EIC equipment identification code, user name;Or it is also understood that for detecting whether the alarm event occurs Relevant information, for example, judge whether software or phylogenetic event are alarm events based on certain strategy, for example, some Strategy is just to think that the event is alarm event not by the payment events produced in the case where recognition of face;And some plans It is slightly then all to think the event the case where passing through recognition of face but in the payment events that non-normal hours or improper address generate For alarm event.In short, all relevant informations that can be used for characterizing the alarm event can also be classified as alarm event Trigger parameter in.System can determine whether that alarm event has occurred according to the trigger parameter of alarm event, and may be used also To generate the corresponding strategies for detection alarm event according to the trigger parameter of alarm event, by strategy still as alarm event Trigger parameter.
Therefore, compared to compared with the prior art, the information processing method as described in the present embodiment can be from monitored Sample data is obtained in data collection system;The trigger parameter for determining alarm event is clustered according to the sample data;According to institute The trigger parameter for stating alarm event detects whether that alarm event has occurred;In case of alarm event, the alarm thing is issued The alarm notification of part.Whole process is participated in completely without artificial, and the work intelligence be conducive in risk management and control can be improved, The working efficiency of risk management and control is improved, the human cost in risk management and control is reduced.
Optionally, the method can be applied in data collection system;The step 102 may include:
The sample data of acquisition is clustered, cluster result is obtained;According to the cluster result, it is determined whether hair Raw cluster is abnormal;It is abnormal in case of cluster, it is determined that abnormal corresponding first alarm event of the cluster;According to described first Alarm event determines the first trigger parameter of first alarm event.
In an alternative embodiment, the sample data of described pair of acquisition is clustered, and obtains cluster result, comprising: The sample data collected is clustered using the Clustering Model in data collection system.
Here, the Clustering Model is configured in data collection system, and the Clustering Model refers to through algorithm to sample Notebook data carries out the aggregation of different dimensions similarity.
Optionally, the sample data collected is clustered using the Clustering Model in data collection system, is wrapped It includes: vectorization processing is carried out using the sample data first collected of the Clustering Model in data collection system, to vectorization Treated, and sample data is clustered again, obtains cluster result.So, it is possible to reduce the calculation amount in cluster process.
Optionally, described according to cluster result, it is determined whether the abnormal step of cluster, including at least one of occurs:
According to cluster result, it is determined whether it is abnormal that the first kind that the sample data in cluster exception can not cluster occurs;
According to cluster result, it is determined whether it is more than the second different of threshold value that the same event frequency of occurrences in cluster exception, which occurs, Often.
Here, the first kind is abnormal, it can be understood as, carrying out certain sample numbers occur in cluster process to sample data According to can not gather in the class having built up, for example, steal brush event as a class, log in it is abnormal be used as a class, if wherein one A sample data is not only not belonging to steal brush event but also is not belonging to log in exception, then the first kind for being judged as that sample data can not cluster is different Often.In other words, the first kind can be understood as unknown risk case extremely.
Here, the second class is abnormal, it can be understood as, the frequency that same event occurs is more than threshold value, for example, the same day steals brush thing The number of part is more than 100 times.At this moment, it should be taken into account that there are problems for the mechanism or strategy for whether detecting robber's brush event, need The strategy is adjusted.For example, strategy is generated the case where passing through recognition of face but in non-normal hours or improper address Payment events, it is believed that be alarm event.Based on the strategy, occur to report the number of the alarm event to be greater than threshold value, example daily Such as larger than 10 times, in fact, may payment system holder going abroad during, it is possible that non-normal hours or it is non-just The payment events of normal address are larger, it is thus desirable to be adjusted to the strategy, such as are adjusted to the case where not passing through recognition of face The lower payment events just produced.In other words, the second class can be understood as the anomalous event of known risk case extremely.
Optionally, the trigger parameter of the alarm event is uploaded in tables of data by the data collection system, for number It accesses according to processing system.
Here, the tables of data is to establish the alarm sent in the database for storing the data collection system The trigger parameter of event.
In some embodiments, the tables of data can store in server, can also be storage beyond the clouds, in short, The interface of database can be accessed by data processing system and data collection system.
In fact, in some embodiments, cluster exception only can have occurred, such as unknown risk thing has occurred In the case where the anomalous event of part or known risk case, just the trigger parameter of alarm event can be written to the tables of data In.In this way, which data processing system can be mitigated to the amount of access of tables of data.
Optionally, the method is applied to data processing system;Described clustered according to the sample data determines alarm thing The step of part trigger parameter, comprising:
Tables of data is accessed, the alarm event determining according to sample data cluster stored in the tables of data is obtained Trigger parameter.
In some embodiments, the access tables of data, obtain stored in the tables of data according to the sample data Cluster the trigger parameter of determining alarm event, it can be understood as be to access tables of data using data processing system, to obtain The trigger parameter by data collection system according to the determining alarm event of sample data cluster stored in the tables of data.
Optionally, the access tables of data, obtain stored in the tables of data according to the sample data cluster determine Alarm event trigger parameter the step of, comprising: cycle access tables of data to schedule is obtained and is deposited in the tables of data The alarm event trigger parameter determining according to sample data cluster of storage.
Here, the predetermined period of time can be one day perhaps a hour or one month.It is understood that For the period set in different software or the corresponding risk management and control of system and can not mutually difference, can be according to the risk The actual conditions of the software of the corresponding management of control or system are arranged.To meet the need to the time of different software or system It asks, reduces the manpower waiting time to realize, improve risk management and control system for the efficiency of the data processing between system.
It for example, can be set as with predetermined period of time one day, and can be ten two points of inoperative of evening at the time of setting Time, in this way, system can be made to carry out the circulations of data on one's own time, without staff at work between carry out etc. To further improve the efficiency of data processing.
Optionally, the described the step of trigger parameter for determining alarm event is clustered according to sample data, may include:
Data processing system is compared by comparing history trigger parameter and current trigger parameter in the tables of data As a result;According to the comparison result, the first trigger parameter of the first alarm event is determined.
Here, the history trigger parameter can be understood as storing all alarms before the previous access moment in tables of data The trigger parameter of event;The current trigger parameter can be understood as all alarm events stored before the current accessed moment Trigger parameter.By comparing history trigger parameter and current trigger parameter in the tables of data, comparison result, Ke Yili are obtained Xie Wei, the trigger parameter at acquisition previous access moment to the alarm event stored between the current accessed moment.
In fact, it is abnormal if there is no clusters between current accessed moment and previous access moment, it can be said that, number Parameter according to the trigger event stored in table is will not be changed.
Optionally, described according to the comparison result, the step of determining the first trigger parameter of the first alarm event, packet It includes:
According to the comparison result, current trigger parameter changed parameter letter compared with history trigger parameter is extracted Breath;According to the changed parameter information, the first trigger parameter of the first alarm event is determined.
That is, in some embodiments, there is cluster exception between current accessed moment and previous access moment, The trigger parameter of tables of data storage will change, then extracting changed parameter information;It is changed according to described Parameter information, determine the corresponding alarm event of changed parameter information as the first alarm event, it is changed Parameter is as the first trigger parameter.
Here, changed parameter information may include the information extra relative to history trigger parameter;It can also wrap Include the parameter changed in history trigger parameter.
Specifically, referring to Fig. 2, Fig. 2 is the timing flow diagram of the information processing method of the embodiment of the present invention, such as scheme Shown in 2, the method step includes:
Step 201: data collection system obtains sample data;
Step 202: data collection system clusters the trigger parameter for determining alarm event according to the sample data;
Step 203: the trigger parameter of alarm event is uploaded in tables of data by data collection system system;
Step 204: data processing system accesses tables of data, obtains clustering according to sample data of storing in the tables of data The trigger parameter of determining alarm event.
In this way, which the embodiment of the present invention is by database by the stream compression of data collection system and data processing system It gets through, i.e., is operated by the intelligence between database realizing data collection system and data processing system, reduce artificial incite somebody to action The data of data collection system imported into the process of data processing system, can reduce human cost, meanwhile, data import when Between do not limited by manual time, can also improve risk management and control data among systems circulation efficiency, and then improve risk The working efficiency of control.
You need to add is that the first trigger parameter of first alarm event, may include the of the first alarm event A kind of trigger parameter or the second class trigger parameter.
Here first kind trigger parameter can be understood as the event information of the first alarm event itself, such as the mark of event Knowledge, locale, time, the corresponding EIC equipment identification code of event etc..Here the second class trigger parameter can be understood as The other parameters relevant to the first alarm event automatically generated according to the first kind trigger parameter of the first alarm event, for example, Judge corresponding configuration data etc. in strategy that the first alarm event occurs etc. or strategy.
It is described that the trigger parameter for determining alarm event is clustered according to the sample data, comprising: according to the sample data Cluster determines the first kind trigger parameter of abnormal corresponding first alarm event of cluster;And according to the first kind trigger parameter, Determine the second class trigger parameter of first alarm event.
Specifically, it is clustered according to the sample data, generates the first kind touching of abnormal corresponding first alarm event of cluster Send out parameter, comprising: cluster according to sample data, based on the corresponding data processing model in data processing system, be based on first Class trigger parameter generates the second trigger parameter for being directed to alarm event.
For example, in the case that first alarm event is unknown risk case, when data processing system is determined After first kind trigger parameter, then the second class triggering corresponding with unknown risk case is obtained based on the first data processing model and is joined The second class trigger parameter to judge the strategy of the unknown risk case is counted, the touching of the second class can be directly based upon so as to subsequent Whether hair parameter detecting has occurred current unknown risk case.
For example, working as data processing in the case that first alarm event is the anomalous event of known risk case After system determines first kind trigger parameter, then obtained based on the second data processing model different with the known risk case The corresponding second class trigger parameter of ordinary affair part is to adjust the strategy of the known risk case.
Here, first data processing model and the second data processing model can be and be configured in data processing system In, by machine learning, second for alarm event can be directly generated using the first kind trigger parameter of alarm event The correlation model of class trigger parameter.
A specific embodiment presented below is to further understand information processing method provided by above-described embodiment.
The present embodiment is by taking the Alpharisk of Alipay as an example, and wherein the Perception in Alpharisk can be understood as For data collection system described in above-described embodiment;AI Detect and AutoPilot in Alpharisk can be understood as State data processing system described in embodiment.
Big safety-risk and decision center-country's risk management-usurp domain in daily risk operation and case point at present During analysis, case branch scape point is special to need more than 10 people to be responsible for daily operation, product average cost 3 hours or more human costs into Row case analysis with summarize, 2 hours or more progress signature analysis and analysis of strategies, 1 hour or more strategy configuration with it is online.Its In, the machine tool cost (such as simulation laboratory) and human cost (as batch is qualitative) in link are all very high.
Based on this, specific embodiment provided by the invention runs the upgrading of link by intelligence, can substantially reduce mechanic Have cost and human cost, handles more in time and promote case efficiency of operation and efficiency.
Referring to Fig. 3, Fig. 3 is the schematic diagram of a scenario of the information processing method of the specific embodiment of the invention, as shown, number According to the Clustering Model of acquisition system when carrying out clustering processing, for normally capableing of the alarm event of cluster grouping, directly generate The Reportage on Case of alarm event, so as to risk management and control.And the alarm event for cluster grouping can not be carried out, it is based on alarm event Corresponding first kind trigger parameter is generated the second class trigger parameter for being directed to alarm event, is examined again with the second class trigger parameter The generation for surveying the alarm event generates the Reportage on Case of alarm event.Here, the alarm event that can not carry out cluster grouping can Think above-described embodiment book the first kind it is abnormal, i.e. the first kind that can not cluster of sample data is abnormal, in the present embodiment, leads to The first kind trigger parameter that data processing system extracts extremely corresponding first alarm event of the first kind is crossed, data processing system is based on The first data processing model in system generates the second class trigger parameter for being directed to the first alarm event.
Specifically, referring to Fig. 4, Fig. 4 is the flow diagram of the information processing method of the specific embodiment of the invention, such as scheme Shown in 4, the method step includes:
Step 400: data processing system creates timer;
Here, the effect of the timer can be the predetermined period of time of setting access described in above-described embodiment.
Step 401: data collection system carries out first kind abnormality detection;
Step 402: data collection system will be in the tables of data of original strategy parameter backup to database;
Here, the original strategy parameter, it can be understood as history trigger parameter described in above-described embodiment, alternatively, going through History the second class trigger parameter.
Step 403: the data in data processing system detection data table change;
Here, the step of data in the data processing system detection data table change, it can be understood as above-mentioned The data processing system described in embodiment passes through the history trigger parameter and current trigger parameter compared in the tables of data, Obtain comparison result;According to the comparison result, determine whether the data in tables of data change.
Step 404: if there is a change, then tables of data returns to the data of variation;
Here, tables of data return variation data the step of, it can be understood as described in above-described embodiment according to compare knot Fruit extracts current trigger parameter changed parameter information compared with history trigger parameter.
Step 405: data processing system analysis handles the data of the variation;
Here, data processing system analysis handles the data of the variation, it can be understood as number described in above-described embodiment According to the first data processing model of processing system according to the first kind trigger parameter in the data of the variation, processing, which generates, to be corresponded to The second class trigger parameter.
Step 406: the corresponding strategy of corresponding with changed data alarm event is generated, as the alarm thing The trigger parameter of part.
In the present embodiment, the data collection system can be Perception system, and the data processing system can be with It is AI Detect system.
In the present embodiment, the Clustering Model of Perception can be after monitoring risk, for example, unknown risk The relevant information creating data of AI Detect task that needs generate can be output to an ODPS (Open Data by event Processing Service, open data formula service) in table, AI Detect, which can periodically detect the ODPS table, whether there is Whether new record, such as data change, if it is present new data creation AI Detect task is used automatically, and And there may be the possibility for needing to create multiple AI Detect tasks for a record.
Referring to Fig. 5, Fig. 5 is another schematic diagram of a scenario of the information processing method of the specific embodiment of the invention, as schemed institute Show, the alarm model of data collection system is when carrying out alarming processing, and for normal alarm event, it is logical directly to issue alarm Know, so as to risk management and control.And the abnormal thing for being found during the anomalous event of known risk case, that is, alarming processing Part is based on the corresponding first kind trigger parameter of alarm event, and the second class for being directed to alarm event is generated according to new configuration data Trigger parameter detects the generation of the alarm event with the second class trigger parameter again, issues alarm notification.Here, at alarm Managing abnormal alarm event can be abnormal for the second class described in above-described embodiment, i.e., the same event frequency of occurrences is more than threshold value Second class is abnormal, in the present embodiment, extracts the of extremely corresponding first alarm event of the second class by data processing system A kind of and/or the second trigger parameter is generated based on the second data processing model in data processing system with new configuration data For the second class trigger parameter adjusted of the first alarm event.
Specifically, referring to Fig. 6, figure: 6 illustrate for another process of the information processing method of the specific embodiment of the invention Figure, as shown in fig. 6, the method step includes:
Step 600: creation timer;
Step 601: alarm event report is sent in database by data collection system;
Step 602: the data in data processing system detection data table change;
Here, the data change the ginseng that can be understood as changing in history trigger parameter described in above-described embodiment Number for example, the frequency range for same event is changed, such as has exceeded threshold value.
Step 603: the data in detection data table change;
Step 604: if there is a change, then tables of data returns to the data of variation;
Step 605: data processing system generates configuration data according to the data of variation;
Step 606: data processing system finds the corresponding strategy of the configuration data having;
Step 607: corresponding strategy is re-started the announcement of alarm event by data processing system as strategy adjusted Alert processing.
In the present embodiment, the data collection system can be Perception system, and the data processing system can be with It is Autopilot system.
In the present embodiment, monitoring/alarm model of Perception detect decision tree divide group's exception after, can spit Divide group's strategy UUID (Universally Unique Identifier, Universally Unique Identifier) out, is looked into according to the UUID of strategy It askes newest creation and includes the Autopilot task of the strategy, and re-execute.Thus the threshold value of adjust automatically each strategy, To bother the most scientific optimal balance point that searches out machine among rate and can accomplish in Optimal coverage rate and minimum.
Here, divide group extremely and can be understood as certain a kind of event of history alarm event described in above-described embodiment to occur Second class is abnormal, at this point, such corresponding UUID of strategy can be protruded;It is described to include according to the newest creation of UUID inquiry of strategy The Autopilot task of the strategy, it can be understood as, according to the UUID of strategy, configuration number of the inquiry for current strategies adjustment According to the configuration data for updating current strategies generates corresponding Autopilot task.Wherein, the configuration data can be this reality Apply the threshold value of strategy described in example.
Above-described embodiment is not necessarily to manpower intervention, in advance can calculate data for use, to transport in the non-working time at night Whether battalion personnel daily working time direct decision applies each item strategy of above-described embodiment recommendation process, then simple if you need to adjust Quickly adjustment, can generation strategy, the service time is greatly saved.
In other words, in the daily operation of decision in the face of risk center risk management and control, pass through the data intelligence of system and system Circulation, allow institute manpower intervention in need risk operation switch to machine according to the algorithm of big data recommend, will in the past " data Wait people handle strategy need people establish after generation strategy need again further equal pending datas run queue and be accomplished to people This mode of work click publishing policy application " is thoroughly changed into " machine automatic identification data similarity (cluster) to machine Recommend variable or feature recommend automatically to machine generation strategy to artificial decision whether application strategy result " intelligent run chain Road.
The method of the present embodiment can be by the air control Developing Tactics of big safety-risk identification and decision in optimal benefit and minimum Self adjustment of continuous self-teaching in cost, saves service time and operation human cost while reaching optimal balance point.
Fig. 7 is the illustrative view of functional configuration of the information processing unit of the embodiment of the present invention, as shown in fig. 7, the present invention is implemented The information processing unit of example, described device includes: acquiring unit 71, determination unit 72, detection unit 73 and issue unit 74.
The acquiring unit 71, for obtaining sample data from monitored data collection system;
The determination unit 72, for clustering the trigger parameter for determining alarm event according to the sample data;
The detection unit 73 for the trigger parameter according to the alarm event detects whether that alarm event has occurred;
The issue unit 74, for issuing the alarm notification of the alarm event in case of alarm event.
In an embodiment of the invention, described device is applied in data collection system, and the determination unit 72 includes It obtains subelement and determines subelement;
The acquisition subelement obtains cluster result for clustering to the sample data of the acquisition;
The determining subelement, for according to the cluster result, it is determined whether it is abnormal that cluster occurs;In case of cluster It is abnormal, it is determined that abnormal corresponding first alarm event of the cluster;According to first alarm event, determine that described first accuses First trigger parameter of alert event.
In an embodiment of the invention, the determining subelement is also used at least one:
According to cluster result, it is determined whether it is abnormal that the first kind that the sample data in cluster exception can not cluster occurs;
According to cluster result, it is determined whether the second class that the same event frequency of occurrences in cluster exception is more than threshold value occurs It is abnormal.
In an embodiment of the invention, described device is applied to data collection system, described device further include: upper leaflet Member;
The uploading unit, for the trigger parameter of the alarm event to be uploaded in tables of data, for data processing System access.
In an embodiment of the invention, described device is applied to data processing system, and the determination unit 72 is specifically used In:
Tables of data is accessed, the alarm event determining according to sample data cluster stored in the tables of data is obtained and joins Number.
In an embodiment of the invention, described device is applied to data processing system, and the determination unit 72 is specifically gone back For:
Cycle access tables of data to schedule, obtain stored in the tables of data according to the sample data cluster Determining alarm event parameter.
In an embodiment of the invention, the determination unit 72 is specifically also used to:
By comparing history trigger parameter and current trigger parameter in the tables of data, comparison result is obtained;According to institute Comparison result is stated, determines the first trigger parameter of the first alarm event.
In an embodiment of the invention, the determination unit 72 is specifically also used to:
According to the comparison result, current trigger parameter changed parameter letter compared with history trigger parameter is extracted Breath;
According to the changed parameter information, the first trigger parameter of the first alarm event is determined.
Fig. 7 shown device of the embodiment of the present invention is the realization device of method shown in Fig. 1 and Fig. 2 of the embodiment of the present invention, tool Body principle is identical as method shown in Fig. 1 and Fig. 2 of the embodiment of the present invention, and details are not described herein again.
In an embodiment of the invention, a kind of storage medium is also provided, the storage medium storage computer program refers to It enables, the computer program instructions are executed according to the method for the embodiment of the present invention.
In the present invention one typical configuration, calculating equipment includes one or more processors (CPU), input/defeated Outgoing interface, network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.
In an embodiment of the invention, a kind of calculating equipment is also provided, comprising: for storing computer program instructions Memory and processor for executing computer program instructions, wherein when the computer program instructions are executed by the processor When, trigger the method for calculating equipment and executing the embodiment of the present invention.
Computer readable storage medium includes permanent and non-permanent, removable and non-removable media, can be by appointing What method or technique realizes that information stores.Information can be computer readable instructions, data structure, program device or other Data.The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory techniques, CD-ROM (CD- ROM), digital versatile disc (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storages Equipment or any other non-transmission medium, can be used for storage can be accessed by a computing device information.
It should be noted that the present invention can be carried out in the assembly of software and/or software and hardware, for example, can adopt With specific integrated circuit (ASIC), general purpose computer or any other realized similar to hardware device.In some embodiments In, software program of the invention can be executed by processor to realize above step or function.Similarly, software of the invention Program (including relevant data structure) can be stored in computer readable recording medium, for example, RAM memory, magnetic or CD-ROM driver or floppy disc and similar devices.In addition, some of the steps or functions of the present invention may be implemented in hardware, for example, As the circuit cooperated with processor thereby executing each step or function.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims Variation is included in the present invention.Any reference signs in the claims should not be construed as limiting the involved claims.This Outside, it is clear that one word of " comprising " does not exclude other units or steps, and odd number is not excluded for plural number.That states in device claim is multiple Unit or device can also be implemented through software or hardware by a unit or device.The first, the second equal words are used to table Show title, and does not indicate any particular order.

Claims (18)

1. a kind of information processing method characterized by comprising
Sample data is obtained from monitored data collection system;
The trigger parameter for determining alarm event is clustered according to the sample data;
According to the trigger parameter of the alarm event, detect whether that alarm event has occurred;
In case of alarm event, the alarm notification of the alarm event is issued.
2. the method according to claim 1, wherein the method is applied in data collection system;Described The step of determining alarm event trigger parameter is clustered according to the sample data, comprising:
The sample data collected is clustered, cluster result is obtained;
According to the cluster result, it is determined whether it is abnormal that cluster occurs;
It is abnormal in case of cluster, it is determined that abnormal corresponding first alarm event of the cluster;
According to first alarm event, the first trigger parameter of first alarm event is determined.
3. according to the method described in claim 2, it is characterized in that, described according to cluster result, it is determined whether it is different that cluster occurs Normal step, including at least one of:
According to cluster result, it is determined whether it is abnormal that the first kind that the sample data in cluster exception can not cluster occurs;
According to cluster result, it is determined whether the same event frequency of occurrences occurred in cluster exception is different more than the second class of threshold value Often.
4. method according to any one of claims 1 to 3, which is characterized in that the method also includes:
The trigger parameter of the alarm event is uploaded in tables of data by the data collection system, for data processing system into Row access.
5. the method according to claim 1, wherein the method is applied to data processing system;The basis The sample data clusters the step of determining alarm event trigger parameter, comprising:
Tables of data is accessed, the triggering of the alarm event determining according to sample data cluster stored in the tables of data is obtained Parameter.
6. according to the method described in claim 5, it is characterized in that, the access tables of data, obtains and stores in the tables of data The alarm event determining according to sample data cluster trigger parameter the step of, comprising:
Cycle access tables of data to schedule, obtain stored in the tables of data according to the sample data cluster determine Alarm event trigger parameter.
7. method according to claim 5 or 6, which is characterized in that described clustered according to the sample data determines alarm The step of trigger parameter of event, comprising:
By comparing history trigger parameter and current trigger parameter in the tables of data, comparison result is obtained;
According to the comparison result, the first trigger parameter of the first alarm event is determined.
8. determining the first touching of the first alarm event according to the method described in claim 7, described according to the comparison result The step of sending out parameter, comprising:
According to the comparison result, current trigger parameter changed parameter information compared with history trigger parameter is extracted;
According to the changed parameter information, the first trigger parameter of the first alarm event is determined.
9. a kind of information processing unit, which is characterized in that described device includes:
Acquiring unit, for obtaining sample data from monitored data collection system;
Determination unit, for clustering the trigger parameter for determining alarm event according to the sample data;
Detection unit for the trigger parameter according to the alarm event detects whether that alarm event has occurred;
Issue unit, for issuing the alarm notification of the alarm event in case of alarm event.
10. device according to claim 9, which is characterized in that described device is applied in data collection system;It is described true Order member includes obtaining subelement and determining subelement;
The acquisition subelement obtains cluster result for clustering to the sample data collected;
The determining subelement, for according to the cluster result, it is determined whether it is abnormal that cluster occurs;It is different in case of clustering Often, it is determined that abnormal corresponding first alarm event of the cluster;According to first alarm event, first alarm is determined First trigger parameter of event.
11. device according to claim 10, which is characterized in that the determining subelement is also used at least one:
According to cluster result, it is determined whether it is abnormal that the first kind that the sample data in cluster exception can not cluster occurs;
According to cluster result, it is determined whether the same event frequency of occurrences occurred in cluster exception is different more than the second class of threshold value Often.
12. according to the described in any item devices of claim 9 to 11, which is characterized in that described device is applied to data acquisition system System, described device further include: uploading unit;
The uploading unit, for the trigger parameter of the alarm event to be uploaded in tables of data, for data processing system Access.
13. device according to claim 9, which is characterized in that described device is applied to data processing system, the determination Unit is specifically used for:
Tables of data is accessed, the alarm event parameter determining according to sample data cluster stored in the tables of data is obtained.
14. device according to claim 13, the determination unit is specifically also used to:
Cycle access tables of data to schedule, obtain stored in the tables of data according to the sample data cluster determine Alarm event trigger parameter.
15. device described in 3 or 14 according to claim 1, the determination unit is specifically used for:
By comparing history trigger parameter and current trigger parameter in the tables of data, comparison result is obtained;According to the ratio Compared with as a result, determining the first trigger parameter of the first alarm event.
16. device according to claim 15, the determination unit is specifically also used to:
According to the comparison result, current trigger parameter changed parameter information compared with history trigger parameter is extracted;
According to the changed parameter information, the first trigger parameter of the first alarm event is determined.
17. a kind of storage medium, which is characterized in that the storage medium stores computer program instructions, the computer program Method according to any one of claims 1 to 8 is instructed to be executed.
18. a kind of calculating equipment characterized by comprising for storing the memory of computer program instructions and for executing The processor of computer program instructions, wherein when the computer program instructions are executed by the processor, trigger the calculating and set Standby perform claim requires 1 to 8 described in any item methods.
CN201910472632.0A 2019-05-31 2019-05-31 Information processing method and device Active CN110363381B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910472632.0A CN110363381B (en) 2019-05-31 2019-05-31 Information processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910472632.0A CN110363381B (en) 2019-05-31 2019-05-31 Information processing method and device

Publications (2)

Publication Number Publication Date
CN110363381A true CN110363381A (en) 2019-10-22
CN110363381B CN110363381B (en) 2023-12-22

Family

ID=68214988

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910472632.0A Active CN110363381B (en) 2019-05-31 2019-05-31 Information processing method and device

Country Status (1)

Country Link
CN (1) CN110363381B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111538563A (en) * 2020-04-14 2020-08-14 北京宝兰德软件股份有限公司 Event analysis method and device for Kubernetes
CN112346934A (en) * 2020-11-10 2021-02-09 深圳市康必达控制技术有限公司 Intelligent alarm method
CN113314233A (en) * 2021-07-30 2021-08-27 明品云(北京)数据科技有限公司 Event tracking processing method, system, equipment and medium

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020082886A1 (en) * 2000-09-06 2002-06-27 Stefanos Manganaris Method and system for detecting unusual events and application thereof in computer intrusion detection
CN104703185A (en) * 2013-12-05 2015-06-10 中国联合网络通信集团有限公司 Information identification method, information identification system and mobile communication network
CN106156026A (en) * 2015-03-24 2016-11-23 中国人民解放军国防科学技术大学 A kind of method based on the data online anomaly of stream fictitious assets
CN106681882A (en) * 2015-11-06 2017-05-17 上海瑞致软件有限公司 IT-service concentrated monitoring and managing system based on Apriori algorithm
CN106878064A (en) * 2017-01-16 2017-06-20 腾讯科技(深圳)有限公司 Data monitoring method and device
US20170277582A1 (en) * 2016-03-28 2017-09-28 Ca, Inc. Identification of distinguishable anomalies extracted from real time data streams
CN107451040A (en) * 2017-07-07 2017-12-08 深信服科技股份有限公司 Localization method, device and the computer-readable recording medium of failure cause
CN107528832A (en) * 2017-08-04 2017-12-29 北京中晟信达科技有限公司 Baseline structure and the unknown anomaly detection method of a kind of system-oriented daily record
CN107832200A (en) * 2017-10-24 2018-03-23 平安科技(深圳)有限公司 Alert processing method, device, computer equipment and storage medium
US10102056B1 (en) * 2016-05-23 2018-10-16 Amazon Technologies, Inc. Anomaly detection using machine learning
CN109117350A (en) * 2018-09-20 2019-01-01 北京北信源信息安全技术有限公司 Alarm method, device and the server of automatic monitoring computer software and hardware
US20190044963A1 (en) * 2017-08-02 2019-02-07 Code 42 Software, Inc. User behavior analytics for insider threat detection
CN109509327A (en) * 2018-10-31 2019-03-22 武汉烽火众智数字技术有限责任公司 A kind of abnormal behaviour method for early warning and device

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020082886A1 (en) * 2000-09-06 2002-06-27 Stefanos Manganaris Method and system for detecting unusual events and application thereof in computer intrusion detection
CN104703185A (en) * 2013-12-05 2015-06-10 中国联合网络通信集团有限公司 Information identification method, information identification system and mobile communication network
CN106156026A (en) * 2015-03-24 2016-11-23 中国人民解放军国防科学技术大学 A kind of method based on the data online anomaly of stream fictitious assets
CN106681882A (en) * 2015-11-06 2017-05-17 上海瑞致软件有限公司 IT-service concentrated monitoring and managing system based on Apriori algorithm
US20170277582A1 (en) * 2016-03-28 2017-09-28 Ca, Inc. Identification of distinguishable anomalies extracted from real time data streams
US10102056B1 (en) * 2016-05-23 2018-10-16 Amazon Technologies, Inc. Anomaly detection using machine learning
CN106878064A (en) * 2017-01-16 2017-06-20 腾讯科技(深圳)有限公司 Data monitoring method and device
CN107451040A (en) * 2017-07-07 2017-12-08 深信服科技股份有限公司 Localization method, device and the computer-readable recording medium of failure cause
US20190044963A1 (en) * 2017-08-02 2019-02-07 Code 42 Software, Inc. User behavior analytics for insider threat detection
CN107528832A (en) * 2017-08-04 2017-12-29 北京中晟信达科技有限公司 Baseline structure and the unknown anomaly detection method of a kind of system-oriented daily record
CN107832200A (en) * 2017-10-24 2018-03-23 平安科技(深圳)有限公司 Alert processing method, device, computer equipment and storage medium
CN109117350A (en) * 2018-09-20 2019-01-01 北京北信源信息安全技术有限公司 Alarm method, device and the server of automatic monitoring computer software and hardware
CN109509327A (en) * 2018-10-31 2019-03-22 武汉烽火众智数字技术有限责任公司 A kind of abnormal behaviour method for early warning and device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111538563A (en) * 2020-04-14 2020-08-14 北京宝兰德软件股份有限公司 Event analysis method and device for Kubernetes
CN112346934A (en) * 2020-11-10 2021-02-09 深圳市康必达控制技术有限公司 Intelligent alarm method
CN113314233A (en) * 2021-07-30 2021-08-27 明品云(北京)数据科技有限公司 Event tracking processing method, system, equipment and medium
CN113314233B (en) * 2021-07-30 2021-12-21 明品云(北京)数据科技有限公司 Event tracking processing method, system, equipment and medium

Also Published As

Publication number Publication date
CN110363381B (en) 2023-12-22

Similar Documents

Publication Publication Date Title
US8060342B2 (en) Self-learning integrity management system and related methods
US11201865B2 (en) Change monitoring and detection for a cloud computing environment
CN110363381A (en) A kind of information processing method and device
US20190079965A1 (en) Apparatus and method for real time analysis, predicting and reporting of anomalous database transaction log activity
CN105323111A (en) Operation and maintenance automation system and method
JP2014112400A (en) Method and apparatus for generating configuration rules for computing entities within computing environment by using association rule mining
CN108039959A (en) Situation Awareness method, system and the relevant apparatus of a kind of data
CN106254137B (en) The alarm root analysis system and method for supervisory systems
CN107104848B (en) Information technology system monitoring method and device
CN113949652B (en) User abnormal behavior detection method and device based on artificial intelligence and related equipment
CN112612587B (en) Spark platform dynamic resource allocation method for flow analysis
JP5387779B2 (en) Operation management apparatus, operation management method, and program
CN112988509B (en) Alarm message filtering method and device, electronic equipment and storage medium
CN117971606B (en) Log management system and method based on elastic search
CN104246787A (en) Parameter adjustment for pattern discovery
CN115049410A (en) Electricity stealing behavior identification method and device, electronic equipment and computer readable storage medium
CN116016115A (en) Method, device, equipment, medium and program product for monitoring flow of network line
CN109783310A (en) The Dynamic and Multi dimensional method for safety monitoring and its monitoring device of information technoloy equipment
CN113657536A (en) Object classification method and device based on artificial intelligence
CN117692203A (en) Intelligent event handling strategy recommendation method and system
CN114503132A (en) Debugging and profiling of machine learning model training
CN112883739A (en) Abnormal warning method and device for rating system, electronic equipment and storage medium
CN112732531A (en) Monitoring data processing method and device
CN106095656B (en) A kind of backup of cloud and analysis method and system
Tangsatjatham et al. Hybrid big data architecture for high-speed log anomaly detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200924

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200924

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

GR01 Patent grant
GR01 Patent grant