CN112711772A - Auditing system, method and storage medium for function execution in service - Google Patents
Auditing system, method and storage medium for function execution in service Download PDFInfo
- Publication number
- CN112711772A CN112711772A CN202011619719.5A CN202011619719A CN112711772A CN 112711772 A CN112711772 A CN 112711772A CN 202011619719 A CN202011619719 A CN 202011619719A CN 112711772 A CN112711772 A CN 112711772A
- Authority
- CN
- China
- Prior art keywords
- information
- auditing
- service
- record
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 230000006870 function Effects 0.000 claims abstract description 64
- 238000012550 audit Methods 0.000 claims abstract description 38
- 238000004891 communication Methods 0.000 claims abstract description 17
- 230000002159 abnormal effect Effects 0.000 claims description 36
- 238000001514 detection method Methods 0.000 claims description 20
- 230000001960 triggered effect Effects 0.000 claims description 18
- 230000005856 abnormality Effects 0.000 claims description 8
- 239000000126 substance Substances 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 9
- 230000008878 coupling Effects 0.000 description 8
- 238000010168 coupling process Methods 0.000 description 8
- 238000005859 coupling reaction Methods 0.000 description 8
- 230000008014 freezing Effects 0.000 description 8
- 238000007710 freezing Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000009193 crawling Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Abstract
The invention discloses an auditing system, method and storage medium when function execution in service, the system includes: the method comprises the following steps of operating an audit SDK, operating an audit background center, caching and a database; the operation auditing background center is respectively in communication connection with the operation auditing SDK, the cache and the database, and the operation auditing SDK comprises an operation interceptor, an operation analyzer, an information transmitter and an exception handler; the operation interceptor, the operation resolver, the information transmitter and the exception handler are sequentially in communication connection. Therefore, by adopting the embodiment of the application, the functions in the service can be effectively protected, and the data loss caused by malicious triggering of the functions is further prevented, so that the data security is improved.
Description
Technical Field
The invention relates to the technical field of computer software, in particular to an auditing system and method for function execution in service and a storage medium.
Background
In a system involving sensitive data, for security, it is necessary to record the content of operations that have occurred in the system, detect abnormal behavior, and protect the data in the system. For example, in the medical field, most of the relevant data of patients belong to sensitive data or private data, any operation of viewing, modifying data and the like needs to be strictly recorded and audited, and in case of abnormal conditions (cross-site operation and high-frequency operation), operation blocking is carried out and relevant information is provided for an administrator.
In the existing auditing scheme, the common mode of adding operation auditing can be to embed related functions directly in a service system of the system, the embedded mode can accurately record and audit operations and ensure the safety of data, but a certain code coupling degree can be introduced, when systems and projects needing related operations are increased, each project needs to be coded and maintained with the related functions, and the maintenance cost is higher. Another way is to separate the auditing function from each project and use a set of general auditing modules suitable for multiple projects. The method solves the problem of code coupling, can use the same system for auditing in a plurality of projects, and reduces the maintenance cost. However, when different items have different requirements for the operation auditing manner in different scenes, the general auditing rule cannot ensure that corresponding processing can be normally performed in response to different requirements, and cannot ensure the accuracy of the required information in each specific scene.
Disclosure of Invention
The embodiment of the application provides an auditing system and method during function execution in service and a storage medium. The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. This summary is not an extensive overview and is intended to neither identify key/critical elements nor delineate the scope of such embodiments. Its sole purpose is to present some concepts in a simplified form as a prelude to the more detailed description that is presented later.
In a first aspect, an embodiment of the present application provides an auditing system when a function in a service is executed, where the system includes:
the method comprises the following steps of operating an audit SDK, operating an audit background center, caching and a database; wherein the content of the first and second substances,
and the operation auditing background center is respectively in communication connection with the operation auditing SDK, the cache and the database.
Optionally, the operation audit SDK includes an operation interceptor, an operation parser, an information transmitter, and an exception handler; wherein the content of the first and second substances,
the operation interceptor, the operation resolver, the information transmitter and the exception handler are in communication connection in sequence.
Optionally, the exception handler is communicatively coupled to the operation interceptor.
Optionally, the operation audit background center comprises an information receiver, a recording memory, an anomaly detector and an information display; wherein the content of the first and second substances,
the information receiver is respectively in communication connection with the information transmitter, the abnormality detector and the recording memory;
the abnormality detector is in communication connection with the cache;
the record memory, the database and the information display platform are sequentially in communication connection.
Optionally, the operation audit SDK is used for accessing a service to be audited, intercepting a trigger operation for the service to generate interception information, analyzing the interception information according to an audit rule in a preset custom configuration file, and sending the intercepted information to the operation audit background center;
the operation auditing background center is used for carrying out abnormity detection on the interception information sent by the operation auditing SDK to generate a detection result, and storing and feeding back the detection result to the operation auditing SDK;
the cache is used for storing the interception information;
and the database is used for storing the early warning information.
In a second aspect, an embodiment of the present application provides an auditing method for function execution in a service, which is applied to an operation interceptor, and includes:
when it is monitored that a specified function in the audited service is triggered and executed, intercepting the triggered specified function and generating interception information; the interception information at least comprises method parameters and return values in the triggered specified function;
and sending the interception information to an operation resolver.
In a third aspect, an embodiment of the present application provides an auditing method for function execution in a service, which is applied to an operation parser, and the method includes:
receiving interception information sent by an operation interceptor aiming at an operation analyzer;
obtaining an auditing rule contained in a pre-configured configuration file;
analyzing and integrating the interception information based on the audit rule to generate an operation record;
transmitting the operation record to an information transmitter, and transmitting the operation record to an information receiver based on the information transmitter;
sending the operation record to a record memory based on the information receiver;
and sending the operation information to a database for saving based on the record memory.
In a fourth aspect, an embodiment of the present application provides an auditing method for function execution in service, which is applied to an anomaly detector, and the method includes:
receiving an operation record based on the information receiver;
acquiring a historical operation record;
comparing and detecting the operation record with the historical operation record to generate a detection result;
and generating abnormal information when the detection result shows abnormal operation, and sending the abnormal information to the abnormal processor.
In a fifth aspect, an embodiment of the present application provides an auditing method for function execution in a service, which is applied to an exception handler, and the method includes:
and when receiving the exception information sent by the exception detector, performing exception handling aiming at exception handling setting provided by a specified configuration file corresponding to the triggered specified function.
In a sixth aspect, embodiments of the present application provide a computer storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the above-mentioned method steps.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
in the auditing system provided by the embodiment of the application, the operation interceptor intercepts functional operations triggered by a user to generate interception information and sends the interception information to the operation analyzer, the operation analyzer analyzes and integrates the captured information according to an auditing rule example configured in a configuration file to generate an operation record, the generated detailed and complete operation record is stored in a database or sent to an anomaly detector through a record storage according to the rule example, the anomaly detector receives the operation record and then compares the stored historical operation record to detect whether the operation record is abnormal operation or function freezing, if the operation record is abnormal operation, the information is sent to an anomaly processor, designated early warning feedback is carried out according to the auditing rule example, and the operation interceptor returns to a specific project. Because the operation auditing function is added to the projects in a code-intrusion-free mode and the use mode of configuring the specific auditing rule according to the specific requirements is provided, the coupling degree of the operation auditing codes in the system is reduced, the project can define the specific auditing rule according to the requirements, and the auditing accuracy is further ensured.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
FIG. 1 shows a schematic diagram of the general architecture of an operational audit system of the present invention;
FIG. 2 is a schematic diagram of an auditing system when a function in a service is executed according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a method for auditing execution of functions in a service according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a method for auditing the execution of functions in another service provided by an embodiment of the present application;
FIG. 5 is a schematic diagram of a method for auditing the execution of functions in another service provided by an embodiment of the present application;
FIG. 6 is a schematic diagram of a method for auditing the execution of functions in another service provided by an embodiment of the present application;
fig. 7 is a schematic diagram of deployment of an auditing system when a function in a service is executed according to an embodiment of the present application.
Detailed Description
The following description and the drawings sufficiently illustrate specific embodiments of the invention to enable those skilled in the art to practice them.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of systems and methods consistent with certain aspects of the invention, as detailed in the appended claims.
In the description of the present invention, it is to be understood that the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art. In addition, in the description of the present invention, "a plurality" means two or more unless otherwise specified. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
Referring to fig. 1, fig. 1 shows a general structural diagram of an operation auditing system of the present invention, when a specified functional operation is executed in an audited service, an operation interceptor intercepts the operation, and sending the intercepted information to an operation analyzer, the operation analyzer analyzes and integrates the captured information according to the audit rule example configured in the configuration file, stores the generated detailed and complete operation record into a database or sends the detailed and complete operation record to an abnormality detector through a record memory according to the rule example, the abnormality detector receives the operation record and then compares the operation record with a stored historical operation record to detect whether the operation record is abnormal operation or function freezing, if the operation record is abnormal operation, the information is sent to an abnormality processor, and performing appointed early warning feedback according to the audit rule example, and returning to a specific project through the operation interceptor.
Referring to fig. 2, fig. 2 is a schematic diagram of an auditing system when a function in a service is executed according to an embodiment of the present application, where the system includes: the method comprises the following steps of operating an audit SDK, operating an audit background center, caching and a database; the operation auditing background center is respectively in communication connection with the operation auditing SDK, the cache and the database.
Specifically, the operation audit SDK comprises an operation interceptor, an operation resolver, an information transmitter and an exception handler; the operation interceptor, the operation resolver, the information transmitter and the exception handler are sequentially in communication connection.
Further, an exception handler is communicatively coupled to the operation interceptor.
Specifically, the operation audit background center comprises an information receiver, a recording memory, an anomaly detector and an information display; the information receiver is respectively in communication connection with the information transmitter, the abnormality detector and the recording memory; the abnormality detector is in communication connection with the cache; the record memory, the database and the information display platform are sequentially in communication connection.
Specifically, the operation audit SDK is used for accessing a service to be audited, intercepting trigger operation aiming at the service to generate interception information, analyzing the interception information according to an audit rule in a preset custom configuration file and then sending the interception information to the operation audit background center; the operation auditing background center is used for carrying out abnormity detection on the interception information sent by the operation auditing SDK to generate a detection result, and storing and feeding back the detection result to the operation auditing SDK; the cache is used for storing the interception information; and the database is used for storing the early warning information.
In the auditing system provided by the embodiment of the application, the operation interceptor intercepts functional operations triggered by a user to generate interception information and sends the interception information to the operation analyzer, the operation analyzer analyzes and integrates the captured information according to an auditing rule example configured in a configuration file to generate an operation record, the generated detailed and complete operation record is stored in a database or sent to an anomaly detector through a record storage according to the rule example, the anomaly detector receives the operation record and then compares the stored historical operation record to detect whether the operation record is abnormal operation or function freezing, if the operation record is abnormal operation, the information is sent to an anomaly processor, designated early warning feedback is carried out according to the auditing rule example, and the operation interceptor returns to a specific project. Because the operation auditing function is added to the projects in a code-intrusion-free mode and the use mode of configuring the specific auditing rule according to the specific requirements is provided, the coupling degree of the operation auditing codes in the system is reduced, the project can define the specific auditing rule according to the requirements, and the auditing accuracy is further ensured.
The following describes in detail an auditing method for performing a function in a service provided by an embodiment of the present application with reference to fig. 3 to 7. The method may be implemented in dependence on a computer program, operable on an auditing means for function execution in a von neumann based service. The computer program may be integrated into the application or may run as a separate tool-like application.
Referring to fig. 3, a schematic flowchart of an auditing method when a function in a service is executed is provided for the embodiment of the present application, and is applied to an operation interceptor. As shown in fig. 3, the method of the embodiment of the present application may include the following steps:
s101, when it is monitored that a designated function in an audited service is triggered and executed, intercepting the triggered designated function and generating interception information; the interception information at least comprises method parameters and return values in the triggered specified function;
and S102, sending the interception information to an operation resolver.
In a possible implementation manner, after triggering a function in a service, a user is detected by an operation interceptor and then intercepted, an operation part of an audited mark in an executing program is intercepted, and parameters, return values and other related information in an executing method are acquired and sent to an operation analyzer.
In the auditing system provided by the embodiment of the application, the operation interceptor intercepts functional operations triggered by a user to generate interception information and sends the interception information to the operation analyzer, the operation analyzer analyzes and integrates the captured information according to an auditing rule example configured in a configuration file to generate an operation record, the generated detailed and complete operation record is stored in a database or sent to an anomaly detector through a record storage according to the rule example, the anomaly detector receives the operation record and then compares the stored historical operation record to detect whether the operation record is abnormal operation or function freezing, if the operation record is abnormal operation, the information is sent to an anomaly processor, designated early warning feedback is carried out according to the auditing rule example, and the operation interceptor returns to a specific project. Because the operation auditing function is added to the projects in a code-intrusion-free mode and the use mode of configuring the specific auditing rule according to the specific requirements is provided, the coupling degree of the operation auditing codes in the system is reduced, the project can define the specific auditing rule according to the requirements, and the auditing accuracy is further ensured.
Referring to fig. 4, a schematic flowchart of an auditing method when a function in a service is executed is provided for the embodiment of the present application, and is applied to an operation parser. As shown in fig. 4, the method of the embodiment of the present application may include the following steps:
s201, receiving interception information sent by an operation interceptor aiming at an operation analyzer;
s202, obtaining an auditing rule contained in a pre-configured configuration file;
s203, analyzing and integrating the interception information based on the audit rule to generate an operation record;
s204, sending the operation record to an information transmitter, and sending the operation record to an information receiver based on the information transmitter;
s205, sending the operation record to a record memory based on the information receiver;
and S206, sending the operation information to the database for saving based on the record memory.
In a possible implementation mode, reading an audit rule appointed in audit configuration information in an item according to a mapping name received by an operation interceptor, analyzing and integrating the intercepted information according to the rule, extracting effective information appointed in the intercepted information, integrating the information with information such as an operation label in the audit rule, generating a detailed and complete operation record, and performing exception detection or record storage according to an audit type of the operation record.
Specifically, when specified operation is executed in the audited service, the operation interceptor intercepts the operation and sends intercepted information to the operation analyzer, the operation analyzer analyzes and integrates the captured information according to an audit rule example configured in a configuration file, generated detailed and complete operation records are stored in a database or sent to an anomaly detector through a record storage according to the rule example, the anomaly detector compares the operation records after receiving the operation records and detects whether the operation records are abnormal operation or function freezing, if the operation records are abnormal operation, the information is sent to an anomaly processor, specified early warning feedback is carried out according to the audit rule example, and the operation interceptor returns to specific projects.
In the auditing system provided by the embodiment of the application, the operation interceptor intercepts functional operations triggered by a user to generate interception information and sends the interception information to the operation analyzer, the operation analyzer analyzes and integrates the captured information according to an auditing rule example configured in a configuration file to generate an operation record, the generated detailed and complete operation record is stored in a database or sent to an anomaly detector through a record storage according to the rule example, the anomaly detector receives the operation record and then compares the stored historical operation record to detect whether the operation record is abnormal operation or function freezing, if the operation record is abnormal operation, the information is sent to an anomaly processor, designated early warning feedback is carried out according to the auditing rule example, and the operation interceptor returns to a specific project. Because the operation auditing function is added to the projects in a code-intrusion-free mode and the use mode of configuring the specific auditing rule according to the specific requirements is provided, the coupling degree of the operation auditing codes in the system is reduced, the project can define the specific auditing rule according to the requirements, and the auditing accuracy is further ensured.
Referring to fig. 5, a schematic flow chart of an auditing method when a function in service is executed is provided for the embodiment of the present application, and is applied to an anomaly detector. As shown in fig. 5, the method of the embodiment of the present application may include the following steps:
s301, receiving an operation record based on the information receiver;
s302, acquiring a historical operation record;
s303, comparing and detecting the operation record with the historical operation record to generate a detection result;
and S304, generating abnormal information when the detection result shows that the abnormal operation is performed, and sending the abnormal information to an abnormal processor.
In a possible implementation manner, the anomaly detector compares an operation record needing anomaly detection with a historical operation record stored in a memory, judges whether the operation is an over-frequency operation, an illegal operation logged in a different place, a malicious frequent crawling information operation and the like, and sends information to the anomaly processor when the anomaly is detected. And analyzing the operation which is judged to be normal, intercepting a main part and storing a time stamp into a memory according to a rule analyzed from the original configuration information in the operation. The abnormal detector extracts a part of operation cache records stored in the memory at regular intervals to detect, and clears the expired data of the operation records exceeding the longest unit time specified by the operation audit, so that the cache operation records do not have excessive expired data.
When receiving the exception notification of the exception detector, the exception handler performs specified exception handling according to exception handling settings provided by the specified configuration file in the operation record, for example: printing log information, returning custom exception information, sending a notification mail to an administrator, sending a user message notification, and the like.
In the auditing system provided by the embodiment of the application, the operation interceptor intercepts functional operations triggered by a user to generate interception information and sends the interception information to the operation analyzer, the operation analyzer analyzes and integrates the captured information according to an auditing rule example configured in a configuration file to generate an operation record, the generated detailed and complete operation record is stored in a database or sent to an anomaly detector through a record storage according to the rule example, the anomaly detector receives the operation record and then compares the stored historical operation record to detect whether the operation record is abnormal operation or function freezing, if the operation record is abnormal operation, the information is sent to an anomaly processor, designated early warning feedback is carried out according to the auditing rule example, and the operation interceptor returns to a specific project. Because the operation auditing function is added to the projects in a code-intrusion-free mode and the use mode of configuring the specific auditing rule according to the specific requirements is provided, the coupling degree of the operation auditing codes in the system is reduced, the project can define the specific auditing rule according to the requirements, and the auditing accuracy is further ensured.
Referring to fig. 6, a schematic flowchart of an auditing method when a function in a service is executed is provided for an embodiment of the present application, and is applied to an exception handler. As shown in fig. 6, the method of the embodiment of the present application may include the following steps:
s401, when receiving the abnormal information sent by the abnormal detector, carrying out abnormal processing aiming at the abnormal processing setting provided by the specified configuration file corresponding to the triggered specified function.
In one possible implementation, when receiving the exception notification from the exception detector, the specified exception handling is performed according to the exception handling setting provided by the specified configuration file in the operation record, for example: printing log information, returning custom exception information, sending a notification mail to an administrator, sending a user message notification, and the like.
The system further comprises a recording memory, the recording memory sorts out information such as operation early warning conditions and the like through the received operation records and the abnormal detection results and stores the information into a database, and therefore managers can quickly lock various abnormal and illegal operations or detect potential problems.
For example, as shown in fig. 7, an audit back office is operated, which includes an information receiver, an anomaly detector, a record memory, and an information presentation. The method is mainly used for receiving information sent by the operation audit SDK, performing exception detection and record storage, and finally returning a result.
And the operation auditing SDK comprises an operation interceptor, an operation resolver, an information transmitter and an exception handler. The system is used for accessing a project needing operation auditing, intercepting information, analyzing the information according to operation auditing requirements in a user-defined configuration file, sending the information to an operation auditing background center, and finally feeding back the information returned by the operation auditing background center to the project.
It should be noted that the present solution may deploy the operation audit SDK at each platform. The SDK is a software development kit.
In the auditing system provided by the embodiment of the application, the operation interceptor intercepts functional operations triggered by a user to generate interception information and sends the interception information to the operation analyzer, the operation analyzer analyzes and integrates the captured information according to an auditing rule example configured in a configuration file to generate an operation record, the generated detailed and complete operation record is stored in a database or sent to an anomaly detector through a record storage according to the rule example, the anomaly detector receives the operation record and then compares the stored historical operation record to detect whether the operation record is abnormal operation or function freezing, if the operation record is abnormal operation, the information is sent to an anomaly processor, designated early warning feedback is carried out according to the auditing rule example, and the operation interceptor returns to a specific project. Because the operation auditing function is added to the projects in a code-intrusion-free mode and the use mode of configuring the specific auditing rule according to the specific requirements is provided, the coupling degree of the operation auditing codes in the system is reduced, the project can define the specific auditing rule according to the requirements, and the auditing accuracy is further ensured.
The present invention also provides a computer readable medium, on which program instructions are stored, which when executed by a processor implement the auditing method when the functions in service provided by the above-mentioned method embodiments are executed.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware that is related to instructions of a computer program, and the program can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory or a random access memory.
The above disclosure is only for the purpose of illustrating the preferred embodiments of the present application and is not to be construed as limiting the scope of the present application, so that the present application is not limited thereto, and all equivalent variations and modifications can be made to the present application.
Claims (10)
1. An auditing system for performance of a function in a service, the system comprising:
the method comprises the following steps of operating an audit SDK, operating an audit background center, caching and a database; wherein the content of the first and second substances,
and the operation audit background center is in communication connection with the operation audit SDK, the cache and the database respectively.
2. An auditing system when function execution in a service according to claim 1,
the operation auditing SDK comprises an operation interceptor, an operation resolver, an information transmitter and an exception handler; wherein the content of the first and second substances,
the operation interceptor, the operation resolver, the information transmitter and the exception handler are sequentially in communication connection.
3. An auditing system for performance of a function in a service according to claim 2,
the exception handler is communicatively coupled to the operation interceptor.
4. An auditing system for performance of a function in a service according to claim 2,
the operation audit background center comprises an information receiver, a recording memory, an anomaly detector and an information display; wherein the content of the first and second substances,
the information receiver is respectively in communication connection with the information transmitter, the abnormality detector and the recording memory;
the anomaly detector is in communication connection with the cache;
the record memory, the database and the information display platform are sequentially in communication connection.
5. An auditing system when function execution in a service according to claim 1,
the operation auditing SDK is used for accessing a service to be audited, intercepting triggering operation aiming at the service to generate interception information, analyzing the interception information according to an auditing rule in a preset custom configuration file and then sending the intercepted information to an operation auditing background center;
the operation auditing background center is used for performing exception detection on the interception information sent by the operation auditing SDK to generate a detection result, storing the detection result and feeding the detection result back to the operation auditing SDK;
the cache is used for storing the interception information;
and the database is used for storing the early warning information.
6. An auditing method for function execution in service, which is applied to an operation interceptor, the method comprising:
when it is monitored that a specified function in an audited service is triggered and executed, intercepting the triggered specified function and generating interception information; wherein, the interception information at least comprises the method parameter and the return value in the triggered appointed function;
and sending the interception information to an operation resolver.
7. An auditing method for function execution in service, which is applied to an operation resolver, and comprises the following steps:
receiving interception information sent by the operation interceptor aiming at the operation resolver;
obtaining an auditing rule contained in a pre-configured configuration file;
analyzing and integrating the interception information based on the audit rule to generate an operation record;
transmitting the operation record to the information transmitter, and transmitting the operation record to an information receiver based on the information transmitter;
sending the operation record to a record storage based on the information receiver;
and sending the operation information to a database for saving based on the record memory.
8. An auditing method for function execution in service, applied to an anomaly detector, the method comprising:
receiving an operation record based on the information receiver;
acquiring a historical operation record;
comparing and detecting the operation record with the historical operation record to generate a detection result;
and generating abnormal information when the detection result shows abnormal operation, and sending the abnormal information to an abnormal processor.
9. An auditing method for function execution in service, applied to an exception handler, the method comprising:
and when receiving the exception information sent by the exception detector, performing exception handling aiming at exception handling setting provided by a specified configuration file corresponding to the triggered specified function.
10. A computer storage medium, characterized in that it stores a plurality of instructions adapted to be loaded by a processor and to perform the method steps according to any of claims 6-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011619719.5A CN112711772A (en) | 2020-12-30 | 2020-12-30 | Auditing system, method and storage medium for function execution in service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011619719.5A CN112711772A (en) | 2020-12-30 | 2020-12-30 | Auditing system, method and storage medium for function execution in service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112711772A true CN112711772A (en) | 2021-04-27 |
Family
ID=75547508
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011619719.5A Pending CN112711772A (en) | 2020-12-30 | 2020-12-30 | Auditing system, method and storage medium for function execution in service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112711772A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114661693A (en) * | 2022-02-21 | 2022-06-24 | 哪吒港航智慧科技(上海)有限公司 | Data auditing realization method, storage medium, electronic equipment and system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR19990027327A (en) * | 1997-09-29 | 1999-04-15 | 정선종 | Real-time analyzer and analysis method of audit data |
| US20060080599A1 (en) * | 2004-09-24 | 2006-04-13 | Encomia, L.P. | Method and system for building audit rule sets for electronic auditing of documents |
| US20080060080A1 (en) * | 2005-12-29 | 2008-03-06 | Blue Jungle | Enforcing Access Control Policies on Servers in an Information Management System |
| US20100333172A1 (en) * | 2008-04-25 | 2010-12-30 | Wu Jiang | Method, apparatus and system for monitoring database security |
| US20130191631A1 (en) * | 2012-01-24 | 2013-07-25 | Ssh Communications Security Corp | Auditing and policy control at SSH endpoints |
| US20190171633A1 (en) * | 2017-11-13 | 2019-06-06 | Lendingclub Corporation | Multi-system operation audit log |
| CN110109678A (en) * | 2019-05-08 | 2019-08-09 | 广东电网有限责任公司 | A kind of code audit rule library generating method, device, equipment and medium |
| CN111666205A (en) * | 2020-04-24 | 2020-09-15 | 杭州传化智能制造科技有限公司 | Data auditing method, system, computer equipment and storage medium |
-
2020
- 2020-12-30 CN CN202011619719.5A patent/CN112711772A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR19990027327A (en) * | 1997-09-29 | 1999-04-15 | 정선종 | Real-time analyzer and analysis method of audit data |
| US20060080599A1 (en) * | 2004-09-24 | 2006-04-13 | Encomia, L.P. | Method and system for building audit rule sets for electronic auditing of documents |
| US20080060080A1 (en) * | 2005-12-29 | 2008-03-06 | Blue Jungle | Enforcing Access Control Policies on Servers in an Information Management System |
| US20100333172A1 (en) * | 2008-04-25 | 2010-12-30 | Wu Jiang | Method, apparatus and system for monitoring database security |
| US20130191631A1 (en) * | 2012-01-24 | 2013-07-25 | Ssh Communications Security Corp | Auditing and policy control at SSH endpoints |
| US20190171633A1 (en) * | 2017-11-13 | 2019-06-06 | Lendingclub Corporation | Multi-system operation audit log |
| CN110109678A (en) * | 2019-05-08 | 2019-08-09 | 广东电网有限责任公司 | A kind of code audit rule library generating method, device, equipment and medium |
| CN111666205A (en) * | 2020-04-24 | 2020-09-15 | 杭州传化智能制造科技有限公司 | Data auditing method, system, computer equipment and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114661693A (en) * | 2022-02-21 | 2022-06-24 | 哪吒港航智慧科技(上海)有限公司 | Data auditing realization method, storage medium, electronic equipment and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7084760B2 (en) | System, method, and program product for managing an intrusion detection system | |
| US8621624B2 (en) | Apparatus and method for preventing anomaly of application program | |
| CN101473333B (en) | Method and system for intrusion detection | |
| US20090106843A1 (en) | Security risk evaluation method for effective threat management | |
| US20030131256A1 (en) | Managing malware protection upon a computer network | |
| US20080229149A1 (en) | Remote testing of computer devices | |
| KR20180032566A (en) | Systems and methods for tracking malicious behavior across multiple software entities | |
| JP6523582B2 (en) | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING PROGRAM | |
| US11893110B2 (en) | Attack estimation device, attack estimation method, and attack estimation program | |
| CN113632432A (en) | Method and device for judging attack behavior and computer storage medium | |
| US9860261B2 (en) | System for analyzing and maintaining data security in backup data and method thereof | |
| US20070169198A1 (en) | System and method for managing pestware affecting an operating system of a computer | |
| CN112511387A (en) | Network attack monitoring system based on multi-source information analysis | |
| CN109784051B (en) | Information security protection method, device and equipment | |
| US20070168694A1 (en) | System and method for identifying and removing pestware using a secondary operating system | |
| CN112711772A (en) | Auditing system, method and storage medium for function execution in service | |
| KR20110087826A (en) | Method for detecting malware using vitual machine | |
| US8341428B2 (en) | System and method to protect computing systems | |
| CN116204876A (en) | Abnormality detection method, apparatus, and storage medium | |
| JP7078562B2 (en) | Computer system, analysis method of impact of incident on business system, and analysis equipment | |
| US11763004B1 (en) | System and method for bootkit detection | |
| CN112468515A (en) | Network attack monitoring method based on multi-source information analysis | |
| CN114640529B (en) | Attack protection method, apparatus, device, storage medium and computer program product | |
| JP2007213521A (en) | Monitoring result recording system, common log generation device, and program | |
| CN111600893B (en) | Lexus software defense method, device, storage medium, processor and host |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |