CN113315770A - Information protection method based on cloud computing, server and storage medium - Google Patents
Information protection method based on cloud computing, server and storage medium Download PDFInfo
- Publication number
- CN113315770A CN113315770A CN202110586135.0A CN202110586135A CN113315770A CN 113315770 A CN113315770 A CN 113315770A CN 202110586135 A CN202110586135 A CN 202110586135A CN 113315770 A CN113315770 A CN 113315770A
- Authority
- CN
- China
- Prior art keywords
- intrusion detection
- gateway
- log
- intrusion
- optimization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Alarm Systems (AREA)
Abstract
The utility model relates to a cloud computing and information security technical field, particularly, relate to information protection method, server and storage medium based on cloud computing, through exist in all intrusion detection gateways that intrusion detection scene corresponds optimize the intrusion detection gateway and exist not the prerequisite of optimizing the intrusion detection gateway under, the intrusion detection log that the intrusion detection gateway that optimizes the completion afferent migrates to transition log persistence space, can avoid because keep some intrusion detection logs before the intrusion detection gateway optimization of intrusion detection and some intrusion detection logs after the intrusion detection gateway optimization of intrusion detection in the intrusion detection log database and cause intrusion detection log record to deviate, and then improve the accuracy of intrusion behavior event number record of intrusion detection scene.
Description
Technical Field
The embodiment of the application relates to the technical field of cloud computing and information security, in particular to an information protection method based on cloud computing, a server and a storage medium.
Background
The continuous development of the cloud computing technology enables many businesses to be transferred from off-line to on-line, and the continuous maturity of the on-line businesses brings great convenience to daily production and life of people and brings some hidden dangers. The problem of security protection of network information has always been a major concern of people. In the information age, cases of information leakage and tampering are endless, and irreparable loss is caused to related enterprises or individuals, so that the realization of security protection of network information is the current key point.
In the related information security technology, different intrusion detection gateways can be generally equipped to perform intrusion behavior identification so as to realize subsequent information security, however, when the information security technology performs intrusion behavior event recording, recording errors often occur.
Disclosure of Invention
In view of this, embodiments of the present application provide an information protection method, a server, and a storage medium based on cloud computing.
The embodiment of the application provides an information protection method based on cloud computing, which is applied to an information protection server and comprises the following steps:
obtaining a first intrusion detection log transmitted by a first intrusion detection gateway; the first intrusion detection gateway is one of a plurality of groups of intrusion detection gateways corresponding to a target intrusion detection scene, and the plurality of groups of intrusion detection gateways corresponding to the target intrusion detection scene are used for recording the number of intrusion behavior events of the target intrusion detection scene;
on the premise that the first intrusion detection gateway is determined to be optimized and a second intrusion detection gateway currently exists, the first intrusion detection log is transferred to a transitional log storage space; the second intrusion detection gateway is an incomplete optimized intrusion detection gateway in all intrusion detection gateways corresponding to the target intrusion detection scene;
and determining a real intrusion detection log corresponding to the target intrusion detection scene according to the intrusion detection log migrated in the transitional log storage space and the intrusion detection log stored in an intrusion detection log database.
Preferably, the determining that the first intrusion detection gateway is optimized includes:
keep in intrusion detection log database the intrusion detection log of first intrusion detection gateway, just first intrusion detection gateway is not judged optimization failure and the update frequency that first intrusion detection log corresponds is less than the intrusion detection log database is kept under the prerequisite of the update frequency that first intrusion detection gateway's intrusion detection log corresponds, confirm first intrusion detection gateway optimization is accomplished.
Preferably, on the premise that it is determined that the first intrusion detection gateway is optimized, the method further includes:
on the premise that third intrusion detection gateways are optimized, correspondingly adjusting intrusion detection logs of the third intrusion detection gateways stored in an intrusion detection log database into intrusion detection logs of all the third intrusion detection gateways migrated in the transitional log storage space, adjusting intrusion detection logs of the first intrusion detection gateway stored in the intrusion detection log database into the first intrusion detection logs, and filtering migration intrusion detection logs of all the intrusion detection gateways corresponding to the target intrusion detection scene; and the third intrusion detection gateway is the other intrusion detection gateways except the first intrusion detection gateway in all the intrusion detection gateways corresponding to the target intrusion detection scene.
Preferably, the incomplete optimization indicates that the intrusion detection gateway is not optimized again in the current optimization step on the premise that the last optimization step is completed, or the optimization is completed for the first time in the current optimization step on the premise that the last optimization step fails;
on the premise that it is determined that the first intrusion detection gateway is optimized and a second intrusion detection gateway currently exists, the method further includes:
on the premise of determining that the second intrusion detection gateway is failed to optimize, judging the first intrusion detection gateway as incomplete optimization, adjusting an intrusion detection log of the first intrusion detection gateway stored in the intrusion detection log database into the first intrusion detection log, and filtering the intrusion detection log of the first intrusion detection gateway migrated in the transitional log storage space;
and on the premise that a fourth intrusion detection gateway exists, judging the fourth intrusion detection gateway as not optimized, correspondingly adjusting intrusion detection logs of the fourth intrusion detection gateway stored in the intrusion detection log database into intrusion detection logs of the fourth intrusion detection gateways migrated in the transitional log storage space, and filtering the intrusion detection logs of the fourth intrusion detection gateway migrated in the transitional log storage space;
the fourth intrusion detection gateway is the other intrusion detection gateways except the first intrusion detection gateway and the second intrusion detection gateway in all intrusion detection gateways corresponding to the target intrusion detection scene, and the optimization failure indicates that the intrusion detection gateways are not optimized due to failure;
and determining to perform the step of migrating the first intrusion detection log to a transitional log retention space on the premise that the second intrusion detection gateway is not determined to be failed in optimization.
Preferably, on the premise that it is determined that the first intrusion detection gateway is optimized and the second intrusion detection gateway currently exists, the method further includes:
on the premise of determining that the second intrusion detection gateway is failed to optimize, migrating the intrusion detection log of the second intrusion detection gateway stored in the intrusion detection log database to the transitional log storage space;
on the premise of obtaining a second intrusion detection log transmitted by the second intrusion detection gateway, determining whether the numbers of intrusion behavior events in the second intrusion detection log are all zero;
judging the second intrusion detection gateway as unfinished optimization on the premise that the number of intrusion behavior events in the second intrusion detection log is zero, filtering the intrusion detection log of the second intrusion detection gateway transferred in the transitional log storage space, and adjusting the intrusion detection log of the second intrusion detection gateway stored in the intrusion detection log database into the second intrusion detection log;
and determining a third intrusion detection log according to the second intrusion detection log and a comparison result between intrusion detection logs of the second intrusion detection gateway transferred in the transition log storage space on the premise that the number of intrusion behavior events in the second intrusion detection log is not zero, and saving the intrusion detection log database, wherein the intrusion detection log of the second intrusion detection gateway is adjusted to be the third intrusion detection log.
Preferably, on the premise that it is determined that the first intrusion detection gateway is optimized, the method further includes:
determining whether the optimized detection information of the first intrusion detection gateway meets set conditions;
determining that the second intrusion detection gateway fails to optimize on the premise that the optimization completion detection information of the first intrusion detection gateway meets the set conditions and the second intrusion detection gateway currently exists;
the optimizing completion detection information includes migration accumulated times, and determining whether the optimizing completion detection information of the first intrusion detection gateway meets a set condition includes:
determining whether the migration accumulated times corresponding to the first intrusion detection gateway are larger than a set time value, wherein the migration accumulated times are used for counting the times of transmitting intrusion detection logs into the first intrusion detection gateway on the premise of completing optimization;
determining that the optimized detection information of the first intrusion detection gateway meets set conditions on the premise that the migration accumulated times corresponding to the first intrusion detection gateway are larger than the set times value;
or the like, or, alternatively,
the optimizing completion detection information includes optimizing completion status duration, and determining whether the optimizing completion detection information of the first intrusion detection gateway meets a set condition includes:
determining whether the state duration of the optimized first intrusion detection gateway is greater than a set duration value;
and on the premise that the optimized state duration of the first intrusion detection gateway is longer than the set duration value, determining that the optimized detection information of the first intrusion detection gateway meets set conditions.
Preferably, on the premise that it is determined that the second intrusion detection gateway fails to optimize, the method further includes:
initializing the optimized detection information of a fifth intrusion detection gateway, wherein the fifth intrusion detection gateway is the other intrusion detection gateways except the second intrusion detection gateway in all intrusion detection gateways corresponding to the target intrusion detection scene;
on the premise of determining that the first intrusion detection gateway optimization is completed, the method further includes:
judging all intrusion detection gateways corresponding to the target intrusion detection scene as incomplete optimization on the premise that the optimization completion detection information of the first intrusion detection gateway does not meet set conditions and the second intrusion detection gateway does not exist, and initializing the optimization completion detection information of all intrusion detection gateways corresponding to the target intrusion detection scene;
initializing optimization completion detection information, wherein initializing optimization completion detection information comprises setting the migration accumulation times or the state duration to zero;
wherein, the optimization completion detection information includes the migration accumulated times, and the determination of whether the optimization completion detection information of the first intrusion detection gateway meets the set conditions further includes:
determining that the optimized detection information of the first intrusion detection gateway does not accord with a set condition on the premise that the migration accumulated times corresponding to the first intrusion detection gateway are not greater than the set times value;
or the like, or, alternatively,
the optimizing completion detection information includes an optimizing completion status duration, and determining whether the optimizing completion detection information of the first intrusion detection gateway meets a set condition further includes:
determining that the optimized detection information of the first intrusion detection gateway does not conform to the set condition on the premise that the optimized state duration of the first intrusion detection gateway is not greater than the set duration value;
wherein, on the premise that the optimization completion detection information includes the migration accumulated times, the method further includes:
and summarizing the migration accumulated times corresponding to the first intrusion detection gateway on the premise that the optimized detection information of the first intrusion detection gateway does not accord with the set condition and a second intrusion detection gateway currently exists.
Preferably, on the premise that optimized intrusion detection gateways and uncompleted optimized intrusion detection gateways exist in all intrusion detection gateways corresponding to the target intrusion detection scene, the intrusion detection logs migrated in the transition log storage space include intrusion detection logs transmitted by the optimized intrusion detection gateways on the premise that the optimization is completed this time, and the intrusion detection logs stored in the intrusion detection log database include intrusion detection logs transmitted by the optimized intrusion detection gateways before the optimization is completed this time and intrusion detection logs of the uncompleted optimized intrusion detection gateways;
and determining a real intrusion detection log corresponding to the target intrusion detection scene according to the intrusion detection log migrated in the transitional log storage space and the intrusion detection log stored in an intrusion detection log database, wherein the determining comprises the following steps:
determining the difference between the weighted results of the number of online intrusion behavior events in the optimized latest intrusion detection log of the intrusion detection gateway migrated in the transition log storage space and the online intrusion behavior events in the latest intrusion detection logs of the intrusion detection gateways stored in the intrusion detection log database, and the weighted results of the number of offline intrusion behavior events in the latest intrusion detection logs of the optimized intrusion detection gateway migrated in the transition log storage space and the latest intrusion detection logs of the intrusion detection gateways stored in the intrusion detection log database as the effective number of intrusion behavior events in the target intrusion detection scene;
the intrusion detection gateways which are not optimized and the intrusion detection gateways which are failed to be optimized exist in all the intrusion detection gateways corresponding to the target intrusion detection scene, but without the optimized intrusion detection gateway, the migrated intrusion detection log in the transitional log retention space includes the last incoming intrusion detection log of the optimization failed intrusion detection gateway before being determined as optimization failed, the intrusion detection log database stores intrusion detection logs transmitted by other intrusion detection gateways except the intrusion detection gateway with the optimization failure in all the intrusion detection gateways, and the intrusion detection gateway with the optimization failure determines the difference information between the intrusion detection log transmitted after the optimization failure and the intrusion detection log transmitted last time before the intrusion detection gateway is determined as the optimization failure and migrated in the transitional log storage space;
and determining a real intrusion detection log corresponding to the target intrusion detection scene according to the intrusion detection log migrated in the transitional log storage space and the intrusion detection log stored in an intrusion detection log database, wherein the determining comprises the following steps:
and determining the effective number of the intrusion behavior events in the target intrusion detection scene according to the difference between the weighted result of the number of the online intrusion behavior events in the latest intrusion detection log of each intrusion detection gateway stored in the intrusion detection log database and the weighted result of the number of the offline intrusion behavior events in the latest intrusion detection log of each intrusion detection gateway stored in the intrusion detection log database.
The embodiment of the application also provides an information protection server, which comprises a processor, a communication bus and a memory; the processor and the memory communicate via the communication bus, and the processor reads the computer program from the memory and runs the computer program to perform the method described above.
The embodiment of the application also provides a readable storage medium for a computer, wherein the readable storage medium stores a computer program, and the computer program realizes the method when running.
Compared with the prior art, the information protection method, the server and the storage medium based on cloud computing provided by the embodiment of the application have the following technical effects: obtaining a first intrusion detection log transmitted by a first intrusion detection gateway, migrating the first intrusion detection log to a transitional log storage space on the premise of determining that the first intrusion detection gateway is optimized and a second intrusion detection gateway currently exists, determining a real intrusion detection log corresponding to a target intrusion detection scene according to the migrated intrusion detection log in the transitional log storage space and the intrusion detection log stored in an intrusion detection log database, and migrating the intrusion detection log transmitted by the optimized intrusion detection gateway to the transitional log storage space on the premise of storing optimized intrusion detection gateways and unfinished optimized intrusion detection gateways in all intrusion detection gateways corresponding to the intrusion detection scene, so that the condition that partial intrusion detection logs before optimization of the intrusion detection gateways and partial intrusion detection days after optimization of the intrusion detection gateways are stored in the intrusion detection log database can be avoided The intrusion detection log records are deviated due to the log, and the accuracy of the intrusion behavior event number recording of the intrusion detection scene is improved.
In the description that follows, additional features will be set forth, in part, in the description. These features will be in part apparent to those skilled in the art upon examination of the following and the accompanying drawings, or may be learned by production or use. The features of the present application may be realized and attained by practice or use of various aspects of the methodologies, instrumentalities and combinations particularly pointed out in the detailed examples that follow.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic block diagram of an information protection server according to an embodiment of the present disclosure.
Fig. 2 is a flowchart of an information protection method based on cloud computing according to an embodiment of the present disclosure.
Fig. 3 is a block diagram of an information protection apparatus based on cloud computing according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
Fig. 1 shows a block diagram of an information security server 10 according to an embodiment of the present application. The information protection server 10 in the embodiment of the present application may be a server with data storage, transmission, and processing functions, as shown in fig. 1, the information protection server 10 includes: memory 11, processor 12, communication bus 13, and cloud-computing-based information guard 20.
The memory 11, processor 12 and communication bus 13 are electrically connected, directly or indirectly, to enable the transfer or interaction of data. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The memory 11 stores a cloud-computing-based information protection device 20, the cloud-computing-based information protection device 20 includes at least one software functional module that can be stored in the memory 11 in a form of software or firmware (firmware), and the processor 12 executes various functional applications and data processing by running software programs and modules stored in the memory 11, such as the cloud-computing-based information protection device 20 in the embodiment of the present application, so as to implement the cloud-computing-based information protection method in the embodiment of the present application.
The Memory 11 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 11 is used for storing a program, and the processor 12 executes the program after receiving an execution instruction.
The processor 12 may be an integrated circuit chip having data processing capabilities. The Processor 12 may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), and the like. The various methods, steps and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The communication bus 13 is used for establishing communication connection between the information protection server 10 and other communication terminal devices through a network, and implementing transceiving operation of network signals and data. The network signal may include a wireless signal or a wired signal.
It will be appreciated that the configuration shown in FIG. 1 is merely illustrative and that information protection server 10 may include more or fewer components than shown in FIG. 1 or may have a different configuration than shown in FIG. 1. The components shown in fig. 1 may be implemented in hardware, software, or a combination thereof.
The embodiment of the application also provides a readable storage medium for a computer, wherein the readable storage medium stores a computer program, and the computer program realizes the method when running.
Fig. 2 shows a flowchart of information protection based on cloud computing according to an embodiment of the present application. The method steps defined by the flow related to the method, applied to the information security server 10, may be implemented by the processor 12, and include the following S21-S23.
S21, the information protection server 10 obtains a first intrusion detection log transmitted by the first intrusion detection gateway.
In this application embodiment, first intrusion detection gateway is one of them a set of intrusion detection gateway in the multiunit intrusion detection gateway that the target intrusion detection scene corresponds, the multiunit intrusion detection gateway that the target intrusion detection scene corresponds is used for carrying out intrusion behavior event number record to the target intrusion detection scene.
For example, the first intrusion detection gateway may upload a first intrusion detection log to the information security server 10, where the intrusion detection log may record intrusion behavior events, and the classification of the intrusion behavior events may be implemented according to various classification criteria, such as an online intrusion behavior event and an offline intrusion behavior event, a local intrusion behavior event and a remote intrusion behavior event, or a data theft event and a data tampering event.
Further, the target intrusion detection scenario may be a different service scenario, and accordingly, the intrusion detection gateway and the information security server may be applied to an online payment service scenario, an online office service scenario, or a remote education service scenario.
S22, the information protection server 10 transfers the first intrusion detection log to the transient log storage space on the premise of determining that the first intrusion detection gateway is optimized and the second intrusion detection gateway currently exists.
In this embodiment of the present application, the second intrusion detection gateway is an intrusion detection gateway that has not been optimized among all intrusion detection gateways corresponding to the target intrusion detection scenario.
For example, gateway optimization may be understood as a configuration reset or upgrade of an intrusion detection gateway, which can improve the protection performance of the intrusion detection gateway. Further, the transitional log persistent space may be used to cache the first intrusion detection log, and the transitional log persistent space may be a storage space corresponding to the standby server or may be other types of storage spaces, which is not limited herein.
In some possible embodiments, the determining that the first intrusion detection gateway is optimized as described in S22 may be implemented by: keep in intrusion detection log database the intrusion detection log of first intrusion detection gateway, just first intrusion detection gateway is not judged optimization failure and the update frequency that first intrusion detection log corresponds is less than the intrusion detection log database is kept under the prerequisite of the update frequency that first intrusion detection gateway's intrusion detection log corresponds, confirm first intrusion detection gateway optimization is accomplished.
For example, the intrusion detection log database may be a relational database corresponding to the information protection server 10, such as a MySQL database or Hive database.
It can be understood that whether the first intrusion detection gateway is optimized or not can be accurately and reliably judged by considering the updating frequency corresponding to the first intrusion detection log and the intrusion detection log of the first intrusion detection gateway in the intrusion detection log database.
In some optional embodiments, on the premise that it is determined that the first intrusion detection gateway is optimized as described in S22, the method may further include the following contents described in steps (1) and (2).
(1) On the premise that the third intrusion detection gateways are optimized, the intrusion detection logs of the third intrusion detection gateways stored in the intrusion detection log database are correspondingly adjusted to be the intrusion detection logs of the third intrusion detection gateways migrated in the transitional log storage space.
(2) And adjusting the intrusion detection log of the first intrusion detection gateway stored in the intrusion detection log database into the first intrusion detection log, and filtering migration intrusion detection logs of all intrusion detection gateways corresponding to the target intrusion detection scene.
In this embodiment of the present application, the third intrusion detection gateway is another intrusion detection gateway except the first intrusion detection gateway in all intrusion detection gateways corresponding to the target intrusion detection scene. By the design, the migration intrusion detection logs can be effectively filtered and adjusted, so that confusion and repetition between the migration intrusion detection logs and other intrusion detection logs are avoided.
In some possible embodiments, on the premise that it is determined that the first intrusion detection gateway is optimized and a second intrusion detection gateway currently exists, as described in the above S22, the method may further include the following technical solutions described in S31-S34.
And S31, on the premise that the second intrusion detection gateway is determined to be failed to optimize, migrating the intrusion detection log of the second intrusion detection gateway stored in the intrusion detection log database to the transitional log storage space.
S32, on the premise of obtaining a second intrusion detection log transmitted by the second intrusion detection gateway, determining whether the numbers of intrusion behavior events in the second intrusion detection log are all zero;
s33, under the prerequisite that the intrusion behavior event number in the second intrusion detection log all is zero, will the second intrusion detection gateway judges that the optimization is unfinished, filters the transition log persists and migrates in the space the intrusion detection log of second intrusion detection gateway, and will intrusion detection log database is preserved the intrusion detection log adjustment of second intrusion detection gateway is the second intrusion detection log.
S34, under the prerequisite that the number of intrusion behavior events in the second intrusion detection log exists nonzero, according to the second intrusion detection log with the transition log migration in the space is stayed to the comparison result between the intrusion detection logs of the second intrusion detection gateway, confirm the third intrusion detection log, and will intrusion detection log database is preserved the intrusion detection log of the second intrusion detection gateway adjusts to the third intrusion detection log.
It can be understood that through the above S31-S34, the adjustment of the intrusion detection log can be realized according to the statistical number of the intrusion behavior events in different intrusion detection logs and the intrusion detection log stored in the intrusion detection log database, thereby realizing the accurate tracking of the statistical number of the intrusion behavior events and avoiding the occurrence of deviation in the statistical process of the number of the intrusion behavior events.
And S23, the information protection server 10 determines the real intrusion detection log corresponding to the target intrusion detection scene according to the intrusion detection log migrated in the transitional log storage space and the intrusion detection log stored in the intrusion detection log database.
For example, the real intrusion detection log can be understood as an actual intrusion detection log, in other words, the real intrusion detection log can accurately record the number of intrusion behavior events corresponding to a target intrusion detection scene, so that statistics omission of the intrusion behavior events is avoided, authenticity and reliability of the intrusion detection log can be ensured, and accurate and reliable bases are provided for subsequent information security analysis.
In some examples, there is the intrusion detection gateway that optimizes the completion in all intrusion detection gateways that the target intrusion detection scene corresponds to and under the prerequisite of the incomplete intrusion detection gateway that optimizes, the intrusion detection log that migrates in the transition log persistence space includes the intrusion detection log that the intrusion detection gateway that optimizes the completion arrived under this prerequisite that optimizes the completion, the intrusion detection log that keeps in the intrusion detection log database includes the intrusion detection log that the intrusion detection gateway that optimizes the completion arrived before this optimization is accomplished, and, the intrusion detection log of the incomplete intrusion detection gateway that optimizes.
Based on the above example, the determining of the real intrusion detection log corresponding to the target intrusion detection scenario according to the intrusion detection log migrated in the transient log retention space and the intrusion detection log stored in the intrusion detection log database, which is described in S23, may be implemented by the following technical solutions described in S231 and S232.
S231, will migrate in the transition log survival space optimize the nearest intrusion detection log of completion and in the nearest intrusion detection log of each intrusion detection gateway that preserves in the intrusion detection log database on-line intrusion behavior event number 'S weighting result, with migrate in the transition log survival space optimize the nearest intrusion detection log of completion and in the nearest intrusion detection log of each intrusion detection gateway that preserves in the intrusion detection log database off-line intrusion behavior event number' S weighting result between the difference condition, confirm to be effective intrusion behavior event number in the target intrusion detection scene.
For example, the latest intrusion detection log may be understood as the latest intrusion detection log, the weighted result may be understood as the sum of the numbers of intrusion behavior events, and the difference between the weighted results may be understood as the difference between different weighted results.
Further, a valid intrusion behavior event may be understood as a behavior event detected by the information protection server 10 with an actual intrusion attack intention.
S232, the intrusion detection gateways which are not optimized and the intrusion detection gateways which are failed to be optimized exist in all the intrusion detection gateways corresponding to the target intrusion detection scene, but without the optimized intrusion detection gateway, the migrated intrusion detection log in the transitional log retention space includes the last incoming intrusion detection log of the optimization failed intrusion detection gateway before being determined as optimization failed, the intrusion detection log database stores intrusion detection logs transmitted by other intrusion detection gateways except the intrusion detection gateway with the optimization failure in all the intrusion detection gateways, and the intrusion detection gateway with the optimization failure transmits the intrusion detection log after determining the optimization failure and the intrusion detection log which is transmitted last time before being determined as the optimization failure and is migrated in the transitional log storage space by the intrusion detection gateway.
By the design, intrusion detection logs of the intrusion detection gateways in different optimization states and corresponding intrusion behavior events can be taken into consideration, so that the phenomenon that intrusion detection log records are deviated due to the fact that a part of intrusion detection logs before the intrusion detection gateways are optimized and saved and a part of intrusion detection logs after the intrusion detection gateways are optimized and saved in an intrusion detection log database is avoided, and the accuracy of the number of the intrusion behavior events of an intrusion detection scene is improved.
In some possible embodiments, the determining the real intrusion detection log corresponding to the target intrusion detection scenario according to the intrusion detection log migrated in the transient log persistent space and the intrusion detection log stored in the intrusion detection log database described in S23 may be further implemented by: and determining the effective number of the intrusion behavior events in the target intrusion detection scene according to the difference between the weighted result of the number of the online intrusion behavior events in the latest intrusion detection log of each intrusion detection gateway stored in the intrusion detection log database and the weighted result of the number of the offline intrusion behavior events in the latest intrusion detection log of each intrusion detection gateway stored in the intrusion detection log database.
In some examples, the incomplete optimization indicates that the intrusion detection gateway does not optimize the current optimization step again on the premise that the last optimization step is completed, or completes the first optimization in the current optimization step on the premise that the last optimization step fails. Based on this, on the premise that it is determined that the first intrusion detection gateway is optimized and the second intrusion detection gateway currently exists, as described in S22, the method further includes one of the following two embodiments.
In a first embodiment, on the premise that it is determined that the second intrusion detection gateway fails to optimize, the first intrusion detection gateway is determined as not optimized, the intrusion detection log of the first intrusion detection gateway stored in the intrusion detection log database is adjusted to the first intrusion detection log, and the intrusion detection log of the first intrusion detection gateway migrated in the transition log retention space is filtered; under the prerequisite that has the fourth intrusion detection gateway, will the fourth intrusion detection gateway judges to unfinish the optimization, will save in the intrusion detection log database the intrusion detection log of fourth intrusion detection gateway corresponds the adjustment and does the intrusion detection log of each fourth intrusion detection gateway that migrates in the transition log persistence space, and filter the migration in the transition log persistence space the intrusion detection log of fourth intrusion detection gateway.
In a first implementation manner, the fourth intrusion detection gateway is another intrusion detection gateway except the first intrusion detection gateway and the second intrusion detection gateway in all intrusion detection gateways corresponding to the target intrusion detection scene, and the optimization failure indicates that the intrusion detection gateway is not optimized due to failure.
In a second embodiment, the step of migrating the first intrusion detection log to a transient log retention space is performed in a deterministic manner on the premise that the second intrusion detection gateway optimization is not determined to fail.
It can be understood that the optimized state of the second intrusion detection gateway is judged to execute different steps, so that the adaptation of the processing of the intrusion detection log to the actual situation can be ensured, and the confusion during the processing of the intrusion detection log is avoided.
In some possible embodiments, on the premise that it is determined that the first intrusion detection gateway is optimized, as described in S22, the method may further include the following technical solutions described in S41 and S42.
And S41, determining whether the optimized detection information of the first intrusion detection gateway meets the set conditions.
And S42, determining that the second intrusion detection gateway fails to optimize on the premise that the optimization completion detection information of the first intrusion detection gateway meets the set conditions and the second intrusion detection gateway currently exists.
In some embodiments, the optimization completion detection information includes a migration accumulated number, and based on this, the determining whether the optimization completion detection information of the first intrusion detection gateway meets the set condition as described in the above S41 may include the following technical solutions described in S411a and S412 a.
S411a, determining whether the migration cumulative number corresponding to the first intrusion detection gateway is greater than a set number, wherein the migration cumulative number is used for counting the number of times that the first intrusion detection gateway transmits the intrusion detection log on the premise of completing optimization.
S412a, determining that the optimized detection information of the first intrusion detection gateway meets a set condition on the premise that the accumulated number of migration times corresponding to the first intrusion detection gateway is greater than the set number value.
In some other embodiments, the optimization completion detection information includes a status duration of the optimization completion, and based on this, the determination of whether the optimization completion detection information of the first intrusion detection gateway meets the set condition as described in the above S41 may include the following technical solutions described in S411b and S412 b.
S411b, determining whether the optimized state duration of the first intrusion detection gateway is greater than a set duration value.
S412b, determining that the optimized detection information of the first intrusion detection gateway meets a set condition on the premise that the optimized state duration of the first intrusion detection gateway is greater than the set duration value.
By the design, whether the optimized detection information meets the set conditions or not can be judged from different angles according to different optimized detection information, so that the technical scheme can be implemented in as many scenes as possible.
On the basis of the foregoing, on the premise that it is determined that the second intrusion detection gateway fails to optimize, the method described in S22 may further include the following technical solutions: and initializing the optimized detection information of a fifth intrusion detection gateway, wherein the fifth intrusion detection gateway is the other intrusion detection gateways except the second intrusion detection gateway in all intrusion detection gateways corresponding to the target intrusion detection scene. Based on this, on the premise that it is determined that the first intrusion detection gateway is optimized, as described in S22, the method may further include the following technical solutions: and judging that all intrusion detection gateways corresponding to the target intrusion detection scene are not optimized completely on the premise that the optimized detection information of the first intrusion detection gateway does not accord with the set condition and does not exist in the second intrusion detection gateway, and initializing the optimized detection information of all intrusion detection gateways corresponding to the target intrusion detection scene.
In the embodiment of the present application, initializing the optimization completion detection information includes setting the cumulative number of transitions or the state duration to zero.
In some examples, the optimization completion detection information includes a migration accumulated number, and based on this, the determining whether the optimization completion detection information of the first intrusion detection gateway meets a set condition may further include: and determining that the optimized detection information of the first intrusion detection gateway does not accord with the set condition on the premise that the migration accumulated times corresponding to the first intrusion detection gateway is not greater than the set times value.
In some other examples, the optimization completion detection information includes a duration of a state of optimization completion, based on which the determination of whether the optimization completion detection information of the first intrusion detection gateway meets a set condition may further include the following: and on the premise that the state duration of the optimized completion of the first intrusion detection gateway is not greater than the set duration value, determining that the optimized completion detection information of the first intrusion detection gateway does not conform to the set condition.
In some optional embodiments, on the premise that the optimization completion detection information includes the migration accumulated number, the method may further include the following technical scheme: and summarizing the migration accumulated times corresponding to the first intrusion detection gateway on the premise that the optimized detection information of the first intrusion detection gateway does not accord with the set condition and a second intrusion detection gateway currently exists.
In summary, by applying the above technical solution, a first intrusion detection log transmitted by a first intrusion detection gateway is obtained, the first intrusion detection log is migrated to a transition log storage space on the premise that it is determined that the first intrusion detection gateway is optimized and a second intrusion detection gateway currently exists, a real intrusion detection log corresponding to a target intrusion detection scene is determined according to the intrusion detection log migrated in the transition log storage space and the intrusion detection log stored in the intrusion detection log database, and the intrusion detection log transmitted by the optimized intrusion detection gateway is migrated to the transition log storage space on the premise that optimized intrusion detection gateways exist in all intrusion detection gateways corresponding to the intrusion detection scene and unfinished optimized intrusion detection gateways exist in all intrusion detection gateways corresponding to the intrusion detection scene, so that it is possible to avoid that the intrusion detection log before the optimization of a part of intrusion detection gateways and a part of intrusion detection gateways are stored in the intrusion detection log database are not optimized And detecting the intrusion detection log after the gateway is optimized to cause deviation of the intrusion detection log record, thereby improving the accuracy of the intrusion behavior event number record of the target intrusion detection scene.
In addition, the number of the intrusion behavior events of the target intrusion detection scene is accurately recorded, so that the abnormal analysis of the intrusion behavior caused by the missing record can be avoided, and the information protection server can be ensured to analyze the intrusion behavior according to the real intrusion detection log to make a corresponding information protection action as far as possible.
In some optional embodiments, the method may further comprise the following technical solutions:
carrying out intrusion behavior analysis according to the real intrusion detection log to obtain intrusion behavior intention information; and triggering an information protection strategy based on the intrusion behavior intention information.
For example, the intrusion behavior analysis may be implemented based on a neural network model, the intrusion behavior intention information includes data illegal access, data tampering and the like, and the information protection policy includes, but is not limited to, a firewall and other interception mechanisms.
Therefore, the safety of the related data information can be effectively ensured.
Based on the same inventive concept, there is also provided an information protection device 20 based on cloud computing, which is applied to an information protection server 10, and the device includes:
a log obtaining module 21, configured to obtain a first intrusion detection log sent by a first intrusion detection gateway; the first intrusion detection gateway is one of a plurality of groups of intrusion detection gateways corresponding to a target intrusion detection scene, and the plurality of groups of intrusion detection gateways corresponding to the target intrusion detection scene are used for recording the number of intrusion behavior events of the target intrusion detection scene;
a log migration module 22, configured to migrate the first intrusion detection log to a transition log storage space on the premise that it is determined that the first intrusion detection gateway is optimized and a second intrusion detection gateway currently exists; the second intrusion detection gateway is an incomplete optimized intrusion detection gateway in all intrusion detection gateways corresponding to the target intrusion detection scene;
and the log determining module 23 is configured to determine a real intrusion detection log corresponding to the target intrusion detection scene according to the intrusion detection log migrated in the transitional intrusion detection persistent space and the intrusion detection log stored in the intrusion detection log database.
For the description of the above functional modules, refer to the description of the method shown in fig. 2.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, an information protection server 10, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. An information protection method based on cloud computing is applied to an information protection server, and the method comprises the following steps:
obtaining a first intrusion detection log transmitted by a first intrusion detection gateway; the first intrusion detection gateway is one of a plurality of groups of intrusion detection gateways corresponding to a target intrusion detection scene, and the plurality of groups of intrusion detection gateways corresponding to the target intrusion detection scene are used for recording the number of intrusion behavior events of the target intrusion detection scene;
on the premise that the first intrusion detection gateway is determined to be optimized and a second intrusion detection gateway currently exists, the first intrusion detection log is transferred to a transitional log storage space; the second intrusion detection gateway is an incomplete optimized intrusion detection gateway in all intrusion detection gateways corresponding to the target intrusion detection scene;
and determining a real intrusion detection log corresponding to the target intrusion detection scene according to the intrusion detection log migrated in the transitional log storage space and the intrusion detection log stored in an intrusion detection log database.
2. The method of claim 1, wherein determining that the first intrusion detection gateway optimization is complete comprises:
keep in intrusion detection log database the intrusion detection log of first intrusion detection gateway, just first intrusion detection gateway is not judged optimization failure and the update frequency that first intrusion detection log corresponds is less than the intrusion detection log database is kept under the prerequisite of the update frequency that first intrusion detection gateway's intrusion detection log corresponds, confirm first intrusion detection gateway optimization is accomplished.
3. The method of claim 1, wherein upon determining that the first intrusion detection gateway optimization is complete, the method further comprises:
on the premise that third intrusion detection gateways are optimized, correspondingly adjusting intrusion detection logs of the third intrusion detection gateways stored in an intrusion detection log database into intrusion detection logs of all the third intrusion detection gateways migrated in the transitional log storage space, adjusting intrusion detection logs of the first intrusion detection gateway stored in the intrusion detection log database into the first intrusion detection logs, and filtering migration intrusion detection logs of all the intrusion detection gateways corresponding to the target intrusion detection scene; and the third intrusion detection gateway is the other intrusion detection gateways except the first intrusion detection gateway in all the intrusion detection gateways corresponding to the target intrusion detection scene.
4. The method of claim 1, wherein incomplete optimization indicates that the intrusion detection gateway has not been optimized again in the current optimization step on the premise that the last optimization step was completed, or has been optimized for the first time in the current optimization step on the premise that the last optimization step failed;
on the premise that it is determined that the first intrusion detection gateway is optimized and a second intrusion detection gateway currently exists, the method further includes:
on the premise of determining that the second intrusion detection gateway is failed to optimize, judging the first intrusion detection gateway as incomplete optimization, adjusting an intrusion detection log of the first intrusion detection gateway stored in the intrusion detection log database into the first intrusion detection log, and filtering the intrusion detection log of the first intrusion detection gateway migrated in the transitional log storage space;
and on the premise that a fourth intrusion detection gateway exists, judging the fourth intrusion detection gateway as not optimized, correspondingly adjusting intrusion detection logs of the fourth intrusion detection gateway stored in the intrusion detection log database into intrusion detection logs of the fourth intrusion detection gateways migrated in the transitional log storage space, and filtering the intrusion detection logs of the fourth intrusion detection gateway migrated in the transitional log storage space;
the fourth intrusion detection gateway is the other intrusion detection gateways except the first intrusion detection gateway and the second intrusion detection gateway in all intrusion detection gateways corresponding to the target intrusion detection scene, and the optimization failure indicates that the intrusion detection gateways are not optimized due to failure;
and determining to perform the step of migrating the first intrusion detection log to a transitional log retention space on the premise that the second intrusion detection gateway is not determined to be failed in optimization.
5. The method of claim 1, wherein upon determining that the first intrusion detection gateway is optimized and that a second intrusion detection gateway is currently present, the method further comprises:
on the premise of determining that the second intrusion detection gateway is failed to optimize, migrating the intrusion detection log of the second intrusion detection gateway stored in the intrusion detection log database to the transitional log storage space;
on the premise of obtaining a second intrusion detection log transmitted by the second intrusion detection gateway, determining whether the numbers of intrusion behavior events in the second intrusion detection log are all zero;
judging the second intrusion detection gateway as unfinished optimization on the premise that the number of intrusion behavior events in the second intrusion detection log is zero, filtering the intrusion detection log of the second intrusion detection gateway transferred in the transitional log storage space, and adjusting the intrusion detection log of the second intrusion detection gateway stored in the intrusion detection log database into the second intrusion detection log;
and determining a third intrusion detection log according to the second intrusion detection log and a comparison result between intrusion detection logs of the second intrusion detection gateway transferred in the transition log storage space on the premise that the number of intrusion behavior events in the second intrusion detection log is not zero, and saving the intrusion detection log database, wherein the intrusion detection log of the second intrusion detection gateway is adjusted to be the third intrusion detection log.
6. The method of claim 1, wherein upon determining that the first intrusion detection gateway optimization is complete, the method further comprises:
determining whether the optimized detection information of the first intrusion detection gateway meets set conditions;
determining that the second intrusion detection gateway fails to optimize on the premise that the optimization completion detection information of the first intrusion detection gateway meets the set conditions and the second intrusion detection gateway currently exists;
the optimizing completion detection information includes migration accumulated times, and determining whether the optimizing completion detection information of the first intrusion detection gateway meets a set condition includes:
determining whether the migration accumulated times corresponding to the first intrusion detection gateway are larger than a set time value, wherein the migration accumulated times are used for counting the times of transmitting intrusion detection logs into the first intrusion detection gateway on the premise of completing optimization;
determining that the optimized detection information of the first intrusion detection gateway meets set conditions on the premise that the migration accumulated times corresponding to the first intrusion detection gateway are larger than the set times value;
or the like, or, alternatively,
the optimizing completion detection information includes optimizing completion status duration, and determining whether the optimizing completion detection information of the first intrusion detection gateway meets a set condition includes:
determining whether the state duration of the optimized first intrusion detection gateway is greater than a set duration value;
and on the premise that the optimized state duration of the first intrusion detection gateway is longer than the set duration value, determining that the optimized detection information of the first intrusion detection gateway meets set conditions.
7. The method of claim 6, wherein upon determining that the second intrusion detection gateway optimization failed, the method further comprises:
initializing the optimized detection information of a fifth intrusion detection gateway, wherein the fifth intrusion detection gateway is the other intrusion detection gateways except the second intrusion detection gateway in all intrusion detection gateways corresponding to the target intrusion detection scene;
on the premise of determining that the first intrusion detection gateway optimization is completed, the method further includes:
judging all intrusion detection gateways corresponding to the target intrusion detection scene as incomplete optimization on the premise that the optimization completion detection information of the first intrusion detection gateway does not meet set conditions and the second intrusion detection gateway does not exist, and initializing the optimization completion detection information of all intrusion detection gateways corresponding to the target intrusion detection scene;
initializing optimization completion detection information, wherein initializing optimization completion detection information comprises setting the migration accumulation times or the state duration to zero;
wherein, the optimization completion detection information includes the migration accumulated times, and the determination of whether the optimization completion detection information of the first intrusion detection gateway meets the set conditions further includes:
determining that the optimized detection information of the first intrusion detection gateway does not accord with a set condition on the premise that the migration accumulated times corresponding to the first intrusion detection gateway are not greater than the set times value;
or the like, or, alternatively,
the optimizing completion detection information includes an optimizing completion status duration, and determining whether the optimizing completion detection information of the first intrusion detection gateway meets a set condition further includes:
determining that the optimized detection information of the first intrusion detection gateway does not conform to the set condition on the premise that the optimized state duration of the first intrusion detection gateway is not greater than the set duration value;
wherein, on the premise that the optimization completion detection information includes the migration accumulated times, the method further includes:
and summarizing the migration accumulated times corresponding to the first intrusion detection gateway on the premise that the optimized detection information of the first intrusion detection gateway does not accord with the set condition and a second intrusion detection gateway currently exists.
8. The method according to any one of claims 1 to 7, wherein on the premise that optimized intrusion detection gateways exist in all intrusion detection gateways corresponding to the target intrusion detection scenario and that the optimized intrusion detection gateways are not completed, the migration intrusion detection logs in the transition log storage space include intrusion detection logs that are transmitted by the optimized intrusion detection gateways on the premise that the optimization is completed this time, and the intrusion detection logs stored in the intrusion detection log database include intrusion detection logs that are transmitted by the optimized intrusion detection gateways before the optimization is completed this time and intrusion detection logs of the optimized intrusion detection gateways;
and determining a real intrusion detection log corresponding to the target intrusion detection scene according to the intrusion detection log migrated in the transitional log storage space and the intrusion detection log stored in an intrusion detection log database, wherein the determining comprises the following steps:
determining the difference between the weighted results of the number of online intrusion behavior events in the optimized latest intrusion detection log of the intrusion detection gateway migrated in the transition log storage space and the online intrusion behavior events in the latest intrusion detection logs of the intrusion detection gateways stored in the intrusion detection log database, and the weighted results of the number of offline intrusion behavior events in the latest intrusion detection logs of the optimized intrusion detection gateway migrated in the transition log storage space and the latest intrusion detection logs of the intrusion detection gateways stored in the intrusion detection log database as the effective number of intrusion behavior events in the target intrusion detection scene;
the intrusion detection gateways which are not optimized and the intrusion detection gateways which are failed to be optimized exist in all the intrusion detection gateways corresponding to the target intrusion detection scene, but without the optimized intrusion detection gateway, the migrated intrusion detection log in the transitional log retention space includes the last incoming intrusion detection log of the optimization failed intrusion detection gateway before being determined as optimization failed, the intrusion detection log database stores intrusion detection logs transmitted by other intrusion detection gateways except the intrusion detection gateway with the optimization failure in all the intrusion detection gateways, and the intrusion detection gateway with the optimization failure determines the difference information between the intrusion detection log transmitted after the optimization failure and the intrusion detection log transmitted last time before the intrusion detection gateway is determined as the optimization failure and migrated in the transitional log storage space;
and determining a real intrusion detection log corresponding to the target intrusion detection scene according to the intrusion detection log migrated in the transitional log storage space and the intrusion detection log stored in an intrusion detection log database, wherein the determining comprises the following steps:
and determining the effective number of the intrusion behavior events in the target intrusion detection scene according to the difference between the weighted result of the number of the online intrusion behavior events in the latest intrusion detection log of each intrusion detection gateway stored in the intrusion detection log database and the weighted result of the number of the offline intrusion behavior events in the latest intrusion detection log of each intrusion detection gateway stored in the intrusion detection log database.
9. An information protection server, comprising a processor, a communication bus and a memory; the processor and the memory communicate via the communication bus, the processor reading a computer program from the memory and operating to perform the method of any of claims 1-8.
10. A computer-readable storage medium, characterized in that the readable storage medium stores a computer program which, when executed, implements the method of any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110586135.0A CN113315770A (en) | 2021-05-27 | 2021-05-27 | Information protection method based on cloud computing, server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110586135.0A CN113315770A (en) | 2021-05-27 | 2021-05-27 | Information protection method based on cloud computing, server and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113315770A true CN113315770A (en) | 2021-08-27 |
Family
ID=77375674
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110586135.0A Withdrawn CN113315770A (en) | 2021-05-27 | 2021-05-27 | Information protection method based on cloud computing, server and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113315770A (en) |
-
2021
- 2021-05-27 CN CN202110586135.0A patent/CN113315770A/en not_active Withdrawn
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109818942B (en) | User account abnormity detection method and device based on time sequence characteristics | |
| CN109299135B (en) | Abnormal query recognition method, recognition equipment and medium based on recognition model | |
| US20190378073A1 (en) | Business-Aware Intelligent Incident and Change Management | |
| AU2017274576B2 (en) | Classification of log data | |
| US11449798B2 (en) | Automated problem detection for machine learning models | |
| CN114138872A (en) | Big data intrusion analysis method and storage medium applied to digital finance | |
| CN111526063A (en) | Link breakpoint monitoring method, device, terminal and storage medium based on whole service | |
| CN111163073A (en) | Flow data processing method and device | |
| CN111476375B (en) | Method and device for determining identification model, electronic equipment and storage medium | |
| CN112819611A (en) | Fraud identification method, device, electronic equipment and computer-readable storage medium | |
| CN114650187B (en) | Abnormal access detection method and device, electronic equipment and storage medium | |
| CN110191097B (en) | Method, system, equipment and storage medium for detecting security of login page | |
| CN114357445A (en) | Method, device and storage medium for identifying terminal side attack path | |
| CN113315770A (en) | Information protection method based on cloud computing, server and storage medium | |
| CN117150508A (en) | Cloud platform-based risk assessment method and system for terminal of Internet of things | |
| CN111614614A (en) | Safety monitoring method and device applied to Internet of things | |
| CN116797226A (en) | Information security assessment method for coffee spot transaction based on big data | |
| CN113191744A (en) | Method for detecting operation behaviors of cloud computing office business and storage medium | |
| CN113343577B (en) | Parameter optimization method, device, equipment and medium based on machine learning | |
| CN115391224A (en) | Flow playback method and device, computer equipment and readable storage medium | |
| CN113886175A (en) | Hystrix-based distributed system cluster fusing method and distributed system | |
| JP2022037107A (en) | Failure analysis device, failure analysis method, and failure analysis program | |
| CN114168949A (en) | Application software anomaly detection method and system applied to artificial intelligence | |
| CN111641612B (en) | Data security protection method of edge computing network and communication master control device | |
| CN116401658B (en) | Smart television sensitive data security control method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20210827 |
|
| WW01 | Invention patent application withdrawn after publication |