CN111262719A - Information display method, device and storage medium - Google Patents

Information display method, device and storage medium Download PDF

Info

Publication number
CN111262719A
CN111262719A CN201811486008.8A CN201811486008A CN111262719A CN 111262719 A CN111262719 A CN 111262719A CN 201811486008 A CN201811486008 A CN 201811486008A CN 111262719 A CN111262719 A CN 111262719A
Authority
CN
China
Prior art keywords
attack
information
time
time period
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811486008.8A
Other languages
Chinese (zh)
Other versions
CN111262719B (en
Inventor
杨涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201811486008.8A priority Critical patent/CN111262719B/en
Publication of CN111262719A publication Critical patent/CN111262719A/en
Application granted granted Critical
Publication of CN111262719B publication Critical patent/CN111262719B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/22Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The embodiment of the application provides an information display method, information display equipment and a storage medium. In the information display method, the corresponding relation between the access amount information in the specified time period and the attack amount information in at least one attack mode can be displayed in the display area in a polymerization mode, and based on the effect of the display in the polymerization mode, the corresponding relation between the access amount information and the attack information can be observed visually, so that whether QPS change is caused by attack or not can be identified conveniently, and the efficiency of analyzing the reason of the QPS change is improved.

Description

Information display method, device and storage medium
Technical Field
The present application relates to the field of internet technologies, and in particular, to an information display method, device, and storage medium.
Background
With the development of network technology, websites are often subjected to Web attack intrusion by hackers, access intrusion by malicious bots, and the like. When a website is attacked, the number of access requests Per Second (Query Per Second, QPS) of the website may change, for example, the access amount may increase or black holes may occur. It is necessary to know what causes the QPS change, so as to identify malicious attacks and take security measures in time.
Disclosure of Invention
Aspects of the present application provide an information display method, device, and storage medium, which are used to visually display a correspondence between an access amount and attack information, so as to improve efficiency of analyzing a cause of a QPS change.
An embodiment of the present application provides an information display method, including: responding to the trigger operation of the information display event, and acquiring the access amount information of the computing equipment in a specified time period and the attack amount information in at least one attack mode; in a display area, aggregating and presenting the corresponding relation between the access amount information in the specified time period and the attack amount information in at least one attack mode; wherein, the aggregation presentation refers to collectively displaying a plurality of different information in the same display area.
An embodiment of the present application further provides a display device, including: a memory and a processor; the memory is to store one or more computer instructions; the processor is to execute the one or more computer instructions to: responding to the trigger operation of the information display event, and acquiring the access amount information of the computing equipment in a specified time period and the attack amount information in at least one attack mode; in a display area, aggregating and presenting the corresponding relation between the access amount information in the specified time period and the attack amount information in at least one attack mode; wherein, the aggregation presentation refers to collectively displaying a plurality of different information in the same display area.
The embodiments of the present application further provide a computer-readable storage medium storing a computer program, and the computer program can implement the steps in the information display method provided by the embodiments of the present application when executed.
In the information display method, the corresponding relation between the access amount information in the specified time period and the attack amount information in at least one attack mode can be displayed in a display area in a gathering mode, and based on the effect of the gathering display, the corresponding relation between the access amount information and the attack information can be observed visually, so that whether QPS change is caused by attack or not can be identified conveniently, and the efficiency of analyzing the reason of the QPS change is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flowchart of an information display method according to an exemplary embodiment of the present application;
FIG. 2a is a schematic diagram of a circular time axis provided by an exemplary embodiment of the present application;
FIG. 2b is a schematic diagram of a circular arc timeline provided in an exemplary embodiment of the present application;
FIG. 2c is a schematic diagram of a plurality of circular arc timeline mosaics provided in an exemplary embodiment of the present application;
fig. 3 is a schematic flowchart of an information display method according to another exemplary embodiment of the present application;
FIG. 4a is a schematic diagram of information display with a circular time axis according to an exemplary embodiment of the present application;
FIG. 4b is a schematic diagram of information display with a circular time axis according to another exemplary embodiment of the present application;
fig. 5a is a schematic diagram of information display performed by a circular arc time axis according to an exemplary embodiment of the present application;
fig. 5b is a schematic diagram of information display on a circular arc time axis according to another exemplary embodiment of the present application;
FIG. 6 is a schematic diagram illustrating a peak marker and highlighting time regions provided by an exemplary embodiment of the present application;
FIG. 7a is a schematic diagram illustrating a corresponding floating window in a first time region according to an exemplary embodiment of the present application;
FIG. 7b is a diagram illustrating a corresponding floating window for a second time region according to an exemplary embodiment of the present application;
FIG. 7c is a diagram illustrating a floating window corresponding to a third time region according to an exemplary embodiment of the present application;
FIG. 8 is a schematic diagram of a card for showing attack details provided by an exemplary embodiment of the present application;
fig. 9 is a schematic structural diagram of a display device according to an exemplary embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In order to solve the technical problem that the efficiency of analyzing the QPS change cause is low in the prior art, in some embodiments of the present application, a solution is provided, in which a correspondence between access amount information in a specified time period and attack amount information in at least one attack manner is represented in a display region in a polymerizable manner, and based on an effect of the representation by the polymerization, it is beneficial to intuitively observe the correspondence between the access amount information and the attack information, so as to identify whether the QPS change is caused by an attack, and further improve the efficiency of analyzing the QPS change cause. The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of an information display method according to an exemplary embodiment of the present application, and as shown in fig. 1, the method includes:
step 101, responding to a trigger operation of an information display event, and acquiring access amount information and attack amount information of a computing device in a specified time period in at least one attack mode.
And 102, in the display area, aggregating and presenting the corresponding relation between the access amount information in the specified time period and the attack amount information in at least one attack mode.
The embodiment can be implemented by an information display device, wherein the information display device can include a desktop computer, a notebook computer, a tablet computer, a mobile phone, an intelligent television and other display devices.
In the present embodiment, the information display event refers to an event that can activate an information display function of the display device or an event that notifies the display device of executing an information display step. In some scenarios, the triggering operation for the information display event may be performed by a user. For example, the user may initiate a triggering operation on the information display event through a keyboard, a mouse, a remote controller, or a touch screen of the display device, which is externally connected to the display device. In other scenarios, the triggering of the information display event may be performed by the display device. In such a scenario, the display terminal may initiate a triggering operation on the information display event according to a set period, or initiate a triggering operation on the information display event according to a processing result of another event.
The computing device may include a website, a server, an intelligent device, and other devices that can provide corresponding services to the user, which is not limited in this embodiment. These computing devices may be hacked while providing access services to users. Based on the change situation of the access amount information of the computing device and the change situation of the attack amount information in at least one attack mode, whether the access amount change is caused by the attack of the computing device or not can be analyzed, and the reason for the change of the access amount is conveniently analyzed.
The specified time period may be any time period, for example, three days, one day (i.e., 24 hours), or any number of hours in one day, and this embodiment is not limited.
The at least one attack mode may include one or more of a CC attack (an attack simulating continuous access of multiple users), a CSS (Cross-Site Scripting) attack, an SQL (structured query Language) injection attack, a DDoS (Distributed Denial of Service) attack, and a CSRF (Cross-Site request forgery) attack mode, which is included in the present embodiment but not limited thereto.
The display area may be an area on a display interface of the display device. The aggregation presentation means that a plurality of different information are collectively presented in the same display area, so as to achieve the purpose of presenting the association relationship among the plurality of information on the same screen. In this embodiment, the aggregation presentation specifies a correspondence between the access amount information of the computing device in the time period and the attack amount information in at least one attack manner, which may be considered as: and in the display area, the difference and the connection between the access amount information and the attack amount information in at least one attack mode are displayed in a visualized mode in a centralized mode, so that a user can observe and analyze the access amount information and the attack amount information intuitively. In this embodiment, the correspondence between the access amount information in the specified time period and the attack amount information in at least one attack mode may be aggregated and presented in the display area, and based on the aggregated presentation effect, it is beneficial to visually observe the correspondence between the access amount information and the attack information, so as to identify whether the QPS change is caused by an attack, and further improve the efficiency of analyzing the cause of the QPS change.
It should be noted that, in the above or below embodiments of the present application, the display device may further obtain Access Control (ACL) information of the computing device in a specified time period, and in the display area, aggregate and present a corresponding relationship between the ACL information, and the at least one attack information in the specified time period, which will be described later with reference to the accompanying drawings.
In some exemplary embodiments, the display device may present, in a manner of a circular time axis, a corresponding relationship between the access amount information within a specified time period and the attack amount information in at least one attack manner in an aggregation manner within the display area, as shown in fig. 2 a. Wherein the time length represented by the circular time axis is the specified time period. For example, if the specified time period is 24 hours, the time length represented by the circular time axis is 24 hours; for another example, if the specified time period is 6 hours, the time length represented by the circular time axis is 6 hours.
In other exemplary embodiments, the display device may present, in an aggregated manner, a corresponding relationship between the access amount information in the specified time period and the attack amount information in the at least one attack manner in a manner of a circular arc time axis in the display area. Alternatively, a circular arc-shaped time axis can be regarded as a sector in a circular time axis, as shown in fig. 2 b. The time length represented by the circular arc time axis is the specified period. For example, if the specified time period is 12 hours, the time length represented by the circular arc time axis is 12 hours; for another example, if the specified period is 3 hours, the time length indicated by the circular arc time axis is 3 hours. Fig. 2b illustrates an arc-shaped time axis with a central angle of 90 degrees, it should be understood that, in practice, the central angle of the arc-shaped time axis may be set by user-definition according to actual requirements, which is not repeated.
In some possible cases, when the aggregation presents the correspondence between the access amount information in a plurality of specified time periods and the attack amount information in at least one attack mode, the circular arc-shaped time axes corresponding to the plurality of specified time periods may be spliced into one circular time axis, as shown in fig. 2 c. Fig. 2c illustrates a situation that the circular time axes corresponding to 4 designated time periods (00: 00-06: 00, 06: 00-12: 00, 12: 00-18: 00, 18: 00-24: 00) are spliced into a circular time axis. It should be understood that the number of circular arc time axes that can be spliced to form a circular time axis is determined by the size of the central angle corresponding to the circular arc time axis, and the 4 circular arc time axes shown in fig. 2c are only used for exemplary illustration of the present embodiment.
Optionally, in the foregoing or following embodiments of the present application, when the display device displays a circular or arc-shaped time axis in the display area, a rendering process of the circular or arc-shaped time axis may be displayed by using a special effect of "radar scanning", so as to increase interest of the rendering process and improve user experience.
An alternative embodiment of aggregating and presenting the correspondence between the access amount information in the specified time period and the attack amount information in at least one attack manner in the form of a circular or circular arc-shaped time axis will be further described below with reference to the accompanying drawings.
Fig. 3 is a schematic flowchart of an information display method according to another exemplary embodiment of the present application, and as shown in fig. 3, the method includes:
step 301, responding to the trigger operation of the information display event, and acquiring the access amount information of the computing device in a specified time period and the attack amount information in at least one attack mode.
And 302, respectively displaying the access amount information and the attack amount information under at least one attack mode in the specified time period on a plurality of concentric circles of a circular time axis or a plurality of concentric arc-shaped circles of an arc-shaped time axis.
And 303, displaying the peak mark of the access amount corresponding to at least one time area and/or the peak mark of the attack amount in at least one attack mode in a plurality of time areas included in the specified time period.
In step 301, optionally, a time period is specified, which may be: the last time of display is the starting time, and the current time is the time period of the ending time; can be as follows: a time period in which a set time is a start time (for example, a zero time of a day) and a current time is an end time; it is also possible to customize the set time period for the user, for example 14: 00-16: 00.
optionally, in some embodiments, the access amount information of the computing device in the specified time period and the attack amount information in the at least one attack mode may be obtained by the display device from an external database or a server.
In other embodiments, the display device has an access amount counting function and an attack amount counting function, and the access amount information and the attack amount information within a specified time period obtained through counting can be stored in a local storage space of the display device. In this embodiment, the display device may acquire the access amount information in the specified time period and the attack amount information in the at least one attack mode from the local storage space, which is not described again.
After obtaining the access amount information in the specified time period and the attack amount information in the at least one attack mode, step 302 may be executed next, and the access amount information in the specified time period and the attack amount information in the at least one attack mode are respectively displayed on a plurality of concentric rings of a circular time axis, as shown in fig. 4a and 4 b; or, on a plurality of concentric arc rings of the arc-shaped time axis, the access amount information and the attack amount information in at least one attack mode in the specified time period are respectively shown, as shown in fig. 5a and 5 b.
Next, the details will be described by taking fig. 4a as an example.
For convenience of description, the embodiment may define the concentric circles on the circular time axis as a first concentric circle and a second concentric circle. Wherein the first concentric ring may comprise one or more concentric rings, depending on the number of access categories; for example, when the access amount information includes two access types, the first concentric ring includes two concentric rings. The second concentric ring may also comprise one or more concentric rings, depending on the number of attack modes; for example, when the attack amount information includes three attack patterns, the second concentric ring may include three concentric rings. Optionally, according to the information of the access amount in the specified time period, a curve of the access amount situation in the specified time period, such as the curve shown in fig. 4a, may be drawn on the first concentric circle of the circular time axis, and the curve of the access amount situation may visually reflect the variation trend of the access amount in the specified time period.
Optionally, according to the attack amount information in the at least one attack manner in the specified time period, an attack amount situation curve in the at least one attack manner in the specified time period may be drawn on a second concentric circle of the circular time axis, as shown in fig. 4 a; the attack amount situation curve can visually and vividly reflect the change trend of the attack amount under at least one attack mode in a specified time period. When there are multiple attack modes, for example, a CC attack mode and a DDoS attack mode as shown in fig. 4a, attack amount situation curves in the CC attack mode and the DDoS attack mode may be respectively drawn, so that a user may visually analyze different attack modes.
Optionally, according to the attack amount information in the at least one attack mode in the specified time period, a warning mark that the attack amount in the at least one attack mode in the specified time period is greater than the set attack amount threshold may be drawn on a second concentric circle of the circular time axis. The attack amount threshold may be an empirical value or a value set by a user in a self-defined manner, which is not limited herein. Optionally, when the warning mark is displayed, the attack time at which the attack amount is greater than the set attack amount threshold may be used as the target attack time, and the warning mark may be displayed on the circular time axis at the time scale corresponding to the target attack time, as shown in fig. 4 b.
It should be noted that, in this embodiment, the manner of showing the attack amount information shown in fig. 4a and 4b may be executed alone or in combination. When the combination is executed, the attack amount situation curve and the warning mark can be displayed on the second concentric ring, and the illustration is not drawn.
Next, the details will be described by taking fig. 5a and 5b as an example.
For convenience of description, the embodiment may define the concentric arc rings on the arc time axis as a first concentric arc ring and a second concentric arc ring. Wherein the first concentric arc-shaped ring may comprise one or more concentric arc-shaped rings, depending on the number of access categories; for example, when the access amount information includes two access categories, the first concentric arc ring includes two concentric arc rings. The second concentric arc ring may also comprise one or more concentric arc rings, depending on the number of attack modes; for example, when the attack amount information includes three attack patterns, the second concentric arc-shaped ring may include three concentric arc-shaped rings.
Optionally, according to the information of the access amount in the specified time period, a curve of the access amount situation in the specified time period, such as the curve shown in fig. 5a, may be drawn on the first concentric arc ring of the arc-shaped time axis, and the curve of the access amount situation may visually reflect the change trend of the access amount in the specified time period.
Optionally, according to the attack amount information in the at least one attack manner in the specified time period, an attack amount situation curve in the at least one attack manner in the specified time period may be drawn on the second concentric arc ring of the arc-shaped time axis, as shown in fig. 5 a; the attack amount situation curve can visually and vividly reflect the change trend of the attack amount under at least one attack mode in a specified time period. When there are multiple attack modes, for example, the SQL attack mode and the CSRF attack mode shown in fig. 5a, attack amount situation curves in the SQL attack mode and the CSRF attack mode may be respectively drawn for a user to intuitively analyze different attack modes.
Optionally, according to the attack amount information in the at least one attack mode in the specified time period, a warning mark that the attack amount in the at least one attack mode in the specified time period is greater than the set attack amount threshold may be drawn on the second concentric arc ring of the arc-shaped time axis. The attack amount threshold may be an empirical value or a value set by a user in a self-defined manner, which is not limited herein. Optionally, when the warning mark is displayed, the attack time at which the attack amount is greater than the set attack amount threshold may be used as the target attack time, and the warning mark may be displayed on the arc-shaped time axis at the time scale corresponding to the target attack time, as shown in fig. 5 b.
It should be noted that, in this embodiment, the manner of showing the attack amount information shown in fig. 5a and 5b may be executed alone or in combination. When the combination is executed, the attack amount situation curve and the warning mark can be displayed on the second concentric arc-shaped ring, and the attack amount situation curve and the warning mark are not shown.
In each of the above drawings, access control information within a specified time period is also shown, and optionally, the access control information may be represented by the number of times that at least one attack mode hits an access control rule, which may be represented by a situation change curve as shown in fig. 4a and 5a, or may be represented by an alert flag as shown in fig. 4b or 5b, and is not described again.
In the information display method provided in this embodiment, the scales on the circular or circular arc-shaped time axis are located on the radius of the circle or the circular arc, respectively, based on which the access amount and the attack amount at the same time can be correspondingly displayed in the same radial direction within the specified time period. Furthermore, the access amount and the attack amount at the same moment can be related through the same radius, and the relevance between different information and the convenience of user application data are improved.
Next, in step 303, optionally, the specified time period may be divided into a plurality of time zones. In some exemplary embodiments, the specified time period is divided by a time unit of a circular or circular arc-shaped time axis, for example, the specified time period may be divided by the length of each time region being an integer multiple of the time unit on the circular or circular arc-shaped time axis. Wherein, the time unit refers to the time length between two adjacent scales on the time axis. For example, if the time unit of the circular or arc-shaped time axis is 15 minutes, the specified time period may be divided into a plurality of time regions having a duration of 15 minutes. This way of partitioning facilitates observation and analysis of the corresponding changes in the amount of attacks and the amount of accesses over a specified time period with a small time granularity.
Optionally, in this embodiment, a first time zone having a peak of the access amount may be determined according to the access amount corresponding to each time zone in the specified time period, and a peak mark of the access amount corresponding to the first time zone is shown, as shown in fig. 6. The peak value of the access amount may be a maximum value of the access amount in the first time region, and the maximum value of the access amount is greater than a set access amount threshold. The peak value of the visit volume characterizes the surge amplitude of the visit volume in the first time zone and the corresponding surge time. It should be understood that only one first time zone is illustrated in fig. 6, but in practice the first time zone may comprise one time zone or a plurality of time zones, as the case may be.
Optionally, in this embodiment, a second time zone in which an attack amount peak exists in at least one attack manner may be determined according to the attack amount in the at least one attack manner corresponding to each time zone in a specified time period, and a peak mark of the attack amount corresponding to the second time zone is shown, as shown in fig. 6. Wherein, the peak value of the attack amount may be a maximum value of the access amount in the second time region, and the maximum value of the attack amount is greater than the set attack amount threshold. The attack magnitude peak characterizes the maximum value of the attack magnitude in the second time region, as well as the prevailing attack moment. The second time zone may include one time zone or a plurality of time zones, as the case may be.
Optionally, in this embodiment, a third time zone in which an access amount peak and an attack amount peak in at least one attack mode exist may be determined according to the access amount corresponding to each time zone in a specified time period and the attack amount in at least one attack mode, and a peak mark of the access amount corresponding to the third time zone and a peak mark of the attack amount in at least one attack mode are shown, as shown in fig. 6. The third time zone may include one time zone or a plurality of time zones, as the case may be.
Optionally, in this embodiment, a peak mark may be added to the peak on the access volume situation curve and the attack volume situation curve to prompt the user to pay attention to the peak. Alternatively, the peak mark may be a mark point, as shown in fig. 6, in practice, a brighter color may be designed for the mark point to achieve a better display effect. Optionally, in this embodiment, the peak positions on the access volume situation curve and the attack volume situation curve may also be pointed by arrows to serve as peak marks. It should be understood that the above-mentioned peak marks are merely illustrative, and the present embodiment includes but is not limited thereto.
It should be understood that, in this embodiment, the step numbers 302 and 303 are only used to distinguish different operations, and in practice, the step numbers 302 and 303 are not executed in an obvious sequential order.
In this embodiment, the correspondence between the access amount information in the specified time period and the attack amount information in at least one attack manner is presented in an aggregation manner by using a circular or arc-shaped time axis, which is beneficial to visually observing the correspondence between the access amount information and the attack information, so as to identify whether the QPS change is caused by an attack, and further improve the efficiency of analyzing the cause of the QPS change.
Further optionally, in the step 303, in addition to showing the peak marks for the first time zone, the second time zone and the third time zone, in some exemplary embodiments, floating windows corresponding to the time zones may be further shown, and access quantity values and/or attack quantity values in at least one attack mode corresponding to the time zones are shown in the floating windows, as shown in fig. 7a to 7 c.
For example, for a first time region with a peak value of the access amount, the peak value of the access amount corresponding to the first time region and the attack amount value in at least one attack mode may be shown in a floating window corresponding to the first time region, as shown in fig. 7 a. Further, the user can intuitively observe the attack amount value when the amount reaches the peak value.
For another example, for a second time region having an attack amount peak in at least one attack manner, the access amount value corresponding to the second time region and the attack amount peak in at least one attack manner may be displayed in a floating window corresponding to the second time region, as shown in fig. 7 b. Further, the user can intuitively observe the influence on the attack amount value when the attack amount reaches the peak value.
For another example, for a third time region having an access amount peak and an attack amount peak in at least one attack mode, the access amount peak corresponding to the third time region and the attack amount peak in at least one attack mode may be displayed in a floating window corresponding to the third time region, as shown in fig. 7 c. Further, the user can intuitively observe the time when the access amount and the attack amount increase sharply and the mutual influence between the access amount and the attack amount.
Optionally, in some exemplary embodiments, the display device may automatically display the floating window corresponding to the first time region, the second time region, and/or the third time region in turn. That is to say, under the condition that the user does not need to trigger, the floating windows corresponding to the first time zone, the second time zone and/or the third time zone can be automatically and circularly displayed so as to be convenient for the user to view.
Optionally, in other exemplary embodiments, the display device may show the floating windows corresponding to the first time region, the second time region and/or the third time region in turn in response to a triggering operation of the user to view the peak. In this way, a peak-viewing operation icon may be displayed on the circular or circular arc-shaped time axis, and the user may trigger the operation icon to initiate the peak-viewing triggering operation.
Optionally, in further exemplary embodiments, the display device may present, in response to a trigger operation of a user for any one of the first time zone, the second time zone, and the third time zone, a floating window corresponding to the time zone to which the trigger operation is directed. In this way, an operation icon for viewing a peak value can be displayed in the first time region, the second time region and the third time region, and a user can trigger the operation icon to initiate a triggering operation for viewing the peak value. Optionally, the operation icon for viewing the peak value may be implemented by the peak value mark in the above embodiment, that is, the floating window corresponding to the time region may be triggered and displayed when the user views the peak value mark corresponding to the time region, and this implementation improves the simplicity and the ease of operation in the display region.
Further optionally, the step 303 may further include the following steps:
aiming at any time zone in a plurality of time zones contained in a specified time period, responding to a first trigger operation for viewing attack details launched to the time zone, and displaying an attack details card; in the attack detail card, the attack details of at least one attack mode in the time zone are shown, as shown in fig. 8.
Optionally, the first triggering operation of viewing attack details initiated in the time zone may include: the operation of selecting the time zone, for example, a selection operation initiated by a user to the time zone through a touch screen of the display device, an external keyboard or a mouse, may be regarded as a first trigger operation; for another example, the operation of the mouse hovering over the display scale corresponding to the time zone may be regarded as a first trigger operation, which includes but is not limited to this embodiment.
Optionally, the attack details may include a total amount of attack information, for example, an attack distribution situation corresponding to each attack mode, an attack source IP (Internet Protocol) address, a regional characteristic of the attack source IP address, operator information of the attack source IP address, attack frequency ranking, and the like, which the present embodiment includes but is not limited to.
Optionally, in this embodiment, the attack detail card may be displayed in an area other than the circular or circular arc-shaped time axis in the display area, or may be displayed on the circular or circular arc-shaped time axis in a floating layer manner as shown in fig. 8, which is not limited in this embodiment.
Based on the embodiment, the corresponding relation between the attack amount and the visit amount in the designated time area can be displayed on the whole, then the information display effect of the attack details is displayed in a further drilling-down mode by using the information of the attack details card, and further, the user can analyze the reason for the surge of the visit amount without switching pages and inquiring complex data, so that the efficiency is higher.
Optionally, in some embodiments, in response to a second trigger operation of viewing attack details, which is initiated for any one of the plurality of time zones, a correspondence between the access amount information in the time zone and the attack amount information in at least one attack mode may be highlighted. The highlighting may include highlighting a background color of the time region, as shown in fig. 6, or displaying the time region in an enlarged manner, and then, or deepening a frame corresponding to the thickened time region, which includes but is not limited to this embodiment.
It should be noted that, in addition to the steps described in the above embodiments, the information display method provided in the embodiments of the present application further provides a protection configuration function, which will be described in detail below.
In some exemplary embodiments, the display device may display a protection configuration icon in the attack detail card, and in response to a third trigger operation on the protection configuration icon, display a protection configuration page, so that the user configures a corresponding protection policy according to the attack detail, as shown in fig. 8. For example, the user may define the interception rule of the IP address in the protection configuration page, or define the protection rule against domain name attack.
In the implementation mode, the display terminal provides a quick entrance for configuring the protection strategy for the user through the protection configuration icon in the attack detail card, and further, when the attack exists or the attack amount is large, the user can configure the protection strategy quickly, complex page switching operation is not needed any more, and the efficiency is higher.
In other exemplary embodiments, the display device may display a protection configuration icon in the attack detail card, and configure a corresponding protection policy according to the attack detail in response to a fourth trigger operation on the protection configuration icon. In the implementation mode, the corresponding relation between the attack details and the protection strategy can be preset, so that the display device can respond to the protection configuration requirement of a user, automatically configure the corresponding protection strategy according to the attack details, realize the one-key protection function, further improve the efficiency of protection configuration and reduce the loss of the attack to the computing device.
It should be noted that, in addition to displaying the protection configuration icon in the attack detail card, the display terminal may also display the protection configuration icon in the floating window corresponding to the time zone, as shown in fig. 7a to 7c, which is not described again.
It should be noted that the execution subjects of the steps of the methods provided in the above embodiments may be the same device, or different devices may be used as the execution subjects of the methods. For example, the execution subjects of steps 301 to 203 may be device a; for another example, the execution subject of steps 301 and 302 may be device a, and the execution subject of step 303 may be device B; and so on.
In addition, in some of the flows described in the above embodiments and the drawings, a plurality of operations are included in a specific order, but it should be clearly understood that the operations may be executed out of the order presented herein or in parallel, and the sequence numbers of the operations, such as 301, 302, etc., are merely used for distinguishing different operations, and the sequence numbers do not represent any execution order per se. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first", "second", etc. in this document are used for distinguishing different messages, devices, modules, etc., and do not represent a sequential order, nor limit the types of "first" and "second" to be different.
Fig. 9 is a schematic structural diagram of a display device according to an exemplary embodiment of the present application, which can execute the information display method described in the foregoing embodiment. As shown in fig. 9, the display device includes: a memory 901 and a processor 902.
A memory 901 for storing a computer program and may be configured to store other various data to support operations on the display device. Examples of such data include instructions for any application or method operating on the display device, contact data, phonebook data, messages, pictures, videos, and the like.
The memory 901 may be implemented by any type or combination of volatile and non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
A processor 902, coupled to the memory 901, for executing the computer program in the memory 901 for: responding to the trigger operation of the information display event, and acquiring the access amount information of the computing equipment in a specified time period and the attack amount information in at least one attack mode; in the display area, aggregating and presenting the corresponding relation between the access amount information in the specified time period and the attack amount information in at least one attack mode; the aggregation presentation refers to collectively presenting multiple different information in the same display area so as to achieve the purpose of presenting the association relation among the multiple information on the same screen.
Further optionally, the processor 902 is further configured to: acquiring access control information of the computing equipment in a specified time period; and in the display area, the corresponding relation among the access control information, the access amount information and the at least one attack information in the specified time period is presented in an aggregation mode.
Further optionally, when the processor 902 aggregates and presents the corresponding relationship between the access amount information in the specified time period and the attack amount information in at least one attack mode in the display area, specifically configured to: in the display area, the corresponding relation between the access amount information in the specified time period and the attack amount information in one attack mode is displayed in a gathering mode in a circular or circular arc time axis mode; wherein the time length represented by the circular or circular arc-shaped time axis is the specified time period.
Further optionally, when the correspondence between the access amount information in the specified time period and the attack amount information in the less one attack manner is represented in an aggregation manner by using a circular or arc-shaped time axis, the processor 902 is specifically configured to: and respectively displaying the access amount information and the attack amount information under at least one attack mode in the specified time period on a plurality of concentric circles of the circular time axis or a plurality of concentric arc-shaped circles of the arc-shaped time axis.
Further optionally, when the processor 902 shows the access amount information in the specified time period, it is specifically configured to: and drawing a visiting amount situation curve in the specified time period on a first concentric circular ring of the circular time axis or a first concentric arc-shaped ring of the arc-shaped time axis.
Further optionally, when showing the attack amount information in at least one attack manner in the specified time period, the processor 902 is specifically configured to: drawing an attack amount situation curve under at least one attack mode in the specified time period on a second concentric circular ring of the circular time axis or a second concentric arc-shaped ring of the arc-shaped time axis; or, on a second concentric ring of the circular time axis or a second concentric arc ring of the arc time axis, a warning mark that the attack amount is greater than a set attack amount threshold value in at least one attack mode in the specified time period is drawn.
Further optionally, the specified time period is evenly divided into a plurality of time zones; the processor 902 is further configured to: aiming at a first time region with a peak value of the visit amount in the plurality of time regions, showing a peak value mark of the visit amount corresponding to the first time region; and/or aiming at a second time region with an attack amount peak value under at least one attack mode in the plurality of time regions, showing a peak value mark of the attack amount under at least one attack mode corresponding to the second time region; and/or showing the peak value mark of the access amount corresponding to the third time region and the peak value mark of the attack amount under at least one attack mode aiming at the third time region with the access amount peak value and the attack amount peak value under at least one attack mode in a plurality of time regions.
Further optionally, the processor 902 is further configured to: displaying a floating window corresponding to the first time region in turn, and displaying an access quantity peak value corresponding to the first time region and an attack quantity value under at least one attack mode in the floating window; and/or alternately showing a floating window corresponding to the second time region, and showing an access quantity value corresponding to the second time region and an attack quantity peak value under at least one attack mode in the floating window; and/or alternately showing a floating window corresponding to the third time region, and showing an access amount peak value corresponding to the third time region and an attack amount peak value under at least one attack mode in the floating window.
Further optionally, for any time zone of the plurality of time zones, the processor 902 is further configured to: responding to a first trigger operation for viewing attack details launched in the time region, and displaying an attack details card; and in the attack detail card, showing the attack details of at least one attack mode in the time region.
Further optionally, the processor 902 is further configured to: displaying a protection configuration icon in the attack detail card; responding to a third trigger operation on the protection configuration icon, and displaying a protection configuration page so that a user can configure a corresponding protection strategy according to the attack details; or a protection configuration icon is displayed in the attack detail card; and responding to the fourth trigger operation of the protection configuration icon, and configuring a corresponding protection strategy according to the attack details.
Further optionally, for any time zone of the plurality of time zones, the processor 902 is further configured to: and responding to a second trigger operation for viewing the attack details launched to the time region, and highlighting the corresponding relation between the access volume information of the time region and the attack volume information in at least one attack mode.
Further, as shown in fig. 9, the display apparatus further includes: communication component 903, display 904, power component 905, audio component 906, and the like. Only some of the components are schematically shown in fig. 9, and it is not meant that the display apparatus includes only the components shown in fig. 9.
Wherein the communication component 903 is configured to facilitate wired or wireless communication between the device in which the communication component is located and other devices. The device in which the communication component is located may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component may be implemented based on Near Field Communication (NFC) technology, Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
The display 904 includes a screen, which may include a Liquid Crystal Display (LCD) and a Touch Panel (TP), among others. If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation.
The power supply 905 provides power to various components of the device in which the power supply is located. The power components may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device in which the power component is located.
The display terminal provided by this embodiment can present, in the display area, the correspondence between the access amount information in the specified time period and the attack amount information in at least one attack manner in an aggregation manner, and based on the effect presented in the aggregation manner, it is beneficial to visually observe the correspondence between the access amount information and the attack information, and further, the efficiency of analyzing the cause of QPS change is improved.
Accordingly, the present application further provides a computer-readable storage medium storing a computer program, where the computer program can implement the steps of the information display method that can be executed by the display device in the method embodiments described above when executed.
It should be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include transitory computer readable media (transmyedia) such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (13)

1. An information display method, comprising:
responding to the trigger operation of the information display event, and acquiring the access amount information of the computing equipment in a specified time period and the attack amount information in at least one attack mode;
in a display area, aggregating and presenting the corresponding relation between the access amount information in the specified time period and the attack amount information in at least one attack mode; wherein, the aggregation presentation refers to collectively displaying a plurality of different information in the same display area.
2. The method of claim 1, further comprising:
acquiring access control information of the computing equipment in a specified time period; and
and in the display area, the corresponding relation among the access control information, the access amount information and at least one attack information in the specified time period is presented in an aggregation manner.
3. The method according to claim 1, wherein in the display area, the aggregation and presentation of the corresponding relationship between the access amount information in the specified time period and the attack amount information in at least one attack mode comprises:
in the display area, the corresponding relation between the access amount information in the specified time period and the attack amount information in at least one attack mode is displayed in a gathering mode in a circular or circular arc time axis mode; wherein the time length represented by the circular or circular arc-shaped time axis is the specified time period.
4. The method according to claim 3, wherein the aggregation presentation of the correspondence between the access amount information in the specified time period and the attack amount information in at least one attack manner is performed in a manner of a circular or circular arc-shaped time axis, and comprises:
and respectively displaying the access amount information in the specified time period and the attack amount information in at least one attack mode on the plurality of concentric circles of the circular time axis or the plurality of concentric arc-shaped circles of the arc-shaped time axis.
5. The method of claim 4, wherein presenting the access volume information for the specified time period comprises:
and drawing an access volume situation curve in the specified time period on the first concentric circular ring of the circular time axis or the first concentric arc-shaped ring of the arc-shaped time axis.
6. The method of claim 5, wherein displaying the attack amount information of at least one attack mode in the specified time period comprises:
drawing an attack amount situation curve under at least one attack mode in the specified time period on a second concentric circular ring of the circular time axis or a second concentric arc-shaped ring of the arc-shaped time axis; alternatively, the first and second electrodes may be,
and drawing a warning mark with the attack amount larger than a set attack amount threshold value in at least one attack mode in the specified time period on a second concentric circular ring of the circular time axis or a second concentric arc-shaped ring of the arc-shaped time axis.
7. The method according to any one of claims 3-6, wherein the specified time period is evenly divided into a plurality of time zones; the method further comprises the following steps:
aiming at a first time region with a visit quantity peak value in the plurality of time regions, showing a peak value mark of the visit quantity corresponding to the first time region; and/or the presence of a gas in the gas,
aiming at a second time region with an attack amount peak value under at least one attack mode in the plurality of time regions, showing a peak value mark of the attack amount under at least one attack mode corresponding to the second time region; and/or the presence of a gas in the gas,
and aiming at a third time region with an access amount peak value and an attack amount peak value under at least one attack mode in the plurality of time regions, showing a peak value mark of the access amount corresponding to the third time region and a peak value mark of the attack amount under at least one attack mode.
8. The method of claim 7, further comprising:
displaying a floating window corresponding to the first time region in turn, and displaying an access quantity peak value corresponding to the first time region and an attack quantity value under at least one attack mode in the floating window; and/or the presence of a gas in the gas,
displaying the floating window corresponding to the second time region in turn, and displaying the access quantity value corresponding to the second time region and the attack quantity peak value under at least one attack mode in the floating window; and/or the presence of a gas in the gas,
and displaying the floating window corresponding to the third time region in turn, and displaying the visit volume peak value corresponding to the third time region and the attack volume peak value under at least one attack mode in the floating window.
9. The method of claim 7, further comprising, for any of the plurality of time regions:
responding to a first trigger operation for viewing attack details launched to the time region, and displaying an attack details card;
and displaying the attack details in at least one attack mode in the time region in the attack detail card.
10. The method of claim 9, further comprising:
displaying a protection configuration icon in the attack detail card; responding to a third trigger operation on the protection configuration icon, and displaying a protection configuration page so that a user can configure a corresponding protection strategy according to the attack details;
or
Displaying a protection configuration icon in the attack detail card; responding to the fourth trigger operation of the protection configuration icon, and configuring a corresponding protection strategy according to the attack details.
11. The method of claim 7, further comprising, for any of the plurality of time regions:
and responding to a second trigger operation for viewing the attack details launched to the time region, and highlighting the corresponding relation between the access volume information of the time region and the attack volume information in at least one attack mode.
12. A display device, comprising: a memory and a processor;
the memory is to store one or more computer instructions;
the processor is to execute the one or more computer instructions to: responding to the trigger operation of the information display event, and acquiring the access amount information of the computing equipment in a specified time period and the attack amount information in at least one attack mode; in a display area, aggregating and presenting the corresponding relation between the access amount information in the specified time period and the attack amount information in at least one attack mode; wherein, the aggregation presentation refers to collectively displaying a plurality of different information in the same display area.
13. A computer-readable storage medium storing a computer program, wherein the computer program is capable of implementing the information display method according to any one of claims 1 to 11 when executed.
CN201811486008.8A 2018-12-03 2018-12-03 Information display method, device and storage medium Active CN111262719B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811486008.8A CN111262719B (en) 2018-12-03 2018-12-03 Information display method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811486008.8A CN111262719B (en) 2018-12-03 2018-12-03 Information display method, device and storage medium

Publications (2)

Publication Number Publication Date
CN111262719A true CN111262719A (en) 2020-06-09
CN111262719B CN111262719B (en) 2022-12-02

Family

ID=70950693

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811486008.8A Active CN111262719B (en) 2018-12-03 2018-12-03 Information display method, device and storage medium

Country Status (1)

Country Link
CN (1) CN111262719B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113727067A (en) * 2021-08-17 2021-11-30 杭州海康威视系统技术有限公司 Alarm display method and device, electronic equipment and machine-readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103138986A (en) * 2013-01-09 2013-06-05 天津大学 Website abnormal access behavior detection method based on visual analysis
CN106301971A (en) * 2016-11-17 2017-01-04 国家电网公司 Electric power application performance monitoring system based on flow analysis
WO2017084529A1 (en) * 2015-11-19 2017-05-26 阿里巴巴集团控股有限公司 Network attacks identifying method and device
CN106953837A (en) * 2015-11-03 2017-07-14 丛林网络公司 With the visual integrating security system of threat
CN108259425A (en) * 2016-12-28 2018-07-06 阿里巴巴集团控股有限公司 The determining method, apparatus and server of query-attack
CN108924169A (en) * 2018-09-17 2018-11-30 武汉思普崚技术有限公司 A kind of visual network security system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103138986A (en) * 2013-01-09 2013-06-05 天津大学 Website abnormal access behavior detection method based on visual analysis
CN106953837A (en) * 2015-11-03 2017-07-14 丛林网络公司 With the visual integrating security system of threat
WO2017084529A1 (en) * 2015-11-19 2017-05-26 阿里巴巴集团控股有限公司 Network attacks identifying method and device
CN106301971A (en) * 2016-11-17 2017-01-04 国家电网公司 Electric power application performance monitoring system based on flow analysis
CN108259425A (en) * 2016-12-28 2018-07-06 阿里巴巴集团控股有限公司 The determining method, apparatus and server of query-attack
CN108924169A (en) * 2018-09-17 2018-11-30 武汉思普崚技术有限公司 A kind of visual network security system

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
于粉娟: "基于多元异构网络安全数据的可视化融合分析方法研究", 《自动化与仪器仪表》 *
张胜等: "信息熵时序和树图用于NetFlow可视化的研究", 《高技术通讯》 *
张胜等: "基于多元异构网络安全数据可视化融合分析方法", 《计算机应用》 *
袁斌等: "网络安全可视化综述", 《信息安全学报》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113727067A (en) * 2021-08-17 2021-11-30 杭州海康威视系统技术有限公司 Alarm display method and device, electronic equipment and machine-readable storage medium

Also Published As

Publication number Publication date
CN111262719B (en) 2022-12-02

Similar Documents

Publication Publication Date Title
US10929266B1 (en) Real-time visual playback with synchronous textual analysis log display and event/time indexing
US11516255B2 (en) Dynamic policy injection and access visualization for threat detection
US11769200B1 (en) Account vulnerability alerts
US20210318793A1 (en) Method and Apparatus for Managing Notification Bar Message
US10148701B1 (en) Automatic development and enforcement of least-privilege security policies
CN112333130B (en) Data processing method, device and storage medium
EP2942731B1 (en) Identifying and securing sensitive data at its source
US20170180332A1 (en) System and method to provide server control for access to mobile client data
RU2660625C2 (en) Request processing method and apparatus
US11727143B2 (en) Live discovery of enterprise threats based on security query activity
US20140380475A1 (en) User centric fraud detection
TWI726393B (en) Multi-frame cyber security analysis device and related computer program product for generating multiple associated data frames
KR101503701B1 (en) Method and Apparatus for Protecting Information Based on Big Data
US10599839B2 (en) Security investigations using a card system framework
CN106980442B (en) Icon management method and electronic equipment
CN106201204B (en) Start the method and apparatus of application function
US10635857B2 (en) Card system framework
US20150089043A1 (en) User Device Monitoring
CN111262719B (en) Information display method, device and storage medium
EP3022675B1 (en) Methods, apparatuses, and computer program products for hiding access to information in an image
CN106789973A (en) The safety detecting method and terminal device of the page
US10180768B1 (en) Techniques for presenting information on a graphical user interface
US9420029B2 (en) Mobile device application rating
CN109582406B (en) Script-based security survey using a card system framework
US20180157858A1 (en) System and Methods for Context-Aware and Situation-Aware Secure, Policy-Based Access Control for Computing Devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant