CN113327063A

CN113327063A - Resource detection method and device, electronic equipment and computer readable storage medium

Info

Publication number: CN113327063A
Application number: CN202110714924.8A
Authority: CN
Inventors: 冯凯; 张毅隆
Original assignee: Beijing QIYI Century Science and Technology Co Ltd
Current assignee: Beijing QIYI Century Science and Technology Co Ltd
Priority date: 2021-06-25
Filing date: 2021-06-25
Publication date: 2021-08-31
Anticipated expiration: 2041-06-25
Also published as: CN113327063B

Abstract

The embodiment of the invention provides a resource detection method, a resource detection device, electronic equipment and a computer readable storage medium, wherein the method comprises the following steps: acquiring a first resource which accords with a preset high-risk rule; acquiring a content distribution network address mapped with a first resource; detecting whether a target address exists in a content distribution network address mapped with the first resource, wherein the target address stores a resource with the same content as the first resource; under the condition that the target address is detected, determining a first service identifier corresponding to the resource identifier of the first resource according to the corresponding relation between the pre-stored resource identifier and the service identifier; according to the first service identification, sending first indication information to a service system to which the first resource belongs; the first indication information is used for indicating that the first resource is at risk of being leaked. Therefore, the embodiment of the invention can realize the detection of the high-risk resources in the content distribution network, thereby reducing the risk of the leakage of the high-risk resources in the content distribution network.

Description

Resource detection method and device, electronic equipment and computer readable storage medium

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a resource detection method and apparatus, an electronic device, and a computer-readable storage medium.

Background

With the increase of company businesses, detection, management and risk level control of high-risk resource files become more and more important, and once the high-risk resource files (i.e., the resource files which cannot be known by the majority of users) are exposed to an external network, a great adverse effect is caused.

At present, the detection of high-risk resources is mainly aimed at externally issued installation packages. The method includes that resources or resource paths exist in an externally issued installation package, so that risk detection on externally issued resource files mainly detects whether the resource files in the externally issued installation package are replaced or not, and therefore it is ensured that resources in the installation package are not tampered.

When each service party manages high-risk resource files, part of the files are required to be accessible in an intranet but not accessible to the outside, and the external files are stored in a Content Delivery Network (CDN).

After notifying the content distribution network to delete the high-risk resource files needing to be deleted, the service party does not determine whether the content distribution network completely deletes the corresponding high-risk resource files, so that the high-risk resource files are leaked.

Therefore, in the prior art, only high-risk resource detection can be performed on an externally issued installation package, and high-risk resources in a content distribution network cannot be detected, so that the high-risk resources in the content distribution network are leaked.

Disclosure of Invention

An object of the embodiments of the present invention is to provide a resource detection method, a resource detection device, an electronic device, and a computer-readable storage medium, so as to implement detection of high-risk resources in a content distribution network, thereby reducing a risk that the high-risk resources in the content distribution network are leaked. The specific technical scheme is as follows:

in a first aspect of the present invention, there is provided a resource detection method, including:

acquiring a first resource which accords with a preset high-risk rule;

acquiring a content distribution network address mapped with the first resource, wherein the content distribution network address mapped with the first resource is an address of a resource used for storing the same content as the first resource in a content distribution network;

detecting whether a target address exists in a content distribution network address mapped with the first resource, wherein the target address stores a resource with the same content as the first resource;

under the condition that the target address is detected, determining a first service identifier corresponding to the resource identifier of the first resource according to the corresponding relation between the pre-stored resource identifier and the service identifier;

according to the first service identification, sending the first indication information to a service system to which the first resource belongs;

wherein the first indication information is used for indicating that the first resource is at risk of being leaked.

In a second aspect of the present invention, there is also provided a resource detection apparatus, including:

the first acquisition module is used for acquiring a first resource which accords with a preset high-risk rule;

a second obtaining module, configured to obtain a content distribution network address mapped to the first resource, where the content distribution network address mapped to the first resource is an address of a resource in a content distribution network, where the address is used to store the same content as the first resource;

a detection module, configured to detect whether a target address exists in a content distribution network address mapped to the first resource, where the target address stores a resource that is the same as the content of the first resource;

a service identifier determining module, configured to determine, when the target address is detected, a first service identifier corresponding to a resource identifier of the first resource according to a correspondence between a pre-stored resource identifier and a service identifier;

a first sending module, configured to send the first indication information to a service system to which the first resource belongs according to the first service identifier;

In yet another aspect of the present invention, there is also provided a computer-readable storage medium having stored therein instructions, which when run on a computer, cause the computer to execute any of the above-described resource detection methods.

In yet another aspect of the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform any of the above-described resource detection methods.

The resource detection method provided by the embodiment of the invention can acquire the first resource which accords with the preset high-risk rule, and then acquires a content distribution network address mapped with the first resource, thereby detecting whether a target address storing a resource identical to the content of the first resource exists in the content distribution network address, and in the case that the target address exists, determining a first service identifier corresponding to the resource identifier of the first resource according to the pre-stored corresponding relationship between the resource identifier and the service identifier, so as to send first indication information for indicating that the first resource has the risk of leakage to the business system to which the first resource belongs according to the first business identification, the content distribution network address mapped with the first resource is an address used for storing the resource with the same content as the first resource in the content distribution network.

Therefore, according to the embodiment of the invention, the first resource which meets the preset high-risk rule can be obtained, then the address which is used for storing the resource with the same content as the first resource in the content distribution network is obtained, so that whether the address stores the resource with the same content as the first resource or not is detected, and when the certain address in the content distribution network stores the resource with the same content as the first resource is detected, the first indication information is sent to the service system of the first resource to prompt that the first resource of the service party of the first resource has the risk of being leaked, so that the service party can know the leakage risk of the high-risk resource in time, and the service party can solve the risk in time. Therefore, the embodiment of the invention can realize the detection of the high-risk resources in the content distribution network, thereby reducing the risk of the leakage of the high-risk resources in the content distribution network.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.

Fig. 1 is a flowchart illustrating steps of a resource detection method according to an embodiment of the present invention;

FIG. 2 is a flowchart illustrating steps of another method for resource detection according to an embodiment of the present invention;

fig. 3 is an interaction diagram of a service system, an auditing system, and a content distribution network in a specific implementation of a resource detection method according to an embodiment of the present invention;

fig. 4 is a schematic flowchart of triggering resource detection in a specific implementation of the resource detection method according to an embodiment of the present invention;

fig. 5 is a flowchart illustrating a method for detecting whether a first resource is at risk of being leaked in a specific implementation of a resource detection method according to an embodiment of the present invention;

fig. 6 is a block diagram of a resource detection apparatus according to an embodiment of the present invention;

fig. 7 is a block diagram of another resource detection apparatus according to an embodiment of the present invention;

fig. 8 is a block diagram of an electronic device provided in an embodiment of the invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention.

Fig. 1 is a resource detection method according to an embodiment of the present invention. As shown in fig. 1, the resource detection method may include the following steps:

step 101: and acquiring the first resource which accords with a preset high-risk rule.

The resources meeting the preset high-risk rules are resources which cannot be leaked to the external network, namely resources which can be accessed inside the business party but cannot be accessed by other people except the people inside the business party.

Step 102: and acquiring the content distribution network address mapped with the first resource.

And the content distribution network address mapped with the first resource is an address used for storing the resource with the same content as the first resource in the content distribution network. In addition, the content delivery network address mapped with the first resource includes one or more addresses.

The storage addresses in the content distribution network are different when the formats of the resources of the same content are different. For example, if the picture size and format are different for pictures of the same screen, the pictures are stored in different addresses of the content distribution network.

Therefore, when detecting the first resource, it is necessary to acquire all addresses for storing the resource that is the same as the content of the first resource in the content distribution network, that is, all addresses of the content distribution network that are mapped to the first resource, so as to detect whether the acquired addresses of the content distribution network store the resource that is the same as the content of the first resource.

Step 103: detecting whether a target address exists in the content distribution network address mapped with the first resource.

And the target address stores the resource with the same content as the first resource. Therefore, in step 103, it is detected whether the content delivery network address has a target address, that is, it is detected whether the content delivery network address mapped to the first resource stores a resource having the same content as the first resource.

Step 104: and under the condition that the target address is detected, determining a first service identifier corresponding to the resource identifier of the first resource according to the corresponding relation between the pre-stored resource identifier and the service identifier.

Step 105: and sending the first indication information to a service system to which the first resource belongs according to the first service identifier.

When the target address is detected, it indicates that the content distribution network address mapped to the first resource stores the same resource as the content of the first resource. Therefore, in the embodiment of the present invention, when the target address is detected, that is, when the resource having the same content as the first resource is stored in the content distribution network, the first indication information needs to be sent to the service system of the first resource to prompt that the first resource has a risk of being leaked, so that the service party can know the leakage risk of the high-risk resource in time, and the service party can solve the risk in time.

Therefore, in the embodiment of the present invention, the service identifier of the service system to which each resource belongs may be pre-stored, so that, when it is detected that the resource has a leakage risk, the service system of the service may send, according to the service identifier of the service to which the resource belongs, the indication information for indicating that the part of the resource has the leakage risk, so that the service party can know the leakage risk of the high-risk resource in time, and the service party can solve the risk in time.

From the above steps 101 to 105, the embodiment of the invention can obtain the first resource meeting the preset high risk rule, and then acquires a content distribution network address mapped with the first resource, thereby detecting whether a target address storing a resource identical to the content of the first resource exists in the content distribution network address, and in the case that the target address exists, determining a first service identifier corresponding to the resource identifier of the first resource according to the pre-stored corresponding relationship between the resource identifier and the service identifier, so as to send first indication information for indicating that the first resource has the risk of leakage to the business system to which the first resource belongs according to the first business identification, the content distribution network address mapped with the first resource is an address used for storing the resource with the same content as the first resource in the content distribution network.

Fig. 2 is a resource detection method according to an embodiment of the present invention. As shown in fig. 2, the resource detection method may include the steps of:

step 201: and acquiring the first resource which accords with a preset high-risk rule.

Step 202: and acquiring the content distribution network address mapped with the first resource.

And the content distribution network address mapped with the first resource is an address used for storing the resource with the same content as the first resource in the content distribution network.

Step 203: and generating a hypertext transfer protocol request according to the first address.

Wherein the first address is one of the content distribution network addresses mapped with the first resource.

Step 204: sending the hypertext transfer protocol request to the content delivery network.

Step 205: and receiving the hypertext transfer protocol response header information returned by the content distribution network.

The hypertext transfer protocol response header information comprises a code identification.

Step 206: and determining that the first address belongs to the target address under the condition that the code identification is a first preset code.

Step 207: and determining that the first address does not belong to the target address under the condition that the code identification is a second preset code.

And the target address stores the resource with the same content as the first resource. Therefore, the first address belongs to the target address, and indicates that the first address stores the resource with the same content as the first resource; the first address does not belong to the target address, and indicates that the first address does not store the resource having the same content as the first resource.

In addition, the code identification is indication information for indicating whether the first address stores the resource with the same content as the first resource. That is, in the embodiment of the present invention, it may be determined whether the first address stores the resource that is the same as the content of the first resource according to the specific content identified by the code.

As can be seen from steps 203 to 207, in the embodiment of the present invention, when detecting whether a resource whose content is the same as that of the first resource is stored in one of the addresses of the content distribution network mapped to the first resource, an access request to the content distribution network, that is, a hypertext transfer protocol (http) request, may be generated according to the address, and then the hypertext transfer protocol request is sent to the content distribution network, so that a hypertext transfer protocol response header information returned by the content distribution network may be received, where the hypertext transfer protocol response header information carries a code identifier, and then it may be further determined whether the address stores a resource whose content is the same as that of the first resource according to the code identifier.

It should be noted that, the above-mentioned generating a hypertext transfer protocol request according to the first address, and sending the request to the content delivery network is to obtain a hypertext transfer protocol response header information returned by the content delivery network, so as to determine whether the first address stores a resource that is the same as the content of the first resource according to a code identifier in the hypertext transfer protocol response header information, and not to access the resource stored in the first address, and therefore, the above-mentioned steps 203 to 205 belong to a process of simulating manual access to the first address to determine whether the first address stores a resource that is the same as the content of the first resource.

In addition, the process of detecting whether the second address except the first address in the content distribution network address mapped with the first resource belongs to the target address is the same as the process of detecting whether the first address belongs to the target address, and is not described herein again.

Step 208: and under the condition that the target address is detected, determining a first service identifier corresponding to the resource identifier of the first resource according to the corresponding relation between the pre-stored resource identifier and the service identifier.

Step 209: and sending the first indication information to a service system to which the first resource belongs according to the first service identifier.

As can be seen from the foregoing steps 201 to 209, in the embodiment of the present invention, a first resource meeting a preset high risk rule may be obtained, and then addresses used for storing resources having the same content as the first resource in a content distribution network are obtained, so as to simulate a process of manual access for the addresses, so as to detect whether the addresses store resources having the same content as the first resource, and when it is detected that a resource having the same content as the first resource is stored in a certain address in the content distribution network, first indication information is sent to a service system of the first resource, so as to prompt a service party of the first resource that the first resource has a risk of being leaked, so that the service party can know the risk of leaking the high risk resource in time, and further, the service party can solve the risk in time. Therefore, the embodiment of the invention can realize the detection of the high-risk resources in the content distribution network, thereby reducing the risk of the leakage of the high-risk resources in the content distribution network.

Optionally, before detecting whether a target address exists in the content distribution network address mapped to the first resource, the method further includes:

numbering said at least one content distribution network address;

sequencing the content distribution network addresses with odd numbers according to the sequence of the numbers from small to large to obtain a first sequencing sequence;

sequencing the content distribution network addresses with even numbers according to the sequence of the numbers from small to large to obtain a second sequence;

ranking the content distribution network addresses numbered odd before the content distribution network addresses numbered even based on the first ranking order and the second ranking order, to obtain a third ranking order;

the detecting whether a target address exists in the content distribution network address mapped with the first resource includes:

and detecting whether a target address exists in the content distribution network addresses mapped with the first resource according to the third arrangement sequence.

For example, if the number of the content delivery network addresses mapped to the first resource is 10, then after numbering and sorting the 10 addresses according to the above method, the third arrangement order of the numbers of the finally obtained addresses is: 1. 3, 5, 7, 9, 2, 4, 6, 8, 10. If the address with the number of 7 stores the resource with the same content as the first resource, the target address can be detected in the fourth detection according to the third arrangement order, and the detection result of the resource with the same content as the first resource stored in the content distribution network is obtained. On the other hand, if the detection is performed in the order of increasing numbers (i.e., 1, 2, 3, 4, 5, 6, 7, 8, 9, and 10), it is detected that the same resource as the content of the first resource is stored in the content distribution network at the seventh detection. Therefore, the embodiment of the invention adopts the interval detection method, so that the detection speed can be improved.

Optionally, the preset high-risk rule includes that a predetermined resource risk level is greater than a preset level; before the obtaining of the first resource meeting the preset high risk rule, the method further includes:

under the condition that the resource risk level is detected to change, the resource with the changed resource risk level is obtained;

the acquiring of the first resource meeting the preset high-risk rule comprises the following steps:

and acquiring the first resource with the resource risk level larger than the preset level from the resources with the resource risk level changed.

Therefore, in the embodiment of the present invention, the resource risk level of the resource may be predetermined, so that, when the resource risk level is greater than the preset level, the content distribution network address mapped by the resource is obtained, and it is further detected whether the content distribution network address stores the resource having the same content as the resource.

The importance degree of the resources is divided through the risk level of the resources, so that detection on the unimportant resources is not needed, and the detection time is saved.

In addition, the resource risk level may be determined manually; or, the collected characteristic information of the resource may also be trained by machine learning to obtain a model for outputting the resource risk level, so that when the resource risk level of a certain resource needs to be determined, the characteristic information of the resource may be input into the model, and the resource risk level of the resource may be output. The feature information may include a resource type, a type of an object included in the resource content, and a scene presented by the resource content.

In addition, the resource risk level may be stored in a service system (i.e., an intranet), and in the embodiment of the present invention, an intranet storage address of a resource needs to be recorded, so that when a certain resource needs to be detected, the resource risk level of the resource can be obtained from the intranet according to the intranet address.

As can be seen from the above, when the resource level changes, the embodiment of the present invention may automatically acquire the resource of the modified resource level, further acquire, from the resources, the first resource whose resource risk level is greater than the preset level, and check whether the first resource has a leakage risk.

For example, the original resource risk level of the resource a is X1, X1 is less than the preset level, but the resource risk level in the resource a is modified to be X2, and X2 is greater than the preset level, then, under the condition that the high risk rule is that the resource risk level is greater than the preset level, the resource to which the resource a belongs does not belong to the high risk resource before the modification of the resource risk level (that is, the resource to which the resource a belongs can be accessed by the external network), but the resource to which the resource a belongs to the high risk resource after the modification of the resource risk level (that is, the resource to which the resource a belongs cannot be accessed by the external network), and in such a case, the embodiment of the present invention can automatically trigger and detect whether the resource to which the resource a belongs has a risk of being leaked, so that a business party can be timely notified to solve the risk when the presence of the risk of being leaked is detected.

Specifically, for example, the resource a is a video resource, and when the video resource is within a copyright period of a video application, a user may obtain the video resource through the video application, but after the copyright of the video resource expires, the user cannot obtain the video resource through the video application, and therefore, in this case, a related technician is required to modify the resource risk level of the resource a to meet different requirements of the video resource within the copyright period and after the copyright expires.

Optionally, before the obtaining of the first resource meeting the preset high risk rule, the method further includes:

under the condition that the resource risk level in a pre-established resource index library is detected to be changed, a resource index with the changed resource risk level is obtained, wherein the resource index library comprises a resource index of at least one service party, the resource index comprises a resource identifier, a content distribution network address mapped with a resource represented by the resource identifier, a service identifier of the service party to which the resource represented by the resource identifier belongs, a predetermined resource risk level to which the resource represented by the resource identifier belongs, and the second target service party is the service party to which the resource with the changed resource risk level belongs;

and acquiring the first resource which accords with the preset high-risk rule from the resource to which the resource index with the changed resource risk level belongs.

Therefore, the resource risk level can be stored in the resource index library, so that when the resource level recorded in the resource index library changes, the resource index of the modified resource level can be automatically acquired, and the first resource which meets the preset rule is acquired from the resource to which the resource index belongs.

The resource risk level is stored in the resource index library, so that the resource risk level does not need to be acquired from an intranet according to an intranet storage address of the resource, and the detection speed is further improved. Optionally, the high risk rule includes that the creation time is within a preset time window. The time window comprises at least one time window, for example, a first time window is preset, and if the current time is in the first time window, the high-risk rule is met; if the current time is outside the first time window, the high-risk rule is not met. In this way, a part of the resources may be set to belong to high-risk resources within a certain time window, and not belong to high-risk resources outside the time window.

Optionally, the method further includes:

and sending second indication information to the content distribution network when the target address is detected, wherein the second indication information is used for indicating the content distribution network to delete the resource stored in the content distribution network address mapped with the first resource.

After first indication information used for indicating that the first resource has the risk of being leaked is sent to the business system to which the first resource belongs, the business party to which the first resource belongs needs to be verified, then the risk is brought out, the time consumption is long, and under the condition that the target address is detected, the content distribution network is notified to delete the resource stored in the content distribution network address mapped with the first resource, so that the problem that the first resource has the risk of being leaked can be solved more timely.

In addition, if the service party to which the first resource belongs finds that the resource stored in the content distribution network address mapped with the first resource does not need to be deleted after verification, the service system may further be operated, so that the service system sends a recovery instruction to the content distribution network to recover the resource stored in the content distribution network address mapped with the first resource.

in a pre-established resource index library, acquiring a resource index to be detected belonging to a predetermined target service party according to a preset patrol parameter, wherein the resource index library comprises at least one resource index of the service party, the resource index comprises a resource identifier, a content distribution network address mapped with a resource represented by the resource identifier, and a service identifier of the service party to which the resource represented by the resource identifier belongs, and the patrol parameter comprises a patrol starting time, a patrol period and patrol times;

and acquiring the first resource which accords with the preset high-risk rule from the resource to which the resource index to be detected belongs, which belongs to the target service party.

Therefore, in the embodiment of the present invention, a resource index library is pre-established, where the resource index library includes a plurality of resource indexes, one of the resource indexes includes a resource identifier, a content distribution network address mapped to a resource represented by the resource identifier, and a service identifier of a service party to which the resource represented by the resource identifier belongs, and the plurality of resource indexes included in the resource index library belong to at least one service party. Therefore, in the embodiment of the present invention, the patrol parameter may be preset, and for a single service or multiple services, the index in the resource index library is periodically patrolled according to the patrol parameter, so as to detect whether the resource to which the index obtained by patrol belongs is at risk of being leaked.

The mapping relationship between the resource identifier and the content distribution network address can be obtained from the service system to which the resource belongs, that is, the service system can periodically send the mapping relationship between the resource identifier and the content distribution network address stored therein to the resource index library for storage. In addition, each service system can also send the corresponding relation between the resource identifier and the service identifier of the service to which the resource identifier belongs to the resource index library, so that the resource index library can store indexes comprising the resource identifier, the service identifier and the content distribution network address.

In addition, under the condition that each service system sends "the corresponding relationship between the resource identifier and the service identifier of the service to which the resource identifier belongs" (namely, each service system accesses the resource index library), some resources may be missed, a content distribution network notification mechanism may also be introduced, namely, when the content distribution network detects that the resources stored in the content distribution network are accessed, the corresponding relationship between the resource identifier of the accessed resources and the service identifier of the service party to which the accessed resources belong is established, so that the established corresponding relationship between the resource identifier and the service identifier is sent to the resource index library for storage, and the index of the missed resources is supplemented.

It should be noted here that, in the prior art, each business party needs to establish its own file risk patrol system. However, if each business party maintains a set of file risk patrol system, the processing of risk files is delayed and not timely, the unified management is not convenient, and the development cost is high. In the embodiment of the invention, the resource index library is constructed, namely the resource indexes corresponding to the resources of all the business parties are stored in the resource index library, so that the resources of all the business parties are managed uniformly, the resource risk detection cost is saved, the detection speed is increased, and the risk problem of resource leakage can be solved in time.

The embodiment of the invention greatly reduces the exposure probability of high-risk resources, enhances the discovery capability of risk contents and improves the resource safety while reducing the risk and the labor cost.

Optionally, the obtaining, in the pre-established resource index library, the resource index to be detected belonging to the predetermined target service party according to the preset patrol parameter includes:

according to the patrol starting time, the patrol period and the patrol times, when the (i + 1) th patrol time arrives, acquiring a first target resource index from the resource indexes which belong to the target service party and are stored in the resource index database, and determining the first target resource index as the resource index to be detected;

the first target resource index comprises a resource index which is increased from the ith inspection time to the (i + 1) th inspection time, or comprises a resource index which is increased from the ith inspection time to the (i + 1) th inspection time and meets a preset constraint condition, wherein the preset constraint condition comprises a constraint condition of resource creation time;

i is an integer of 1 to N-1, N representing the number of said rounds.

Therefore, in the embodiment of the present invention, for a single service or multiple services, the resource indexes added in the patrol period in the resource index library or the added resource indexes meeting the preset constraint condition may be patrolled, so that after each patrol is completed, the resource indexes obtained by the patrol are used as the resource indexes to be detected, the first resource meeting the preset high-risk rule is further obtained from the resources to which the resource indexes to be detected belong, and whether the first resource is leaked in the content distribution network is detected.

That is, the embodiment of the present invention may perform incremental patrol on the resource indexes in the patrol resource index repository. The specific embodiment in which incremental patrol is performed may be as described in cases one to three below.

The first condition is as follows: the first target resource index includes a resource index that increases between the ith patrol time and the (i + 1) th patrol time.

That is, when the i +1 th patrol time arrives according to the patrol starting time, the patrol period, and the patrol frequency, obtaining a first target resource index from the resource indexes belonging to the target service party stored in the resource index repository, includes:

according to the patrol starting time, the patrol period and the patrol times, when the (i + 1) th patrol time arrives, acquiring resource indexes which are increased from the ith patrol time to the (i + 1) th patrol time from the resource indexes which are stored in the resource index database and belong to the target service party, and determining the acquired resource indexes as the first target resource indexes.

For example, the patrol start time is: 2020-04-2320: 00:00, the patrol period is 5 days, and the patrol frequency is 3 times, then the specific patrol process can be as follows:

the first patrol: at 2020-04-2320: 00:00, patrol scope: the creation time is 2020-04-2320: 00:00 and the resource index belongs to the target service party;

and (5) second inspection: in 2020-04-2820: 00:00, patrol range: creating a resource index which is 2020-04-2320: 00:00 to 2020-04-2820: 00:00 and belongs to a target business party;

and (3) third inspection: at 2020-05-0320: 00:00, patrol range: the resource index is created at 2020-04-2820: 00:00 to 2020-05-0320: 00:00 and belongs to the target service party.

In case two, when the preset constraint condition indicates that the creation time is later than or equal to a first time, the first target resource index includes: and in the resource index database, the resource index which is added between the ith patrol time and the (i + 1) th patrol time and has the creation time later than or equal to the first time is included in the resource indexes belonging to the target service party.

according to the patrol starting time, the patrol period and the patrol times, when the (i + 1) th patrol time arrives, resource indexes which are stored in the resource index database and belong to the target service party and have the creation time later than or equal to the first time are obtained from the resource indexes which are stored in the resource index database and belong to the target service party between the (i) th patrol time and the (i + 1) th patrol time, and the obtained resource indexes are determined as the first target resource indexes.

For example, the patrol start time is: 2020-04-2320: 00:00, the patrol period is 5 days, the patrol frequency is 3 times, and the preset constraint conditions are as follows: the creation time is later than or equal to 2020-04-2020: 00:00, the specific patrol process may be as follows:

the first round is carried out in 2020-04-2320: 00:00, round range: creating a resource index which is 2020-04-2020: 00:00 to 2020-04-2320: 00:00 and belongs to a target business party;

and the second inspection is carried out in the range of 2020-04-2820: 00: creating a resource index which is 2020-04-2320: 00:00 to 2020-04-2820: 00:00 and belongs to a target business party;

and the third inspection is carried out in the range of 2020-05-0320: 00: the resource index is created at 2020-04-2820: 00:00 to 2020-05-0320: 00:00 and belongs to the target service party.

In case three, when the preset constraint condition indicates that the creation time is earlier than or equal to a second time, the first target resource index includes: and in the resource index database, the resource index which is added from the ith patrol moment to the (i + 1) th patrol moment and has the creation time earlier than or equal to the second moment is included in the resource indexes belonging to the target service party.

That is, the acquiring a first target resource index from the resource indexes belonging to the target service party stored in the resource index repository when the i +1 th patrol time arrives according to the patrol starting time, the patrol period, and the patrol frequency includes:

according to the patrol starting time, the patrol period and the patrol times, when the (i + 1) th patrol time arrives, resource indexes which are increased from the ith patrol time to the (i + 1) th patrol time and have the creation time earlier than or equal to the second time are obtained from the resource indexes which are stored in the resource index database and belong to the target service party, and the obtained resource indexes are determined as the first target resource indexes.

For example, the patrol start time is: 2020-04-2320: 00:00, the patrol period is 5 days, the patrol frequency is 3 times, and the preset constraint conditions are as follows: if the creation time is earlier than or equal to 2020-04-2020: 00:00, the specific patrol process may be as follows:

the first round is carried out in 2020-04-2320: 00:00, round range: the creation time is 2020-04-2020: 00:00 and the resource index belongs to the target service party;

and the second inspection is carried out in the range of 2020-04-2820: 00: no inspection object;

and the third inspection is carried out in the range of 2020-05-0320: 00: no object of patrol.

according to the patrol starting time, the patrol period and the patrol times, when the jth patrol time arrives, obtaining a second target resource index from the resource indexes which belong to the target service party and are stored in the resource index library, and determining the second target resource index as the resource index to be detected;

the second target resource index comprises a resource index of which the creation time is before the jth inspection time, or comprises a resource index of which the creation time is before the jth inspection time and meets a preset constraint condition, wherein the preset constraint condition comprises a constraint condition of resource creation time;

j is an integer of 1 to N-1, N representing the number of said rounds.

Therefore, in the embodiment of the present invention, for a single service or multiple services, the resource index stored at each patrol time in the resource index library or the resource index stored and meeting the preset constraint condition may be patrolled, so that after each patrol is completed, the resource index obtained by the patrol is used as the resource index to be detected, and then the first resource meeting the preset high-risk rule is obtained from the resources to which the resource indexes to be detected belong, and whether the first resource has a risk of being leaked in the content distribution network is detected.

That is, the embodiment of the present invention may perform the full amount of patrol on the resource indexes in the patrol resource index repository. Specific embodiments in which the full amount of patrol is performed may be described in the following cases four to six.

Case four: the second target resource index comprises a resource index whose creation time is before the jth patrol time.

That is, when the jth patrol time arrives according to the patrol starting time, the patrol period, and the patrol frequency, obtaining a second target resource index from the resource indexes belonging to the target service party stored in the resource index repository, includes:

according to the patrol starting time, the patrol period and the patrol times, when the jth patrol time arrives, acquiring a resource index of which the creation time is before the jth patrol time from the resource indexes which belong to the target service party and are stored in the resource index library, and determining the acquired resource index as the second target resource index.

the first round is carried out in 2020-04-2320: 00:00, round range: the creation time is 2020-04-2320: 00:00 and the resource index belongs to the target service party;

and the second inspection is carried out in the range of 2020-04-2820: 00: the creation time is 2020-04-2820: 00:00 and the resource index belongs to the target service party;

and the third inspection is carried out in the range of 2020-05-0320: 00: the resource index is created at a time of 2020-05-0320: 00:00 and belongs to the target service party.

Case five: when the preset constraint condition indicates that the creation time of the resource to be detected is later than or equal to a first time, the second target resource index comprises: and at the j-th patrol time, creating a resource index with the time later than or equal to the first time in the resource indexes which belong to the target service party and are stored in the resource index database.

and according to the patrol starting time, the patrol period and the patrol times, when the jth patrol time arrives, acquiring a resource index with the creation time later than or equal to the first time from the resource indexes which belong to the target service party and are stored in the resource index library, and determining the acquired resource index as the second target resource index.

and the second inspection is carried out in the range of 2020-04-2820: 00: creating a resource index which is 2020-04-2020: 00:00 to 2020-04-2820: 00:00 and belongs to a target business party;

and the third inspection is carried out in the range of 2020-05-0320: 00: the resource index is created at 2020-04-2020: 00:00 to 2020-05-0320: 00:00 and belongs to the target service party.

And in a sixth case, when the preset constraint condition indicates that the creation time of the resource to be detected is earlier than or equal to a second time, the second target resource is included in the jth patrol time, and the creation time is earlier than or equal to the resource index of the second time in the resource indexes belonging to the target service party and stored in the resource index database.

and according to the patrol starting time, the patrol period and the patrol times, when the jth patrol time arrives, acquiring a resource index with the creation time earlier than or equal to the second time from the resource indexes which belong to the target service party and are stored in the resource index library, and determining the acquired resource index as the second target resource index.

For example, the patrol start time is: 2020-04-2320: 00:00, the patrol period is 5 days, the patrol frequency is 3 times, and the preset constraint conditions are as follows: the creation time is earlier than or equal to 2020-04-2020: 00:00, the specific patrol process may be as follows:

the first round is carried out in 2020-04-2320: 00:00, round range: creating a resource index which is in 2020-04-2020: 00:00 front and belongs to a target service party;

and the second inspection is carried out in the range of 2020-04-2820: 00: creating a resource index which is in 2020-04-2020: 00:00 front and belongs to a target service party;

and the third inspection is carried out in the range of 2020-05-0320: 00: the resource index which is before 2020-04-2020: 00:00 and belongs to the target business side is created.

For example, a specific implementation of the resource detection method provided by the embodiment of the present invention may be as shown in fig. 3. The details are as follows:

in a first aspect, each service system may periodically send a mapping relationship between a resource identifier stored therein, an intranet storage address (that is, a storage address of a resource represented by the resource identifier in the service system), and a content distribution network address to the resource index library for storage. Each service system can also send the corresponding relation between the resource identification and the service identification of the service to which the resource identification belongs to the resource index library. As shown in fig. 3, the resource index library is provided with an application program creation interface for receiving information sent to the resource index library by each service system.

In the second aspect, under the condition that each service system sends "the corresponding relationship between the resource identifier and the service identifier of the service to which the resource identifier belongs" (that is, each service system accesses the resource index library), some resources may be also missed, a content distribution network notification mechanism may also be introduced, that is, when the content distribution network detects that the resources stored inside the content distribution network are accessed, the corresponding relationship between the resource identifier of the accessed resource and the service identifier of the service party to which the accessed resource identifier belongs is established, so that the established corresponding relationship between the resource identifier and the service identifier is sent to the resource index library for storage, so as to supplement the index of the missed resources.

In a third aspect, the resource risk level is determined by the auditing system by the relevant technician, and the resource risk level is stored. The resource risk level of each resource can be manually marked in a setting interface of the auditing system, and the risk level of each resource can be automatically identified in the setting interface of the auditing system so as to extract the characteristic information of the resource, so that the extracted characteristic information is input to a target model obtained by adopting machine learning algorithm training in advance, and the resource risk level is output.

After the resource risk level is stored in the auditing system, the resource risk level can be sent to the resource index library, so that the resource index library can record the corresponding relation between each resource identifier and the resource risk level.

In summary, a plurality of resource indexes are stored in the resource index library, wherein one resource index includes a resource identifier, an intranet storage address, at least one content distribution network address, a resource risk level, and a service identifier.

As shown in fig. 3, the resource index library is further provided with an inquiry application program interface and a validation application program interface, where the inquiry application program interface is used to inquire whether a certain resource exists in the resource index library; the validation application program interface is used for the content distribution network to detect the data of the resource index library.

In addition, the resource to which each resource index stored in the resource index repository belongs may be at least one of a picture-like resource, a video-like resource, and an audio-like resource.

In a fourth aspect, as shown in fig. 4, a related art person may input a first operation on an operation interface of a resource index library to trigger a one-time patrol of a resource index in the resource index library for a single service or multiple services, so as to detect whether a resource to which the resource index obtained by the patrol belongs is at risk of being leaked; or after the related technical personnel modify the resource risk level through the auditing system, the resource index with the changed resource risk level can be triggered for one-time inspection of single service or multiple services, so as to detect whether the resource to which the resource index obtained by inspection belongs is at risk of being leaked.

The resource index in the resource index library can be manually triggered for one-time patrol of single service or multiple services, so that whether the resource to which the resource index obtained by patrol belongs is leaked or not is detected.

In addition, a related technician may also set patrol parameters (e.g., patrol starting time, patrol period, and patrol frequency) in an operation interface of the file repository, so as to periodically patrol the resource index in the resource repository according to the patrol parameters for a single service or multiple services, and further detect whether a resource to which the resource index obtained by patrol belongs is at risk of being leaked.

If it is detected that some resources are at risk of being leaked, the resource index library may send, according to the service identifier corresponding to the resource identifier of the part of resources, indication information that the part of resources are at risk of being leaked to the service system to which the part of resources belong, so that the service system notifies the content distribution network to delete the resources that are the same as the content of the part of resources. And when the resource is next patrolled again and the content distribution network is not deleted, the content distribution network is continuously deleted, and after the notification for many times, the notification times reach a threshold value, and alarm information can be sent to the corresponding service system.

In addition, when the resource index library detects that some resources are at risk of being leaked, the resource index library can also directly inform the content distribution network to delete the resources which are the same as the contents of the part of resources, so that the risk event can be processed as soon as possible, and the probability of resource leakage is reduced. If the deleted part of the resources in the content distribution network is verified and found to belong to the service party, and the deleted part of the resources can not be deleted, the service system can be further operated, so that the service system sends a recovery instruction to the content distribution network to recover the deleted resources.

In addition, the related technical personnel also select the resource identifier of the resource to be recovered in the operation interface of the resource index system, so that the resource index library acquires the resource stored in the intranet address from the service system according to the intranet storage address corresponding to the resource identifier, and then sends the acquired resource to the content distribution network, so as to recover the deleted resource in the content distribution network.

It should be noted here that, for the specific process of performing patrol according to patrol parameters, the foregoing description may be taken, and details are not described here.

The process of detecting high-risk resources introduced by one of the patrolled resource indexes may be as shown in fig. 5.

For example, if the resource index belongs to a first resource and 5 content distribution network addresses mapped to the first resource exist, first, whether the resource risk level of the first resource is greater than a preset level is judged, and if the resource risk level of the first resource is less than or equal to the preset level, the process is ended;

if the resource risk level of the first resource is higher than the preset level, detecting whether the first content distribution network address stores the resource with the same content as the first resource, thereby determining whether the first resource has the risk of leakage, that is, a hypertext transfer protocol request is generated according to the first content distribution network address, and then the hypertext transfer protocol request is sent to the content distribution network, so as to receive the hypertext transfer protocol response header information returned by the content distribution network, determining whether a first content distribution network address stores a resource with the same content as the first resource or not according to a code identifier included in the hypertext transfer protocol response header information, if so, determining that the first resource is at risk of being leaked, otherwise, detecting whether a third content distribution network address stores a resource with the same content as the first resource or not;

then, if the third content distribution network address stores the resource with the same content as the first resource, determining that the first resource is leaked, otherwise, detecting whether the fifth content distribution network address stores the resource with the same content as the first resource;

then, if the fifth content distribution network address stores the resource with the same content as the first resource, determining that the first resource is leaked, otherwise, detecting whether the second content distribution network address stores the resource with the same content as the first resource;

then, if the second content distribution network address stores the resource with the same content as the first resource, determining that the first resource is leaked, and otherwise, detecting whether the fourth content distribution network address stores the resource with the same content as the first resource;

and then, if the fourth content distribution network address stores the resource which is the same as the content of the first resource, determining that the first resource has the risk of being leaked, and otherwise, determining that the first resource does not have the risk of being leaked.

As can be seen from the above, in the embodiment of the present invention, the resource index library is constructed through the service system delivery data (including the resource identifier, the content distribution network address, and the service identifier), so that the resources of a plurality of service parties are uniformly managed; and determining the resource risk level of each resource through the auditing system, and recording the resource risk level in the resource index database, so that after the resource index to be detected is obtained according to the preset patrol parameters, whether each resource belongs to the high-risk resource is determined according to the resource risk level, and then whether the high-risk resource has the risk of being leaked is detected.

Moreover, after the resource risk level changes (i.e. the rule of the high-risk resource), the resource index in the resource index library can be triggered to be patrolled for one time aiming at a single service or multiple services, so that whether the resource to which the resource index obtained by patrolling belongs has a risk of being leaked or not is detected, and after the rules for determining the high-risk resource are modified according to respective conditions by each service party, the service party is notified to process the resource with the leakage risk in time without additional development of the service party.

Namely, the embodiment of the invention can carry out historical data risk patrol and follow-up incremental data patrol on high-risk data of each business party, including videos, pictures and the like. Under the condition that the high-risk rule is judged to be changed, the data can be subjected to risk patrol according with the new high-risk rule, and the high-risk data are prevented from being exposed to an external network to cause adverse consequences.

Fig. 6 is a block diagram of a resource detection apparatus according to an embodiment of the present invention. As shown in fig. 6, the resource detecting device 60 may include:

a first obtaining module 601, configured to obtain a first resource meeting a preset high risk rule;

a second obtaining module 602, configured to obtain a content distribution network address mapped to the first resource, where the content distribution network address mapped to the first resource is an address in a content distribution network, where the address is used to store a resource that is the same as the content of the first resource;

a detecting module 603, configured to detect whether a target address exists in a content distribution network address mapped to the first resource, where the target address stores a resource that is the same as the content of the first resource;

a service identifier determining module 604, configured to determine, when the target address is detected, a first service identifier corresponding to the resource identifier of the first resource according to a correspondence between a pre-stored resource identifier and a service identifier;

a first sending module 605, configured to send the first indication information to a service system to which the first resource belongs according to the first service identifier;

Fig. 7 is a block diagram of another resource detection apparatus according to an embodiment of the present invention. As shown in fig. 7, the resource detecting device 70 may include:

a first obtaining module 701, configured to obtain a first resource meeting a preset high risk rule;

a second obtaining module 702, configured to obtain a content distribution network address mapped to the first resource, where the content distribution network address mapped to the first resource is an address in a content distribution network, where the address is used to store a resource that is the same as the content of the first resource;

a detecting module 703, configured to detect whether a target address exists in a content distribution network address mapped to the first resource, where the target address stores a resource that is the same as the content of the first resource;

a service identifier determining module 704, configured to determine, when the target address is detected, a first service identifier corresponding to a resource identifier of the first resource according to a correspondence between a pre-stored resource identifier and a service identifier;

a first sending module 705, configured to send the first indication information to a service system to which the first resource belongs according to the first service identifier;

Optionally, the apparatus further comprises:

a third obtaining module 706, configured to obtain, in a pre-established resource index library, a resource index to be detected that belongs to a predetermined target service party according to a preset patrol parameter, where the resource index library includes a resource index of at least one service party, the resource index includes a resource identifier, a content distribution network address mapped to a resource represented by the resource identifier, and a service identifier of the service party to which the resource represented by the resource identifier belongs, and the patrol parameter includes a patrol start time, a patrol period, and a patrol frequency;

the first obtaining module 701 is specifically configured to:

Optionally, the third obtaining module 706 is specifically configured to:

i is an integer of 1 to N-1, N representing the number of said rounds.

Optionally, the third obtaining module 706 is specifically configured to: according to the patrol starting time, the patrol period and the patrol times, when the jth patrol time arrives, obtaining a second target resource index from the resource indexes which belong to the target service party and are stored in the resource index library, and determining the second target resource index as the resource index to be detected;

j is an integer of 1 to N-1, N representing the number of said rounds.

Optionally, when detecting whether the first address belongs to the target address, the detecting module 703 is specifically configured to:

generating a hypertext transfer protocol request according to the first address;

sending the hypertext transfer protocol request to the content delivery network;

receiving hypertext transfer protocol response header information returned by the content distribution network, wherein the hypertext transfer protocol response header information comprises a code identifier;

determining that the first address belongs to the target address under the condition that the code identification is a first preset code;

determining that the first address does not belong to the target address under the condition that the code identification is a second preset code;

Optionally, the apparatus further comprises:

a numbering module 707 for numbering the at least one content delivery network address;

a first sorting module 708, configured to sort content distribution network addresses numbered with odd numbers according to a sequence from small to large, to obtain a first sorting sequence;

a second sorting module 709, configured to sort the content distribution network addresses with even numbers according to a sequence from small to large, so as to obtain a second sorting order;

a third sorting module 710, configured to, based on the first sorting order and the second sorting order, sort the content distribution network addresses numbered as odd numbers before the content distribution network addresses numbered as even numbers, and obtain a third sorting order;

the detecting module 703, when detecting whether a target address exists in the content delivery network address mapped with the first resource, is specifically configured to:

Optionally, the preset high-risk rule includes that the predetermined resource risk level is greater than the preset level, and the apparatus further includes:

a fourth obtaining module 711, configured to obtain the resource with the changed resource risk level when detecting that the resource risk level is changed;

the first obtaining module 701 is specifically configured to, when obtaining the first resource meeting the preset high risk rule:

Optionally, the apparatus further comprises:

a second sending module 712, configured to send second indication information to the content distribution network when the target address is detected, where the second indication information is used to instruct the content distribution network to delete the resource stored in the content distribution network address mapped to the first resource

As can be seen from the above, in the embodiment of the present invention, the first resource meeting the preset high risk rule may be obtained, and then the address for storing the resource with the same content as the first resource in the content distribution network is obtained, so as to simulate the process of manual access for the addresses, so as to detect whether the resource with the same content as the first resource is stored in the addresses, and when it is detected that the resource with the same content as the first resource is stored in a certain address in the content distribution network, send the first indication information to the service system of the first resource, so as to prompt the service party of the first resource that the first resource has a risk of being leaked, so that the service party can know the leakage risk of the high risk resource in time, and further facilitate the service party to solve the risk in time. Therefore, the embodiment of the invention can realize the detection of the high-risk resources in the content distribution network, thereby reducing the risk of the leakage of the high-risk resources in the content distribution network.

An embodiment of the present invention further provides an electronic device, as shown in fig. 8, including a processor 81, a communication interface 82, a memory 83, and a communication bus 84, where the processor 81, the communication interface 82, and the memory 83 complete mutual communication through the communication bus 84.

The memory 83 is used for storing computer programs;

the processor 81 is configured to implement the following steps when executing the program stored in the memory 83:

acquiring a first resource which accords with a preset high-risk rule;

The Memory may include a Random Access Memory (RAM) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.

The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.

In yet another embodiment of the present invention, a computer-readable storage medium is further provided, which has instructions stored therein, and when the instructions are executed on a computer, the instructions cause the computer to execute the resource detection method described in any one of the above embodiments.

In yet another embodiment, a computer program product containing instructions is provided, which when run on a computer, causes the computer to perform the resource detection method described in any of the above embodiments.

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.

It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims

1. A resource detection method, characterized in that the resource detection method comprises:

acquiring a first resource which accords with a preset high-risk rule;

2. The resource detection method according to claim 1, wherein before the acquiring the first resource meeting the preset high risk rule, the method further comprises:

3. The resource detection method according to claim 2, wherein the obtaining of the resource index to be detected belonging to the predetermined target service party in the pre-established resource index library according to the preset patrol parameter comprises:

i is an integer of 1 to N-1, N representing the number of said rounds.

4. The resource detection method according to claim 2, wherein the obtaining of the resource index to be detected belonging to the predetermined target service party in the pre-established resource index library according to the preset patrol parameter comprises:

j is an integer of 1 to N-1, N representing the number of said rounds.

5. The method according to claim 1, wherein the step of detecting whether the first address belongs to the target address comprises:

6. The method according to claim 1, wherein before the detecting whether the target address exists in the content distribution network address mapped to the first resource, the method further comprises:

numbering said at least one content distribution network address;

7. The resource detection method according to claim 1, wherein the preset high risk rule includes that a predetermined resource risk level is greater than a preset level;

before the obtaining of the first resource meeting the preset high risk rule, the method further includes:

8. An apparatus for resource detection, the apparatus comprising:

9. An electronic device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing mutual communication by the memory through the communication bus;

a memory for storing a computer program;

a processor for implementing the resource detection method of any one of claims 1 to 7 when executing a program stored in a memory.

10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method for resource detection according to any one of claims 1 to 7.