CN110830517A - Threat data processing method, device, electronic equipment and medium - Google Patents
Threat data processing method, device, electronic equipment and medium Download PDFInfo
- Publication number
- CN110830517A CN110830517A CN202010015895.1A CN202010015895A CN110830517A CN 110830517 A CN110830517 A CN 110830517A CN 202010015895 A CN202010015895 A CN 202010015895A CN 110830517 A CN110830517 A CN 110830517A
- Authority
- CN
- China
- Prior art keywords
- processed
- task
- information
- current
- data processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
Abstract
The invention discloses a threat data processing method, which relates to the technical field of information security and is used for solving the problem that security evaluation on a threat event is difficult due to less data, and the method specifically comprises the following steps: acquiring a task to be processed, wherein the task to be processed comprises more than one ID to be processed; sending the task to be processed to a manufacturer end; receiving feedback sent by a manufacturer end based on the task to be processed and recording the feedback as task feedback, wherein the task feedback comprises information groups corresponding to the IDs to be processed; the information of each to-be-processed ID is updated based on the information group. The invention also discloses a threat data processing device, electronic equipment and a computer readable medium.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a threat data processing method and apparatus, an electronic device, and a medium.
Background
The current informatization development and evolution has greatly changed the social life of human beings, but along with the rapid development of informatization, the network security situation is also more severe. Although the network attack approach gradually evolves towards simplification and synthesis, the network attack type gradually evolves towards diversification and complication.
In the related art of network security analysis, the analysis data used in the related art is generally security data of a general-purpose device, such as a firewall, a security log, and the like, and the analysis of the data can obtain the overall security status of the network.
However, due to the incomplete condition of the data, for example: data only contains IP information, and lacks information such as domain names, attack types, mailboxes, affiliated units of the mailboxes, personal information, operators and the like, so that security evaluation on threat events is difficult.
Disclosure of Invention
In order to overcome the defects of the prior art, one of the objectives of the present invention is to provide a threat data processing method, which enriches the information of each ID to be processed by establishing a communication relationship with a manufacturer terminal and receiving an information group corresponding to the manufacturer terminal.
One of the purposes of the invention is realized by adopting the following technical scheme: a threat data processing method, comprising the steps of:
acquiring a task to be processed, wherein the task to be processed comprises more than one ID to be processed;
sending the task to be processed to a manufacturer end;
receiving task feedback sent by the manufacturer based on the task to be processed, wherein the task feedback comprises information groups corresponding to the IDs to be processed;
and updating the information of each ID to be processed based on the information group.
Further, updating the information of each ID to be processed based on the information group includes the steps of:
selecting a to-be-processed ID from the to-be-processed task, and recording the to-be-processed ID as a first current ID;
querying a current IP associated with the first current ID;
and matching the first current ID with the task feedback to obtain an information group corresponding to the first current ID, recording the information group as a current information group, and updating the threat information of the current IP based on the current information group.
Further, updating the information of each ID to be processed based on the information group, further comprises the steps of:
selecting a to-be-processed ID from the to-be-processed task, and recording the to-be-processed ID as a second current ID;
and setting the state of the second current ID as a source to be traced.
Further, the number of times the to-be-processed ID is recorded as the first current ID is set as a number A, the number of times the to-be-processed ID is recorded as the second current ID is set as a number B,
updating the information of each ID to be processed based on the information group, further comprising the steps of:
inquiring the times A and B of the ID to be processed;
and judging whether the frequency A is smaller than a first preset value or not and whether the frequency B is smaller than a second preset value or not, and if so, deleting the corresponding ID to be processed from the task to be processed.
Further, the task to be processed is obtained, and the method comprises the following steps:
acquiring a marked IP and inquiring regional data of the marked IP;
and judging whether the area data of the marked IP exists or not, if so, entering an area processing mode, otherwise, marking the marked IP without the area data as the IP to be processed and entering a non-area processing mode.
Further, the area processing mode includes the steps of:
acquiring an IP notification database, wherein the IP notification database comprises notified and IP to be notified;
and judging whether the marked IP existing in the regional data is matched with the IP notification database, and if not, updating the IP notification database.
Further, the no-region processing mode includes the steps of:
acquiring an IP notification database, wherein the IP notification database comprises notified and IP to be notified;
judging whether the IP to be processed is matched with the IP notification database, if not, updating the IP notification database, marking the corresponding IP to be processed as a first IP, and adding an ID (identity) associated with the first IP to the task to be processed;
if so, recording the to-be-processed IP matched with the IP notification database as a second IP, inquiring the ID associated with the second IP and judging whether the to-be-processed IP is matched with the to-be-processed task, if so, deleting the second IP, otherwise, updating the IP notification database, and adding the ID associated with the second IP to the to-be-processed task.
The second purpose of the present invention is to provide a threat data processing apparatus, which enriches the information of each ID to be processed by establishing a communication relationship with a manufacturer terminal and receiving an information set corresponding to the manufacturer terminal.
The second purpose of the invention is realized by adopting the following technical scheme: a threat data processing apparatus, comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a task to be processed, and the task to be processed comprises more than one ID and is recorded as the ID to be processed;
the sending module is used for sending the task to be processed to a manufacturer end;
a receiving module, configured to receive feedback sent by the manufacturer based on the to-be-processed task, and record the feedback as task feedback, where the task feedback includes information groups corresponding to the to-be-processed IDs;
and the updating module is used for updating the information of each ID to be processed based on the information group.
It is a further object of the invention to provide an electronic device for performing one of the objects of the invention, comprising a processor, a storage medium and a computer program, the computer program being stored in the storage medium and the computer program, when executed by the processor, implementing the above-mentioned threat data processing method.
It is a fourth object of the present invention to provide a computer-readable storage medium storing one of the objects of the invention, having stored thereon a computer program which, when executed by a processor, implements the threat data processing method described above.
Compared with the prior art, the invention has the beneficial effects that: establishing a communication relation with a manufacturer end, and receiving an information group corresponding to the manufacturer end, thereby enriching the information of each ID to be processed; by sending the task to be processed with the ID to be processed and the task feedback corresponding to the ID to be processed, the information of the ID to be processed can be integrated under the same system, so that part of interference information is reduced.
Drawings
FIG. 1 is a block flow diagram of the present threat data processing method;
FIG. 2 is a block diagram of the flow of step S10 in FIG. 1;
FIG. 3 is a block diagram of the flowchart of step S40 in FIG. 1;
FIG. 4 is a block diagram of the threat data processing apparatus;
fig. 5 is a block diagram of the electronic device.
In the figure: 1. an acquisition module; 2. a sending module; 3. a receiving module; 4. an update module; 5. an electronic device; 51. a processor; 52. a memory; 53. an input device; 54. and an output device.
Detailed Description
The present invention will now be described in more detail with reference to the accompanying drawings, in which the description of the invention is given by way of illustration and not of limitation. The various embodiments may be combined with each other to form other embodiments not shown in the following description.
Example one
The embodiment provides a threat data processing method, and aims to solve the problem that security assessment of a threat event is difficult due to less data. Specifically, referring to fig. 1, the threat data processing method includes the following steps.
And step S10, acquiring the task to be processed. Specifically, the to-be-processed task includes one or more to-be-processed IDs. Each ID to be processed is associated with an IP.
And step S20, sending the task to be processed to the manufacturer side. It is worth mentioning that the steps of the threat data processing method are performed on the basis of the execution device. Specifically, the execution device may be a server, a client, a processor, or the like, but the execution device is not limited to the above type.
The execution device is in communication connection with a manufacturer side. For example: the execution equipment can call an interface of a manufacturer end, so that a database of the manufacturer end is accessed or a task to be processed is sent through the interface; the execution device can also directly send the tasks to be processed to the manufacturer end through the network. The communication connection between the execution device and the vendor side is not limited to the above manner.
And step S30, receiving task feedback sent by the manufacturer side based on the task to be processed. Specifically, after receiving the task to be processed, the manufacturer extracts and integrates related data into a corresponding information set based on the ID to be processed, and integrates the information set into a task feedback and feeds the task feedback back to the execution device.
It should be noted that, since the execution device only processes the threat event in the preset area, there is a case where the data only includes the IP information, but since the vendor side has more data, the vendor side often has information such as a domain name, an attack type, a mailbox, a unit to which the mailbox belongs, personal information, and an operator corresponding to the IP information, so that the vendor side enriches the information of the ID to be processed.
The manufacturer end searches information based on the ID to be processed by sending the task to be processed consisting of the ID to be processed, so that an information group only corresponding to the ID to be processed is obtained, and unnecessary data is preliminarily filtered.
Step S40, the information of each to-be-processed ID is updated based on the information group. As each ID to be processed is associated with an IP, the corresponding IP information is updated.
In conclusion, the communication relation is established with the manufacturer end, and the information group corresponding to the manufacturer end is received, so that the information of each ID to be processed is enriched, and a solid data basis is provided for hackers to portray images, comprehensively perceive the overall security condition of the network and find out the security background.
Example two
The embodiment provides a threat data processing method, which is performed on the basis of the first embodiment, as shown in fig. 1, fig. 2 and fig. 3. In the threat data processing method, step S10 specifically includes the following steps.
Step S101, obtaining the marked IP and inquiring the area data of the marked IP. It is worth noting that the label IP is an attack IP meeting the attack requirement or a target IP meeting the attacked requirement.
Wherein, inquiring the area data of the marked IP comprises the following steps: acquiring an IP address library; and matching the marked IP with the IP address library to obtain the regional data of the marked IP. It should be noted that the IPs in the IP address base are associated with area data, operators, uses, and the like. The area data may be none or nonexistent, or may be a specific location.
Step S102, judging whether the area data of the marked IP exists, if so, executing step S103 and entering an area processing mode; if not, step S104 is executed to enter the no-region processing mode. Therefore, the marked IP is subjected to shunting processing so as to improve the overall efficiency. Wherein, the mark IP of the area data nonexistence is recorded as the IP to be processed.
Specifically, step S103 includes step S1031, step S1032, and step S1033.
Step S1031, obtaining IP report database. The IP notification database comprises notified and to-be-notified IPs, wherein the notified IP represents that the notified IP is recorded and stored, and the to-be-notified IP represents that the state of the to-be-notified IP is to be traced or processed. It is worth noting that the IP state associated with the pending ID in the pending task is pending.
Step S1032, judging whether the marked IP existing in the area data is matched with the IP notification database, if not, executing step S1033, and adding the marked IP existing in the area data to the IP notification database to update the IP notification database; if yes, updating the matching times of the label IP of the area data or directly ending.
Specifically, step S104 includes step S1041, step S1042, and step S1043.
Step S1041, obtaining IP report database. The IP notification database in this step is the same as the IP notification database in step S1031.
Step S1042, judging whether the IP to be processed is matched with an IP notification database, if not, executing step S1043; if yes, go to step S1044.
Step S1043, mark the to-be-processed IP not matching the IP notification database as a first IP, add the first IP to the IP notification database to update the IP notification database, and add the ID associated with the first IP to the processing task.
By the method, the IP notification database is updated, the selection of the ID to be processed in the task to be processed is realized, namely, the IP associated with the ID to be processed does not have regional data, and part of the IP does not match with the IP notification database, so that the number of the ID to be processed is ensured, and the processing efficiency of the execution equipment is improved.
Step S104 further includes step S1044, step S1045, step S1046, and step S1047.
Specifically, in step S1044, the to-be-processed IP matched with the IP notification database is recorded as the second IP, and the ID associated with the second IP is queried. Then, executing step S1045, determining whether the second IP matches the task to be processed, if yes, executing step S1046, and deleting the second IP; if not, step S1047 is executed to add the second IP to the IP notification database to update the IP notification database, and add the ID associated with the second IP to the to-be-processed task. By the technical scheme, the heavy pending IDs in the pending tasks are avoided, so that the processing efficiency is improved.
As a preferred technical solution, updating the information of each ID to be processed based on the information group specifically includes steps S401 to S403.
Step S401, a to-be-processed ID is selected from the to-be-processed task and recorded as a first current ID. It should be noted that, when the IDs to be processed in the tasks to be processed are arranged out of order, the selection mode may be random; when the IDs to be processed in the tasks to be processed are arranged in order, the selection mode may be selected according to an arrangement order, or may be selected randomly, preferably according to an arrangement order. But the selection is not limited to the above.
Step S402, inquiring the current IP associated with the first current ID. It is to be noted that the area data of the current IP does not exist.
And S403, matching the first current ID with the task feedback to obtain an information group corresponding to the first current ID, recording the information group as a current information group, and updating the threat information of the current IP based on the current information group.
Specifically, since the task feedback corresponds to the ID to be processed, a corresponding information group can be obtained based on the ID to be processed; since the post-analysis process is usually based on IP, the threat information of the current IP is updated.
Updating the information of each to-be-processed ID based on the information group, further includes the following steps S404 to S405.
And S404, selecting a to-be-processed ID from the to-be-processed task and recording the to-be-processed ID as a second current ID. The second current ID is preferably selected in the same manner as the first current ID.
And S405, setting the state of the second current ID as a to-be-traced source so as to trace the second current ID at a later stage and improve the working efficiency.
In order to avoid the repeated execution of the processing procedure of the first current ID and the processing procedure of the second current ID, the information of each ID to be processed is updated based on the information group, and the method further comprises step S406 and step S407. Preferably, after step S403 or step S405 is completed, step S406 and step S407 are sequentially performed.
And step S406, inquiring the times A and the times B of the selected ID to be processed. And setting the times of recording the ID to be processed as the first current ID as times A which are less than a first preset value, and setting the times of recording the ID to be processed as the second current ID as times B which are less than a second preset value. Wherein the first and second set points can be set manually and are both preferably 2.
It should be noted that, in step S401, when the number of times that the to-be-processed ID is recorded as the first current ID is greater than or equal to the first preset number of times, step S402 and step S403 are not executed; when the number of times that the to-be-processed ID is recorded as the second current ID is greater than or equal to the second preset number of times, step S405 is not performed. Wherein the processing of the first current ID may be performed independently from the processing of the second current ID, as shown in fig. 3; or executing the processing procedure of the first current ID first and then executing the processing procedure of the second current ID; the processing of the second current ID may be performed first, followed by the processing of the first current ID.
Step 407, determine whether the number of times a is smaller than the first preset value and the number of times B is smaller than the second preset value. If yes, go to step S408, delete the corresponding pending ID from the pending task and update the IP notification database. Thereby avoiding repeated execution of subsequent steps. By the technical scheme, the ID to be processed can be ensured to execute a complete updating process only once.
The threat data processing method may further include tracing the ID whose state is to be traced. Specifically, in step S407, before deleting the to-be-processed ID, the to-be-processed ID in the state of being to-be-traced is recorded as the to-be-traced IP and added to the to-be-traced task. It should be noted that information such as threat types and discovery time can be acquired through the tracing task, and after completion, the status label to be traced is deleted and added to the IP notification database.
EXAMPLE III
The embodiment provides a threat data processing device, and aims to solve the problem that security assessment of a threat event is difficult due to less data. Specifically, referring to fig. 4, the threat data processing apparatus includes an acquisition module 1, a transmission module 2, a reception module 3, and an update module 4.
The acquisition module is used for acquiring the tasks to be processed, and the tasks to be processed comprise more than one ID to be processed; the sending module is used for sending the task to be processed to a manufacturer end; the receiving module is used for receiving feedback sent by a manufacturer end based on the task to be processed and recording the feedback as task feedback, and the task feedback comprises information groups corresponding to the IDs to be processed; the updating module is used for updating the information of each ID to be processed based on the information group.
Preferably, in the updating module 4, the updating of the information of each ID to be processed based on the information group includes the following steps: selecting an ID to be processed from the task to be processed, and recording the ID as a first current ID; querying a current IP associated with the first current ID; and matching the first current ID with the task feedback to obtain an information group corresponding to the first current ID, recording the information group as a current information group, and updating the threat information of the current IP based on the current information group.
Preferably, in the updating module 4, the updating of the information of each ID to be processed based on the information group includes the following steps: updating the information of each ID to be processed based on the information group, further comprising the steps of: selecting an ID to be processed from the task to be processed, and recording the ID as a second current ID; and setting the state of the second current ID as the source to be traced.
Preferably, in the updating module 4, the updating the information of each ID to be processed based on the information group further includes the following steps: inquiring the times A and B of the ID to be processed; and judging whether the frequency A is smaller than the first preset value or not and whether the frequency B is smaller than the second preset value or not, and if so, deleting the corresponding ID to be processed from the task to be processed.
Example four
The electronic device 5 may be a desktop computer, a notebook computer, a server (a physical server or a cloud server), or even a mobile phone or a tablet computer,
fig. 5 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention, as shown in fig. 4 and fig. 5, the electronic device 5 includes a processor 51, a memory 52, an input device 53, and an output device 54; the number of the processors 51 in the computer device may be one or more, and one processor 51 is taken as an example in fig. 5; the processor 51, the memory 52, the input device 53 and the output device 54 in the electronic apparatus 5 may be connected by a bus or other means, and the bus connection is exemplified in fig. 5.
The memory 52 is a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the threat data processing method in the embodiment of the present invention, in the threat data processing apparatus, the acquiring module 1, the sending module 2, the receiving module 3, and the updating module 4. The processor 51 executes various functional applications and data processing of the electronic device 5 by executing software programs, instructions/modules stored in the memory 52, that is, the threat data processing method of any embodiment or combination of embodiments of the first to second embodiments is realized.
The memory 52 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 52 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. The memory 52 may further be arranged to comprise memory located remotely with respect to the processor 51, which may be connected to the electronic device 5 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
It is noted that the input device 53 may be used to receive data such as a task to be processed. The output device 54 may include a document or a display screen or the like. Specifically, when the output device is a document, the corresponding information can be recorded in the document according to a specific format, and data integration is realized while data storage is realized; when the output device 54 is a display device such as a display screen, the corresponding information is directly placed on the display screen, so that the user can view the information in real time.
EXAMPLE five
An embodiment of the present invention further provides a computer-readable storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the above-mentioned threat data processing method, where the method includes:
acquiring a task to be processed, wherein the task to be processed comprises more than one ID and is recorded as the ID to be processed;
sending the task to be processed to a manufacturer end;
receiving task feedback sent by a manufacturer end based on the task to be processed, wherein the task feedback comprises information groups corresponding to the IDs to be processed;
the information of each to-be-processed ID is updated based on the information group.
Of course, the embodiments of the present invention provide a computer-readable storage medium whose computer-executable instructions are not limited to the above method operations.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, where the computer software product may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FlASH Memory (FlASH), a hard disk or an optical disk of a computer, and includes several instructions to enable an electronic device (which may be a mobile phone, a personal computer, a server, or a network device) to execute the threat data processing method according to any embodiment or any combination of embodiments of the first to third embodiments of the present invention.
It should be noted that, in the embodiment of threat data processing, the included units and modules are only divided according to the functional logic, but are not limited to the above division as long as the corresponding functions can be implemented. In addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
The above embodiments are only preferred embodiments of the present invention, and the protection scope of the present invention is not limited thereby, and any insubstantial changes and substitutions made by those skilled in the art based on the present invention are within the protection scope of the present invention.
Claims (10)
1. A threat data processing method, comprising the steps of:
acquiring a task to be processed, wherein the task to be processed comprises more than one ID to be processed;
sending the task to be processed to a manufacturer end;
receiving task feedback sent by the manufacturer based on the task to be processed, wherein the task feedback comprises information groups corresponding to the IDs to be processed;
and updating the information of each ID to be processed based on the information group.
2. The threat data processing method according to claim 1, wherein updating information for each pending ID based on the set of information comprises the steps of:
selecting a to-be-processed ID from the to-be-processed task, and recording the to-be-processed ID as a first current ID;
querying a current IP associated with the first current ID;
and matching the first current ID with the task feedback to obtain an information group corresponding to the first current ID, recording the information group as a current information group, and updating the threat information of the current IP based on the current information group.
3. The threat data processing method according to claim 2, wherein the information of each pending ID is updated based on the set of information, further comprising the steps of:
selecting a to-be-processed ID from the to-be-processed task, and recording the to-be-processed ID as a second current ID;
and setting the state of the second current ID as a source to be traced.
4. The threat data processing method according to claim 3, wherein the number of times the pending ID is registered as the first current ID is set as a number A, the number of times the pending ID is registered as the second current ID is set as a number B,
updating the information of each ID to be processed based on the information group, further comprising the steps of:
inquiring the times A and B of the ID to be processed;
and judging whether the frequency A is smaller than a first preset value or not and whether the frequency B is smaller than a second preset value or not, and if so, deleting the corresponding ID to be processed from the task to be processed.
5. The threat data processing method according to any one of claims 1 to 4, wherein the obtaining of the task to be processed comprises the steps of:
acquiring a marked IP and inquiring regional data of the marked IP;
and judging whether the area data of the marked IP exists or not, if so, entering an area processing mode, otherwise, marking the marked IP without the area data as the IP to be processed and entering a non-area processing mode.
6. The threat data processing method according to claim 5, wherein the regionalized processing mode comprises the steps of:
acquiring an IP notification database, wherein the IP notification database comprises notified and IP to be notified;
and judging whether the marked IP existing in the regional data is matched with the IP notification database, and if not, updating the IP notification database.
7. The threat data processing method according to claim 5, wherein the no-zone processing mode comprises the steps of:
acquiring an IP notification database, wherein the IP notification database comprises notified and IP to be notified;
judging whether the IP to be processed is matched with the IP notification database, if not, updating the IP notification database, marking the corresponding IP to be processed as a first IP, and adding an ID (identity) associated with the first IP to the task to be processed;
if so, recording the to-be-processed IP matched with the IP notification database as a second IP, inquiring the ID associated with the second IP and judging whether the to-be-processed IP is matched with the to-be-processed task, if so, deleting the second IP, otherwise, updating the IP notification database, and adding the ID associated with the second IP to the to-be-processed task.
8. A threat data processing apparatus, comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a task to be processed, and the task to be processed comprises more than one ID and is recorded as the ID to be processed;
the sending module is used for sending the task to be processed to a manufacturer end;
a receiving module, configured to receive feedback sent by the manufacturer based on the to-be-processed task, and record the feedback as task feedback, where the task feedback includes information groups corresponding to the to-be-processed IDs;
and the updating module is used for updating the information of each ID to be processed based on the information group.
9. An electronic device comprising a processor, a storage medium, and a computer program, the computer program being stored in the storage medium, wherein the computer program, when executed by the processor, implements the threat data processing method of any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the threat data processing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010015895.1A CN110830517B (en) | 2020-01-08 | 2020-01-08 | Threat data processing method, device, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010015895.1A CN110830517B (en) | 2020-01-08 | 2020-01-08 | Threat data processing method, device, electronic equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110830517A true CN110830517A (en) | 2020-02-21 |
| CN110830517B CN110830517B (en) | 2020-05-08 |
Family
ID=69546477
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010015895.1A Active CN110830517B (en) | 2020-01-08 | 2020-01-08 | Threat data processing method, device, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110830517B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101018200A (en) * | 2006-02-10 | 2007-08-15 | 3柯姆公司 | Bi-planar network architecture |
| CN101217618A (en) * | 2008-01-11 | 2008-07-09 | 南京图格科技发展有限公司 | A real-time collection method of STB working status |
| CN101557655A (en) * | 2008-04-11 | 2009-10-14 | 北京闻言科技有限公司 | Method for automatically forming complete GPRS gateway information |
| CN102630046A (en) * | 2012-03-13 | 2012-08-08 | 深圳市九洲电器有限公司 | Data acquisition system, method, set-top box, network server |
| US20180013762A1 (en) * | 2012-05-10 | 2018-01-11 | Centurylink Intellectual Property Llc | System and Method for Secure Machine-To-Machine Communications |
| CN107888607A (en) * | 2017-11-28 | 2018-04-06 | 新华三技术有限公司 | A kind of Cyberthreat detection method, device and network management device |
-
2020
- 2020-01-08 CN CN202010015895.1A patent/CN110830517B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101018200A (en) * | 2006-02-10 | 2007-08-15 | 3柯姆公司 | Bi-planar network architecture |
| CN101217618A (en) * | 2008-01-11 | 2008-07-09 | 南京图格科技发展有限公司 | A real-time collection method of STB working status |
| CN101557655A (en) * | 2008-04-11 | 2009-10-14 | 北京闻言科技有限公司 | Method for automatically forming complete GPRS gateway information |
| CN102630046A (en) * | 2012-03-13 | 2012-08-08 | 深圳市九洲电器有限公司 | Data acquisition system, method, set-top box, network server |
| US20180013762A1 (en) * | 2012-05-10 | 2018-01-11 | Centurylink Intellectual Property Llc | System and Method for Secure Machine-To-Machine Communications |
| CN107888607A (en) * | 2017-11-28 | 2018-04-06 | 新华三技术有限公司 | A kind of Cyberthreat detection method, device and network management device |
Non-Patent Citations (1)
| Title |
|---|
| 韦烈: "基于DNS离线应答流量的恶意域名检测", 《中国优秀硕士学位论文全文数据库(电子期刊)》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110830517B (en) | 2020-05-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20140156711A1 (en) | Asset model import connector | |
| CN110519465B (en) | Telephone platform log query method, terminal equipment, storage medium and device | |
| CN110809010A (en) | Threat information processing method, device, electronic equipment and medium | |
| CN109618176B (en) | Processing method, equipment and storage medium for live broadcast service | |
| CN108762949B (en) | Centralized scheduling method, system, computer equipment and storage medium | |
| CN111049731B (en) | Instant chat application monitoring method and system | |
| US20160149948A1 (en) | Automated Cyber Threat Mitigation Coordinator | |
| CN111953558A (en) | Sensitive information monitoring method and device, electronic equipment and storage medium | |
| CN112738138A (en) | Cloud security hosting method, device, equipment and storage medium | |
| CN106790380A (en) | Data reporting method and device | |
| CN113098852B (en) | Log processing method and device | |
| CN110830500A (en) | Network attack tracking method and device, electronic equipment and readable storage medium | |
| CN110830517B (en) | Threat data processing method, device, electronic equipment and medium | |
| CN109391658B (en) | Account data synchronization method and equipment, storage medium and terminal thereof | |
| CN111046393B (en) | Vulnerability information uploading method and device, terminal equipment and storage medium | |
| CN110990350B (en) | Log analysis method and device | |
| CN115865525B (en) | Log data processing method, device, electronic equipment and storage medium | |
| CN109040089B (en) | Network policy auditing method, equipment and computer readable storage medium | |
| US20180121472A1 (en) | Method and Apparatus of Collecting and Reporting Database Application Incompatibilities | |
| CN111722883A (en) | Method and device for updating interface address and computer readable storage medium | |
| CN115658794A (en) | Data query method and device, computer equipment and storage medium | |
| CN111353116B (en) | Content detection method, system and device, client device and storage medium | |
| CN114185804A (en) | Interface testing method and device and terminal equipment | |
| CN114070624A (en) | Message monitoring method and device, electronic equipment and medium | |
| CN109104499B (en) | Session establishing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |