CN111090655A - Early warning method and device based on monitoring data, electronic equipment and storage medium - Google Patents

Early warning method and device based on monitoring data, electronic equipment and storage medium Download PDF

Info

Publication number
CN111090655A
CN111090655A CN201911389069.7A CN201911389069A CN111090655A CN 111090655 A CN111090655 A CN 111090655A CN 201911389069 A CN201911389069 A CN 201911389069A CN 111090655 A CN111090655 A CN 111090655A
Authority
CN
China
Prior art keywords
key value
monitoring
early warning
data
name
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911389069.7A
Other languages
Chinese (zh)
Other versions
CN111090655B (en
Inventor
卢宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Mininglamp Software System Co ltd
Original Assignee
Beijing Mininglamp Software System Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Mininglamp Software System Co ltd filed Critical Beijing Mininglamp Software System Co ltd
Priority to CN201911389069.7A priority Critical patent/CN111090655B/en
Publication of CN111090655A publication Critical patent/CN111090655A/en
Application granted granted Critical
Publication of CN111090655B publication Critical patent/CN111090655B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2255Hash tables
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24552Database cache management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2471Distributed queries

Abstract

The application provides an early warning method and device based on monitoring data, electronic equipment and a computer readable storage medium, wherein the method comprises the following steps: reading the name of a specified key value item in the monitoring strategy, and acquiring key value data corresponding to the name of the specified key value item in the monitoring data; judging whether the hash value of the key value data obtained by calculation hits a target hash value corresponding to the name of the cached appointed key value item; if yes, checking whether the monitoring data meets the early warning condition in the monitoring strategy or not, and sending out early warning information when the early warning condition is met. According to the method and the device, the key value data corresponding to the name of the appointed key value item are calculated, whether the calculated hash value hits the cached target hash value or not is judged, the monitoring object which is worth paying attention is screened out from the monitoring data, and the early warning information can be sent out when the monitoring data of the monitoring object meets the early warning condition in the monitoring strategy, so that the calculation cost is reduced, and the processing efficiency of the monitoring data is improved.

Description

Early warning method and device based on monitoring data, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a monitoring data based early warning method and apparatus, an electronic device, and a computer-readable storage medium.
Background
The security technology becomes more intelligent and efficient at the present day of the high-speed development of the internet, and can perform reconnaissance on the monitoring range in all weather and multiple dimensions. Currently, the monitoring data may include personnel information, Device information, vehicle information, and the like, the personnel information may include an identification number, an age, a gender, a face image, and the like, the Device information may include a Media Access Control (MAC) Address, an International Mobile Equipment Identity (IMEI) and a Unique Device Identifier (UDID), and the vehicle information may include a license plate number, a vehicle color, and the like.
The security system may pre-configure a plurality of security policies. After the server of the security system obtains the monitoring data, each security policy table entry in the security policy table is usually traversed, and the monitoring data is checked based on the security policy therein, so as to determine whether to need early warning.
However, in the face of massive monitoring data, the way that the server side checks the monitoring data based on the security policy in turn is very inefficient.
Disclosure of Invention
An object of the embodiment of the present application is to provide an early warning method based on monitoring data, which is used to improve the processing efficiency of the monitoring data.
The embodiment of the application provides a monitoring data-based early warning method, which comprises the following steps:
reading a name of a designated key value item in a monitoring strategy, and acquiring key value data corresponding to the name of the designated key value item in monitoring data;
calculating the key value data through a preset algorithm, and judging whether the calculated hash value hits a target hash value corresponding to the name of the cached appointed key value item;
and if the target hash value corresponding to the name of the specified key value item is hit, checking whether the monitoring data meets the early warning condition in the monitoring strategy or not, and sending out early warning information when the early warning condition is met.
In one embodiment, before reading the specified key value item name in the monitoring policy, the method further comprises:
determining a data server side for sending the monitoring data;
searching a monitoring strategy table entry corresponding to the data server side in a preset monitoring strategy table, and determining a monitoring strategy according to the searched monitoring strategy table entry;
the monitoring policy table comprises a plurality of monitoring policy table entries, and each monitoring policy table entry records one monitoring policy.
In an embodiment, the checking whether the monitoring data meets an early warning condition in the monitoring policy, and sending out early warning information when the early warning condition is met includes:
if the early warning condition of the monitoring strategy comprises at least one first key value item name and at least one second key value item name, respectively acquiring key value data corresponding to the first key value item name and key value data corresponding to the second key value item name from the monitoring data;
the first key value item name has a cached target hash value, and the second key value item name has a corresponding key value data range;
calculating the acquired key value data corresponding to the first key value name through a preset algorithm, and judging whether the calculated hash value hits a target hash value corresponding to the first key value name;
if all the calculated hash values hit the cached target hash value, judging whether the obtained key value data corresponding to the second key value item name is located in a key value data range corresponding to the second key value item name;
and when all the key value data corresponding to the second key value item names are located in the corresponding key value data range, determining that the early warning condition is met, and outputting early warning information.
In an embodiment, the checking whether the monitoring data meets an early warning condition in the monitoring policy, and sending out early warning information when the early warning condition is met includes:
if the early warning condition of the monitoring strategy comprises at least one first key value item name, acquiring key value data corresponding to the first key value item name from the monitoring data; wherein the first key value item name has a cached target hash value;
calculating the acquired key value data corresponding to the first key value name through a preset algorithm, and judging whether the calculated hash value hits a target hash value corresponding to the first key value name;
and if all the calculated hash values hit the cached target hash value, determining that the early warning condition is met, and outputting early warning information.
In an embodiment, the checking whether the monitoring data meets an early warning condition in the monitoring policy, and sending out early warning information when the early warning condition is met includes:
if the early warning condition of the monitoring strategy comprises at least one second key value item name, acquiring key value data corresponding to the second key value item name from the monitoring data; wherein the second key-value item name has a corresponding key-value data range;
judging whether the acquired key value data corresponding to the second key value item name is located in a key value data range corresponding to the second key value item name;
and when all the key value data corresponding to the second key value item names are located in the corresponding key value data range, determining that the early warning condition is met, and outputting early warning information.
In an embodiment, the method further comprises:
receiving a monitoring strategy configuration instruction, wherein the monitoring strategy configuration instruction comprises at least one monitoring strategy;
and generating a monitoring strategy table item for the monitoring strategy in the monitoring strategy configuration instruction, and adding the monitoring strategy table item to the monitoring strategy table.
In an embodiment, the method further comprises:
checking the key value item name of the corresponding key value data indicated by the monitoring strategy;
and calculating the key value data corresponding to each key value item name through a preset algorithm, and writing the calculated hash value into a local memory space as a target hash value corresponding to the key value item name.
The embodiment of the application further provides an early warning device based on monitoring data, including:
the acquisition module is used for reading the name of a specified key value item in the monitoring strategy and acquiring key value data corresponding to the name of the specified key value item in the monitoring data;
the calculation module is used for calculating the key value data through a preset algorithm and judging whether the hash value obtained by calculation hits a target hash value corresponding to the name of the cached appointed key value item;
and the early warning module is used for checking whether the monitoring data meets the early warning condition in the monitoring strategy or not if the target hash value corresponding to the name of the specified key value is hit, and sending out early warning information when the early warning condition is met.
Further, an embodiment of the present application further provides an electronic device, where the electronic device includes:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the above-mentioned early warning method based on the monitoring data.
Further, an embodiment of the present application further provides a computer-readable storage medium, where the storage medium stores a computer program, and the computer program may be executed by a processor to perform the above-mentioned early warning method based on monitoring data.
According to the technical scheme provided by the embodiment of the application, after key value data of monitoring data is obtained according to the name of the specified key value item in the monitoring strategy, a hash value is calculated for the key value data, and whether the hash value hits a target hash value corresponding to the cached name of the specified key value item is checked; if the target hash value is hit, determining that the entity indicated by the monitoring data is a monitoring object; the measures can quickly screen out the monitoring object worth attention from the massive monitoring data, and can send out early warning information when the monitoring data of the monitoring object meets the early warning condition in the monitoring strategy, so that the calculation cost is reduced, and the processing efficiency of the monitoring data is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required to be used in the embodiments of the present application will be briefly described below.
Fig. 1 is a schematic view of an application scenario illustrating an early warning method based on monitoring data according to an exemplary embodiment of the present application;
FIG. 2 is a schematic structural diagram of an electronic device according to an exemplary embodiment of the present application;
fig. 3 is a schematic flowchart illustrating an early warning method based on monitoring data according to an embodiment of the present disclosure;
fig. 4 is a block diagram of an early warning device based on monitoring data according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Fig. 1 is a schematic view of an application scenario of a monitoring data-based early warning method according to an embodiment of the present application. As shown in fig. 1, the application scenario diagram includes a monitoring server 30 and a data server 20, where the monitoring server 30 may be a server or a server cluster cloud computing center, and the data server 20 may be a server or a server cluster cloud computing center. The data server 20 may collect monitoring data from data sources such as a monitoring camera, a traffic system front-end device, a public security information system, a hotel accommodation management system, and the like, and store the collected monitoring data in a local database according to a predefined format. The data server 20 may transmit the monitoring data to the monitoring server 30, so that the monitoring server 30 may analyze the monitoring data by using the method provided in the embodiment of the present application, and detect the monitoring object that needs to be pre-warned.
As shown in fig. 2, the present embodiment provides an electronic apparatus 1 including: at least one processor 11, a memory 12 and a display carrier 13, one processor 11 being exemplified in fig. 2. The processor 11, the memory 12 and the display carrier 13 are connected by a bus 10, and the memory 12 stores instructions executable by the processor 11, and the instructions are executed by the processor 11, so that the electronic device 1 can execute all or part of the flow of the method in the embodiments described below. In an embodiment, the electronic device 1 may be the monitoring server 30.
The Memory 12 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk.
The present application also provides a computer-readable storage medium, which stores a computer program executable by the processor 11 to perform the monitoring data based early warning method provided by the present application.
Fig. 3 is a schematic flowchart of a monitoring data-based early warning method according to an embodiment of the present application, and as shown in fig. 3, the method may include the following steps 301 to 303.
Step 301: and reading the name of the appointed key value item in the monitoring strategy, and acquiring the key value data corresponding to the name of the appointed key value item in the monitoring data.
The monitoring server needs to complete the configuration operation locally before performing this step.
In an embodiment, the monitoring server may receive a monitoring policy configuration instruction. Wherein the monitoring policy configuration instruction comprises at least one monitoring policy. The monitoring policy may be defined based on actual requirements, such as: when a major activity is carried out in an administrative center area, if a person at the bottom of a case enters the area and stays for a certain period of time (for example, two days), an early warning message can be sent to the person.
The monitoring server may generate a monitoring policy entry for the monitoring policy in the monitoring policy configuration instruction, and add the monitoring policy entry to the local monitoring policy table.
The monitoring server side can update the monitoring strategy table when receiving the monitoring strategy configuration instruction every time, so that the monitoring data is processed by the comprehensive monitoring strategy.
In an embodiment, after updating the monitoring policy table, the monitoring server may check that the key value item name of the corresponding key value data exists in the newly added monitoring policy table entry indicated by the monitoring policy. Such as: if some specified persons need to be monitored in a specific scene, the monitored object can be determined based on the identification number or the telephone number. In this case, the identification number or the telephone number of such a person is a definite value, and therefore, the "identification number" or the "telephone number" is a key value item name in which corresponding key value data exists.
The monitoring server side can calculate the key value data corresponding to each key value name through a preset algorithm, and writes the calculated hash value into a local memory space as a target hash value corresponding to the key value name. Here, the preset Algorithm may include MD5(MD5 Message-Digest Algorithm, MD5 information Digest Algorithm), SHA-1(secure hash Algorithm 1), MD4(MD4 Message-Digest Algorithm, MD5 information Digest Algorithm), and the like.
Such as: if the person with the identification number of 370070199807070035 is monitored, a hash value of the identification number may be calculated, and the calculated hash value may be written into a local memory data system (e.g., Redis) as a target hash value corresponding to the key value item name "identification number" of the monitoring policy. If the monitoring strategy comprises other key value item names with corresponding key value data, the same processing is carried out on other key value data.
Under the screening condition in some monitoring strategies, key value data of the monitoring data may need to be disassembled, and in this case, the target hash value of the key value item name may be calculated after the key value data is disassembled. For example, if an object from some region is to be monitored, the region to which the object belongs may be determined from the first six digits of the identification number or the first three digits of the license plate number, and then the target hash value may be calculated for the first six digits of the key-value data corresponding to the key-value item name "identification number", or the target hash value may be calculated for the first three digits of the key-value data corresponding to the key-value item name "license plate number".
In order to reduce the number of monitoring data to be processed, each monitoring strategy has an appointed key value item name, and the appointed key value item name has corresponding key value data. The monitoring server stores the target hash value corresponding to the name of the specified key value item of each monitoring strategy in the memory, and can quickly screen out the monitoring object in a way of comparing the hash values in the follow-up process.
The name of the designated key value item can be flexibly set based on the application scene and the data source aimed by the monitoring strategy. Such as: if the key value item is the screening condition which is accurately matched in the monitoring strategy, the name of the appointed key value item can be 'identity card number', 'license plate number', 'telephone number', 'MAC address', and the like; if the filtering condition is fuzzy in the monitoring strategy, the name of the assigned key value item can be a 'personnel tag'.
Due to the fact that the monitoring strategies of different application scenes are different, the monitoring server can establish the association relation between the monitoring strategies and the data server. Such as: if the monitoring data transmitted by the data server comes from the hotel accommodation management system, the monitoring data comprises information such as personnel identification numbers, hotel geographic positions, personnel check-in time and the like, and under the condition, the monitoring server can send out early warning according to the fact that sensitive personnel enter a monitoring area in a specified time period. Here, the sensitive person may be a person with a table bottom. In an embodiment, the monitoring server may add, in the monitoring policy entry, an identifier of the corresponding data server, where the identifier may be a MAC address of the data server, a device identifier, and the like.
After the configuration process is completed, the monitoring server may execute step 301.
In an embodiment, after receiving the monitoring data, the monitoring server may determine the data server that sent the monitoring data. The monitoring server can search the monitoring strategy table entry corresponding to the data server in the monitoring strategy table, and then determine the monitoring strategy according to the searched monitoring strategy table entry.
And the monitoring server reads the name of the specified key value item in the monitoring strategy and acquires the key value data corresponding to the name of the specified key value item from the monitoring data.
Such as: the name of a designated key value item in the monitoring strategy is 'personnel tag', and key value data corresponding to the 'personnel tag' can be obtained from monitoring data.
Step 302: and calculating the key value data through a preset algorithm, and determining whether the calculated hash value hits a target hash value corresponding to the cached appointed key value item name.
And after the monitoring server side obtains the key value data, calculating the hash value of the key value data. In an embodiment, if the screening condition in the monitoring policy requires to disassemble the key-value data corresponding to the name of the specified key-value item, the monitoring server needs to disassemble the obtained key-value data at this step. Such as: if the screening condition of the monitoring policy is the first six digits of the identification number, after the identification number is obtained 370070199807070035, the first six digits 370070 can be disassembled, and the hash value of the six digits is calculated.
The monitoring server can search the hash value in a local memory data system and determine whether the cached target hash value corresponding to the name of the specified key value item is hit.
In one case, if any target hash value corresponding to the specified key value item name is not hit, it may be determined that the entity indicated by the monitoring data is not the monitoring object and the monitoring data is not processed.
In another case, a target hash value corresponding to the name of the specified key item is hit, and it may be determined that the entity indicated by the monitoring data is the monitoring object. See step 303 for a specific implementation.
Step 303: and if the target hash value corresponding to the name of the specified key value item is hit, checking whether the monitoring data meets the early warning condition in the monitoring strategy or not, and sending out early warning information when the early warning condition is met.
When the calculated hash value hits the target hash value, the monitoring server can determine that the entity indicated by the monitoring data is the monitoring object, and at this time, whether the monitoring data meets the early warning condition in the monitoring policy can be continuously checked.
The early warning condition of the monitoring policy may include a first key value item name and a second key value item name. Here, the first key value item name refers to a key value item name for which corresponding key value data exists, and for this kind of key value item name, the monitoring server has written a target hash value calculated based on the key value data into the memory in the configuration stage. The second key-value item name refers to a key-value item name having a corresponding key-value data range, for example, if the monitoring policy requires screening of people between 25 and 35 years old, the key-value data range corresponding to the "age" of the second key-value item name is 25 to 35.
In an embodiment, if the early warning condition of the monitoring policy includes at least one first key value item name and at least one second key value item name, the monitoring server may obtain, from the monitoring data, key value data corresponding to the first key value item name and key value data corresponding to the second key value item name, respectively.
The monitoring server can calculate the key value data corresponding to the obtained first key value item name through a preset algorithm, and judge whether the calculated hash value hits the target hash value corresponding to the first key value item name. And if at least two first key value item names exist, the monitoring server calculates each piece of key value data acquired, and respectively judges whether the calculated hash value hits the corresponding target hash value.
In one case, if any one of the calculated hash values does not hit the cached target hash value, it is determined that the monitored object indicated by the monitoring data does not satisfy the early warning condition.
In another case, if all the calculated hash values hit the cached target hash value, it may be determined whether the obtained key-value data corresponding to the second key-value item name is located within the key-value data range corresponding to the second key-value item name.
And if the key value data corresponding to any second key value item name is not in the key value data range corresponding to the second key value item name, determining that the monitoring object indicated by the monitoring data does not meet the early warning condition.
If all the key value data corresponding to the second key value item names are located in the corresponding key value data range, it can be determined that the monitored object indicated by the monitoring data meets the early warning condition, and at this time, the monitoring server can output early warning information.
In an embodiment, if the early warning condition of the monitoring policy includes at least one first key value item name, the monitoring server may obtain key value data corresponding to the first key value item name from the monitoring data.
The monitoring server can calculate the key value data corresponding to the obtained first key value item name through a preset algorithm, and judge whether the calculated hash value hits the target hash value corresponding to the first key value item name. And if at least two first key value item names exist, the monitoring server calculates each piece of key value data acquired, and respectively judges whether the calculated hash value hits the corresponding target hash value.
In one case, if any one of the calculated hash values does not hit the cached target hash value, it is determined that the monitored object indicated by the monitoring data does not satisfy the early warning condition.
In another case, if all the calculated hash values hit the cached target hash value, it may be determined that the monitored object indicated by the monitoring data satisfies the early warning condition, and at this time, the monitoring server may output the early warning information.
In an embodiment, if the early warning condition of the monitoring policy includes that the at least one second key-value name monitoring server side can obtain key-value data corresponding to the second key-value name from the monitoring data.
The monitoring server can determine whether the obtained key-value data corresponding to the second key-value item name is located within the key-value data range corresponding to the second key-value item name.
In one case, if the key-value data corresponding to any one second key-value item name is not within the key-value data range corresponding to the second key-value item name, it is determined that the monitoring object indicated by the monitoring data does not satisfy the early warning condition.
In another case, if all the key-value data corresponding to the second key-value item names are located in the corresponding key-value data range, it can be determined that the monitoring object indicated by the monitoring data meets the early-warning condition, and at this time, the monitoring server can output the early-warning information.
To sum up, in the embodiment of the present application, the monitoring server caches the target hash value corresponding to the name of the specified key value item in the monitoring policy in the local memory data system, and after receiving the monitoring data, calculates the hash value for the key value data corresponding to the name of the specified key value item in the monitoring data, and searches for the cached target hash value, thereby quickly screening out the monitoring data indicating the monitored object; the measure can screen the monitoring data which needs more attention from the massive monitoring data, thereby greatly reducing the calculated amount of the monitoring server;
further, when the monitoring server side checks whether the preliminarily screened monitoring data meet the early warning condition, the monitoring server side calculates the hash value of the key value data, checks whether the cached target hash value is hit, and compares the key value data with the key value data range in the early warning strategy; the monitoring data are compared in the monitoring strategy in the whole detection process, and the comparison process is improved through Hash calculation, so that the processing efficiency of the monitoring server on the monitoring data is improved.
Fig. 4 is a block diagram of an early warning apparatus based on monitoring data according to an embodiment of the present invention, where the apparatus may include: an acquisition module 410, a calculation module 420, and an early warning module 430.
The obtaining module 410 is configured to read a name of an assigned key value item in the monitoring policy, and obtain key value data corresponding to the name of the assigned key value item in the monitoring data.
The calculating module 420 is configured to calculate the key value data through a preset algorithm, and determine whether the calculated hash value hits a target hash value corresponding to the cached name of the specified key value item.
The early warning module 430 is configured to, if a target hash value corresponding to the name of the specified key value is hit, check whether the monitoring data meets an early warning condition in the monitoring policy, and send out early warning information when the early warning condition is met.
In an embodiment, the apparatus further includes:
and a determining module (not shown in the figure) for determining the data server side for sending the monitoring data.
A searching module (not shown in the figure) configured to search a preset monitoring policy table for a monitoring policy entry corresponding to the data server, and determine a monitoring policy according to the searched monitoring policy entry; the monitoring policy table comprises a plurality of monitoring policy table entries, and each monitoring policy table entry records one monitoring policy.
In an embodiment, the aforementioned warning module 430 is further configured to:
if the early warning condition of the monitoring strategy comprises at least one first key value item name and at least one second key value item name, respectively acquiring key value data corresponding to the first key value item name and key value data corresponding to the second key value item name from the monitoring data; the first key value item name has a cached target hash value, and the second key value item name has a corresponding key value data range;
calculating the acquired key value data corresponding to the first key value name through a preset algorithm, and judging whether the calculated hash value hits a target hash value corresponding to the first key value name;
if all the calculated hash values hit the cached target hash value, judging whether the obtained key value data corresponding to the second key value item name is located in a key value data range corresponding to the second key value item name;
and when all the key value data corresponding to the second key value item names are located in the corresponding key value data range, determining that the early warning condition is met, and outputting early warning information.
In an embodiment, the aforementioned warning module 430 is further configured to:
if the early warning condition of the monitoring strategy comprises at least one first key value item name, acquiring key value data corresponding to the first key value item name from the monitoring data; wherein the first key value item name has a cached target hash value;
calculating the acquired key value data corresponding to the first key value name through a preset algorithm, and judging whether the calculated hash value hits a target hash value corresponding to the first key value name;
and if all the calculated hash values hit the cached target hash value, determining that the early warning condition is met, and outputting early warning information.
In an embodiment, the aforementioned warning module 430 is further configured to:
if the early warning condition of the monitoring strategy comprises at least one second key value item name, acquiring key value data corresponding to the second key value item name from the monitoring data; wherein the second key-value item name has a corresponding key-value data range;
judging whether the acquired key value data corresponding to the second key value item name is located in a key value data range corresponding to the second key value item name;
and when all the key value data corresponding to the second key value item names are located in the corresponding key value data range, determining that the early warning condition is met, and outputting early warning information.
In an embodiment, the apparatus further includes:
a receiving module (not shown in the figure) for receiving a monitoring policy configuration instruction, where the monitoring policy configuration instruction includes at least one monitoring policy;
an updating module (not shown in the figure) is configured to generate a monitoring policy entry for the monitoring policy in the monitoring policy configuration instruction, and add the monitoring policy entry to the monitoring policy table.
In an embodiment, the update module (not shown) is further configured to:
checking the key value item name of the corresponding key value data indicated by the monitoring strategy;
and calculating the key value data corresponding to each key value item name through a preset algorithm, and writing the calculated hash value into a local memory space as a target hash value corresponding to the key value item name.
The implementation processes of the functions and actions of each module in the device are specifically described in the implementation processes of the corresponding steps in the early warning method based on the monitoring data, and are not described herein again.
In the embodiments provided in the present application, the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

Claims (10)

1. A pre-warning method based on monitoring data is characterized by comprising the following steps:
reading a name of a designated key value item in a monitoring strategy, and acquiring key value data corresponding to the name of the designated key value item in monitoring data;
calculating the key value data through a preset algorithm, and judging whether the calculated hash value hits a target hash value corresponding to the name of the cached appointed key value item;
and if the target hash value corresponding to the name of the specified key value item is hit, checking whether the monitoring data meets the early warning condition in the monitoring strategy or not, and sending out early warning information when the early warning condition is met.
2. The method of claim 1, wherein prior to reading a specified key value item name in the monitoring policy, the method further comprises:
determining a data server side for sending the monitoring data;
searching a monitoring strategy table entry corresponding to the data server side in a preset monitoring strategy table, and determining a monitoring strategy according to the searched monitoring strategy table entry;
the monitoring policy table comprises a plurality of monitoring policy table entries, and each monitoring policy table entry records one monitoring policy.
3. The method of claim 1, wherein the checking whether the monitoring data satisfies an early warning condition in the monitoring policy and sending out early warning information when the early warning condition is satisfied comprises:
if the early warning condition of the monitoring strategy comprises at least one first key value item name and at least one second key value item name, respectively acquiring key value data corresponding to the first key value item name and key value data corresponding to the second key value item name from the monitoring data;
the first key value item name has a cached target hash value, and the second key value item name has a corresponding key value data range;
calculating the acquired key value data corresponding to the first key value name through a preset algorithm, and judging whether the calculated hash value hits a target hash value corresponding to the first key value name;
if all the calculated hash values hit the cached target hash value, judging whether the obtained key value data corresponding to the second key value item name is located in a key value data range corresponding to the second key value item name;
and when all the key value data corresponding to the second key value item names are located in the corresponding key value data range, determining that the early warning condition is met, and outputting early warning information.
4. The method of claim 1, wherein the checking whether the monitoring data satisfies an early warning condition in the monitoring policy and sending out early warning information when the early warning condition is satisfied comprises:
if the early warning condition of the monitoring strategy comprises at least one first key value item name, acquiring key value data corresponding to the first key value item name from the monitoring data; wherein the first key value item name has a cached target hash value;
calculating the acquired key value data corresponding to the first key value name through a preset algorithm, and judging whether the calculated hash value hits a target hash value corresponding to the first key value name;
and if all the calculated hash values hit the cached target hash value, determining that the early warning condition is met, and outputting early warning information.
5. The method of claim 1, wherein the checking whether the monitoring data satisfies an early warning condition in the monitoring policy and sending out early warning information when the early warning condition is satisfied comprises:
if the early warning condition of the monitoring strategy comprises at least one second key value item name, acquiring key value data corresponding to the second key value item name from the monitoring data; wherein the second key-value item name has a corresponding key-value data range;
judging whether the acquired key value data corresponding to the second key value item name is located in a key value data range corresponding to the second key value item name;
and when all the key value data corresponding to the second key value item names are located in the corresponding key value data range, determining that the early warning condition is met, and outputting early warning information.
6. The method of claim 2, further comprising:
receiving a monitoring strategy configuration instruction, wherein the monitoring strategy configuration instruction comprises at least one monitoring strategy;
and generating a monitoring strategy table item for the monitoring strategy in the monitoring strategy configuration instruction, and adding the monitoring strategy table item to the monitoring strategy table.
7. The method of claim 6, further comprising:
checking the key value item name of the corresponding key value data indicated by the monitoring strategy;
and calculating the key value data corresponding to each key value item name through a preset algorithm, and writing the calculated hash value into a local memory space as a target hash value corresponding to the key value item name.
8. An early warning device based on monitoring data, comprising:
the acquisition module is used for reading the name of a specified key value item in the monitoring strategy and acquiring key value data corresponding to the name of the specified key value item in the monitoring data;
the calculation module is used for calculating the key value data through a preset algorithm and judging whether the hash value obtained by calculation hits a target hash value corresponding to the name of the cached appointed key value item;
and the early warning module is used for checking whether the monitoring data meets the early warning condition in the monitoring strategy or not if the target hash value corresponding to the name of the specified key value is hit, and sending out early warning information when the early warning condition is met.
9. An electronic device, characterized in that the electronic device comprises:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to perform the monitoring data based alerting method of any one of claims 1-7.
10. A computer-readable storage medium, characterized in that the storage medium stores a computer program executable by a processor to perform the monitoring data based alerting method of any one of claims 1-7.
CN201911389069.7A 2019-12-27 2019-12-27 Early warning method and device based on monitoring data, electronic equipment and storage medium Active CN111090655B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911389069.7A CN111090655B (en) 2019-12-27 2019-12-27 Early warning method and device based on monitoring data, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911389069.7A CN111090655B (en) 2019-12-27 2019-12-27 Early warning method and device based on monitoring data, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111090655A true CN111090655A (en) 2020-05-01
CN111090655B CN111090655B (en) 2023-11-03

Family

ID=70398466

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911389069.7A Active CN111090655B (en) 2019-12-27 2019-12-27 Early warning method and device based on monitoring data, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111090655B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113037734A (en) * 2021-03-02 2021-06-25 上海德易车信息科技有限公司 Service state monitoring method and system for isolated network
CN113064800A (en) * 2021-04-19 2021-07-02 上海安畅网络科技股份有限公司 Early warning method and device, electronic equipment and readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105743721A (en) * 2014-12-09 2016-07-06 博雅网络游戏开发(深圳)有限公司 Data uploading method, and method and device for processing uploaded data
CN106961352A (en) * 2017-03-29 2017-07-18 努比亚技术有限公司 Monitoring system and monitoring method
US20190258729A1 (en) * 2018-02-22 2019-08-22 Samsung Electronics Co., Ltd. Key-value storage device and operating method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105743721A (en) * 2014-12-09 2016-07-06 博雅网络游戏开发(深圳)有限公司 Data uploading method, and method and device for processing uploaded data
CN106961352A (en) * 2017-03-29 2017-07-18 努比亚技术有限公司 Monitoring system and monitoring method
US20190258729A1 (en) * 2018-02-22 2019-08-22 Samsung Electronics Co., Ltd. Key-value storage device and operating method thereof

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113037734A (en) * 2021-03-02 2021-06-25 上海德易车信息科技有限公司 Service state monitoring method and system for isolated network
CN113037734B (en) * 2021-03-02 2022-11-04 上海德易车信息科技有限公司 Service state monitoring method and system for isolated network
CN113064800A (en) * 2021-04-19 2021-07-02 上海安畅网络科技股份有限公司 Early warning method and device, electronic equipment and readable storage medium
CN113064800B (en) * 2021-04-19 2023-03-24 上海安畅网络科技股份有限公司 Early warning method and device, electronic equipment and readable storage medium

Also Published As

Publication number Publication date
CN111090655B (en) 2023-11-03

Similar Documents

Publication Publication Date Title
CN111475804B (en) Alarm prediction method and system
CN111177129B (en) Method, device, equipment and storage medium for constructing label system
CN112308001A (en) Data analysis method and personnel tracking method and system for smart community
CN111368619B (en) Suspicious person detection method, suspicious person detection device and suspicious person detection equipment
CN110619277A (en) Multi-community intelligent deployment and control method and system
CN109241223B (en) Behavior track identification method and system
CN116305168B (en) Multi-dimensional information security risk assessment method, system and storage medium
CN111262730B (en) Method and device for processing alarm information
CN111477007A (en) Vehicle checking, controlling, analyzing and managing system and method
CN111090655B (en) Early warning method and device based on monitoring data, electronic equipment and storage medium
CN111882445A (en) Cross-system insurance user information management method, device, equipment and readable medium
CN111078512A (en) Alarm record generation method and device, alarm equipment and storage medium
CN111476685B (en) Behavior analysis method, device and equipment
CN111367906B (en) Abnormal vehicle identification method, device, equipment and computer readable storage medium
CN111767432A (en) Method and device for searching co-occurrence object
CN111371581A (en) Method, device, equipment and medium for detecting business abnormity of Internet of things card
CN112183161B (en) Face database processing method, device and equipment
CN115203354B (en) Vehicle code track pre-association method and device, computer equipment and storage medium
CN115454781B (en) Data visualization display method and system based on enterprise architecture system
CN111639213A (en) Abnormal behavior identification method and device
CN113297583A (en) Vulnerability risk analysis method, device, equipment and storage medium
CN114064574A (en) Trademark monitoring method and device combining RPA and AI, electronic equipment and storage medium
CN110209853B (en) Image searching method, device and equipment for vehicle
CN113495886A (en) Method and device for detecting pollution sample data for model training
CN113344333A (en) Configurable enterprise credit investigation early warning method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant