CN113536323B

CN113536323B - Big data security processing method and server for remote online office

Info

Publication number: CN113536323B
Application number: CN202110877956.XA
Authority: CN
Inventors: 徐志全; 张红艳
Original assignee: Shandong Qizheng Technology Consulting Co ltd
Current assignee: Shandong Qizheng Technology Consulting Co.,Ltd.
Priority date: 2021-08-02
Filing date: 2021-08-02
Publication date: 2022-04-08
Anticipated expiration: 2041-08-02
Also published as: CN113536323A

Abstract

The embodiment of the application discloses a big data security processing method and a server for remote online office, firstly, according to office participant description contents, log differentiation analysis and sorting are carried out on remote office logs according to participant description keywords, the efficiency of follow-up log demand analysis can be improved, secondly, keyword analysis content summary data and log office event summary data of the remote office logs of each participant description keyword are determined, and therefore comparison results of office interaction demands of an office period to be detected and a pre-stored office period in the prior office period are obtained. Therefore, the comparison result of the office interaction requirements can be analyzed based on the detection requirements of the preset requirement evaluation, and whether the office data loss threat exists in the office period to be detected or not is judged. Therefore, the corresponding digital office terminal can be reminded to perform information security handling operation, and loss of office data when the digital office terminal is subjected to remote office in the office period to be detected is avoided.

Description

Big data security processing method and server for remote online office

Technical Field

The application relates to the technical field of online office work and data security, in particular to a big data security processing method and a server for remote online office work.

Background

The online office is used as a derivative product in the internet era, and can overcome the defects of low efficiency of multi-terminal office, untimely scheduling of office resources in different places, high cost of places and the like. At present, with the arrival of the big data era, the scale of online office work is continuously enlarged, and more enterprises and individuals change from traditional offline office work into online office work.

Since data information of online office is mostly processed (such as transmission and modification) on the network, it is a little challenge for security of office data. However, most of the related office information protection technologies are implemented by means of authority or key verification, so that it is difficult to accurately detect the office time period with the threat of information loss, and it is also difficult to implement targeted office data security protection processing.

Disclosure of Invention

One of the embodiments of the present application provides a big data security processing method for remote online office, where the big data security processing method for remote online office includes:

acquiring office participant description content of each remote office log in an office period to be detected, and performing log differentiation analysis and sorting on the remote office logs according to participant description keywords according to the office participant description content; the remote office log is a remote office log corresponding to the digital office terminal;

obtaining keyword analysis content summary data and log office event summary data of a remote office log of each participant description keyword in the office period to be detected according to the office participant description content;

according to the keyword analysis content summarized data and the log office event summarized data, obtaining a comparison result of the office interaction requirements of the office time period to be detected and the pre-stored prior office time period;

and taking the office period to be detected, in which the comparison result of the office interaction requirements meets the detection requirements of the preset requirement evaluation, as the office period with the threat of office data loss.

Preferably, the obtaining, according to the office participant description content, keyword analysis content summary data and log office event summary data of the remote office log of each participant description keyword in the office period to be detected includes:

obtaining the cooperative office interaction condition of the remote office log of each participant description keyword in the office period to be detected according to the office participant description content;

obtaining a collaboration satisfaction degree response corresponding to the participant description keywords of the remote office logs according to the collaborative office interaction condition of the remote office logs of each participant description keyword in the office period to be detected, and using the collaboration satisfaction degree response as the keyword analysis content summary data;

obtaining the identity risk detection condition of each remote office log and each set office verification time interval in the office time interval to be detected according to the office participant description content;

and obtaining the log office history information of the remote office log of each participant description keyword in the office period to be detected according to the identity risk detection condition, and taking the log office history information as the summary data of the log office events.

Preferably, the obtaining, according to the office participant description content, the cooperative office interaction condition of the remote office log of each participant description keyword in the office period to be detected includes:

obtaining an interest comparison result of office interaction interest information of the remote office logs of any participant description keyword and office interaction interest information of all the remote office logs according to the office participant description content;

according to the office participant description content, acquiring office interaction interest information of the office period to be detected of a remote office log comprising any participant description keyword in a pre-stored queue to be selected of the office period to be detected; the waiting queue for the office time periods to be detected comprises at least two office time periods to be detected;

obtaining the cooperative office interaction condition of the remote office log of any party description keyword in the office period to be detected according to the interest comparison result of the office interaction interest information of the remote office log of any party description keyword and all the remote office logs, the office interaction interest information of the office period to be detected of the remote office log including any party description keyword in the office period to be detected waiting queue and the office interaction interest information of the office period to be detected in the office period to be detected waiting queue;

sequentially obtaining the cooperative office interaction condition of the remote office log of each participant description keyword in the office time period to be detected;

obtaining the cooperative office interaction condition of the remote office log of any party description keyword in the office period to be detected according to the interest comparison results of the office interaction interest information of the remote office log of any party description keyword in all the remote office logs, the office interaction interest information of the remote office log of any party description keyword in the office period to be detected and the office interaction interest information of the office period to be detected in the queue to be selected in the office period to be detected, wherein the cooperative office interaction condition of the remote office log of any party description keyword in the office period to be detected comprises:

determining the office collaboration attention of the collaborative office interaction situation by the following method:

cooperation_uv=n_uv*w/∑^Pv _x=1；

cooperation_attention_extent＝cooperation_uv×base；

wherein:

the collaboration _ attribution _ extension is an office collaboration attention degree of any party describing the collaborative office interaction condition of the remote office log of the keyword u in the office period v to be detected;

n_uvdescribing quantitative interest corresponding to office interaction interest information of the remote office log of the keyword u in the office period v to be detected for any participant;

pv is a participant description keyword of a teleworking log in an office period v to be detected, n_xvDescribing quantitative interest corresponding to office interaction interest information of a remote office log of the keyword x in an office period v to be detected for a participant, wherein w is an optimization index, and base is a reference value of attention;

and determining the cooperative office interaction condition of the remote office log of the description keyword of any participant in the office period to be detected according to the office cooperative attention of the cooperative office interaction condition.

Preferably, the obtaining of the log office history information of the remote office log describing the keyword by each participant in the office period to be detected according to the identity risk detection condition includes:

obtaining identity verification risk rating of the teleworking log describing the keyword and the identity risk detection condition of each set office verification time period of the office time period to be detected of any participant according to the identity risk detection condition of each teleworking log and each set office verification time period of the office time period to be detected;

forming a log office history message according to all remote office logs describing keywords by any party and the identity verification risk rating of the identity risk detection condition of each set office verification time period of the office time period to be detected;

and sequentially obtaining the log office history information of the remote office log of each participant describing the keyword in the office period to be detected.

Preferably, the analyzing the summary data of the content and the summary data of the log office events according to the keyword to obtain a comparison result of the office interaction requirements of the office period to be detected and the pre-stored prior office period includes:

performing difference analysis on the keyword analysis content summarized data of the office period to be detected and keyword analysis content summarized data of a previous office period stored in advance to obtain a comparison result of a first office interaction requirement;

performing difference analysis on the summary data of the journal office events in the office period to be detected and the pre-stored summary data of the journal office events in the prior office period to obtain a comparison result of a second office interaction requirement;

according to the comparison result of the first office interaction requirement and the comparison result of the second office interaction requirement, obtaining a comparison result of the to-be-detected office time interval and the pre-stored third office interaction requirement of the prior office time interval, and using the comparison result as a comparison result of the to-be-detected office time interval and the office interaction requirement of the pre-stored prior office time interval;

the big data security processing method for remote online office further comprises the following steps:

obtaining the description content of the associated office participants in the office period to be detected;

obtaining demand summary data of the associated office participants according to the description contents of the associated office participants;

performing difference analysis on the requirement summarized data of the associated office participants in the office period to be detected and the prestored requirement summarized data of the associated office participants in the prior office period to obtain a comparison result of a fourth office interaction requirement;

according to the comparison result of the first office interaction requirement, the comparison result of the second office interaction requirement and the comparison result of the fourth office interaction requirement, obtaining a comparison result of the to-be-detected office time interval and the fifth office interaction requirement of the pre-stored prior office time interval, and using the comparison result as the comparison result of the to-be-detected office time interval and the pre-stored office interaction requirement of the prior office time interval;

wherein, the obtaining of the summary data of the demands of the associated office participants according to the description contents of the associated office participants comprises:

obtaining interest comparison results corresponding to different office applications of the associated office participants in the office period to be detected, interest comparison results corresponding to all set office interaction forms and interest comparison results corresponding to all set office verification forms according to the description contents of the associated office participants;

and forming a hierarchical requirement keyword set of the associated office participants according to the interest comparison results corresponding to different office applications of the associated office participants in the office period to be detected, the interest comparison results corresponding to each office interaction form and the interest comparison results corresponding to each set office verification form, wherein the hierarchical requirement keyword set is used as requirement summary data of the associated office participants in the office period to be detected.

Preferably, before the analyzing the summary data of the content and the summary data of the log office events according to the keyword to obtain the comparison result of the office interaction requirements of the office period to be detected and the pre-stored prior office period, the method for processing the big data security for the remote online office further includes:

obtaining participant description keyword analysis content of a remote office log of each participant description keyword in the office period to be detected according to the keyword analysis content summary data of the office period to be detected;

sorting the analysis contents of the participant description keywords according to the descending order of the global quantitative evaluation corresponding to the analysis contents, and acquiring the participant description keywords of the remote office logs corresponding to the analysis contents of the participant description keywords with the set number in front of the sequencing queue as sample participant description keywords;

judging whether the participant description keywords of the remote office logs in the previous office period stored in advance cover all the sample participant description keywords or not;

if not, executing the step of obtaining a comparison result of the office interaction requirements of the office time period to be detected and the pre-stored prior office time period according to the keyword analysis content summarized data and the log office event summarized data; and if so, removing the office time interval to be detected from the pre-stored queue to be selected of the office time interval to be detected.

Preferably, the office period to be detected, in which the comparison result of the office interaction requirements meets the detection requirements of the preset requirement evaluation, is used as the office period with the threat of office data loss, and the method includes the following steps:

generating a collaborative office initiating terminal tendency content corresponding to the collaborative office initiating terminal demand change of the comparison result of the office interaction demands, and generating a collaborative office receiving terminal tendency content corresponding to the collaborative office receiving terminal demand change of the comparison result of the office interaction demands, wherein the collaborative office initiating terminal tendency content and the collaborative office receiving terminal tendency content respectively comprise a plurality of pieces of collaborative office tendency information with different office misleading indexes;

extracting an original cooperative tendency keyword of a cooperative office initiating end demand change of the comparison result of the office interaction demands in any cooperative office tendency information of the cooperative office initiating end tendency content, and determining the cooperative office tendency information with the minimum office misleading index in the cooperative office accepting end tendency content as target cooperative office tendency information;

loading the original collaboration tendency keywords to the target collaboration office tendency information according to a preset demand evaluation set and historical information of office data loss, obtaining original mapping keywords in the target collaboration office tendency information, and generating a demand change binding strategy between a collaboration office initiating end demand change of a comparison result of the office interaction demands and a collaboration office receiving end demand change of the comparison result of the office interaction demands according to the original collaboration tendency keywords and the original mapping keywords;

acquiring a risk office cooperation tendency keyword in the target cooperation office tendency information by taking the original mapping keyword as a sample keyword, loading the risk office cooperation tendency keyword to the cooperation office tendency information of the original cooperation tendency keyword according to a requirement change binding precedence relation corresponding to the requirement change binding strategy, acquiring the target cooperation tendency keyword corresponding to the risk office cooperation tendency keyword in the cooperation office tendency information of the original cooperation tendency keyword, and determining target cooperation tendency content of the target cooperation tendency keyword;

acquiring a corresponding keyword visual loading indication when the original collaboration tendency keyword is loaded into the target collaboration office tendency information; according to the common comparison result between the target collaboration tendency keyword and candidate collaboration tendency keywords corresponding to a plurality of keyword information mining units on the keyword visual loading indication, sequentially acquiring misleading collaboration tendency indexes corresponding to the target collaboration tendency content in the collaboration office receiving end tendency content, ending acquiring misleading collaboration tendency indexes in next collaboration office tendency information until the misleading quantification degree description of the obtained misleading collaboration tendency indexes in the collaboration tendency information is consistent with the misleading quantification degree description of the target collaboration tendency content in the collaboration office initiating end tendency content, and generating misleading demand identification indexes according to the target collaboration tendency content and the misleading collaboration tendency indexes acquired last time; and detecting a comparison result of the office interaction requirements according to the misleading requirement identification index, and if the comparison result of the office interaction requirements does not meet the detection requirements, judging that the office time interval to be detected corresponding to the comparison result of the office interaction requirements is the office time interval with the threat of office data loss.

Preferably, the detecting the comparison result of the office interaction demand according to the misleading demand identification index includes:

identifying requirement cooperation tendency of office interaction requirements to obtain initial office requirement cooperation tendency;

optimizing the cooperation tendency time sequence characteristics of the demand cooperation tendency of the initial office demand cooperation tendency to obtain a first office operation demand cooperation tendency;

selecting the indexes of the time domain angle aiming at the misleading demand identification indexes according to the first office operation demand cooperation tendency to obtain an original misleading label set for covering the misleading demand identification indexes;

carrying out requirement cooperation tendency combination on the initial office requirement cooperation tendency and the first office operation requirement cooperation tendency, and carrying out cooperation tendency time sequence characteristic optimization of the requirement cooperation tendency on the combined behavior requirement cooperation tendency to obtain a second office operation requirement cooperation tendency;

acquiring misleading index calling frequency corresponding to each misleading label set in the original misleading label set;

cleaning the misleading label set of which the misleading index calling frequency does not reach the misleading index calling threshold value to obtain a reserved misleading label set;

marking the reserved misleading label set according to the office project content of the reserved misleading label set and the office project content corresponding to the first office operation requirement cooperation tendency to obtain a marked misleading label set;

according to the second office operation requirement cooperation tendency and the labeled misleading label set, index selection of cooperation tendency type angles aiming at the misleading requirement identification indexes is carried out so as to update the labeled misleading label set, and a plurality of office operation intention characteristics in the office interaction requirements are determined according to the updated misleading label set;

determining a correlation comparison result between each office operation intention characteristic and each misleading index in the original misleading label set, and obtaining misleading quantification degree corresponding to each office operation intention characteristic according to the correlation comparison result corresponding to each office operation intention characteristic; and if the number of the target misleading quantization degrees reaching the warning quantization degree in the plurality of misleading quantization degrees corresponding to the office interaction requirement reaches a set number, judging that the comparison result of the office interaction requirement does not meet the detection requirement.

The second embodiment of the present application provides a digital office server, which includes a processing engine, a network module and a memory; the processing engine and the memory communicate through the network module, and the processing engine reads the computer program from the memory and operates to perform the above-described method.

A third embodiment of the present application provides a computer storage medium, on which a computer program is stored, the computer program implementing the method when running.

In the description that follows, additional features will be set forth, in part, in the description. These features will be in part apparent to those skilled in the art upon examination of the following and the accompanying drawings, or may be learned by production or use. The features of the present application may be realized and attained by practice or use of various aspects of the methodologies, instrumentalities and combinations particularly pointed out in the detailed examples that follow.

Drawings

The present application will be further explained by way of exemplary embodiments, which will be described in detail by way of the accompanying drawings. These embodiments are not intended to be limiting, and in these embodiments like numerals are used to indicate like structures, wherein:

FIG. 1 is a flow diagram illustrating an exemplary big data security processing method and/or process for remote online office, according to some embodiments of the invention;

FIG. 2 is a block diagram of an exemplary big data security processing device for remote online office, according to some embodiments of the invention;

FIG. 3 is a block diagram of an exemplary big data security processing system for remote online office, shown in accordance with some embodiments of the present invention, an

Fig. 4 is an illustration of exemplary collaboration tendencies of hardware and software components in an exemplary digital office server, in accordance with some embodiments of the present invention.

Detailed Description

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the description of the embodiments will be briefly introduced below. It is obvious that the drawings in the following description are only examples or embodiments of the application, from which the application can also be applied to other similar scenarios without inventive effort for a person skilled in the art. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.

It should be understood that "system", "device", "unit" and/or "module" as used herein is a method for distinguishing different components, elements, parts, portions or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.

As used in this application and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.

Flow charts are used herein to illustrate operations performed by systems according to embodiments of the present application. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.

The invention provides a big data security processing method and a server for remote online office, and analyzes a remote office log in an office period to be detected, so as to determine a comparison result of office interaction requirements of the office period to be detected and a pre-stored prior office period, judge whether office information loss threat exists in the office period to be detected according to the comparison result of the office interaction requirements, and further instruct a corresponding digital office terminal to perform information security coping operation according to the judgment result, so as to avoid office data loss when the digital office terminal performs remote office in the office period to be detected, improve accurate detection of the office period with office information loss, and perform office information protection processing in a targeted manner.

First, an exemplary big data security processing method for remote online office is described, please refer to fig. 1, which is a flowchart of an exemplary big data security processing method and/or process for remote online office according to some embodiments of the present invention, and the big data security processing method for remote online office may include the following technical solutions described in STEP1-STEP 4.

STEP1, obtaining office participant description content of each remote office log in the office period to be detected, and performing log differentiation analysis and sorting on the remote office logs according to the participant description keywords according to the office participant description content.

In this embodiment, the office period to be detected may be a preset office period, and the preset office period may generally be a period interval based on the current period. For example, the current time period is 3/month/4/year 2021, and the office period to be detected may be 3/month/1/year 2021 to 3/month/7/year 2021, or may be 3/month/2/year 2021 to 3/month/6/year 2021, which is not limited herein. The method can be understood that the office period to be detected comprises the period after the current period, so that after the fact that the threat of office data loss exists in the office period to be detected is determined, the digital office terminal in the office period to be detected is reminded to perform protection on related office data during remote office.

In this embodiment, the remote office log is a remote office log corresponding to the digital office terminal. For example, the teleworking log may be a cross-border office log, such as a teleworking log for an office event between the digital office terminal office _ a of the county 1 and the digital office terminal office _ b of the county 2. The office participant description content may be understood as the description content of the corresponding digital office terminal, and in this example, the office participant description content may be the description content corresponding to the digital office terminal office _ a and the description content corresponding to the digital office terminal office _ b. The participant description keywords can be used for representing intention preference, operation habits and the like of description contents of different office participants, log differentiation analysis and sorting is carried out on the remote office logs, subsequent targeted demand analysis can be conveniently carried out, and further comparison of office interaction demands is carried out, so that whether office data loss threats exist in the office period to be detected or not is detected.

In this embodiment, a plurality of remote office logs may be included under the same participant description keyword, for example, the remote office logs corresponding to the participant description keyword "office video conference" may be the remote office logs journal _1, the remote office logs journal _2, and the remote office logs journal _3, and the remote office logs corresponding to the participant description keyword "file resource upload" may be the remote office logs journal _4, the remote office logs journal _5, the remote office logs journal _6, and the remote office logs journal _ 7. Therefore, the efficiency of subsequent log demand analysis can be improved by classifying the remote office logs.

STEP2, obtaining keyword analysis content summary data and log office event summary data of the remote office log of each participant description keyword in the office period to be detected according to the office participant description content.

In this embodiment, the summary data of the keyword analysis content may be summary data corresponding to two-way evaluations of both office parties, for example, the keyword analysis content of the office participant 1 to the office participant 2 may be "response in time", "strong business capability", and the keyword analysis content of the office participant 2 to the office participant 1 may be "cooperate with tacit", "skilled in software operation", and the like, which is not limited herein. The summary data of the log office events is used to record the actual execution situation of the log business, such as the finishing flow situation of a certain office (e.g. office request initiation, office request response, office transaction update, office transaction execution, office transaction completion, etc.). The keyword analysis content summary data and the log office event summary data can be used for office interaction demand analysis in the later period, so that the demand conditions of different digital office terminals are analyzed based on an intelligent analysis technology, and subsequent analysis of office data loss threats is facilitated.

Further, STEP2 can be realized by the following STEP21-STEP 24.

STEP21, obtaining the cooperative office interaction condition of the remote office log of each participant description keyword in the office period to be detected according to the office participant description content. For example, the collaborative office interaction scenario may be a voice interaction scenario, a text interaction scenario, and/or an image interaction scenario.

STEP22, obtaining a collaboration satisfaction degree response corresponding to the participant description keyword of the remote office log according to the collaborative office interaction condition of the remote office log of each participant description keyword in the office period to be detected, and using the collaboration satisfaction degree response as the keyword analysis content summary data.

STEP23, obtaining the identity risk detection condition of each remote office log and each set office verification time interval in the office time interval to be detected according to the office participant description content. For example, the set office verification period may be set according to the number of the accumulated teleworking logs in the office period to be detected, for example, the greater the number of the accumulated teleworking logs in the office period to be detected is, the shorter the set office verification period is, and the identity risk detection condition is used to represent the security and the validity of the description content of the teleworking logs in different set office verification periods.

STEP24, obtaining the log office history information of the remote office log of each participant description keyword in the office period to be detected according to the identity risk detection condition, and using the log office history information as the summary data of the log office events. It can be understood that the log office history information is determined according to the identity risk detection condition, so that the log office history information can be ensured to be a normal and safe log office event, and the influence on the reliability of subsequent analysis caused by the introduction of an abnormal log office event is avoided.

It can be understood that by implementing the STEPs 21-STEP24, the keyword analysis content summary data and the log office event summary data can be accurately and reliably determined based on the description content of the office participants, so that a reliable analysis basis is provided for subsequent demand analysis.

Still further, STEP21 may be implemented by: obtaining an interest comparison result of office interaction interest information of the remote office logs of any participant description keyword and office interaction interest information of all the remote office logs according to the office participant description content; according to the office participant description content, acquiring office interaction interest information of the office period to be detected of a remote office log comprising any participant description keyword in a pre-stored queue to be selected of the office period to be detected; the waiting queue for the office time periods to be detected comprises at least two office time periods to be detected; obtaining the cooperative office interaction condition of the remote office log of any party description keyword in the office period to be detected according to the interest comparison result of the office interaction interest information of the remote office log of any party description keyword and all the remote office logs, the office interaction interest information of the office period to be detected of the remote office log including any party description keyword in the office period to be detected waiting queue and the office interaction interest information of the office period to be detected in the office period to be detected waiting queue; and sequentially obtaining the cooperative office interaction condition of the remote office logs of the description keywords of each participant in the office period to be detected. In this embodiment, the office interaction interest information may be the intention interests of the users corresponding to the digital office terminal, for example, the intention interests of some users are "continue to use the office software", "wish to update the upgrade", and the intention interests of other users are "perform office transaction quickly".

On the basis of the content described in STEP21, obtaining the cooperative office interaction situation of the telecommuting log of any party description keyword in the office period to be detected according to the interest comparison result of the office interaction interest information of the telecommuting log of any party description keyword in all the telecommuting logs, the office interaction interest information of the telecommuting log of any party description keyword in the office period to be detected and the office interaction interest information of the office period to be detected in the queue to be selected in the office period to be detected, and can be implemented in the following manner.

Firstly, determining the office collaboration attention of the collaborative office interaction situation by the following method:

cooperation_uv=n_uv*w/∑^Pv _x=1；

cooperation_attention_extent＝cooperation_uv×base；

wherein:

pv is office time interval v to be detectedParticipant description keyword, n, of the teleworking log in (1)_xvAnd describing quantitative interest corresponding to office interaction interest information of the remote office log of the keyword x in the office period v to be detected for the participant, wherein w is an optimization index, and base is a reference value of attention.

Secondly, determining the cooperative office interaction condition of the remote office log of the description keyword of any participant in the office period to be detected according to the office cooperative attention of the cooperative office interaction condition.

By means of the design, the cooperative office attention is determined, the cooperative office interaction situation can be matched with actual cooperative office, the cooperative office interaction situation is the cooperative office which is relatively popular, and therefore sufficient data basis is provided for subsequent intelligent analysis.

For STEP24, obtaining, according to the identity risk detection condition, a log office history message of the remote office log of each party describing a keyword in the office period to be detected, includes: obtaining identity verification risk rating of the teleworking log describing the keyword and the identity risk detection condition of each set office verification time period of the office time period to be detected of any participant according to the identity risk detection condition of each teleworking log and each set office verification time period of the office time period to be detected; forming a log office history message according to all remote office logs describing keywords by any party and the identity verification risk rating of the identity risk detection condition of each set office verification time period of the office time period to be detected; and sequentially obtaining the log office history information of the remote office log of each participant describing the keyword in the office period to be detected.

STEP3, obtaining a comparison result of the office interaction requirements of the office time period to be detected and the pre-stored prior office time period according to the keyword analysis content summary data and the log office event summary data.

In the present embodiment, the previous office period stored in advance may be an office period in which there has been a threat of office data loss. It is understood that the office period to be detected may also be considered as a previous office period when used subsequently. The comparison result of the office interaction requirements can be a comparison result between the office interaction requirements of the office period to be detected and the office interaction requirements of the office period in the past, and the hidden and valuable cooperation tendency of the log behaviors in the office period to be detected can be determined through the comparison result, so that whether the hidden and valuable cooperation tendency is related to office data loss or not is judged, and whether the threat of office data loss exists in the office period to be detected or not can be judged as reliably as possible.

It is understood that STEP3 can be implemented by the following embodiments.

STEP31, performing difference analysis on the keyword analysis content summary data of the office period to be detected and keyword analysis content summary data of the previous office period stored in advance to obtain a comparison result of the first office interaction requirement. For example, the comparison of the summary data of the keyword analysis contents can determine the distribution condition of the negative analysis contents in the office period to be detected.

STEP32, performing difference analysis on the summary data of the journal office events of the office period to be detected and the summary data of the journal office events of the previous office period stored in advance to obtain a comparison result of the second office interaction requirement. For example, the comparison of the summary data of the office events can determine the distribution of the repeated office events in the office period to be detected.

STEP33, obtaining a comparison result of the to-be-detected office time interval and the pre-stored third office interaction requirement of the prior office time interval according to the comparison result of the first office interaction requirement and the comparison result of the second office interaction requirement, and taking the comparison result as the comparison result of the to-be-detected office time interval and the office interaction requirement of the pre-set prior office time interval.

It can be understood that by implementing the STEPs 31-STEP33, office interaction requirement comparison can be achieved from two dimensions of keyword analysis content summary data and log office event summary data respectively, and then the obtained comparison result of the first office interaction requirement and the comparison result of the second office interaction requirement are fused, so that the comparison result of the office interaction requirements of the office period to be detected and the office interaction requirements of the preset prior office period can be determined completely and accurately as far as possible.

In addition, in order to further improve the content of the comparison result of the office interaction requirements of the office time period to be detected and the preset prior office time period, the related office participants can be analyzed. The related office participants can be understood as the participants who have worked in the office period to be detected, so that the content of the comparison result of the office interaction requirements of the office period to be detected and the office interaction requirements of the preset office period can be perfected by combining the idea of risk radiation. Further, an implementation of the analysis for the associated office participants may be as follows: obtaining the description content of the associated office participants in the office period to be detected; obtaining demand summary data of the associated office participants according to the description contents of the associated office participants; performing difference analysis on the requirement summarized data of the associated office participants in the office period to be detected and the prestored requirement summarized data of the associated office participants in the prior office period to obtain a comparison result of a fourth office interaction requirement; and obtaining a comparison result of the fifth office interaction requirement of the to-be-detected office time interval and the pre-stored prior office time interval according to the comparison result of the first office interaction requirement, the comparison result of the second office interaction requirement and the comparison result of the fourth office interaction requirement, and taking the comparison result as the comparison result of the office interaction requirements of the to-be-detected office time interval and the pre-stored prior office time interval.

Further, regarding the analysis process of the associated office participants, obtaining the summary data of the demands of the associated office participants according to the description contents of the associated office participants comprises the following steps: obtaining interest comparison results corresponding to different office applications of the associated office participants in the office period to be detected, interest comparison results corresponding to all set office interaction forms and interest comparison results corresponding to all set office verification forms according to the description contents of the associated office participants; and forming a hierarchical requirement keyword set of the associated office participants according to the interest comparison results corresponding to different office applications of the associated office participants in the office period to be detected, the interest comparison results corresponding to each office interaction form and the interest comparison results corresponding to each set office verification form, wherein the hierarchical requirement keyword set is used as requirement summary data of the associated office participants in the office period to be detected. Therefore, the requirement summary data of the associated office participants is a hierarchical requirement keyword set, so that sufficient data information basis can be ensured when the requirement behavior analysis is subsequently carried out.

In the practical implementation process, in order to improve the efficiency of analyzing the information loss threat for the office period to be detected, the office period to be detected may be preprocessed, that is, some periods which do not meet the analysis requirement are removed, and for this purpose, before STEP3, the following STEPs (1) to (4) may be further included.

(1) And obtaining the participant description keyword analysis content of the remote office log of each participant description keyword in the office period to be detected according to the keyword analysis content summary data of the office period to be detected. For example, the participant description keyword analysis content is used for representing the global quantitative evaluation of the digital office terminal, and generally speaking, the higher the global quantitative evaluation is, the lower the possibility that the digital office terminal has abnormal payment behaviors and abnormal behavior cooperation tendency is.

(2) And sorting the analysis contents of the participant description keywords according to the descending order of the global quantitative evaluation corresponding to the analysis contents, and acquiring the participant description keywords of the remote office logs corresponding to the analysis contents of the participant description keywords with the set number in front of the sequencing queue as sample participant description keywords.

(3) And judging whether the participant description keywords of the remote office logs in the previous office period stored in advance cover all the sample participant description keywords.

(4) If not, executing the step of obtaining a comparison result of the office interaction requirements of the office time period to be detected and the pre-stored prior office time period according to the keyword analysis content summarized data and the log office event summarized data; and if so, removing the office time interval to be detected from the pre-stored queue to be selected of the office time interval to be detected.

Therefore, the office time interval to be detected can be preprocessed, namely, time intervals which do not meet the analysis requirements are removed, and therefore the information loss threat analysis efficiency aiming at the office time interval to be detected is improved.

STEP4, regarding the office period to be detected, in which the comparison result of the office interaction requirements meets the detection requirements of the preset requirement evaluation, as the office period with the threat of office data loss.

In this embodiment, the threat of office data loss can be understood as: important and private office data information of other digital office terminals is illegally acquired by some digital office terminals for reasons of remote office work and cross-border office work, and the office information is in a network in the remote office work process, so that the risk of losing the important and private office data information of other digital office terminals can be greatly increased, for example, various account password information and enterprise internal resource information of other digital office terminals. The digital office terminals with the bad collaboration tendency may use the various account password information or the internal resource information of the enterprise to cause economic loss or other loss to other digital office terminals. Therefore, whether office data loss threats exist in the office period to be detected can be timely determined through STEP4, and if so, the digital office terminal in the office period to be detected can be reminded to perform corresponding information protection, such as office resource anonymization processing, office resource distributed storage and the like, which is not limited herein.

In the present embodiment, the detection requirement of the preset demand evaluation is a detection requirement based on a misleading index of a tele-office, and to achieve this, the STEP4 may include the contents described in the following STEP41-STEP 45.

STEP41, generating a collaborative office initiating terminal tendency content corresponding to the collaborative office initiating terminal demand change of the comparison result of the office interaction demands, and generating a collaborative office receiving terminal tendency content corresponding to the collaborative office receiving terminal demand change of the comparison result of the office interaction demands, wherein the collaborative office initiating terminal tendency content and the collaborative office receiving terminal tendency content respectively include collaborative office tendency information of a plurality of different office misleading indexes. For example, the requirement change of the cooperative office initiating terminal and the requirement change of the cooperative office receiving terminal can reflect the cooperative tendency change of both office parties in the remote office process, the office misleading index can be calculated according to a preset operation strategy, and the value range of the office misleading index can be 0-1.

STEP42, extracting an original collaboration tendency keyword of the collaboration office initiating end demand change of the comparison result of the office interaction demands in any collaboration office tendency information of the collaboration office initiating end tendency content, and determining the collaboration office tendency information with the minimum office misleading index in the collaboration office accepting end tendency content as target collaboration office tendency information. It is to be understood that the collaboration tendency keyword may summarize the collaboration tendency information, for example, the collaboration tendency keyword may be "normal office", "office with another purpose", or the like.

STEP42, loading the original collaboration tendency keyword to the target collaboration office tendency information according to a preset demand evaluation set and historical information of office data loss, obtaining an original mapping keyword in the target collaboration office tendency information, and generating a demand change binding strategy between a collaboration office initiating end demand change of a comparison result of the office interaction demands and a collaboration office receiving end demand change of the comparison result of the office interaction demands according to the original collaboration tendency keyword and the original mapping keyword. For example, the demand change binding policy is used to indicate a demand pair between a collaborative office initiator demand change and a collaborative office recipient demand change.

STEP43, acquiring a risk office cooperation tendency keyword from the target cooperation office tendency information by taking the original mapping keyword as a sample keyword, loading the risk office cooperation tendency keyword to the cooperation office tendency information where the original cooperation tendency keyword is located according to a requirement change binding precedence relation corresponding to the requirement change binding strategy, acquiring the target cooperation tendency keyword corresponding to the risk office cooperation tendency keyword from the cooperation office tendency information where the original cooperation tendency keyword is located, and determining target cooperation tendency content of the target cooperation tendency keyword. In this embodiment, the collaboration tendency content may be recorded in the form of text content.

STEP44, acquiring a keyword visual loading indication corresponding to the original collaboration tendency keyword loaded into the target collaboration office tendency information; according to the common comparison result between the target collaboration tendency keyword and candidate collaboration tendency keywords corresponding to a plurality of keyword information mining units on the keyword visual loading indication, sequentially acquiring misleading collaboration tendency indexes corresponding to the target collaboration tendency content in the collaboration office receiving end tendency content, ending acquiring misleading collaboration tendency indexes in next collaboration office tendency information until the misleading quantification degree description of the obtained misleading collaboration tendency indexes in the collaboration tendency information is consistent with the misleading quantification degree description of the target collaboration tendency content in the collaboration office initiating end tendency content, and generating misleading demand identification indexes according to the target collaboration tendency content and the misleading collaboration tendency indexes acquired last time; and detecting a comparison result of the office interaction requirements according to the misleading requirement identification index, and if the comparison result of the office interaction requirements does not meet the detection requirements, judging that the office time interval to be detected corresponding to the comparison result of the office interaction requirements is the office time interval with the threat of office data loss. For example, the misleading quantitative degree of the collaborative office tendency information where the misleading collaborative tendency index is located describes the credibility of an office misleading index corresponding to the collaborative office tendency information, and the misleading quantitative degree of the target collaborative tendency content in the collaborative office initiating terminal tendency content describes the credibility of misleading behavior existing in the collaborative office initiating terminal tendency content. By determining the misleading requirement identification index, the judgment precision of the office data loss threat aiming at the office period to be detected can be further optimized, so that the judgment accuracy and the real-time performance are ensured.

Further, the comparison of office interaction demands according to the misleading demand identification index described in STEP44 can be implemented as described in STEPs 441-STEP449 below.

And STEP441, identifying the requirement cooperation tendency of the office interaction requirement, and acquiring the initial office requirement cooperation tendency. STEP442, performing cooperation tendency time sequence characteristic optimization of the demand cooperation tendency on the initial office demand cooperation tendency to obtain a first office operation demand cooperation tendency. And STEP443, selecting the time domain angle indexes of the misleading demand identification indexes according to the first office operation demand cooperation tendency, and obtaining an original misleading label set for covering the misleading demand identification indexes. And the STEP444 is used for merging the requirement cooperation tendency of the initial office requirement cooperation tendency and the first office operation requirement cooperation tendency, optimizing the cooperation tendency time sequence characteristic of the requirement cooperation tendency of the merged behavior requirement cooperation tendency, and obtaining a second office operation requirement cooperation tendency. STEP445, obtaining the misleading index calling frequency corresponding to each misleading label set in the original misleading label set. STEP446, the misleading label set of which the misleading index calling frequency does not reach the misleading index calling threshold is cleaned, and a residual misleading label set is obtained. And STEP447, labeling the reserved misleading label set according to the office project content of the reserved misleading label set and the office project content corresponding to the first office operation requirement cooperation tendency, and obtaining the misleading label set with the labeling completed. STEP448, according to second office operation demand cooperation tendency with accomplish the misleading labelset of mark and carry out the index selection of aiming at misleading demand recognition index's cooperation tendency type angle to update accomplish the misleading labelset of mark, and confirm according to the misleading labelset after the update a plurality of office operation intention characteristics in the office interaction demand. STEP449, determining a correlation comparison result between each office operation intention feature and each misleading index in the original misleading label set, and obtaining a misleading quantification degree corresponding to each office operation intention feature according to the correlation comparison result corresponding to each office operation intention feature; and if the number of the target misleading quantization degrees reaching the warning quantization degree in the plurality of misleading quantization degrees corresponding to the office interaction requirement reaches a set number, judging that the comparison result of the office interaction requirement does not meet the detection requirement.

In this embodiment, the degree of quantization of the alert may be set according to office data loss records in an office period in which there was a threat of office data loss before. Further, it is determined that the comparison result of the office interaction requirements does not meet the detection requirements, and it can be understood that the overall office interaction requirements corresponding to the office period to be detected are abnormal, that is, the purpose of many cooperative office behaviors is not existed in the office period to be detected (there may be a tendency to steal the cooperation of other digital office terminals). In addition, the steps are combined with misleading index calling frequency for analysis, so that each office operation intention characteristic corresponds to a popular cooperative office, and information loss threat judgment of the office period to be detected can be mastered macroscopically conveniently.

For the above steps, the following refinement may also be made.

In a first aspect, the identifying requirement cooperation tendency of the office interaction requirement described in STEP441, and obtaining an initial office requirement cooperation tendency includes: performing demand collaboration tendency identification of a plurality of set description dimensions on the office interaction demand through a demand collaboration tendency analysis unit of a collaboration tendency identification model based on a standard strategy (rule template) to obtain demand collaboration tendency segments corresponding to the set description dimensions; and performing cooperative tendency time sequence characteristic optimization of the demand cooperative tendency on the demand cooperative tendency segment through a first time sequence characteristic analysis unit of the cooperative tendency identification model based on the standard strategy to obtain an initial office demand cooperative tendency. Wherein the collaborative trend identifies an AI intelligent network that the model can.

In a second aspect, the optimizing the collaboration tendency timing characteristic of the demand collaboration tendency on the initial office demand collaboration tendency described in STEP442 to obtain a first office operation demand collaboration tendency includes: carrying out project requirement cooperation tendency identification on the initial office requirement cooperation tendency according to the service condition of a preset execution algorithm through a first project cooperation tendency analysis unit of a cooperation tendency identification model based on a standard strategy to obtain a related project cooperation tendency of the initial office requirement cooperation tendency; performing cooperation tendency time sequence characteristic optimization of demand cooperation tendency on the associated project cooperation tendency through a second time sequence characteristic analysis unit of the cooperation tendency identification model based on the standard strategy to obtain the first office operation demand cooperation tendency;

in a third aspect, the selecting, according to the first office operation requirement cooperation tendency, an index of a time domain angle for a misleading requirement identification index to obtain an original misleading label set for covering the misleading requirement identification index described in STEP443 includes: processing a misleading label set aiming at a target remote office event in the office interaction demand according to the first office operation demand cooperation tendency index through a first index processing unit of a cooperation tendency identification model based on a standard strategy; and recombining the misleading label sets of the target remote office event to obtain an original misleading label set for covering the misleading demand identification index.

In a fourth aspect, the STEP444, described in the STEP, of merging the demand collaboration tendency of the initial office demand collaboration tendency and the first office operation demand collaboration tendency, and performing collaboration tendency timing characteristic optimization of the demand collaboration tendency on the merged behavior demand collaboration tendency to obtain a second office operation demand collaboration tendency includes: inputting the initial office demand collaboration tendency and the first office operation demand collaboration tendency into a second project collaboration tendency analysis unit of a collaboration tendency identification model based on a standard strategy; updating the service condition of the execution algorithm of the second project cooperation tendency analysis unit according to the initial office demand cooperation tendency and the first office operation demand cooperation tendency to obtain the updated service condition of the execution algorithm; carrying out demand cooperation tendency combination on the initial office demand cooperation tendency and the first office operation demand cooperation tendency to obtain a combined behavior demand cooperation tendency; according to the updated use condition of the execution algorithm, carrying out project requirement cooperation tendency identification on the combined behavior requirement cooperation tendency to obtain a related project cooperation tendency corresponding to the combined behavior requirement cooperation tendency; and performing cooperation tendency time sequence characteristic optimization of the requirement cooperation tendency on the associated project cooperation tendency through a third time sequence characteristic analysis unit of the cooperation tendency identification model based on the standard strategy to obtain a second office operation requirement cooperation tendency.

In a fifth aspect, the first office operation requirement collaboration tendency corresponds to a first requirement collaboration tendency segment, and further, the STEP447 describes labeling the retained misleading label set according to the office project content of the retained misleading label set and the office project content corresponding to the first office operation requirement collaboration tendency to obtain a misleading label set with a completed label, including: acquiring the corresponding related office project content of the target misleading indexes with the maximum detection quantization degree description of the reserved misleading label sets in the first requirement collaboration tendency segment; and labeling the reserved misleading label set according to the content of the associated office project to obtain the misleading label set with finished labeling.

It can be understood that by refining the content, the overall level and the local level of the demand collaboration tendency segment can be analyzed, so that the judgment of the office data loss threat of the office period to be detected can be accurately realized in real time.

In addition, on the basis of STEP1-STEP4, the method can also comprise the following STEP 5: and after the office time interval to be detected is taken as the office time interval with the threat of office data loss, sending a warning message to each digital office terminal in the office time interval to be detected. In this embodiment, the warning message may be used to remind the digital office terminal to actively perform office information encryption backup when performing cooperative office interaction, so as to avoid the threat of office data loss, or to provide that the digital office terminal does not perform remote cooperative office interaction as much as possible in the office period to be detected.

In summary, by executing the STEP1-STEP4, firstly, the remote office logs are analyzed and sorted according to the description content of the office participants and the description keywords of the participants, so that the efficiency of subsequent log demand analysis can be improved, and secondly, the keyword analysis content summarized data and the log office event summarized data of the remote office logs of each description keyword of the participants are determined, so that the comparison result of the office interaction demands of the office period to be detected and the office period in the past stored in advance is obtained. Therefore, the comparison result of the office interaction requirements can be analyzed based on the detection requirements of the preset requirement evaluation, and whether the office data loss threat exists in the office period to be detected or not is judged. Therefore, the corresponding digital office terminal can be reminded to perform information security handling operation, and loss of office data when the digital office terminal is subjected to remote office in the office period to be detected is avoided.

For STEP1-STEP4, the following can also be summarized: 1) performing office interaction demand analysis on office participant description contents of each remote office log in the office period to be detected to obtain a comparison result of the office interaction demands of the office period to be detected and a pre-stored prior office period; 2) and taking the office period to be detected, in which the comparison result of the office interaction requirements meets the detection requirements of the preset requirement evaluation, as the office period with the threat of office data loss.

Wherein, for 1), further implementation mode can be STEP1-STEP 3. For further implementation of STEPs 1) and 2), reference may be made to the above description of STEPs 1-STEP4, which are not repeated herein.

Secondly, for the above big data security processing method for remote online office, an exemplary big data security processing device for remote online office is further provided in the embodiment of the present invention, as shown in fig. 2, the big data security processing device 200 for remote online office may include the following functional modules.

The log obtaining module 210 is configured to obtain office participant description content of each remote office log in the office period to be detected, and perform log differentiation analysis and sorting on the remote office logs according to the participant description keywords according to the office participant description content; the remote office log is a remote office log corresponding to the digital office terminal.

And the log analysis module 220 is configured to obtain keyword analysis content summary data and log office event summary data of the remote office log in which each participant describes the keyword in the office period to be detected according to the office participant description content.

And the requirement comparison module 230 is configured to obtain a comparison result of the office interaction requirements of the office period to be detected and the pre-stored prior office period according to the keyword analysis content summarized data and the log office event summarized data.

And the threat detection module 240 is configured to use the office period to be detected, in which the comparison result of the office interaction requirements meets the detection requirement of the preset requirement evaluation, as the office period with the threat of office data loss.

It is understood that, regarding the log obtaining module 210, the log analyzing module 220, the requirement comparing module 230 and the threat detecting module 240, the implementation manner thereof may refer to the description of STEP1-STEP4 in turn, and will not be described in further detail herein.

Then, based on the above method embodiment and device embodiment, the embodiment of the present invention further provides a system embodiment, that is, referring to fig. 3, a big data security processing system for remote online office, and please refer to the big data security processing system 30 for remote online office, which includes a digital office server 10 and a digital office terminal 20, in this embodiment, the digital office terminal 20 may be a smart phone, a smart laptop, an enterprise business terminal, and the like, which is not limited herein. The digital office server 10 and the digital office terminal 20 communicate to implement the above method, and further, the functionality of the big data security processing system 30 for remote online office is described as follows.

A big data security protection processing system aiming at remote online office comprises a digital office server and a digital office terminal which are communicated with each other;

the digital office server is used for:

taking the office period to be detected, in which the comparison result of the office interaction requirements meets the detection requirements of the preset requirement evaluation, as the office period with the threat of office data loss; sending a warning message to the target digital office terminal in the office period to be detected;

the digital office terminal is used for: and performing office data protection according to the warning message.

Further, referring to fig. 4 in combination, the digital office server 10 may include a processing engine 110, a network module 120 and a memory 130, wherein the processing engine 110 and the memory 130 communicate through the network module 120.

Processing engine 110 may process the relevant information and/or data to perform one or more of the functions described herein. For example, in some embodiments, processing engine 110 may include at least one processing engine (e.g., a single core processing engine or a multi-core processor). By way of example only, the Processing engine 110 may include a Central Processing Unit (CPU), an Application-Specific Integrated Circuit (ASIC), an Application-Specific Instruction Set Processor (ASIP), a Graphics Processing Unit (GPU), a Physical Processing Unit (PPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), a Programmable Logic Device (PLD), a controller, a microcontroller Unit, a Reduced Instruction Set Computer (RISC), a microprocessor, or the like, or any combination thereof.

Network module 120 may facilitate the exchange of information and/or data. In some embodiments, the network module 120 may be any type of wired or wireless network or combination thereof. Merely by way of example, the Network module 120 may include a cable Network, a wired Network, a fiber optic Network, a telecommunications Network, an intranet, the internet, a Local Area Network (LAN), a Wide Area Network (WAN), a Wireless Local Area Network (WLAN), a Metropolitan Area Network (MAN), a Public Switched Telephone Network (PSTN), a bluetooth Network, a Wireless personal Area Network, a Near Field Communication (NFC) Network, and the like, or any combination thereof. In some embodiments, the network module 120 may include at least one network access point. For example, the network module 120 may include wired or wireless network access points, such as base stations and/or network access points.

The Memory 130 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 130 is used for storing a program, and the processing engine 110 executes the program after receiving the execution instruction.

It is to be understood that the configuration shown in fig. 4 is merely illustrative, and the digital office server 10 may include more or fewer components than shown in fig. 2, or have a different configuration than shown in fig. 4. The components shown in fig. 4 may be implemented in hardware, software, or a combination thereof.

It should be understood that, for the above, a person skilled in the art can deduce from the above disclosure to determine the meaning of the related technical term without doubt, for example, for some values, coefficients, weights, indexes, factors, and other terms, a person skilled in the art can deduce and determine from the logical relationship between the above and the following, and the value range of these values can be selected according to the actual situation, for example, 0 to 1, for example, 1 to 10, and for example, 50 to 100, which are not limited herein.

The skilled person can unambiguously determine some preset, reference, predetermined, set and target technical features/terms, such as threshold values, threshold intervals, threshold ranges, etc., from the above disclosure. For some technical characteristic terms which are not explained, the technical solution can be clearly and completely implemented by those skilled in the art by reasonably and unambiguously deriving the technical solution based on the logical relations in the previous and following paragraphs. Prefixes of unexplained technical feature terms, such as "first", "second", "previous", "next", "current", "history", "latest", "best", "target", "specified", and "real-time", etc., can be unambiguously derived and determined from the context. Suffixes of technical feature terms not to be explained, such as "list", "feature", "sequence", "set", "matrix", "unit", "element", "track", and "list", etc., can also be derived and determined unambiguously from the foregoing and the following.

The foregoing disclosure of embodiments of the present invention will be apparent to those skilled in the art. It should be understood that the process of deriving and analyzing technical terms, which are not explained, by those skilled in the art based on the above disclosure is based on the contents described in the present application, and thus the above contents are not an inventive judgment of the overall scheme.

It should be appreciated that the system and its modules shown above may be implemented in a variety of ways. For example, in some embodiments, the system and its modules may be implemented in hardware, software, or a combination of software and hardware. Wherein the hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory for execution by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the methods and systems described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided, for example, on a carrier medium such as a diskette, CD-or DVD-ROM, a programmable memory such as read-only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The system and its modules of the present application may be implemented not only by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., but also by software executed by various types of processors, for example, or by a combination of the above hardware circuits and software (e.g., firmware).

It is to be noted that different embodiments may produce different advantages, and in different embodiments, any one or combination of the above advantages may be produced, or any other advantages may be obtained.

Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be considered merely illustrative and not restrictive of the broad application. Various modifications, improvements and adaptations to the present application may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present application and thus fall within the spirit and scope of the exemplary embodiments of the present application.

Also, this application uses specific language to describe embodiments of the application. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the present application is included in at least one embodiment of the present application. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the present application may be combined as appropriate.

Moreover, those skilled in the art will appreciate that aspects of the present application may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereon. Accordingly, various aspects of the present application may be embodied entirely in hardware, entirely in software (including firmware, resident software, micro-code, etc.) or in a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the present application may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.

The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.

Computer program code required for the operation of various portions of the present application may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages, and the like. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).

Additionally, the order in which elements and sequences of the processes described herein are processed, the use of alphanumeric characters, or the use of other designations, is not intended to limit the order of the processes and methods described herein, unless explicitly claimed. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing server or mobile device.

Similarly, it should be noted that in the preceding description of embodiments of the application, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to require more features than are expressly recited in the claims. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.

Numerals describing the number of components, attributes, etc. are used in some embodiments, it being understood that such numerals used in the description of the embodiments are modified in some instances by the use of the modifier "about", "approximately" or "substantially". Unless otherwise indicated, "about", "approximately" or "substantially" indicates that the numbers allow for adaptive variation. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximations that may vary depending upon the desired properties of the individual embodiments. In some embodiments, the numerical parameter should take into account the specified significant digits and employ a general digit preserving approach. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of the range are approximations, in the specific examples, such numerical values are set forth as precisely as possible within the scope of the application.

The entire contents of each patent, patent application publication, and other material cited in this application, such as articles, books, specifications, publications, documents, and the like, are hereby incorporated by reference into this application. Except where the application is filed in a manner inconsistent or contrary to the present disclosure, and except where the claim is filed in its broadest scope (whether present or later appended to the application) as well. It is noted that the descriptions, definitions and/or use of terms in this application shall control if they are inconsistent or contrary to the statements and/or uses of the present application in the material attached to this application.

Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present application. Other variations are also possible within the scope of the present application. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the present application can be viewed as being consistent with the teachings of the present application. Accordingly, the embodiments of the present application are not limited to only those embodiments explicitly described and depicted herein.

Claims

1. A big data security processing method for remote online office is characterized by comprising the following steps:

taking the office period to be detected, in which the comparison result of the office interaction requirements meets the detection requirements of the preset requirement evaluation, as the office period with the threat of office data loss;

the obtaining of keyword analysis content summary data and log office event summary data of the remote office log of each participant description keyword in the office period to be detected according to the office participant description content includes:

obtaining a log office history message of the teleworking log of each participant description keyword in the office period to be detected according to the identity risk detection condition, wherein the log office history message is used as the summary data of the log office events;

the obtaining of the cooperative office interaction condition of the telecommuting log of each participant description keyword in the office period to be detected according to the office participant description content includes:

cooperation_uv=n_uv*w/∑^Pv _x=1；

cooperation_attention_extent＝cooperation_uv×base；

wherein:

2. The big data security processing method for remote online office according to claim 1, wherein the obtaining of the log office history message of the remote office log describing the keyword of each participant in the office period to be detected according to the identity risk detection condition comprises:

3. The big data security processing method for remote online office according to claim 1, wherein the obtaining of the comparison result between the office interaction demand of the office period to be detected and the office interaction demand of the pre-stored prior office period according to the keyword analysis content summarized data and the log office event summarized data comprises:

4. The big data security processing method for remote online office according to any one of claims 1 to 3, wherein before the analysis of the summary data of the content and the summary data of the log office events according to the keyword and the comparison result of the office interaction demand between the office period to be detected and the pre-stored prior office period, the big data security processing method for remote online office further comprises:

5. The big data security processing method for remote online office according to any one of claims 1 to 3, wherein the office period to be detected, in which the comparison result of the office interaction requirements meets the detection requirements of preset requirement evaluation, is taken as the office period with the threat of office data loss, and the method comprises the following steps:

6. The big data security processing method for remote online office according to claim 5, wherein the detection of the comparison result of the office interaction demand according to the misleading demand identification index comprises:

7. A digital office server is characterized by comprising a processing engine, a network module and a memory; the processing engine and the memory communicate through the network module, the processing engine reading a computer program from the memory and operating to perform the method of any of claims 1-6.

8. A computer storage medium, characterized in that a computer program is stored thereon, which computer program, when running, implements the method of any of claims 1-6.