CN112948822A - Big data audit scene analysis method and system applied to intelligent education system - Google Patents
Big data audit scene analysis method and system applied to intelligent education system Download PDFInfo
- Publication number
- CN112948822A CN112948822A CN202110240968.1A CN202110240968A CN112948822A CN 112948822 A CN112948822 A CN 112948822A CN 202110240968 A CN202110240968 A CN 202110240968A CN 112948822 A CN112948822 A CN 112948822A
- Authority
- CN
- China
- Prior art keywords
- message
- information
- monitoring
- risk
- intelligent education
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012550 audit Methods 0.000 title claims abstract description 51
- 238000004458 analytical method Methods 0.000 title claims abstract description 27
- 238000012544 monitoring process Methods 0.000 claims abstract description 114
- 238000012545 processing Methods 0.000 claims abstract description 60
- 238000000034 method Methods 0.000 claims abstract description 43
- 230000005540 biological transmission Effects 0.000 claims description 15
- 238000012423 maintenance Methods 0.000 claims description 8
- 230000003068 static effect Effects 0.000 claims description 8
- 238000007726 management method Methods 0.000 description 10
- 230000000694 effects Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 241000233805 Phoenix Species 0.000 description 2
- 238000012954 risk control Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/32—Monitoring with visual or acoustical indication of the functioning of the machine
- G06F11/324—Display of status information
- G06F11/327—Alarm or error message display
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a big data audit scene analysis method and system applied to an intelligent education system, wherein the method comprises the following steps: dividing the intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number; scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and obtaining the message sent to a target window; and analyzing and processing the message sent to the target window to determine whether risks exist in the big data processing process. The system comprises modules corresponding to the steps of the method.
Description
Technical Field
The invention provides a big data audit scene analysis method and system applied to an intelligent education system, and belongs to the technical field of intelligent education.
Background
The most direct problem brought by various diversified tools under a big data Hadoop ecosystem is that diversified programming languages and diversified programming interfaces increase the safety audit coverage of big data and enhance the data analysis difficulty of the big data. Therefore, effective auditing needs to be realized under the Hadoop big data architecture environment, various UI management interfaces and various programming interfaces need to be audited simultaneously, and the system has the capability of analyzing various protocols and programming languages of the Hadoop architecture. The auditing difficulty can be summarized as follows:
1. hadoop big data unstructured data (NO SQL), the traditional scheme can not realize the comprehensive security monitoring of the data;
2. the diversification of database connection tools in Hadoop, the traditional scheme can only carry out safety monitoring on a typical C/S client access mode, and a comprehensive management means is lacked;
3. the Hadoop open interface and platform, and the information network sharing result in the increase of data risk points and increase of channels for stealing and divulging secrets;
when the Hadoop is applied to a large-scale intelligent education platform system, the risk monitoring and management capability is often low due to the auditing difficulty, so that the data access risk of the large-scale intelligent education platform is increased.
Disclosure of Invention
The invention provides a big data audit scene analysis method and a big data audit scene analysis system applied to an intelligent education system, which are used for solving the problem of low risk management capability of the existing intelligent education system, and adopt the following technical scheme:
a big data audit scenario analysis method applied to a smart education system, the method comprising the following steps:
dividing the intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number;
scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and obtaining the message sent to a target window;
and analyzing and processing the message sent to the target window to determine whether risks exist in the big data processing process.
Further, the scanning is performed on each audit unit, a hook point is obtained, a hook function is embedded in the hook point, an event message generated by each audit unit is monitored, and message interception is performed, including:
searching a Java layer in a system object in the intelligent education system meeting the specified requirements as a hook point;
putting the hook function into the business logic of the intelligent education system object to be processed and analyzed for execution;
event messages of business logic needing to be processed and analyzed in the intelligent education system in the execution process are monitored through a hook function, and messages sent to a target window are intercepted.
Further, the hook point required by the regulation satisfies the following condition: the system object is a static object.
Further, analyzing and processing the message sent to the target window to determine whether a risk exists in the big data processing process, including:
setting a message storage unit in a storage area of the intelligent education system, and dividing the storage area of the message storage unit, wherein the storage areas correspond to the auditing units one by one;
copying the message contents sent to the target window in sequence according to the generation time of the message, generating corresponding message files according to the copied message contents, and sequentially storing the message files into each storage area in the message storage unit from early to late according to the generation time of the message;
scanning, analyzing and identifying the messages in the message file of each storage area, identifying whether the information or codes in the messages have risk information or codes stored in a database, and if the risk information or codes stored in the database do not exist, indicating the safety of the messages and allowing the messages to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message;
marking the sending node which sends the risky message, setting a monitoring time period for the sending node, and individually monitoring the event message generated by the sending node;
and in a set monitoring period, monitoring each message information sent by the sending node in real time, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
Further, the monitoring time is set by the following process:
judging whether a sending node sending a message with risk sends information with risk for the first time, if the sending node sends the information with risk for the first time in the current operation process of the intelligent education system, setting the length of a monitoring time interval through a monitoring time first setting model, wherein the monitoring time first setting model is as follows:
when n is 1, n-1 is 1, and
wherein, T1Representing a monitoring period length obtained by an over-monitoring time first setting model; n represents the number of times that the sending node sends the message on the day; delta TiRepresenting a time interval between the transmission node transmitting the message i +1 times and transmitting the information i times; Δ T represents the time interval between the current transmission of risky message information by the transmitting node and the previous transmission of the message; delta TminThe minimum value of the time interval for sending the message in the current day by the sending node is represented; delta TmaxThe maximum value of the time interval of sending the message in the current day is represented by the sending node; t is0Indicating the length of the preset initial monitoring period; delta1Representing the time adjustment coefficient, δ1The value range of (A) is 0.83-0.94;
if the party node does not send risky message information for the first time in the current operation process of the intelligent education system, setting the monitoring time period length through a monitoring time second setting model, wherein the monitoring time second setting model is as follows:
wherein, T2Representing a monitoring period length obtained by the excess monitoring time second setting model; delta2Representing the time adjustment coefficient, δ2The value range of (A) is 1.13-1.28; m represents the number of times of the sending node of the message information with risks in the current day, Delta TliRepresents the time interval between the i +1 th transmission of the risky message information and the i th transmission of the risky message information by the transmitting node.
Further, the risk index of the transmitting node is calculated by the following formula:
wherein, H represents the risk index, T represents the operation duration of the intelligent education system on the day, L1、L2And L3Respectively representing a preset first unit index value, a preset second unit index value and a preset third unit index value, L1、L2And L3Are all natural constants.
A big data audit scenario analysis system applied to a smart education system, the system comprising:
the unit division module is used for dividing the intelligent education platform into k audit units according to different implementation functions, wherein k is a natural number;
the hook embedding module is used for scanning each audit unit to acquire a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and acquiring the message sent to a target window;
and the risk processing module is used for analyzing and processing the message sent to the target window and determining whether a risk exists in the big data processing process.
Further, the hook embedding module comprises:
the searching module is used for searching the Java layer as a hook point in a system object in the intelligent education system meeting the specified requirements;
the execution module is used for putting the hook function into the business logic of the intelligent education system object to be processed and analyzed to be executed;
and the message acquisition module is used for monitoring event messages of the business logic needing processing and analysis in the intelligent education system in the execution process through a hook function and simultaneously intercepting messages sent to the target window.
Further, the hook point required by the regulation satisfies the following condition: the system object is a static object.
Further, the risk processing module includes:
the intelligent education system comprises a storage division module, a data processing module and an auditing module, wherein the storage division module is used for setting a message storage unit in a storage area of the intelligent education system and dividing the storage area of the message storage unit, and the storage areas correspond to the auditing units one to one;
the information dividing module is used for copying the message contents sent to the target window in sequence according to the generation time of the message, generating corresponding message files according to the copied message contents, and sequentially storing the message files into each storage area in the message storage unit from early to late according to the generation time of the message;
the scanning identification module is used for scanning, analyzing and identifying the messages in the message files of each storage area, identifying whether the information or codes in the messages have risk information or codes stored in the database, and if the risk information or codes stored in the database do not exist, indicating that the messages are safe and allowing the messages to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message;
the marking module is used for marking the sending node which sends the information with risks, setting a monitoring time interval aiming at the sending node and independently monitoring the event information generated by the sending node;
and the monitoring module is used for monitoring each message information sent by the sending node in real time in a set monitoring time period, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, the intelligent education system gives an alarm to prompt operation and maintenance personnel to carry out risk processing.
The invention has the beneficial effects that:
according to the big data audit scene analysis method and system applied to the intelligent education system, the audit units are divided on the basis of functions, so that the management efficiency and the message monitoring degree of audit management can be effectively improved. Meanwhile, the capturing efficiency of the messages sent by all nodes of the intelligent education system can be effectively improved through the hook function, the capturing success rate of the messages sent by all nodes of the intelligent education system is effectively improved, and the number of missed message capturing is reduced. On the other hand, the big data audit scene analysis method and the big data audit scene analysis system applied to the intelligent education system can effectively improve the monitoring processing efficiency and the monitoring processing strength of the message information risks, improve the Fengxia monitoring strength of the whole intelligent education system, and greatly improve the big data access safety of the intelligent education system.
Drawings
FIG. 1 is a flow chart of the method of the present invention;
fig. 2 is a system block diagram of the system of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
The embodiment of the invention provides a big data audit scenario analysis method applied to an intelligent education system, and as shown in figure 1, the method comprises the following steps:
s1, dividing the intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number;
s2, scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting and obtaining messages sent to a target window;
s3, analyzing and processing the message sent to the target window, and determining whether a risk exists in the big data processing process.
The method includes the steps of scanning each audit unit, obtaining a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting messages, and comprises the following steps:
s201, searching a Java layer in a system object in the intelligent education system meeting the specified requirements to serve as a hook point;
s202, putting the hook function into a business logic of an intelligent education system object to be processed and analyzed to be executed;
s203, monitoring event messages of the business logic needing to be processed and analyzed in the intelligent education system in the execution process through a hook function, and simultaneously intercepting messages sent to a target window.
Wherein the hook points required by the regulation meet the following conditions: the system object is a static object.
The working principle of the technical scheme is as follows: in order to realize the auditing effect of big data, a Hook technology is adopted, which is also called a Hook function, and is a special message processing mechanism, which can monitor various event messages in a system or a process, intercept and capture messages sent to a target window and process the messages. Therefore, the hook can be customized in the system to monitor the occurrence of specific events in the system, and perform specific functions, such as screen word fetching, log monitoring, keyboard and mouse input interception, and the like. The Hook core can be divided into a thread Hook and a system Hook, and the thread Hook monitors event messages of a specified thread. The system hook monitors all threads in the system for event messages. Specifically, the method comprises the following steps:
firstly, dividing an intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number; then, scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and obtaining the message sent to a target window; and finally, analyzing and processing the message sent to the target window to determine whether risks exist in the big data processing process.
The steps implemented by the Hook technology are also divided into two steps, and the first step is to find a Hook point (Java layer), which must satisfy the following conditions: the Hook method is needed, the object to which the method belongs must be static, because the Hook technology acquires the object through reflection, and the Hook technology acquires the object of the system, a new object cannot be newly acquired, and the object which is created by the system must be used, so that the object which is static can be ensured to be consistent with the object of the system. And secondly, putting the Hook method outside the system for execution, namely putting business logic needing processing and analysis, and based on the solution thought, designing the big data auditing system to carry out secondary development on the big data Hadoop core ecological component, and fusing the Hook technology on the basis of the original code to obtain the operation event message in the component, thereby realizing the auditing of operation application. The method specifically comprises the following steps:
firstly, searching a Java layer in a system object in the intelligent education system meeting the specified requirements as a hook point; then, putting the hook function into the business logic of the intelligent education system object to be processed and analyzed for execution; and finally, monitoring event messages of the business logic needing to be processed and analyzed in the intelligent education system in the execution process through a hook function, and simultaneously intercepting messages sent to a target window.
The effect of the above technical scheme is as follows: by dividing the auditing units based on functions, the management efficiency and the message monitoring strength of auditing management can be effectively improved. Meanwhile, the capturing efficiency of the messages sent by all nodes of the intelligent education system can be effectively improved through the hook function, the capturing success rate of the messages sent by all nodes of the intelligent education system is effectively improved, and the number of missed message capturing is reduced. On the other hand, the monitoring processing efficiency and the dynamics of message information risk can be effectively improved, the Fengxiao monitoring dynamics of the whole intelligent education system is improved, and the data access security of the intelligent education system is improved to a great extent.
In an embodiment of the present invention, analyzing and processing the message sent to the target window to determine whether a risk exists in the big data processing process includes:
s301, setting a message storage unit in a storage area of the intelligent education system, and dividing the message storage unit into storage areas, wherein the storage areas correspond to the auditing units one by one;
s302, copying the message contents sent to the target window in sequence according to the generation time of the message, generating corresponding message files according to the copied message contents, and sequentially storing the message files in each storage area in the message storage unit from early to late according to the generation time of the message;
s303, scanning, analyzing and identifying the message in the message file of each storage area, identifying whether the information or the code in the message has risk information or code stored in a database, if the risk information or the code stored in the database does not exist, indicating that the message is safe, and allowing the message to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message;
s304, marking the sending node which sends the information with risk, setting a monitoring time interval for the sending node, and individually monitoring the event information generated by the sending node;
s305, monitoring each message information sent by the sending node in real time in a set monitoring time period, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
The working principle of the technical scheme is as follows: firstly, setting a message storage unit in a storage area of the intelligent education system, and dividing the storage area of the message storage unit, wherein the storage areas correspond to the auditing units one by one; then, message contents sent to the target window are copied in sequence according to the generation time of the messages, corresponding message files are generated according to the copied message contents, and the message files are sequentially stored in each storage area in the message storage unit from early to late according to the generation time of the messages; then, scanning, analyzing and identifying the message in the message file of each storage area, identifying whether the information or code in the message has risk information or code stored in the database, if the risk information or code stored in the database does not exist, indicating that the message is safe, and allowing the message to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message; then, marking the sending node which sends the information with risk, setting a monitoring time interval for the sending node, and individually monitoring the event information generated by the sending node; and finally, monitoring each message information sent by the sending node in real time in a set monitoring time period, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
The effect of the above technical scheme is as follows: carry out the risk control through above-mentioned mode, can effectively improve the control treatment effeciency and the dynamics of message information risk, get into the phoenix's nephelin control dynamics that improves whole wisdom education system, improved wisdom education system's the big security of data access to a great extent.
In an embodiment of the present invention, the monitoring time is set by the following process:
judging whether a sending node sending a message with risk sends information with risk for the first time, if the sending node sends the information with risk for the first time in the current operation process of the intelligent education system, setting the length of a monitoring time interval through a monitoring time first setting model, wherein the monitoring time first setting model is as follows:
when n is 1, n-1 is 1, and
wherein, T1Representing a monitoring period length obtained by an over-monitoring time first setting model; n represents the number of times that the sending node sends the message on the day; delta TiRepresenting a time interval between the transmission node transmitting the message i +1 times and transmitting the information i times; Δ T represents the time interval between the current transmission of risky message information by the transmitting node and the previous transmission of the message; delta TminThe minimum value of the time interval for sending the message in the current day by the sending node is represented; delta TmaxThe maximum value of the time interval of sending the message in the current day is represented by the sending node; t is0Indicating the length of the preset initial monitoring period; delta1Representing the time adjustment coefficient, δ1The value range of (A) is 0.83-0.94;
if the party node does not send risky message information for the first time in the current operation process of the intelligent education system, setting the monitoring time period length through a monitoring time second setting model, wherein the monitoring time second setting model is as follows:
wherein, T2Representing a monitoring period length obtained by the excess monitoring time second setting model; delta2Representing the time adjustment coefficient, δ2The value range of (A) is 1.13-1.28; m represents the number of times of the sending node of the message information with risks in the current day, Delta TliRepresents the time interval between the i +1 th transmission of the risky message information and the i th transmission of the risky message information by the transmitting node.
The effect of the above technical scheme is as follows: the monitoring time obtained through the formula can be set in a targeted manner according to the actual operation condition of the message sending node, so that the set monitoring time length can effectively meet the requirement that the monitoring module can effectively monitor the risk message sending node, the monitoring time length can meet the judgment time length obtained by the risk index, the accuracy of obtaining the risk index of the subsequent message sending node is effectively improved, the problem that the monitoring efficiency and the strength of the sending node are insufficient due to the fact that the time length is insufficient in the fixed monitoring time length is avoided, and further the accuracy of evaluating the risk index of the subsequent message sending node is caused to be bad influence.
On the other hand, the monitoring time length obtained by the formula is highly matched with the actual message sending condition of the message sending node, so that the monitoring time length can be set to ensure that the sending node is effectively monitored, the running time rationality of the monitoring module can be ensured, the monitoring intensity of the sending node can be improved, the excessive resource consumption of the education system can be effectively reduced, the excessive system resources are prevented from being consumed by overlong monitoring time, and the running load of the system is increased.
The risk index of the transmitting node is calculated by the following formula:
wherein, H represents the risk index, T represents the operation duration of the intelligent education system on the day, L1、L2And L3Respectively representing a preset first unit index value, a preset second unit index value and a preset third unit index value, L1、L2And L3Are all natural constants.
The effect of the above technical scheme is as follows: through the risk index, effective and accurate risk assessment can be performed on each message sending node of the intelligent education system.
The embodiment of the invention provides a big data audit scenario analysis system applied to an intelligent education system, and as shown in fig. 2, the system comprises:
the unit division module is used for dividing the intelligent education platform into k audit units according to different implementation functions, wherein k is a natural number;
the hook embedding module is used for scanning each audit unit to acquire a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and acquiring the message sent to a target window;
and the risk processing module is used for analyzing and processing the message sent to the target window and determining whether a risk exists in the big data processing process.
Wherein the hook embedding module comprises:
the searching module is used for searching the Java layer as a hook point in a system object in the intelligent education system meeting the specified requirements;
the execution module is used for putting the hook function into the business logic of the intelligent education system object to be processed and analyzed to be executed;
and the message acquisition module is used for monitoring event messages of the business logic needing processing and analysis in the intelligent education system in the execution process through a hook function and simultaneously intercepting messages sent to the target window.
Wherein the hook points required by the regulation meet the following conditions: the system object is a static object.
The working principle of the technical scheme is as follows: firstly, dividing the intelligent education platform into k auditing units according to different implementation functions through a unit dividing module, wherein k is a natural number; then, scanning each audit unit by using a hook embedding module to obtain a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and obtaining the message sent to a target window; and then, analyzing and processing the message sent to the target window by using a risk processing module, and determining whether a risk exists in the big data processing process.
The operation process of the hook embedded module comprises the following steps:
firstly, searching a Java layer as a hook point in a system object in the intelligent education system meeting the specified requirements through a searching module; then, an execution module is used for putting the hook function into the business logic of the intelligent education system object to be processed and analyzed to be executed; and finally, monitoring event messages of the business logic needing processing and analysis in the intelligent education system in the execution process by adopting a message acquisition module through a hook function, and simultaneously intercepting messages sent to a target window.
The effect of the above technical scheme is as follows: by dividing the auditing units based on functions, the management efficiency and the message monitoring strength of auditing management can be effectively improved. Meanwhile, the capturing efficiency of the messages sent by all nodes of the intelligent education system can be effectively improved through the hook function, the capturing success rate of the messages sent by all nodes of the intelligent education system is effectively improved, and the number of missed message capturing is reduced. On the other hand, the monitoring processing efficiency and the dynamics of message information risk can be effectively improved, the Fengxiao monitoring dynamics of the whole intelligent education system is improved, and the data access security of the intelligent education system is improved to a great extent.
In one embodiment of the invention, the risk processing module comprises:
the intelligent education system comprises a storage division module, a data processing module and an auditing module, wherein the storage division module is used for setting a message storage unit in a storage area of the intelligent education system and dividing the storage area of the message storage unit, and the storage areas correspond to the auditing units one to one;
the information dividing module is used for copying the message contents sent to the target window in sequence according to the generation time of the message, generating corresponding message files according to the copied message contents, and sequentially storing the message files into each storage area in the message storage unit from early to late according to the generation time of the message;
the scanning identification module is used for scanning, analyzing and identifying the messages in the message files of each storage area, identifying whether the information or codes in the messages have risk information or codes stored in the database, and if the risk information or codes stored in the database do not exist, indicating that the messages are safe and allowing the messages to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message;
the marking module is used for marking the sending node which sends the information with risks, setting a monitoring time interval aiming at the sending node and independently monitoring the event information generated by the sending node;
and the monitoring module is used for monitoring each message information sent by the sending node in real time in a set monitoring time period, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, the intelligent education system gives an alarm to prompt operation and maintenance personnel to carry out risk processing.
The working principle of the technical scheme is as follows: firstly, setting a message storage unit in a storage area of the intelligent education system through a storage division module, and dividing the storage area of the message storage unit, wherein the storage areas correspond to the auditing units one by one; then, the message content sent to the target window is sequentially copied by using an information dividing module according to the generation time of the message, a corresponding message file is generated according to the copied message content, and the message file is sequentially stored in each storage area in a message storage unit from early to late according to the generation time of the message; then, a scanning identification module is adopted to scan, analyze and identify the messages in the message file of each storage area, identify whether the information or codes in the messages have risk information or codes stored in a database, if the risk information or codes stored in the database do not exist, the messages are safe, and the messages are allowed to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message; then, marking the sending node which sends the information with risks by using a marking module, setting a monitoring time period for the sending node, and individually monitoring the event information generated by the sending node; and finally, monitoring each message information sent by the sending node in real time in a set monitoring time period through a monitoring module, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
The effect of the above technical scheme is as follows: carry out the risk control through above-mentioned mode, can effectively improve the control treatment effeciency and the dynamics of message information risk, get into the phoenix's nephelin control dynamics that improves whole wisdom education system, improved wisdom education system's the big security of data access to a great extent.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A big data audit scenario analysis method applied to a smart education system is characterized by comprising the following steps:
dividing the intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number;
scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and obtaining the message sent to a target window;
and analyzing and processing the message sent to the target window to determine whether risks exist in the big data processing process.
2. The data audit scenario analysis method of claim 1, wherein the scanning for each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and performing message interception includes:
searching a Java layer in a system object in the intelligent education system meeting the specified requirements as a hook point;
putting the hook function into the business logic of the intelligent education system object to be processed and analyzed for execution;
event messages of business logic needing to be processed and analyzed in the intelligent education system in the execution process are monitored through a hook function, and messages sent to a target window are intercepted.
3. The data audit scenario analysis method of claim 2, wherein the hook point required by the specification meets the following condition: the system object is a static object.
4. The method for analyzing the data auditing scene according to claim 1, characterized in that the analyzing and processing the message sent to the target window to determine whether a risk exists in the big data processing process comprises:
setting a message storage unit in a storage area of the intelligent education system, and dividing the storage area of the message storage unit, wherein the storage areas correspond to the auditing units one by one;
copying the message contents sent to the target window in sequence according to the generation time of the message, generating corresponding message files according to the copied message contents, and sequentially storing the message files into each storage area in the message storage unit from early to late according to the generation time of the message;
scanning, analyzing and identifying the messages in the message file of each storage area, identifying whether the information or codes in the messages have risk information or codes stored in a database, and if the risk information or codes stored in the database do not exist, indicating the safety of the messages and allowing the messages to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message;
marking the sending node which sends the risky message, setting a monitoring time period for the sending node, and individually monitoring the event message generated by the sending node;
and in a set monitoring period, monitoring each message information sent by the sending node in real time, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
5. The data audit scenario analysis method of claim 4, wherein the monitoring time is set by:
judging whether a sending node sending a message with risk sends information with risk for the first time, if the sending node sends the information with risk for the first time in the current operation process of the intelligent education system, setting the length of a monitoring time interval through a monitoring time first setting model, wherein the monitoring time first setting model is as follows:
when n is 1, n-1 is 1, and
wherein, T1Representing a monitoring period length obtained by an over-monitoring time first setting model; n represents the number of times that the sending node sends the message on the day; delta TiRepresenting a time interval between the transmission node transmitting the message i +1 times and transmitting the information i times; Δ T represents the time interval between the current transmission of risky message information by the transmitting node and the previous transmission of the message; delta TminThe minimum value of the time interval for sending the message in the current day by the sending node is represented; delta TmaxThe maximum value of the time interval of sending the message in the current day is represented by the sending node; t is0Indicating the length of the preset initial monitoring period; delta1Representing the time adjustment coefficient, δ1The value range of (A) is 0.83-0.94;
if the party node does not send risky message information for the first time in the current operation process of the intelligent education system, setting the monitoring time period length through a monitoring time second setting model, wherein the monitoring time second setting model is as follows:
wherein, T2Representing a monitoring period length obtained by the excess monitoring time second setting model; delta2Representing the time adjustment coefficient, δ2The value range of (A) is 1.13-1.28; m represents the number of times of the sending node of the message information with risks in the current day, Delta TliRepresents the time interval between the i +1 th transmission of the risky message information and the i th transmission of the risky message information by the transmitting node.
6. The data auditing scenario analysis method of claim 4, where the risk index of the sending node is calculated by the following formula:
wherein, H represents the risk index, T represents the operation duration of the intelligent education system on the day, L1、L2And L3Respectively representing a preset first unit index value, a preset second unit index value and a preset third unit index value, L1、L2And L3Are all natural constants.
7. A big data audit scenario analysis system applied to a smart education system, the system comprising:
the unit division module is used for dividing the intelligent education platform into k audit units according to different implementation functions, wherein k is a natural number;
the hook embedding module is used for scanning each audit unit to acquire a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and acquiring the message sent to a target window;
and the risk processing module is used for analyzing and processing the message sent to the target window and determining whether a risk exists in the big data processing process.
8. The data audit scenario analysis system of claim 7, wherein the hook embedding module includes:
the searching module is used for searching the Java layer as a hook point in a system object in the intelligent education system meeting the specified requirements;
the execution module is used for putting the hook function into the business logic of the intelligent education system object to be processed and analyzed to be executed;
and the message acquisition module is used for monitoring event messages of the business logic needing processing and analysis in the intelligent education system in the execution process through a hook function and simultaneously intercepting messages sent to the target window.
9. The data audit scenario analysis system of claim 8, wherein the required hook point meets the following condition: the system object is a static object.
10. The data audit scenario analysis system of claim 7, wherein the risk processing module includes:
the intelligent education system comprises a storage division module, a data processing module and an auditing module, wherein the storage division module is used for setting a message storage unit in a storage area of the intelligent education system and dividing the storage area of the message storage unit, and the storage areas correspond to the auditing units one to one;
the information dividing module is used for copying the message contents sent to the target window in sequence according to the generation time of the message, generating corresponding message files according to the copied message contents, and sequentially storing the message files into each storage area in the message storage unit from early to late according to the generation time of the message;
the scanning identification module is used for scanning, analyzing and identifying the messages in the message files of each storage area, identifying whether the information or codes in the messages have risk information or codes stored in the database, and if the risk information or codes stored in the database do not exist, indicating that the messages are safe and allowing the messages to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message;
the marking module is used for marking the sending node which sends the information with risks, setting a monitoring time interval aiming at the sending node and independently monitoring the event information generated by the sending node;
and the monitoring module is used for monitoring each message information sent by the sending node in real time in a set monitoring time period, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, the intelligent education system gives an alarm to prompt operation and maintenance personnel to carry out risk processing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110240968.1A CN112948822A (en) | 2021-03-04 | 2021-03-04 | Big data audit scene analysis method and system applied to intelligent education system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110240968.1A CN112948822A (en) | 2021-03-04 | 2021-03-04 | Big data audit scene analysis method and system applied to intelligent education system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112948822A true CN112948822A (en) | 2021-06-11 |
Family
ID=76247665
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110240968.1A Pending CN112948822A (en) | 2021-03-04 | 2021-03-04 | Big data audit scene analysis method and system applied to intelligent education system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112948822A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114390012A (en) * | 2021-12-15 | 2022-04-22 | 中国电子科技集团公司第三十研究所 | West trust application data evidence obtaining method based on reverse analysis |
| CN117596223A (en) * | 2024-01-18 | 2024-02-23 | 北京亿赛通科技发展有限责任公司 | Method, device and system for managing and controlling outgoing messages of instant messaging software client |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130312097A1 (en) * | 2012-05-21 | 2013-11-21 | Fortinet, Inc. | Detecting malicious resources in a network based upon active client reputation monitoring |
| CN104091098A (en) * | 2014-07-15 | 2014-10-08 | 福建师范大学 | Document operation safety auditing system |
| CN106897609A (en) * | 2015-12-17 | 2017-06-27 | 北京奇虎科技有限公司 | The method and device that a kind of application program to dynamic load is monitored |
| WO2017113561A1 (en) * | 2015-12-30 | 2017-07-06 | 腾讯科技(深圳)有限公司 | Information interception processing method and terminal, and computer storage medium |
| KR101813840B1 (en) * | 2017-08-22 | 2017-12-29 | 국민건강보험공단 | System for performing audit task using risk evaluation analysis and method thereof |
| CN107992751A (en) * | 2017-12-21 | 2018-05-04 | 郑州云海信息技术有限公司 | A kind of real-time threat detection method based on branch's behavior model |
| CN109525593A (en) * | 2018-12-20 | 2019-03-26 | 中科曙光国际信息产业有限公司 | A kind of pair of hadoop big data platform concentrates security management and control system and method |
| US10503822B1 (en) * | 2012-03-02 | 2019-12-10 | Apparity, LLC | Application tracking, auditing and collaboration systems and methods |
| US20200104470A1 (en) * | 2016-06-10 | 2020-04-02 | OneTrust, LLC | Data processing systems and methods for efficiently assessing the risk of privacy campaigns |
| CN111107054A (en) * | 2019-11-21 | 2020-05-05 | 深信服科技股份有限公司 | Data auditing method, device, equipment and storage medium |
| CN111552700A (en) * | 2020-04-23 | 2020-08-18 | 国网河北省电力有限公司 | Intelligent audit platform for dynamically auditing project construction process of power system |
| CN112084091A (en) * | 2020-09-09 | 2020-12-15 | 北京升鑫网络科技有限公司 | System behavior auditing method, device, terminal and storage medium |
-
2021
- 2021-03-04 CN CN202110240968.1A patent/CN112948822A/en active Pending
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10503822B1 (en) * | 2012-03-02 | 2019-12-10 | Apparity, LLC | Application tracking, auditing and collaboration systems and methods |
| US20130312097A1 (en) * | 2012-05-21 | 2013-11-21 | Fortinet, Inc. | Detecting malicious resources in a network based upon active client reputation monitoring |
| CN104091098A (en) * | 2014-07-15 | 2014-10-08 | 福建师范大学 | Document operation safety auditing system |
| CN106897609A (en) * | 2015-12-17 | 2017-06-27 | 北京奇虎科技有限公司 | The method and device that a kind of application program to dynamic load is monitored |
| WO2017113561A1 (en) * | 2015-12-30 | 2017-07-06 | 腾讯科技(深圳)有限公司 | Information interception processing method and terminal, and computer storage medium |
| CN106936793A (en) * | 2015-12-30 | 2017-07-07 | 腾讯科技(深圳)有限公司 | A kind of information intercepting processing method and terminal |
| US20200104470A1 (en) * | 2016-06-10 | 2020-04-02 | OneTrust, LLC | Data processing systems and methods for efficiently assessing the risk of privacy campaigns |
| KR101813840B1 (en) * | 2017-08-22 | 2017-12-29 | 국민건강보험공단 | System for performing audit task using risk evaluation analysis and method thereof |
| CN107992751A (en) * | 2017-12-21 | 2018-05-04 | 郑州云海信息技术有限公司 | A kind of real-time threat detection method based on branch's behavior model |
| CN109525593A (en) * | 2018-12-20 | 2019-03-26 | 中科曙光国际信息产业有限公司 | A kind of pair of hadoop big data platform concentrates security management and control system and method |
| CN111107054A (en) * | 2019-11-21 | 2020-05-05 | 深信服科技股份有限公司 | Data auditing method, device, equipment and storage medium |
| CN111552700A (en) * | 2020-04-23 | 2020-08-18 | 国网河北省电力有限公司 | Intelligent audit platform for dynamically auditing project construction process of power system |
| CN112084091A (en) * | 2020-09-09 | 2020-12-15 | 北京升鑫网络科技有限公司 | System behavior auditing method, device, terminal and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 刘国城;杨丽丽;: "大数据下"互联网+智慧教育"安全审计模式研究", 东北师大学报(哲学社会科学版), no. 05 * |
| 苏祥;胡建伟;崔艳鹏;: "一种易部署的Android应用程序动态监测方案", 计算机科学, no. 02 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114390012A (en) * | 2021-12-15 | 2022-04-22 | 中国电子科技集团公司第三十研究所 | West trust application data evidence obtaining method based on reverse analysis |
| CN117596223A (en) * | 2024-01-18 | 2024-02-23 | 北京亿赛通科技发展有限责任公司 | Method, device and system for managing and controlling outgoing messages of instant messaging software client |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107566163B (en) | Alarm method and device for user behavior analysis association | |
| US8775333B1 (en) | Systems and methods for generating a threat classifier to determine a malicious process | |
| CN106778253A (en) | Threat context aware information security Initiative Defense model based on big data | |
| CN112948822A (en) | Big data audit scene analysis method and system applied to intelligent education system | |
| CN103618652A (en) | Audit and depth analysis system and audit and depth analysis method of business data | |
| CN103701783A (en) | Preprocessing unit, data processing system consisting of same, and processing method | |
| KR20210083936A (en) | System for collecting cyber threat information | |
| CN114500099A (en) | Big data attack processing method and server for cloud service | |
| CN107506408A (en) | To the method and system of magnanimity event distribution formula association matching | |
| CN112581129A (en) | Block chain transaction data management method and device, computer equipment and storage medium | |
| CN112799908B (en) | Intelligent terminal safety monitoring method, equipment and medium based on edge calculation | |
| KR20210108340A (en) | IT Infrastructure Fault Learning and Analysis System Using Linguistic Analysis Techniques | |
| CN116090015B (en) | Intelligent authority application management system and method based on big data | |
| CN104023205A (en) | Intelligent security monitoring system | |
| CN111221802A (en) | Digital asset risk management and control system and method based on big data | |
| CN110378120A (en) | Application programming interfaces attack detection method, device and readable storage medium storing program for executing | |
| CN113553588B (en) | Terminal software management method | |
| CN114329450A (en) | Data security processing method, device, equipment and storage medium | |
| CN112560083B (en) | Safety protection method and device and electronic equipment | |
| CN111209171B (en) | Closed loop handling method and device for security risk and storage medium | |
| CN109902831B (en) | Service decision processing method and device | |
| Peng et al. | Research on abnormal detection technology of real-time interaction process in new energy network | |
| Subach et al. | Rule-oriented Method of Cyber Incidents Detection by SIEM Based on Fuzzy Logical Inference. | |
| CN116049877B (en) | Method, system, equipment and storage medium for identifying and desensitizing private data | |
| CN113032089B (en) | Distributed simulation service construction method based on API gateway |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |