CN112347138A - Strategy matching method, device, equipment and readable storage medium - Google Patents

Strategy matching method, device, equipment and readable storage medium Download PDF

Info

Publication number
CN112347138A
CN112347138A CN202010991949.8A CN202010991949A CN112347138A CN 112347138 A CN112347138 A CN 112347138A CN 202010991949 A CN202010991949 A CN 202010991949A CN 112347138 A CN112347138 A CN 112347138A
Authority
CN
China
Prior art keywords
matching
dimension
matching dimension
level
policy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010991949.8A
Other languages
Chinese (zh)
Inventor
肖珂
武博
何建锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Jiaotong University Jump Network Technology Co ltd
Original Assignee
Xi'an Jiaotong University Jump Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an Jiaotong University Jump Network Technology Co ltd filed Critical Xi'an Jiaotong University Jump Network Technology Co ltd
Priority to CN202010991949.8A priority Critical patent/CN112347138A/en
Publication of CN112347138A publication Critical patent/CN112347138A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24553Query execution of query operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/215Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2474Sequence data queries, e.g. querying versioned data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computational Linguistics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Software Systems (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Quality & Reliability (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a strategy matching method, a device, equipment and a computer readable storage medium, firstly, establishing a set of matching dimensions of each level according to the matching dimension level and the relation of strategies; when the data to be matched is acquired, analyzing to the minimum matching dimension, then starting from the minimum matching dimension to perform matching step by step upwards, if the matching is successful, obtaining a strategy of successful matching, and if some matching dimension is not successfully matched, finishing the matching. Different from the existing top-down matching mode, the method is matched from the lowest level of matching dimension to the top until the strategy; the duplication removing operation can be carried out in the matching process of each stage of matching dimensionality, so that the comparison result of each matching is effective and useful, the performance utilization and matching processing efficiency is improved, and the efficient output of the audit strategy is facilitated.

Description

Strategy matching method, device, equipment and readable storage medium
Technical Field
The invention belongs to the technical field of data processing, and particularly relates to a strategy matching method, a strategy matching device, strategy matching equipment and a readable storage medium.
Background
The development of information technology, especially mobile internet, and database technology as the basis of data information storage, bear more and more key roles. In practice, however, database information assets face illegal intrusion, tampering or stealing of data from the outside and illegal operations from the inside, and the internal threats often do not have attack characteristics and are difficult to be identified by a common information security system.
The database operation behavior is analyzed, recorded and reported to help users plan and prevent in advance, monitor in real time in the process, respond to violation behaviors, report on compliance after the fact and trace the source of accidents, meanwhile, the monitoring of internal and external network behaviors is strengthened, and the normal operation of core assets such as databases, servers, network equipment and the like is promoted. But useful information can be efficiently and quickly audited from massive data, which is difficult for auditing equipment. Therefore, according to protection requirements, corresponding strategies and rules are set to improve the auditing efficiency of database behavior, and the database protection method has a positive effect on database protection.
The current strategy and rule matching is step-by-step matching from top to bottom, namely from high to low, according to the set strategy and rule hierarchy, for example, as shown in fig. 1, step-by-step matching is performed according to the sequence of strategy-rule set-rule-condition, namely, the composition conditions of each rule are sequentially matched, if one rule fails to match, the next rule is continuously matched, the corresponding data structure is also designed in the same way, the main problem of the matching mode is that more resources are ineffectively consumed in the matching process, namely, if one rule fails to match, the matching is equivalent to performing one round of invalid data processing, and the matching efficiency needs to be improved.
Disclosure of Invention
In view of the above background, the present invention provides a policy matching method, device, apparatus, and computer readable storage medium, which are intended to solve the technical problems that the existing policy and rule matching is heavy in resource and performance consumption, and cannot output the matching result quickly, which affects the auditing efficiency.
In order to achieve the above object, in a first aspect, a policy matching method is provided, including:
determining, according to the matching dimension hierarchy of the composition policy: forming a maximum matching dimension set of the strategy, forming a next-level matching dimension set of the current-level matching dimension until forming a matching item set of the minimum matching dimension;
analyzing the data to be matched to obtain the content of each minimum matching dimension, judging whether the content of each minimum matching dimension hits the matching item set of the corresponding dimension, summarizing the minimum matching dimension corresponding to the hit matching item set, and obtaining the minimum matching dimension set hit by the data to be matched;
judging whether the minimum matching dimension set hits the upper-level matching dimension, summarizing the hit upper-level matching dimension to obtain the upper-level matching dimension set hit by the data to be matched,
and continuously judging whether each level of matching dimensionality is hit from bottom to top step by step until whether the maximum matching dimensionality set hits the strategy is judged.
Preferably, if the data to be matched hits matching dimensions and strategies of all levels from bottom to top, outputting a strategy of successful matching; if at most one matching item set or one-level matching dimension is missed, the matching process is ended, and the strategy matching is judged to fail.
Preferably, before the data matching, constructing a reference bitmap from each matching dimension to a previous matching dimension, specifically including: setting a first matching dimension, a second matching dimension and a third matching dimension from top to bottom of the hierarchy; constructing the reference bitmap for the second matching dimension comprises, for each third matching dimension constituting the second matching dimension, establishing a sequence of bits for the first matching dimension, wherein each first matching dimension occupies one bit; according to whether the first matching dimension contains the third matching dimension, corresponding bit position is 1 or 0;
if the third matching dimension is the minimum matching dimension, constructing a reference bitmap from the minimum matching dimension to the second matching dimension, including: establishing a bit sequence of a second matching dimension for each matching item forming the minimum matching dimension, wherein each upper-level matching dimension occupies one bit; according to whether the corresponding upper-level matching dimension contains the matching item, the corresponding bit position is 1 or 0;
if the first matching dimension is the maximum matching dimension, constructing a reference bitmap which is maximally matched to the strategy, wherein the reference bitmap comprises: for each second matching dimension, establishing a bit sequence of strategies, wherein each strategy occupies one bit; and according to whether the strategy contains the second matching dimension, corresponding bit position 1 or 0 is selected.
Preferably, the order of the matching items in the matching item set forming the minimum matching dimension is specified, and the order of the lower-level matching dimension in the lower-level matching dimension set forming the current-level matching dimension is specified;
the bit sequences of each level of matching dimension are consistent with the corresponding specified sequence.
Preferably, the order of each level of matching dimension is consistent with the ID order when the matching dimension is created.
Further, the data matching process specifically includes:
arranging the minimum matching dimension and the content of the data to be matched according to the specified sequence of the minimum matching dimension;
according to the content of the minimum matching dimension, searching matching item reference bitmaps of corresponding dimensions, summarizing all the searched matching item reference bitmaps, and respectively carrying out AND operation on values of the same bit to obtain a last-stage matching dimension bitmap of the minimum matching dimension, wherein the last-stage matching dimension bitmap is used for identifying the last-stage matching dimension matched with the matching data;
and according to the steps, continuing to sequentially match the reference bitmaps of all levels of matching dimensions from bottom to top until the corresponding strategy is found through the reference bitmap of the maximum matching dimension.
In a second aspect, a policy matching apparatus is provided, including:
the preprocessing module is used for preprocessing the created strategies and the matching dimensions thereof, specifying the hierarchical structure of the matching dimensions and creating a set of the matching dimensions at each level;
the analysis module is used for analyzing the data to be matched to obtain the minimum matching dimension and the content of the data;
and the matching module is used for judging whether the matching dimensionality is hit or not step by step from bottom to top until the strategy is hit when the strategy is matched with the data to be matched.
Preferably, the preprocessing module is further configured to, before performing data matching, construct a reference bitmap of each level of matching dimension, including: setting a first matching dimension, a second matching dimension and a third matching dimension from top to bottom, wherein the next matching dimension set forms a previous matching dimension, and constructing a reference bitmap of the third matching dimension comprises the following steps: for each third matching dimension, establishing a bit sequence of first matching dimensions, wherein each first matching dimension occupies one bit; according to whether the first matching dimension contains the third matching dimension, corresponding bit position is 1 or 0; according to the method, a reference bitmap of each level of matching dimensionality is constructed step by step from bottom to top;
the matching module is further used for searching the reference bitmaps of all levels of matching dimensions step by step from bottom to top according to the specific content of the data to be matched, summarizing the searched reference bitmaps, and performing AND operation on the values of the same bit position respectively to obtain a more previous level of matching dimension bitmap until the corresponding strategy is found through the maximum matching dimension reference bitmap.
In a third aspect, a policy matching device is provided, which includes a memory, a processor, and a policy matching program stored on the memory and executable on the processor, and when executed by the processor, the policy matching program implements the steps of the policy matching method according to the first aspect.
Finally, the present invention also provides a computer-readable storage medium storing a policy matching program, which when executed by a processor implements the steps of the policy matching method according to the first aspect.
The technical scheme of the invention has the following beneficial effects: firstly, establishing a set of matching dimensions at each level according to the matching dimension levels and the relation of strategies; when the data to be matched is acquired, analyzing to the minimum matching dimension, then starting from the minimum matching dimension to perform matching step by step upwards, if the matching is successful, obtaining a strategy of successful matching, and if some matching dimension is not successfully matched, finishing the matching. Different from the existing top-down matching mode, the method is matched from the lowest level of matching dimension to the top until the strategy; the duplication removing operation can be carried out in the matching process of each stage of matching dimensionality, so that the comparison result of each matching is effective and useful, the performance utilization and matching processing efficiency is improved, and the efficient output of the audit strategy is facilitated.
Drawings
FIG. 1 is a diagram of a typical example of an audit policy;
FIG. 2 is a schematic diagram of a working flow of a policy matching method according to a first embodiment of the present invention;
FIG. 3 is a schematic diagram of a second embodiment of a policy matching method according to the present invention, illustrating a work flow;
fig. 4 to 9 are schematic diagrams of a policy matching method according to a third embodiment of the present invention, specifically, the following steps:
fig. 4 is a schematic diagram showing the structure and content of the set policies and rules, where "" denotes "all",
figure 5 is a schematic view of a hierarchy of determined matching dimensions,
figures 6 and 7 are schematic diagrams of the process of constructing each level of matching dimension reference bitmaps,
FIGS. 8 and 9 are schematic diagrams illustrating a process of matching reference bitmaps of each level step by step until a policy is matched with data to be matched;
fig. 10 is a schematic diagram of a policy matching apparatus according to an embodiment of the present invention, which is a block diagram.
Detailed Description
The technical solution of the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments. It should be noted that the following embodiments and the accompanying drawings are only for explaining the present invention and are not intended to limit the present invention.
Example one
As shown in fig. 2, a policy matching method includes:
determining, according to the matching dimension hierarchy of the composition policy: forming a maximum matching dimension set of the strategy, forming a next-level matching dimension set of the current-level matching dimension until forming a matching item set of the minimum matching dimension;
analyzing the data to be matched to obtain the content of each minimum matching dimension, judging whether the content of each minimum matching dimension hits the matching item set of the corresponding dimension, summarizing the minimum matching dimension corresponding to the hit matching item set, and obtaining the minimum matching dimension set hit by the data to be matched;
judging whether the minimum matching dimension set hits the upper-level matching dimension, summarizing the hit upper-level matching dimension to obtain the upper-level matching dimension set hit by the data to be matched,
and continuously judging whether each level of matching dimensionality is hit from bottom to top step by step until whether the maximum matching dimensionality set hits the strategy is judged.
Preferably, if the data to be matched hits matching dimensions and strategies of all levels from bottom to top, outputting a strategy of successful matching; if at most one matching item set or one-level matching dimension is missed, the matching process is ended, and the strategy matching is judged to fail.
Example two
As shown in fig. 3, according to the matching dimension hierarchy of the composition policy, it is determined that: and forming a maximum matching dimension set of the strategy, and forming a next-level matching dimension set of the current-level matching dimension until a matching item set of the minimum matching dimension is formed.
Before data matching, constructing a reference bitmap from each matching dimension to the previous matching dimension, specifically comprising: setting a first matching dimension, a second matching dimension and a third matching dimension from top to bottom of the hierarchy; constructing the reference bitmap for the second matching dimension comprises, for each third matching dimension constituting the second matching dimension, establishing a sequence of bits for the first matching dimension, wherein each first matching dimension occupies one bit; according to whether the first matching dimension contains the third matching dimension, corresponding bit position is 1 or 0;
if the third matching dimension is the minimum matching dimension, constructing a reference bitmap from the minimum matching dimension to the second matching dimension, including: establishing a bit sequence of a second matching dimension for each matching item forming the minimum matching dimension, wherein each upper-level matching dimension occupies one bit; according to whether the corresponding upper-level matching dimension contains the matching item, the corresponding bit position is 1 or 0;
if the first matching dimension is the maximum matching dimension, constructing a reference bitmap which is maximally matched to the strategy, wherein the reference bitmap comprises: for each second matching dimension, establishing a bit sequence of strategies, wherein each strategy occupies one bit; and according to whether the strategy contains the second matching dimension, corresponding bit position 1 or 0 is selected.
And acquiring and analyzing the data to be matched to obtain each minimum matching dimension and the content of each matching item.
The data matching process specifically comprises the following steps:
arranging the minimum matching dimension and the content of the data to be matched according to the specified sequence of the minimum matching dimension;
according to the content of the minimum matching dimension, searching matching item reference bitmaps of corresponding dimensions, summarizing all the searched matching item reference bitmaps, and respectively carrying out AND operation on values of the same bit to obtain a last-stage matching dimension bitmap of the minimum matching dimension, wherein the last-stage matching dimension bitmap is used for identifying the last-stage matching dimension matched with the matching data;
and according to the steps, continuing to sequentially match the reference bitmaps of all levels of matching dimensions from bottom to top until the corresponding strategy is found through the reference bitmap of the maximum matching dimension.
If the data to be matched hit the reference bitmaps of all the level matching dimensions from bottom to top, outputting a strategy of successful matching; if at most one matching item or the reference bitmap of the primary matching dimension is not hit, the matching process is ended, and the strategy matching is judged to fail.
Preferably, an order of matching items in a matching item set constituting a minimum matching dimension is specified, and an order of lower-level matching dimensions in a lower-level matching dimension set constituting a current-level matching dimension is specified; the bit sequences of each level of matching dimension are consistent with the corresponding specified sequence.
Further, the order of each level of matching dimension is consistent with the ID order when the matching dimension is created.
EXAMPLE III
For convenience of description, the rule is simplified to include only 4 conditions at most, and the rest conditions are similar and will not be described again. As shown in FIG. 4, there are two existing policies created and one rule that is not referenced by a policy, policy 0 and policy 1, respectively. Policy 0 includes a rule, i.e., rule 0, and rule 0 includes 4 conditions: table name tabA, library name baseA, influence line number 100 and command select; policy 1 includes one rule, rule 1, and rule 1 includes 4 conditions: table name tabB, library name baseA, impact line number 0, command updata. While a rule 2 that is not referenced by a policy includes 4 conditions: table name, library name, impact row number, command, where "", represents ALL or nothing, like "ALL _ tab", "ALL _ base", "ALL _ row", and "ALL _ cmd".
And auditing the operation behavior of the database to be matched, namely analyzing corresponding contents in the data packet, matching the contents with the strategy or rule, and if the matching is successful, performing corresponding treatment according to a preset strategy or rule, wherein the specific treatment strategy or rule is not in the limit range of the invention and is not repeated herein.
As shown in fig. 5, the created policies and rules shown in fig. 4 and described above are subjected to determination of matching dimension levels and matching items, that is, a maximum matching dimension set constituting a policy, a lower-level matching dimension set constituting each level of matching dimensions, and a matching item set constituting a minimum matching dimension are determined.
Specifically, the method comprises the following steps:
the matching dimensions in fig. 5 include three levels, namely, a policy, a rule, and a condition, where the condition includes four types, namely, a table name, a library name, an influence line number, and a command, and the four types of conditions are all used as the minimum matching dimensions, and since the policy is directly composed of rules, the maximum matching dimension is a rule, and in practice, there may be more dimension levels, for example, in fig. 1, the policy is composed of a rule set, and a rule is below the rule set, so the maximum matching dimension is a rule set instead of a rule, and the rule may include more conditions. In most cases, the number of conditions included in each rule is consistent with the content, but in practice, the conditions of different rules may be different, such as rule 1 in fig. 1, which has no two conditions of program name and influence line number.
The finishing was carried out for each condition: the table name matches include tabA, tabB, and, the library name matches include baseA and, the row number affected matches include 0, 100, and the command matches include select, update, and. In the matching item sorting, all minimum matching dimensions appearing in all policies or rules are performed, that is, as in fig. 1, rule 1 does not have two conditions of program name and influence line number, but the two conditions are still included in the sorting of the minimum matching dimension and its matching items because the two conditions appear in other rules, that is, the minimum matching dimension should cover all the conditions appearing.
It should be noted that fig. 5 shows one of the forms of sorting the minimum matching dimension and its matching items, and other forms may be used in practice, and the present invention is not limited to this.
While the minimum matching dimension and its matching items are sorted, the corresponding order is defined, that is, the order of the minimum matching dimension is the table name, the library name, the number of influencing lines, and the command in turn, and may be arranged in the order of each rule, and the order of the rules is arranged in the order given by the rules in the policy. That is, the order of the policies may be determined first, the order of the rules in each policy may be defined, the order of the conditions in each rule may be defined, and the order of the matching items of each condition may be in the order of the rules. In practice, each policy, rule and condition has a corresponding ID number when being created, or can be directly sorted according to the ID number, and the matching items of each condition still follow the ID sequence of the rule. In practice, it is also possible that more than two matching items exist in a minimum matching dimension, and the matching items are preferably ordered adjacently, or directly created as more than two parallel rules for convenience of processing.
Fig. 6 and 7 are schematic diagrams of a process of constructing a reference bitmap.
As shown in fig. 6, a reference bitmap of conditions to rules is built: establishing a bit sequence of rules for each matching item, wherein each rule dimension occupies one bit; depending on whether the corresponding rule contains the matching entry, the corresponding bit position is 1 or 0.
Specifically, the minimum matching dimensions are a condition table name, a condition library name, a condition influence line number, and a condition command, and the table name is taken as an example for explanation.
And constructing reference bitmaps of the table names "tabA", "tabB" and "ALL _ tab", wherein in order to construct the reference bitmap of each matching item to the corresponding minimum matching dimension, for example, constructing the reference bitmap of the table name "tabA", which is the reference relationship between "table name 0" of the construction rule 0, "table name 1" of the construction rule 1 and "table name 2" of the construction rule 2 to "tabA".
For the matching item "tabA" of the table name, it appears in rule 0, but does not appear in rule 1, and "+" in rule 2 indicates all, so the reference bitmap for generating the matching item "tabA" is shown in fig. 6, and rule 0, rule 1, and rule 2 have 1, 0 respectively at the bit position of the matching item; according to the method, reference bitmaps of tabB and ALL _ tab are respectively constructed, and reference bitmaps of minimum matching dimensions of library name, influencing line number and command are continuously constructed, so that a table name bitmap set, a library name bitmap set, an influencing line number bitmap set and a command bitmap set of each minimum matching dimension are constructed.
There are many forms of constructing the bitmap, and the present invention is not limited thereto. For example, a possible implementation manner may be the vertical list illustrated in fig. 6, the horizontal list, or the tree structure.
As shown in fig. 7, a reference bitmap matching the dimension "rule" to the policy is constructed, i.e., "rule 0", "rule 1", and "rule 2" to the policy, respectively. For "rule 0" located in the matching dimension "rule", it appears in policy 0, but does not appear in policy 1, then policy 0 and policy 1 have 1, 0, respectively, at that bit position. In the same way, rule 1 and rule 2 are constructed into reference bitmaps of the strategy, so that a 'rule' bitmap set with the maximum matching dimension is constructed.
The following data packet is operated with the obtained one database, and the result "table name" is obtained by parsing: tabB; library name: baseA; the number of impact lines: 0; command: "as an example, the policy matching process of the data to be matched is described with reference to fig. 8 and fig. 9. It should be noted here that the general techniques for acquiring and parsing the data packet may be adopted, and the specific techniques are not limited in scope by the present invention.
Firstly, looking up "tabB" in the "table name" bitmap set in fig. 6, knowing that rule 1 contains "tabB", or "rule 1 is hit, and meanwhile, since" ALL _ tab "indicates unlimited or ALL contained, so that it should be hit, performing" or "operation on" tabB "bitmap and" ALL _ tab "bitmap in the" table name "bitmap set bit by bit to obtain" table name "bitmap hit by the data to be matched as shown in fig. 8, that is, obtaining that the values of corresponding bits of rule 1 and rule 2 are both 1, indicating" table name: tabB "hits both rule 1 and rule 2. Of course, if no "tabB" is found in the "table name" bitmap set, it indicates that the unmatching is successful, and the matching is ended.
According to the above method, "library names: baseA "library name" bitmap hit, "influence line number: 0 "hit" impact line number "bitmap," command: the update "hit" command "bitmap. In practice, parallel processes can be created, the matching processes of all the conditions are processed respectively and simultaneously, as long as one condition is not successfully matched, a result of failed matching can be output, matching of the previous dimension is performed only if all the conditions are successfully matched, and the matching processing speed can be further improved. Of course, according to the requirement, not all conditions are hit to match successfully, and matching success can be output as long as a specific partial condition is hit.
And (3) carrying out AND operation on the hit condition bitmaps bit by bit to obtain a rule bitmap with matched data hit, namely, the rule 1 and the rule 2 are hit.
In the "rule" bitmap set in fig. 7, "rule 1" is searched to hit policy 1, and "rule 2" does not hit the policy, as shown in fig. 9, the hit "rule 1" bitmap and "rule 2" bitmap are subjected to bitwise or "operation" to obtain a "policy" bitmap hit by the data to be matched, that is, to indicate that policy 1 is hit, so far, the matching process is finished, and the hit "policy 1" is output.
The technical scheme is different from the existing top-down matching mode, and the matching is carried out from the lowest matching dimension to the strategy; the duplication removing operation can be carried out in the matching process of each stage of matching dimensionality, so that the comparison result of each matching is effective and useful, the performance utilization and matching processing efficiency is improved, and the efficient output of the audit strategy is facilitated.
Example four
As shown in fig. 10, a policy matching apparatus includes:
the preprocessing module is used for preprocessing the created strategies and the matching dimensions thereof, specifying the hierarchical structure of the matching dimensions and creating a set of the matching dimensions at each level;
the preprocessing module is further configured to construct a reference bitmap of each level of matching dimension before data matching, including: setting a first matching dimension, a second matching dimension and a third matching dimension from top to bottom, wherein the next matching dimension set forms a previous matching dimension, and constructing a reference bitmap of the third matching dimension comprises the following steps: for each third matching dimension, establishing a bit sequence of first matching dimensions, wherein each first matching dimension occupies one bit; according to whether the first matching dimension contains the third matching dimension, corresponding bit position is 1 or 0; according to the method, a reference bitmap of each level of matching dimensionality is constructed step by step from bottom to top;
the analysis module is used for analyzing the data to be matched to obtain the minimum matching dimension and the content of the data;
the matching module is used for judging whether the matching dimensionality is hit or not step by step from bottom to top until the strategy is hit when the strategy matching is carried out on the data to be matched;
the matching module is further used for searching the reference bitmaps of all levels of matching dimensions step by step from bottom to top according to the specific content of the data to be matched, summarizing the searched reference bitmaps, and performing AND operation on the values of the same bit position respectively to obtain a more previous level of matching dimension bitmap until the corresponding strategy is found through the maximum matching dimension reference bitmap.
In addition, the technical scheme of the invention also comprises the following steps: a policy matching device comprising a memory, a processor and a policy matching program stored on the memory and executable on the processor, the policy matching program when executed by the processor implementing the steps of the policy matching method as described in embodiments one to three.
A computer-readable storage medium having a policy matching program stored thereon, the policy matching program, when executed by a processor, implementing the steps of the policy matching method according to embodiments one to three; the storage medium, such as: ROM/RAM, magnetic disk, optical disk, etc.
Various modifications to the above-described embodiments of the disclosed embodiments will be readily apparent to those skilled in the art. The present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A policy matching method, comprising:
determining, according to the matching dimension hierarchy of the composition policy: forming a maximum matching dimension set of the strategy, forming a next-level matching dimension set of the current-level matching dimension until forming a matching item set of the minimum matching dimension;
analyzing the data to be matched to obtain the content of each minimum matching dimension, judging whether the content of each minimum matching dimension hits the matching item set of the corresponding dimension, summarizing the minimum matching dimension corresponding to the hit matching item set, and obtaining the minimum matching dimension set hit by the data to be matched;
judging whether the minimum matching dimension set hits the upper-level matching dimension, summarizing the hit upper-level matching dimension to obtain the upper-level matching dimension set hit by the data to be matched,
and continuously judging whether each level of matching dimensionality is hit upwards step by step until whether the maximum matching dimensionality set hits the strategy is judged.
2. The policy matching method according to claim 1, wherein if the data to be matched hits all level matching dimensions and policies from bottom to top, the policy of [ I1] is output; if at most one matching item set or one-level matching dimension is missed, the matching process is ended, and the strategy matching is judged to fail.
3. The policy matching method according to claim 1, wherein before performing data matching, a reference bitmap from each matching dimension to a previous matching dimension is constructed, specifically including: setting a first matching dimension, a second matching dimension and a third matching dimension from top to bottom of the hierarchy; constructing the reference bitmap for the second matching dimension comprises, for each third matching dimension constituting the second matching dimension, establishing a sequence of bits for the first matching dimension, wherein each first matching dimension occupies one bit; according to whether the first matching dimension contains the third matching dimension, corresponding bit position is 1 or 0;
if the third matching dimension is the minimum matching dimension, constructing a reference bitmap from the minimum matching dimension to the second matching dimension, including: establishing a bit sequence of a second matching dimension for each matching item forming the minimum matching dimension, wherein each upper-level matching dimension occupies one bit; according to whether the corresponding upper-level matching dimension contains the matching item, the corresponding bit position is 1 or 0;
if the first matching dimension is the maximum matching dimension, constructing a reference bitmap which is maximally matched to the strategy, wherein the reference bitmap comprises: for each second matching dimension, establishing a bit sequence of strategies, wherein each strategy occupies one bit; and according to whether the strategy contains the second matching dimension, corresponding bit position 1 or 0 is selected.
4. The policy matching method according to claim 3, wherein an order of matching items in a set of matching items constituting a minimum matching dimension is specified, and an order of lower-level matching dimensions in a set of lower-level matching dimensions constituting a current-level matching dimension is specified;
the bit sequences of each level of matching dimension are consistent with the corresponding specified sequence.
5. The policy matching method according to claim 3 or 4, wherein the process of data matching specifically comprises:
arranging the minimum matching dimension and the content of the data to be matched according to the specified sequence of the minimum matching dimension;
according to the content of the minimum matching dimension, searching matching item reference bitmaps of corresponding dimensions, summarizing all the searched matching item reference bitmaps, and respectively carrying out AND operation on values of the same bit to obtain a last-stage matching dimension bitmap of the minimum matching dimension, wherein the last-stage matching dimension bitmap is used for identifying the last-stage matching dimension matched with the matching data;
and according to the steps, continuing to sequentially match the reference bitmaps of all levels of matching dimensions from bottom to top until the corresponding strategy is found through the reference bitmap of the maximum matching dimension.
6. The policy matching method according to claim 5, wherein the order of each matching dimension is consistent with the ID order when the matching dimension is created.
7. A policy matching apparatus, comprising:
the preprocessing module is used for preprocessing the created strategies and the matching dimensions thereof, specifying the hierarchical structure of the matching dimensions and creating a set of the matching dimensions at each level;
the analysis module is used for analyzing the data to be matched to obtain the minimum matching dimension and the content of the data;
and the matching module is used for judging whether the matching dimensionality is hit or not step by step from bottom to top until the strategy is hit when the strategy is matched with the data to be matched.
8. The policy matching apparatus according to claim 7,
the preprocessing module is further configured to construct a reference bitmap of each level of matching dimension before data matching, including: setting a first matching dimension, a second matching dimension and a third matching dimension from top to bottom, wherein the next matching dimension set forms a previous matching dimension, and constructing a reference bitmap of the third matching dimension comprises the following steps: for each third matching dimension, establishing a bit sequence of first matching dimensions, wherein each first matching dimension occupies one bit; according to whether the first matching dimension contains the third matching dimension, corresponding bit position is 1 or 0; according to the method, a reference bitmap of each level of matching dimensionality is constructed step by step from bottom to top;
the matching module is further used for searching the reference bitmaps of all levels of matching dimensions step by step from bottom to top according to the specific content of the data to be matched, summarizing the searched reference bitmaps, and performing AND operation on the values of the same bit position respectively to obtain a more previous level of matching dimension bitmap until the corresponding strategy is found through the maximum matching dimension reference bitmap.
9. A policy matching device, characterized in that the policy matching device comprises a memory, a processor and a policy matching program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the policy matching method according to any of claims 1-6.
10. A computer-readable storage medium, having stored thereon a policy matching program which, when executed by a processor, implements the steps of the policy matching method according to any one of claims 1-6.
CN202010991949.8A 2020-09-21 2020-09-21 Strategy matching method, device, equipment and readable storage medium Pending CN112347138A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010991949.8A CN112347138A (en) 2020-09-21 2020-09-21 Strategy matching method, device, equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010991949.8A CN112347138A (en) 2020-09-21 2020-09-21 Strategy matching method, device, equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN112347138A true CN112347138A (en) 2021-02-09

Family

ID=74357951

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010991949.8A Pending CN112347138A (en) 2020-09-21 2020-09-21 Strategy matching method, device, equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN112347138A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113360939A (en) * 2021-06-02 2021-09-07 北京天空卫士网络安全技术有限公司 Control method and device for security access
CN113837718A (en) * 2021-09-14 2021-12-24 桂林长海发展有限责任公司 Method and system for distributing approval process, storage medium and electronic equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113360939A (en) * 2021-06-02 2021-09-07 北京天空卫士网络安全技术有限公司 Control method and device for security access
CN113837718A (en) * 2021-09-14 2021-12-24 桂林长海发展有限责任公司 Method and system for distributing approval process, storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
US11716349B2 (en) Machine learning detection of database injection attacks
CN110602029B (en) Method and system for identifying network attack
US20090030888A1 (en) Techniques for scoring and comparing query execution plans
CN112347138A (en) Strategy matching method, device, equipment and readable storage medium
CN111262730B (en) Method and device for processing alarm information
CN110704816B (en) Interface cracking recognition method, device, equipment and storage medium
CN110505202B (en) Attack organization discovery method and system
CN105825137A (en) Method and device determining sensitive data diffusion behavior
CN111026765A (en) Dynamic processing method, equipment, storage medium and device for strictly balanced binary tree
US20070156712A1 (en) Semantic grammar and engine framework
US20070185703A1 (en) Method, Computer Program and Apparatus for Analysing Symbols in a Computer System
CN112528325B (en) Data information security processing method and system
CN113360522A (en) Method and device for quickly identifying sensitive data
CN117294673B (en) Data resource processing method, data resource processing device and storage medium
CN110995747A (en) Distributed storage security analysis method
CN113515493B (en) Log association method and device
CN111369352B (en) Joint modeling method, apparatus, and medium
CN114900339B (en) Intrusion detection method, intrusion detection system, intrusion detection equipment and storage medium
CN117493663A (en) Method and system for sorting and policy engine matching based on self-adaptive rules
CN116881254A (en) Historical transaction replay method and system based on intelligent contract
CN115357506A (en) Test case generation method and device, storage medium and equipment
CN115118498A (en) Vulnerability data analysis method and system based on relevance
CN112446812A (en) Block chain based government affair information automatic pushing method and terminal
CN107193972A (en) A kind of sorted users method and device based on big data
CN116303317A (en) Log processing method and device for lua program interface and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination