CN112307480A - Risk analysis method and device for equipment where application software is located - Google Patents
Risk analysis method and device for equipment where application software is located Download PDFInfo
- Publication number
- CN112307480A CN112307480A CN201910673073.XA CN201910673073A CN112307480A CN 112307480 A CN112307480 A CN 112307480A CN 201910673073 A CN201910673073 A CN 201910673073A CN 112307480 A CN112307480 A CN 112307480A
- Authority
- CN
- China
- Prior art keywords
- risk
- terminal equipment
- risk score
- current
- event
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the application provides a risk analysis method and device for equipment where application software is located, wherein the method comprises the following steps: judging whether the terminal equipment has a risk event or not according to the running data of the terminal equipment where the application software is located; if so, determining the type of the current risk event and the quantity of each current risk event, wherein the current risk event is the risk event which is determined at this time and occurs to the terminal equipment; and calculating the current risk score of the terminal equipment according to the type of the current risk event and the quantity of each current risk event, so as to update or newly add the risk score of the terminal equipment in a risk score record according to the current risk score. The embodiment of the application provides a mode for automatically carrying out risk analysis on the terminal equipment where the application software is located, so that the accuracy of the risk analysis result of the terminal equipment where the application software is located is improved, meanwhile, the risk analysis efficiency is also improved, and the labor cost is reduced.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and an apparatus for risk analysis of a device in which application software is located, a device, and a storage medium.
Background
At present, risk analysis is performed on terminal equipment where application software is located, so that the security of the operating environment of the terminal equipment where the application software is located is evaluated according to the risk analysis result. Generally, the process of risk analysis on the terminal device where the application software is located may include: the method comprises the steps of collecting IMEI tampering times, IMSI tampering times, DNS fraud and the like, and then analyzing the collected data with single dimensionality through manual analysis to obtain a risk analysis result of the terminal equipment where the application software is located.
However, in the above method, on one hand, due to the adoption of manual analysis, the analysis result is greatly influenced by human factors (for example, experience), so that the accuracy of the risk analysis result of the terminal device where the application software is located is low, the efficiency is low, and the labor cost is high; on the other hand, because the single-dimensional data is adopted for analysis, the risk analysis cannot be accurately performed on the terminal equipment where the application software is located, and the phenomenon of misjudgment may occur.
Disclosure of Invention
One or more embodiments of the present disclosure provide a risk analysis method and apparatus for a device in which application software is located, a device, and a storage medium, so as to solve the problems in the prior art that a risk analysis result of a terminal device in which application software is located is low in accuracy, low in efficiency, high in labor cost, and possibly misjudgment.
To solve the above technical problem, one or more embodiments of the present specification are implemented as follows:
in one aspect, one or more embodiments of the present specification provide a risk analysis method for a device in which application software is located, including:
judging whether the terminal equipment has a risk event or not according to the running data of the terminal equipment where the application software is located;
if so, determining the type of the current risk event and the quantity of each current risk event, wherein the current risk event is the risk event which is determined at this time and occurs to the terminal equipment;
and calculating the current risk score of the terminal equipment according to the type of the current risk event and the quantity of each current risk event, so as to update or newly add the risk score of the terminal equipment in a risk score record according to the current risk score.
Optionally, the calculating the current risk score of the terminal device according to the category of the current risk event and the number of each of the current risk events includes:
respectively calculating the risk score of each current risk event according to the type and the number of each current risk event;
and calculating the current risk score of the terminal equipment according to the risk score of each current risk event.
Optionally, the calculating the current risk score of the terminal device according to the category of the current risk event and the number of each of the current risk events includes:
obtaining a credible metric value of each current risk event;
determining a target risk event in the current risk event according to the credible metric value of each current risk event and a preset metric value;
and calculating the current risk score of the terminal equipment according to the type of the target risk event and the quantity of each target risk event.
Optionally, the determining, according to the operation data of the terminal device where the application software is located, whether the terminal device has a risk event includes:
and regularly judging whether the terminal equipment has a risk event or not according to the running data of the terminal equipment where the application software is positioned.
Optionally, the method further includes:
if no risk event occurs, inquiring the risk score of the terminal equipment in the risk score record;
if the risk score of the terminal equipment is inquired in the risk score record, judging whether the risk score of the terminal equipment in the risk score record is updated or not according to the latest updating time of the risk score of the terminal equipment in the risk score record;
if the risk score of the terminal equipment in the risk score record is updated, updating the risk score of the terminal equipment in the risk score record to be 0;
and if the risk score of the terminal equipment in the risk score record is not updated, maintaining the risk score of the terminal equipment in the risk score record.
Optionally, the method further includes:
if the risk score of the terminal equipment is not inquired in the risk score record, inquiring whether the terminal equipment has starting data in a preset time period;
if so, newly adding the risk value of the terminal equipment in the risk value record, and setting the risk value of the terminal equipment to be 0;
and if not, matching the current risk score of the terminal equipment according to an equipment rule score table, and adding the risk score of the terminal equipment in the risk score record according to the current risk score of the terminal equipment.
In another aspect, one or more embodiments of the present specification provide a risk analysis apparatus for a device in which application software is located, including:
the judging module is used for judging whether the terminal equipment has a risk event or not according to the running data of the terminal equipment where the application software is located;
a determining module, configured to determine, if the current risk event is a risk event occurring at the terminal device determined this time, a type of the current risk event and a number of each of the current risk events;
and the calculating module is used for calculating the current risk score of the terminal equipment according to the type of the current risk event and the quantity of each current risk event so as to update or newly add the risk score of the terminal equipment in a risk score record according to the current risk score.
Optionally, the apparatus further comprises:
and the acquisition plug-in is used for acquiring the running data of the terminal equipment where the application software is positioned and setting the running data in the application software.
In yet another aspect, one or more embodiments of the present specification provide an electronic device, including a processor, a memory, and a computer program stored on the memory and operable on the processor, where the computer program, when executed by the processor, implements the steps of the risk analysis method for a device in which application software is located according to any one of the above descriptions.
In yet another aspect, one or more embodiments of the present specification provide a computer-readable storage medium on which a computer program is stored, the computer program, when executed by a processor, implementing the steps of the method for risk analysis of a device on which application software is located as described in any one of the above.
By adopting the technical scheme of one or more embodiments of the specification, the type of the current risk event and the number of each current risk event occurring in the terminal equipment where the application software is located are determined, and the current risk score of the terminal equipment where the application software is located is calculated according to the type of the current risk event and the number of each current risk event. On one hand, the current risk score of the terminal equipment where the application software is located is calculated according to the types of the current risk events and the number of each current risk event, namely, the risk analysis is carried out on the terminal equipment where the application software is located by adopting data of multiple dimensions, so that the accuracy of the risk analysis result of the terminal equipment where the application software is located is greatly improved, and the phenomenon of misjudgment is avoided; on the other hand, the method for automatically carrying out risk analysis on the terminal equipment where the application software is located is provided, compared with a manual method, the influence of human factors is avoided, the accuracy of the risk analysis result of the terminal equipment where the application software is located is further improved, meanwhile, the efficiency of the risk analysis is also improved, the labor cost is reduced, and the risk analysis step is simple and easy to execute.
Drawings
In order to more clearly illustrate one or more embodiments or technical solutions in the prior art in the present specification, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in one or more embodiments of the present specification, and other drawings can be obtained by those skilled in the art without inventive exercise.
Fig. 1 is a schematic flowchart of a risk analysis method for a device in which application software is located according to an embodiment of the present application;
fig. 2 is a schematic flow chart illustrating a process of calculating a current risk score of a terminal device where application software is located according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a process of performing risk analysis on a terminal device where application software is located according to an embodiment of the present application;
fig. 4 is a schematic composition diagram of a risk analysis device of a device in which application software is located according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
One or more embodiments of the present disclosure provide a risk analysis method and apparatus for a device in which application software is located, a device, and a storage medium, which are used to solve the problems that a risk analysis result of a terminal device in which application software is located is low in accuracy, low in efficiency, high in labor cost, and possibly misjudgment.
In order to make those skilled in the art better understand the technical solutions in one or more embodiments of the present disclosure, the technical solutions in one or more embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in one or more embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all embodiments. All other embodiments that can be derived by a person skilled in the art from one or more of the embodiments of the present disclosure without making any creative effort shall fall within the protection scope of one or more of the embodiments of the present disclosure.
The embodiment of the present application provides a risk analysis method for a device in which application software is located, where an execution subject of the method may be, for example, a terminal device or a server, where the terminal device may be, for example, a personal computer, and the server may be an independent server or a server cluster composed of multiple servers. Fig. 1 is a schematic flow chart of a risk analysis method of a device in which application software is located according to an embodiment of the present application, and as shown in fig. 1, the method may include the following steps:
step S110, judging whether the terminal equipment has a risk event or not according to the running data of the terminal equipment where the application software is located.
In the embodiment of the application, the operation data of the terminal device where the application software is located can be acquired in the device operation data table. The device operation data table stores the operation data of the terminal device where the application software is located, which is acquired each time. Specifically, a predetermined time period may be set, and the operation data of the terminal device in which the application software is located in the predetermined time period may be acquired in the device operation data table. The predetermined period of time may be set by itself, and the present exemplary embodiment is not particularly limited thereto. For example, if the predetermined time period is one month before the current time, the device operation data table may acquire the operation data of the terminal device where the application software is located within one month before the current time, and if the predetermined time period is one week before the current time, the device operation data table may acquire the operation data of the terminal device where the application software is located within one week before the current time.
In order to continuously analyze the risk of the terminal device where the application software is located, whether a risk event occurs in the terminal device can be judged at regular time according to the operation data of the terminal device where the application software is located, that is, the operation data of the terminal device where the application software is located is obtained in the device operation data table at regular time, so that the risk of the terminal device where the application software is located is analyzed at regular time according to the operation data of the terminal device where the application software is located, which is obtained at regular time. The timing analysis time may be set by itself, for example, 12 points per day, 24 points per day, and the like, and this exemplary embodiment is not particularly limited thereto.
The construction process of the equipment operation data table comprises the following steps: an obtaining plug-in may be set in the application software, where the obtaining plug-in is used to obtain the operation data of the terminal device where the application software is located according to a preset frequency in the processes of starting and working the application software in the terminal device, and upload the operation data of the terminal device where the application software is located, which is obtained each time, to the device operation data table. The preset frequency may be set by itself, and this is not particularly limited in this exemplary embodiment.
The operation data of the terminal device where the application software is located may include data of each event processed during the operation of the terminal device. The terminal device may be, for example, a mobile phone, a computer, and the like, and this exemplary embodiment is not particularly limited thereto. The application software may be, for example, shopping application software, communication application software, etc., and this exemplary embodiment is not particularly limited thereto.
It should be noted that, when the application software is started each time, the operation data of the terminal device where the application software is located may be obtained by obtaining the plug-in, and the risk of the terminal device where the application software is located when the application software is started each time is analyzed according to the operation data of the terminal device where the application software is located, which is obtained when the application software is started.
The process of determining whether the terminal device where the application software is located has a risk event may include: comparing the data of each event in the running data of the terminal equipment where the application software is located with the data of each risk event in a risk event database, wherein the risk event database stores the data of each risk event and the type of each risk event; if the comparison of the data of at least one event in the operation data of the terminal equipment where the application software is located with the data of the risk event in the risk event database is successful, the terminal equipment where the application software is located is judged to have a risk event, and if the comparison of the data of each event in the operation data of the terminal equipment where the application software is located with the data of any risk event in the risk event database is failed, the terminal equipment where the application software is located is judged not to have a risk event.
Step S120, if yes, determining a type of a current risk event and a number of each of the current risk events, where the current risk event is a risk event occurring in the terminal device determined this time.
In the embodiment of the present application, if it is determined that the terminal device where the application software is located has a risk event, the risk event occurring at the terminal device where the application software is located may be determined by comparing the risk event with the data of each risk event in the risk event database, the risk event occurring at the terminal device where the application software is located that is determined this time is determined as a current risk event, and the type of the current risk event and the number of each current risk event are counted.
The types of risk events may include: the method comprises the following steps of DNS fraud, e _ devreuse _ imei (international mobile equipment identification code tampering), e _ devreuse _ imsi (international user identification code tampering), secondary development, accelerator fraud, framework attack, a simulator, equipment multiplexing non-key factors, equipment multiplexing key factors, location fraud, new equipment default values, a modifier, game plug-in, HOST tampering, memory modification, memory acceleration and the like. The type of the current risk event is one or more of the types of risk events described above.
Step S130, calculating the current risk score of the terminal equipment according to the type of the current risk event and the quantity of each current risk event, and updating or adding the risk score of the terminal equipment in a risk score record according to the current risk score.
In the embodiment of the present application, a risk score of each of the current risk events may be calculated according to the type and the number of each of the current risk events; and then, calculating the current risk score of the terminal equipment according to the risk score of each current risk event.
Specifically, the threat score for each current risk event may be looked up in the device threat rules table according to the category of each current risk event, wherein the threat rule table stores the threat score and the category of each risk event, the category of the current risk event may be compared to the category of each risk event in the threat rule table, and determining the threat score of the risk event of the same kind as the current risk event in the device threat rule table as the threat score of the current risk event, the risk score for each current risk event is then calculated based on the threat score and the number of each current risk event, and, in particular, the product of the threat score and the number of each current risk event may be determined as the risk score of each current risk event, and the like, which is not particularly limited in the present exemplary embodiment.
It should be noted that the above process of calculating the risk score of each current risk event is only exemplary and is not intended to limit the present invention.
The method for calculating the current risk score of the terminal device where the application software is located according to the risk score of each current risk event may include the following three ways:
firstly, the risk scores of all current risk events are weighted and summed, and the result of the weighted and summed result is determined as the current risk score of the terminal device where the application software is located, wherein the weighted value of each current risk event can be determined according to the importance of the current risk event.
And secondly, sequencing the current risk events according to the descending order of the risk scores, carrying out weighted summation on the risk scores of the current risk events ranked in the top N, and determining the weighted summation result as the current risk score of the terminal equipment where the application software is located.
Thirdly, sequencing the current risk events according to the descending order of the risk scores, and determining the risk score of the current risk event ranked in the front as the current risk score of the terminal equipment where the application software is located.
It should be noted that the three modes are only exemplary and are not intended to limit the present invention.
In order to further improve the accuracy of calculating the current risk score of the terminal device where the application software is located, as shown in fig. 2, the calculating the current risk score of the terminal device according to the type of the current risk event and the number of each of the current risk events may include:
and step S210, obtaining a credibility metric value of each current risk event.
In the embodiment of the present application, a risk event modification item table may be constructed, and the risk event modification item table stores data items modified after each risk event occurs. Based on the above, the modified data items after each current risk event occurs can be obtained from the terminal device where the application software is located, the matching number of the modified data items after each current risk event occurs and the modified data items after the risk event of the same type in the risk event modification item table is calculated, and the corresponding credibility metric value of each current risk event is determined according to the calculated matching number. Specifically, the more the number of matches, the larger the confidence metric value, and the less the number of matches, the smaller the confidence metric value.
The process of calculating a confidence measure for a current risk event will be described in detail below.
Firstly, acquiring the modified data items after the current risk event occurs in the terminal equipment where the application software is located, then searching the modified data items after the risk event of the same type as the current risk event occurs from the risk event modified item table, finally, matching the modified data items after the current risk event occurs with the modified data items after the risk event of the same type as the current risk event occurs in the risk event modified item table to obtain the matching number, and determining the credibility metric value of the current risk event according to the matching number.
Step S220, determining a target risk event in the current risk event according to the credibility metric value of each current risk event and a preset metric value.
In the embodiment of the present application, the preset metric value may be set according to a requirement, and this is not particularly limited in the embodiment of the present application. And respectively comparing the credibility metric value of each current risk event with a preset metric value, and determining the current risk event of which the credibility metric value is greater than the preset metric value as a target risk event.
Step S230, calculating the current risk score of the terminal equipment according to the types of the target risk events and the quantity of each type of the target risk events.
In the embodiment of the application, the risk score of each target risk event is calculated according to the type and the number of each target risk event, and then the current risk score of the terminal equipment where the application software is located is calculated according to the risk score of each target risk event.
It should be noted that the principle of calculating the risk score of each target risk event according to the category and the number of each target risk event is the same as the above principle of calculating the risk score of each current risk event according to the category and the number of each current risk event, and therefore, the details are not repeated here. In addition, the principle of calculating the current risk score of the terminal device where the application software is located according to the risk score of each target risk event is the same as the principle of calculating the current risk score of the terminal device where the application software is located according to the risk score of each current risk event, and therefore details are not repeated here.
As can be seen from the above, since the current risk score of the terminal device where the application software is located is determined by the type and number of the target risk events, and the target risk events are risk events with higher credibility values selected from the current risk events, the accuracy of the current risk score of the terminal device where the application software is located, which is calculated based on the type and number of the target risk events, is further improved.
After the current risk score of the terminal equipment where the application software is located is calculated, if the risk score of the terminal equipment where the application software is located does not exist in the risk score record, the risk score of the terminal equipment where the application software is located is newly added in the risk score record, the current risk score is determined as the risk score of the terminal equipment where the application software is located in the risk score record, and if the risk score of the terminal equipment where the application software is located exists in the risk score record, the risk score of the terminal equipment where the application software is located in the risk score record is updated by using the current risk score.
Further, if no risk event occurs (that is, no risk event occurs to the terminal device where the application software is located), querying a risk score of the terminal device where the application software is located in the risk score record; if the risk score of the terminal equipment where the application software is located is inquired in the risk score record, judging whether the risk score of the terminal equipment where the application software is located in the risk score record is updated or not according to the latest updating time of the risk score of the terminal equipment where the application software is located in the risk score record; specifically, an update period may be set, where the update period may be, for example, one month, or two months, and the like, and this is not particularly limited in this embodiment of the present application, and then, a difference is made between the latest update time and the current time, and it is determined whether the difference is greater than the update period, if the difference is greater than the update period, it is determined that the risk score of the terminal device where the application software is located in the risk score record is updated, and if the difference is less than or equal to the update period, it is determined that the risk score of the terminal device where the application software is located in the risk score record is not updated; if the risk score of the terminal equipment where the application software is located in the risk score record is updated, updating the risk score of the terminal equipment where the application software is located in the risk score record to be 0; and if the risk score of the terminal equipment where the application software is located in the risk score record is not updated, maintaining the risk score of the terminal equipment where the application software is located in the risk score record, namely keeping the current risk score of the terminal equipment where the application software is located in the risk score record as the risk score of the terminal equipment where the application software is located in the risk score record.
Further, if the risk score of the terminal device where the application software is located is not queried in the risk score record, which indicates that the terminal device where the application software is located is a new device, querying whether the terminal device where the application software is located has starting data within a preset time period; the preset time period may be set by itself, for example, one month, two months, and the like, and this is not particularly limited in the embodiment of the present application. Specifically, whether the terminal device where the application software is located has the startup data in a preset time period may be queried in the device startup data table, where the device startup data table stores the startup data of each terminal device. If the terminal equipment in which the application software is located exists, namely if starting data of the terminal equipment in which the application software is located in a preset time period are inquired, adding a risk score of the terminal equipment in which the application software is located in the risk score record, and setting the risk score of the terminal equipment in which the application software is located to 0, namely setting the current risk score of the terminal equipment in which the application software is located to 0; if the current risk score does not exist, namely if the starting data of the terminal equipment where the application software is located in the preset time period is not inquired, matching the current risk score of the terminal equipment where the application software is located according to the equipment rule score table, and adding the risk score of the terminal equipment where the application software is located in the risk score record according to the current risk score of the terminal equipment where the application software is located. The equipment rule score table comprises initial risk scores of each type of terminal equipment, the type of the terminal equipment where the application software is located is matched with the type of each type of terminal equipment in the equipment rule score table, and the initial risk score of the terminal equipment where the type of the terminal equipment where the application software is located is matched with the type of the terminal equipment where the application software is located in the equipment rule score table is determined as the current risk score of the terminal equipment where the application software is located.
In summary, because the current risk score of the terminal device where the application software is located is calculated according to the type of the current risk event and the number of each current risk event, that is, the data with multiple dimensions is used for performing risk analysis on the terminal device where the application software is located, the accuracy of the risk analysis result of the terminal device where the application software is located is greatly improved, and the phenomenon of misjudgment is avoided; in addition, the method for automatically carrying out risk analysis on the terminal equipment where the application software is located is provided, compared with a manual method, the influence of human factors is avoided, the accuracy of the risk analysis result of the terminal equipment where the application software is located is further improved, meanwhile, the efficiency of the risk analysis is also improved, the labor cost is reduced, and the risk analysis step is simple and easy to execute.
Fig. 3 is a schematic flow chart of risk analysis performed on a terminal device where application software is located according to an embodiment of the present application, and a risk analysis process of the terminal device where application software is located will be described below with reference to fig. 3.
Step S301, executing a timing risk analysis task at 12 points every day;
step S302, scanning an equipment operation data table, and acquiring operation data of terminal equipment where application software is located;
step S303, analyzing whether the terminal equipment where the application software is located has a risk event or not according to the running data of the terminal equipment where the application software is located;
step S304, if the terminal equipment where the application software is located has a risk event, counting the types of the current risk events and the quantity of each current risk event, wherein the current risk event is the risk event which is determined at this time and occurs to the terminal equipment where the application software is located;
step S305, calculating the current risk score of the terminal equipment where the application software is located according to the type of the current risk event and the quantity of each current risk event;
step S306, updating or adding the risk value of the terminal equipment where the application software is located in the risk value record according to the current risk value;
step S307, if the terminal equipment where the application software is located does not generate a risk event, inquiring the risk score of the terminal equipment where the application software is located in the risk score record;
step S308, if the application software is inquired, acquiring the latest updating time of the risk score of the terminal equipment where the application software is located from the risk score record;
step S309, judging whether the difference value between the current time and the latest updating time is more than one month according to the current time and the latest updating time;
step S310, if the risk score is more than one month, updating the risk score of the terminal equipment where the application software is located in the risk score record to be 0;
step S311, if the risk score is less than one month, keeping the risk score of the terminal equipment where the application software is located in the risk score record;
step S312, if not, inquiring whether the terminal equipment where the application software is located has starting data in a preset time period;
step S313, if the starting data exists within the preset time period, adding a risk analysis of the terminal device where the application software is located in the risk score record, and determining the risk score as 0.
Step S314, if no starting data exists in the preset time period, matching the current risk score of the terminal equipment where the application software is located according to the equipment rule score table, and adding the risk score of the terminal equipment where the application software is located in the risk score record according to the current risk score.
It should be noted that the risk analysis method of the device where the application software is located may be implemented by using a Java web (spring mvc + hibernate), the timing task is implemented by using a spring task, and the database is mysql. The method adopts a simple integration mode, is suitable for various SDKs (software development kits), has strong real-time performance and high stability, and can meet the requirement of future expansion.
Based on the same technical concept, a risk analysis apparatus for a device in which application software is located is further provided in the embodiment of the present application, and fig. 4 is a schematic composition diagram of the risk analysis apparatus for a device in which application software is located, where the apparatus is used to execute the risk analysis method for the device in which application software is located shown in fig. 1, and as shown in fig. 4, the apparatus 400 may include: a judging module 401, a determining module 402, and a calculating module 403, wherein:
the judging module 401 is configured to judge whether a risk event occurs in the terminal device according to the operation data of the terminal device where the application software is located;
a determining module 402, configured to determine, if yes, a type of a current risk event and a number of each of the current risk events, where the current risk event is a risk event occurring in the terminal device determined this time;
a calculating module 403, configured to calculate a current risk score of the terminal device according to the type of the current risk event and the number of each current risk event, so as to update or add a risk score of the terminal device in a risk score record according to the current risk score.
Optionally, the apparatus 400 may further include:
and the acquisition plug-in is used for acquiring the running data of the terminal equipment where the application software is positioned and setting the running data in the application software. The acquisition plug-in is arranged in the application software in the terminal equipment, so that the operation data of the terminal equipment where the application software is located is acquired through the acquisition plug-in, the terminal equipment and the application software are not required to participate in execution, namely, the terminal equipment, the application software and the risk analysis device are decoupled, the terminal equipment, the application software and the risk analysis device operate independently, and the response of the other party is avoided.
Optionally, the calculating module 403 may include:
the first calculation unit is used for calculating the risk score of each current risk event according to the type and the quantity of each current risk event;
and the second calculating unit is used for calculating the current risk score of the terminal equipment according to the risk score of each current risk event.
Optionally, the calculating module 403 may include:
the obtaining unit is used for obtaining the credibility metric value of each current risk event;
a determining unit, configured to determine a target risk event in the current risk event according to a trusted metric value of each of the current risk events in combination with a preset metric value;
and the third calculating unit is used for calculating the current risk score of the terminal equipment according to the types of the target risk events and the quantity of each type of the target risk events.
Optionally, the determining module is specifically configured to determine whether a risk event occurs in the terminal device at regular time according to the operation data of the terminal device where the application software is located.
Optionally, the apparatus 400 may further include:
the first query module is used for querying the risk score of the terminal equipment in the risk score record if no risk event occurs;
the updating judgment module is used for judging whether to update the risk score of the terminal equipment in the risk score record according to the latest updating time of the risk score of the terminal equipment in the risk score record if the risk score of the terminal equipment is inquired in the risk score record;
the updating module is used for updating the risk score of the terminal equipment in the risk score record to 0 if the risk score of the terminal equipment in the risk score record is updated;
and the maintaining module is used for maintaining the risk score of the terminal equipment in the risk score record if the risk score of the terminal equipment in the risk score record is not updated.
Optionally, the apparatus 400 may further include:
the second query module is used for querying whether the terminal equipment has starting data in a preset time period or not if the risk score of the terminal equipment is not queried in the risk score record;
the newly-added module is used for newly adding the risk score of the terminal equipment in the risk score record if the risk score exists, and setting the risk score of the terminal equipment to be 0;
and the matching module is used for matching the current risk score of the terminal equipment according to the equipment rule score table if the current risk score does not exist, and adding the risk score of the terminal equipment in the risk score record according to the current risk score of the terminal equipment.
According to the risk analysis device of the equipment where the application software is located, the current risk score of the terminal equipment where the application software is located is calculated according to the type of the current risk event and the number of each current risk event, namely, the risk analysis is performed on the terminal equipment where the application software is located by adopting data of multiple dimensions, so that the accuracy of the risk analysis result of the terminal equipment where the application software is located is greatly improved, and the phenomenon of misjudgment is avoided; in addition, the method for automatically carrying out risk analysis on the terminal equipment where the application software is located is provided, compared with a manual method, the influence of human factors is avoided, the accuracy of the risk analysis result of the terminal equipment where the application software is located is further improved, meanwhile, the efficiency of the risk analysis is also improved, the labor cost is reduced, and the risk analysis step is simple and easy to execute.
Corresponding to the risk analysis method of the device in which the application software is located, based on the same technical concept, an embodiment of the application further provides an electronic device, and fig. 5 is a schematic structural diagram of the electronic device provided by the embodiment of the application.
As shown in fig. 5, the electronic device 500 includes, but is not limited to: a radio frequency unit 501, a network module 502, an audio output unit 503, an input unit 504, a sensor 505, a display unit 506, a user input unit 507, an interface unit 508, a memory 509, a processor 510, and a power supply 511. Those skilled in the art will appreciate that the electronic device configuration shown in fig. 5 does not constitute a limitation of the electronic device, and that the electronic device may include more or fewer components than shown, or some components may be combined, or a different arrangement of components. In the embodiment of the present invention, the electronic device includes, but is not limited to, a tablet computer, a notebook computer, a server, and the like.
The processor 510 is configured to determine whether a risk event occurs in the terminal device according to operation data of the terminal device where the application software is located; if so, determining the type of the current risk event and the quantity of each current risk event, wherein the current risk event is the risk event which is determined at this time and occurs to the terminal equipment; and calculating the current risk score of the terminal equipment according to the type of the current risk event and the quantity of each current risk event, so as to update or newly add the risk score of the terminal equipment in a risk score record according to the current risk score.
Further, the processor 510 is further configured to calculate a risk score for each of the current risk events according to the category and the number of each of the current risk events; and calculating the current risk score of the terminal equipment according to the risk score of each current risk event.
Additionally, processor 510 is further configured to obtain a confidence metric value for each of the current risk events; determining a target risk event in the current risk event according to the credible metric value of each current risk event and a preset metric value; and calculating the current risk score of the terminal equipment according to the type of the target risk event and the quantity of each target risk event.
In addition, the processor 510 is further configured to determine whether a risk event occurs in the terminal device according to the operation data of the terminal device where the application software is located at regular time.
In addition, the processor 510 is further configured to query a risk score of the terminal device in the risk score record if a risk event does not occur; if the risk score of the terminal equipment is inquired in the risk score record, judging whether the risk score of the terminal equipment in the risk score record is updated or not according to the latest updating time of the risk score of the terminal equipment in the risk score record; if the risk score of the terminal equipment in the risk score record is updated, updating the risk score of the terminal equipment in the risk score record to be 0; and if the risk score of the terminal equipment in the risk score record is not updated, maintaining the risk score of the terminal equipment in the risk score record.
In addition, the processor 510 is further configured to, if the risk score of the terminal device is not queried in the risk score record, query whether the terminal device has starting data within a preset time period; if so, newly adding the risk value of the terminal equipment in the risk value record, and setting the risk value of the terminal equipment to be 0; and if not, matching the current risk score of the terminal equipment according to an equipment rule score table, and adding the risk score of the terminal equipment in the risk score record according to the current risk score of the terminal equipment.
According to the electronic equipment provided by the embodiment of the application, the current risk score of the terminal equipment where the application software is located is calculated according to the type of the current risk event and the number of each current risk event, namely, the risk analysis is performed on the terminal equipment where the application software is located by adopting data of multiple dimensions, so that the accuracy of the risk analysis result of the terminal equipment where the application software is located is greatly improved, and the phenomenon of misjudgment is further avoided; in addition, the method for automatically carrying out risk analysis on the terminal equipment where the application software is located is provided, compared with a manual method, the influence of human factors is avoided, the accuracy of the risk analysis result of the terminal equipment where the application software is located is further improved, meanwhile, the efficiency of the risk analysis is also improved, the labor cost is reduced, and the risk analysis step is simple and easy to execute.
It should be understood that, in the embodiment of the present invention, the radio frequency unit 501 may be used for receiving and sending signals during a message sending and receiving process or a call process, and specifically, receives downlink data from a base station and then processes the received downlink data to the processor 510; in addition, the uplink data is transmitted to the base station. In general, radio frequency unit 501 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the radio frequency unit 501 can also communicate with a network and other electronic devices through a wireless communication system.
The electronic device provides wireless broadband internet access to the user via the network module 502, such as assisting the user in sending and receiving e-mails, browsing web pages, and accessing streaming media.
The audio output unit 503 may convert audio data received by the radio frequency unit 501 or the network module 502 or stored in the memory 509 into an audio signal and output as sound. Also, the audio output unit 503 may also provide audio output related to a specific function performed by the electronic apparatus 500 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 503 includes a speaker, a buzzer, a receiver, and the like.
The input unit 504 is used to receive an audio or video signal. The input Unit 504 may include a Graphics Processing Unit (GPU) 5051 and a microphone 5042, the Graphics processor 5051 Processing image data of still pictures or video obtained by an image capturing device (such as a camera) in a video capture mode or an image capture mode. The processed image frames may be displayed on the display unit 506. The image frames processed by the graphic processor 5051 may be stored in the memory 509 (or other storage medium) or transmitted via the radio frequency unit 501 or the network module 502. The microphone 5042 may receive sounds and may be capable of processing such sounds into audio data. The processed audio data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 501 in case of the phone call mode.
The electronic device 500 also includes at least one sensor 505, such as light sensors, motion sensors, and other sensors. Specifically, the light sensor includes an ambient light sensor that can adjust the brightness of the display panel 5061 according to the brightness of ambient light, and a proximity sensor that can turn off the display panel 5061 and/or a backlight when the electronic device 500 is moved to the ear. As one type of motion sensor, an accelerometer sensor can detect the magnitude of acceleration in each direction (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of an electronic device (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), and vibration identification related functions (such as pedometer, tapping); the sensors 505 may also include fingerprint sensors, pressure sensors, iris sensors, molecular sensors, gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc., which are not described in detail herein.
The display unit 506 is used to display information input by the user or information provided to the user. The Display unit 506 may include a Display panel 5061, and the Display panel 5061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.
The user input unit 507 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic device. Specifically, the user input unit 507 includes a touch panel 5071 and other input devices 5072. Touch panel 5071, also referred to as a touch screen, may collect touch operations by a user on or near it (e.g., operations by a user on or near touch panel 5071 using a finger, stylus, or any suitable object or attachment). The touch panel 5071 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 510, and receives and executes commands sent by the processor 510. In addition, the touch panel 5071 may be implemented in various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 5071, the user input unit 507 may include other input devices 5072. In particular, other input devices 5072 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described in detail herein.
Further, the touch panel 5071 may be overlaid on the display panel 5061, and when the touch panel 5071 detects a touch operation thereon or nearby, the touch operation is transmitted to the processor 510 to determine the type of the touch event, and then the processor 510 provides a corresponding visual output on the display panel 5061 according to the type of the touch event. Although in fig. 5, the touch panel 5071 and the display panel 5061 are two independent components to implement the input and output functions of the electronic device, in some embodiments, the touch panel 5071 and the display panel 5061 may be integrated to implement the input and output functions of the electronic device, and is not limited herein.
The interface unit 508 is an interface for connecting an external device to the electronic apparatus 500. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 508 may be used to receive input (e.g., data information, power, etc.) from external devices and transmit the received input to one or more elements within the electronic apparatus 500 or may be used to transmit data between the electronic apparatus 500 and external devices.
The memory 509 may be used to store software programs as well as various data. The memory 509 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 509 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
The processor 510 is a control center of the electronic device, connects various parts of the whole electronic device by using various interfaces and lines, performs various functions of the electronic device and processes data by running or executing software programs and/or modules stored in the memory 509 and calling data stored in the memory 509, thereby performing overall monitoring of the electronic device. Processor 510 may include one or more processing units; preferably, the processor 510 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 510.
The electronic device 500 may further include a power supply 511 (e.g., a battery) for supplying power to various components, and preferably, the power supply 511 may be logically connected to the processor 510 via a power management system, so as to implement functions of managing charging, discharging, and power consumption via the power management system.
Preferably, an embodiment of the present invention further provides an electronic device, which includes a processor 510, a memory 509, and a computer program that is stored in the memory 509 and can be run on the processor 510, and when being executed by the processor 510, the computer program implements each process of the risk analysis method of the device in which the application software is located, and can achieve the same technical effect, and in order to avoid repetition, details are not described here again.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements each process of the data processing method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
The embodiment of the invention provides a computer-readable storage medium, which is used for judging whether a risk event occurs in a terminal device according to operation data of the terminal device where application software is located; if so, determining the type of the current risk event and the quantity of each current risk event, wherein the current risk event is the risk event which is determined at this time and occurs to the terminal equipment; and calculating the current risk score of the terminal equipment according to the type of the current risk event and the quantity of each current risk event, so as to update or newly add the risk score of the terminal equipment in a risk score record according to the current risk score. Therefore, the current risk score of the terminal equipment where the application software is located is calculated according to the type of the current risk event and the number of each current risk event, namely, the risk analysis is carried out on the terminal equipment where the application software is located by adopting data of multiple dimensions, the accuracy of the risk analysis result of the terminal equipment where the application software is located is greatly improved, and the phenomenon of misjudgment is further avoided; in addition, the method for automatically carrying out risk analysis on the terminal equipment where the application software is located is provided, compared with a manual method, the influence of human factors is avoided, the accuracy of the risk analysis result of the terminal equipment where the application software is located is further improved, meanwhile, the efficiency of the risk analysis is also improved, the labor cost is reduced, and the risk analysis step is simple and easy to execute.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include transitory computer readable media (transient media) such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present invention, and is not intended to limit the present invention. Various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.
Claims (10)
1. A risk analysis method of a device where application software is located is characterized by comprising the following steps:
judging whether the terminal equipment has a risk event or not according to the running data of the terminal equipment where the application software is located;
if so, determining the type of the current risk event and the quantity of each current risk event, wherein the current risk event is the risk event which is determined at this time and occurs to the terminal equipment;
and calculating the current risk score of the terminal equipment according to the type of the current risk event and the quantity of each current risk event, so as to update or newly add the risk score of the terminal equipment in a risk score record according to the current risk score.
2. The risk analysis method according to claim 1, wherein the calculating the current risk score of the terminal device according to the category of the current risk event and the number of each of the current risk events comprises:
respectively calculating the risk score of each current risk event according to the type and the number of each current risk event;
and calculating the current risk score of the terminal equipment according to the risk score of each current risk event.
3. The risk analysis method according to claim 1, wherein the calculating the current risk score of the terminal device according to the category of the current risk event and the number of each of the current risk events comprises:
obtaining a credible metric value of each current risk event;
determining a target risk event in the current risk event according to the credible metric value of each current risk event and a preset metric value;
and calculating the current risk score of the terminal equipment according to the type of the target risk event and the quantity of each target risk event.
4. The risk analysis method according to claim 1, wherein the determining whether the terminal device has the risk event according to the operation data of the terminal device where the application software is located comprises:
and regularly judging whether the terminal equipment has a risk event or not according to the running data of the terminal equipment where the application software is positioned.
5. The risk analysis method of claim 1, further comprising:
if no risk event occurs, inquiring the risk score of the terminal equipment in the risk score record;
if the risk score of the terminal equipment is inquired in the risk score record, judging whether the risk score of the terminal equipment in the risk score record is updated or not according to the latest updating time of the risk score of the terminal equipment in the risk score record;
if the risk score of the terminal equipment in the risk score record is updated, updating the risk score of the terminal equipment in the risk score record to be 0;
and if the risk score of the terminal equipment in the risk score record is not updated, maintaining the risk score of the terminal equipment in the risk score record.
6. The risk analysis method of claim 5, further comprising:
if the risk score of the terminal equipment is not inquired in the risk score record, inquiring whether the terminal equipment has starting data in a preset time period;
if so, newly adding the risk value of the terminal equipment in the risk value record, and setting the risk value of the terminal equipment to be 0;
and if not, matching the current risk score of the terminal equipment according to an equipment rule score table, and adding the risk score of the terminal equipment in the risk score record according to the current risk score of the terminal equipment.
7. A risk analysis device of a device where application software is located is characterized by comprising:
the judging module is used for judging whether the terminal equipment has a risk event or not according to the running data of the terminal equipment where the application software is located;
a determining module, configured to determine, if the current risk event is a risk event occurring at the terminal device determined this time, a type of the current risk event and a number of each of the current risk events;
and the calculating module is used for calculating the current risk score of the terminal equipment according to the type of the current risk event and the quantity of each current risk event so as to update or newly add the risk score of the terminal equipment in a risk score record according to the current risk score.
8. The risk analysis device of claim 7, wherein the device further comprises:
and the acquisition plug-in is used for acquiring the running data of the terminal equipment where the application software is positioned and setting the running data in the application software.
9. An electronic device, comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method for risk analysis of a device on which application software is located according to any one of claims 1 to 6.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method for risk analysis of a device on which an application software according to any one of claims 1 to 6 is located.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910673073.XA CN112307480B (en) | 2019-07-24 | 2019-07-24 | Risk analysis method and device for equipment where application software is located |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910673073.XA CN112307480B (en) | 2019-07-24 | 2019-07-24 | Risk analysis method and device for equipment where application software is located |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112307480A true CN112307480A (en) | 2021-02-02 |
| CN112307480B CN112307480B (en) | 2023-09-05 |
Family
ID=74329161
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910673073.XA Active CN112307480B (en) | 2019-07-24 | 2019-07-24 | Risk analysis method and device for equipment where application software is located |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112307480B (en) |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103366121A (en) * | 2012-03-26 | 2013-10-23 | 腾讯科技(深圳)有限公司 | Safety inspection method, device and system |
| CN103646161A (en) * | 2013-11-05 | 2014-03-19 | 华为技术有限公司 | Terminal system credibility state judgment method, device and terminal |
| CN104850727A (en) * | 2015-01-27 | 2015-08-19 | 厦门大学 | Distributed big data system risk evaluation method based on cloud barycenter theory |
| CN105227532A (en) * | 2014-06-30 | 2016-01-06 | 阿里巴巴集团控股有限公司 | A kind of blocking-up method of malicious act and device |
| CN105282131A (en) * | 2015-02-10 | 2016-01-27 | 中国移动通信集团广东有限公司 | Information security evaluation method, device and system based on risk item scanning |
| CN105631747A (en) * | 2014-11-05 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Risk event determining method and apparatus |
| CN105740715A (en) * | 2016-01-29 | 2016-07-06 | 广东欧珀移动通信有限公司 | Safety assessment method and terminal equipment |
| CN106156151A (en) * | 2015-04-14 | 2016-11-23 | 阿里巴巴集团控股有限公司 | The Risk Identification Method of internetwork operation event and device |
| US9798883B1 (en) * | 2014-10-06 | 2017-10-24 | Exabeam, Inc. | System, method, and computer program product for detecting and assessing security risks in a network |
| CN107483488A (en) * | 2017-09-18 | 2017-12-15 | 济南互信软件有限公司 | A kind of malice Http detection methods and system |
| US20180121657A1 (en) * | 2016-11-01 | 2018-05-03 | International Business Machines Corporation | Security risk evaluation |
| CN108198629A (en) * | 2018-03-06 | 2018-06-22 | 云南省疾病预防控制中心 | Risk automatic evaluation system and method are propagated in a kind of cross-border input of infectious disease |
| CN108229176A (en) * | 2017-12-29 | 2018-06-29 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method and device of determining Web applications protection effect |
| CN108615158A (en) * | 2018-03-22 | 2018-10-02 | 平安科技(深圳)有限公司 | Risk checking method, device, mobile terminal and storage medium |
| CN108874968A (en) * | 2018-06-07 | 2018-11-23 | 平安科技(深圳)有限公司 | Risk management data processing method, device, computer equipment and storage medium |
| CN109598414A (en) * | 2018-11-13 | 2019-04-09 | 阿里巴巴集团控股有限公司 | Risk evaluation model training, methods of risk assessment, device and electronic equipment |
| CN109670313A (en) * | 2017-10-16 | 2019-04-23 | 腾讯科技(深圳)有限公司 | The method, apparatus and readable storage medium storing program for executing of risk assessment are carried out in system operation |
-
2019
- 2019-07-24 CN CN201910673073.XA patent/CN112307480B/en active Active
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103366121A (en) * | 2012-03-26 | 2013-10-23 | 腾讯科技(深圳)有限公司 | Safety inspection method, device and system |
| CN103646161A (en) * | 2013-11-05 | 2014-03-19 | 华为技术有限公司 | Terminal system credibility state judgment method, device and terminal |
| CN105227532A (en) * | 2014-06-30 | 2016-01-06 | 阿里巴巴集团控股有限公司 | A kind of blocking-up method of malicious act and device |
| US9798883B1 (en) * | 2014-10-06 | 2017-10-24 | Exabeam, Inc. | System, method, and computer program product for detecting and assessing security risks in a network |
| CN105631747A (en) * | 2014-11-05 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Risk event determining method and apparatus |
| CN104850727A (en) * | 2015-01-27 | 2015-08-19 | 厦门大学 | Distributed big data system risk evaluation method based on cloud barycenter theory |
| CN105282131A (en) * | 2015-02-10 | 2016-01-27 | 中国移动通信集团广东有限公司 | Information security evaluation method, device and system based on risk item scanning |
| CN106156151A (en) * | 2015-04-14 | 2016-11-23 | 阿里巴巴集团控股有限公司 | The Risk Identification Method of internetwork operation event and device |
| CN105740715A (en) * | 2016-01-29 | 2016-07-06 | 广东欧珀移动通信有限公司 | Safety assessment method and terminal equipment |
| US20180121657A1 (en) * | 2016-11-01 | 2018-05-03 | International Business Machines Corporation | Security risk evaluation |
| CN107483488A (en) * | 2017-09-18 | 2017-12-15 | 济南互信软件有限公司 | A kind of malice Http detection methods and system |
| CN109670313A (en) * | 2017-10-16 | 2019-04-23 | 腾讯科技(深圳)有限公司 | The method, apparatus and readable storage medium storing program for executing of risk assessment are carried out in system operation |
| CN108229176A (en) * | 2017-12-29 | 2018-06-29 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method and device of determining Web applications protection effect |
| CN108198629A (en) * | 2018-03-06 | 2018-06-22 | 云南省疾病预防控制中心 | Risk automatic evaluation system and method are propagated in a kind of cross-border input of infectious disease |
| CN108615158A (en) * | 2018-03-22 | 2018-10-02 | 平安科技(深圳)有限公司 | Risk checking method, device, mobile terminal and storage medium |
| CN108874968A (en) * | 2018-06-07 | 2018-11-23 | 平安科技(深圳)有限公司 | Risk management data processing method, device, computer equipment and storage medium |
| CN109598414A (en) * | 2018-11-13 | 2019-04-09 | 阿里巴巴集团控股有限公司 | Risk evaluation model training, methods of risk assessment, device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112307480B (en) | 2023-09-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108632658B (en) | Bullet screen display method and terminal | |
| CN108255382B (en) | Method and device for recommending floating menu content | |
| CN111368290A (en) | Data anomaly detection method and device and terminal equipment | |
| CN108984066B (en) | Application icon display method and mobile terminal | |
| CN108337368B (en) | Method for updating positioning data and mobile terminal | |
| CN107908765B (en) | Game resource processing method, mobile terminal and server | |
| CN109857297B (en) | Information processing method and terminal equipment | |
| CN110543502B (en) | Credit data processing method, device, equipment and storage medium based on block chain | |
| CN109495638B (en) | Information display method and terminal | |
| CN106101764A (en) | A kind of methods, devices and systems showing video data | |
| CN111064654A (en) | Message display method and electronic equipment | |
| CN111444425A (en) | Information pushing method, electronic equipment and medium | |
| CN110990679A (en) | Information searching method and electronic equipment | |
| CN107765954B (en) | Application icon updating method, mobile terminal and server | |
| CN110971507B (en) | Information display method and electronic equipment | |
| CN108306817B (en) | Information positioning processing method and mobile terminal | |
| CN111221602A (en) | Interface display method and electronic equipment | |
| CN108650041B (en) | Signal quality display method and mobile terminal | |
| CN110796552A (en) | Risk prompting method and device | |
| CN108388400B (en) | Operation processing method and mobile terminal | |
| CN109857659B (en) | Control operation method and device | |
| CN109144860B (en) | Operation method for control object and terminal equipment | |
| CN108600356B (en) | Message pushing method and device | |
| CN110928616A (en) | Shortcut icon management method and electronic equipment | |
| CN115118636B (en) | Method and device for determining network jitter state, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |