CN113553588A - Terminal software management method - Google Patents

Terminal software management method Download PDF

Info

Publication number
CN113553588A
CN113553588A CN202110857927.7A CN202110857927A CN113553588A CN 113553588 A CN113553588 A CN 113553588A CN 202110857927 A CN202110857927 A CN 202110857927A CN 113553588 A CN113553588 A CN 113553588A
Authority
CN
China
Prior art keywords
software
terminal
identification
result
convergence calculation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110857927.7A
Other languages
Chinese (zh)
Inventor
樊凯
杨航
明哲
谢铭
冯国聪
陈锋
林少广
梁段
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Southern Power Grid Digital Power Grid Group Information Communication Technology Co ltd
China Southern Power Grid Co Ltd
Original Assignee
China Southern Power Grid Co Ltd
Southern Power Grid Digital Grid Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Southern Power Grid Co Ltd, Southern Power Grid Digital Grid Research Institute Co Ltd filed Critical China Southern Power Grid Co Ltd
Priority to CN202110857927.7A priority Critical patent/CN113553588A/en
Publication of CN113553588A publication Critical patent/CN113553588A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques

Abstract

The application relates to a terminal software management method, a device, computer equipment and a storage medium, wherein the method comprises the following steps: the software installation data uploaded by the terminal are collected, the software installed by the terminal is classified, convergence calculation is carried out based on software classification results to realize collection of different types of software, and convergence calculation results and black and white list software identification results are pushed to a manager in an associated mode. In the whole process, software installed in all terminals is managed and controlled, the software is classified and converged, and converged data and the recognition result of the black-and-white list software are pushed in a correlation mode, so that the relevant software is converged together, the black-and-white list software is obviously identified, the software with access risk (black-list software) can be efficiently prompted, and the terminal software can be well managed.

Description

Terminal software management method
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for managing terminal software, a computer device, and a storage medium.
Background
With the development of computer technology, computer networking technology has emerged. A computer network comprises a plurality of terminals/servers, the terminals are connected with a core server/platform, upload own data to the core server and receive a core server control instruction.
Generally, different terminals are used by different employees, and based on different post requirements, work requirements, interests and the like, the employees can install different types of software on the terminals, the software can perform data interaction with the core server during application/running, and if some software is badly done, the software can invade the core server or the internal network of the whole networking, which can cause serious information security risks.
Therefore, there is a need to provide a method for managing terminal software in a networking system, which efficiently prompts software with access risk in the terminal software and prevents a core server/intranet in the networking system from being invaded by the terminal software.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a terminal software management method, device, computer device, and storage medium capable of efficiently notifying that there is access risk software in terminal software.
A terminal software management method comprises the following steps:
acquiring software installation data uploaded by a terminal;
classifying the terminal installation software according to the software installation data to obtain a software classification result;
performing convergence calculation on different types of software according to the software classification result;
acquiring software identification results according to white list software and black list software in the black list and white list identification software classification results of the preset software;
and carrying out correlation pushing on the convergence calculation result and the software identification result.
In one embodiment, the acquiring the software installation data uploaded by the terminal comprises:
and receiving the software installation data uploaded by the terminal through the kafka message queue.
In one embodiment, the classifying the terminal installation software according to the software installation data to obtain a software classification result includes:
acquiring a preset software classification database;
and classifying the terminal installation software according to the software installation data and a preset software classification database to obtain a software classification result.
In one embodiment, the correlating and pushing the convergence calculation result and the software identification result comprises:
extracting a corresponding relation table of software identity identification, white list identification and black list identification in the software identification result;
generating visual interface data according to the software convergence calculation result, the software identity identification and a corresponding relation table of the software identity identification, the white list identification and the black list identification;
and pushing the visual interface data.
In one embodiment, after pushing the visualization interface data, the method further includes:
responding to the query operation of the user;
identifying query items corresponding to the query operation;
obtaining a query result corresponding to the query item according to the software convergence calculation result, the software identity identifier and a corresponding relation table of the software identity identifier, the white list identifier and the black list identifier;
and feeding back a query result.
In one embodiment, after the convergence calculation result and the software identification result are pushed in an associated manner, the method includes:
monitoring the running state of software in the terminal;
and when the abnormal event of software access is intercepted, generating and pushing an alarm prompt.
In one embodiment, the terminal software management method further includes:
when a software access abnormal event is monitored, positioning an abnormal terminal with software access abnormality;
and (4) plugging the IP address of the abnormal terminal.
A terminal software management apparatus, the apparatus comprising:
the acquisition module is used for acquiring software installation data uploaded by the terminal;
the classification module is used for classifying the terminal installation software according to the software installation data to obtain a software classification result;
the convergence calculation module is used for carrying out convergence calculation on different types of software according to the software classification result;
the identification module is used for identifying white list software and black list software in the software classification result according to a black list and a white list of preset software to obtain a software identification result;
and the pushing module is used for carrying out correlation pushing on the convergence calculation result and the software identification result.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
acquiring software installation data uploaded by a terminal;
classifying the terminal installation software according to the software installation data to obtain a software classification result;
performing convergence calculation on different types of software according to the software classification result;
acquiring software identification results according to white list software and black list software in the black list and white list identification software classification results of the preset software;
and carrying out correlation pushing on the convergence calculation result and the software identification result.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
acquiring software installation data uploaded by a terminal;
classifying the terminal installation software according to the software installation data to obtain a software classification result;
performing convergence calculation on different types of software according to the software classification result;
acquiring software identification results according to white list software and black list software in the black list and white list identification software classification results of the preset software;
and carrying out correlation pushing on the convergence calculation result and the software identification result.
According to the terminal software management method, the terminal software management device, the computer equipment and the storage medium, software installation data uploaded by the terminal are collected, software installed on the terminal is classified, convergence calculation is carried out based on software classification results to realize collection of different types of software, and convergence calculation results and black and white list software identification results are pushed to a manager in an associated mode. In the whole process, software installed in all terminals is managed and controlled, the software is classified and converged, and converged data and the recognition result of the black-and-white list software are pushed in a correlation mode, so that the relevant software is converged together, the black-and-white list software is obviously identified, the software with access risk (black-list software) can be efficiently prompted, and the terminal software can be well managed.
Drawings
FIG. 1 is a diagram of an application environment of a terminal software management method according to an embodiment;
FIG. 2 is a flowchart illustrating a method for managing terminal software according to an embodiment;
FIG. 3 is a flowchart illustrating a method for managing terminal software according to another embodiment;
FIG. 4 is a block diagram showing the structure of a terminal software management apparatus according to an embodiment;
FIG. 5 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The terminal software management method provided by the application can be applied to the application environment shown in fig. 1. Wherein a plurality of terminals 102 communicate with a server 104 over a network. The server 104 acquires software installation data uploaded by the terminal; classifying the terminal installation software according to the software installation data to obtain a software classification result; performing convergence calculation on different types of software according to the software classification result; acquiring software identification results according to white list software and black list software in the black list and white list identification software classification results of the preset software; and carrying out correlation pushing on the convergence calculation result and the software identification result. The server 104 may push the convergence calculation result and the software recognition result to the administrator in a visual manner. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the server 104 may be implemented by an independent server or a server cluster formed by a plurality of servers.
In one embodiment, as shown in fig. 2, a terminal software management method is provided, which is described by taking the method as an example applied to the server 104 in fig. 1, and includes the following steps:
s100: and acquiring software installation data uploaded by the terminal.
The server is connected with a plurality of terminals, and the terminals can specifically comprise a plurality of hierarchies of terminals. Taking power grid networking as an example, the server is a whole power grid core operation and maintenance management server (which may be an integral formed by distributing a plurality of servers), and the terminals specifically include provincial terminals, city terminals and the like. The method comprises the steps that a server issues uploading request information to each terminal, the terminals upload data of software installed by the terminals to the server after receiving the requests issued by the server, the server obtains software installation data uploaded by the terminals, and the software installation data specifically comprise data such as software names, software functions, software running time lengths and software running logs. Optionally, the server may periodically update the software installation data uploaded by the terminal based on a preset frequency, for example, the software installation data may be updated at a frequency of 1 hour/time or 1 day/time.
S200: and classifying the terminal installation software according to the software installation data to obtain a software classification result.
The server classifies the terminal installation software according to the software installation data, specifically, the terminal software can be divided into a plurality of large classes, the terminal software can be divided into a plurality of small classes under the same large class, and each terminal software is respectively allocated with a type identifier, wherein the type identifier specifically can be a letter plus Arabic numerals or a letter plus Roman numerals, such as A-1, A-2 or A-I, A-II. Specifically, the server may classify the terminal-installed software using a preset software type list comparison. Optionally, a database for distinguishing software types can be pre-constructed in the server, and efficient software classification is realized through the preset database. Specifically, a database for distinguishing software types is preset in the server, when the server receives software installation data uploaded by the terminal, data such as software names are read from the software installation data, and the types corresponding to the software are directly and automatically searched in a data searching mode to obtain software classification results.
S300: and performing convergence calculation on different types of software according to the software classification result.
And performing convergence calculation according to the software classification result, and collecting and converging the software types so that the software types can be pushed in a centralized manner in subsequent operations, for example, the software types are displayed in a visual manner in a limited display interface. The convergence calculation can specifically adopt an existing convergence formula to perform convergence calculation on different types of software.
S400: and identifying white list software and black list software in the software classification result according to the black list software and the white list software in the preset software to obtain a software identification result.
The preset software black-and-white list specifically comprises a software white list and a software black list, wherein the white list is software in which the software is credible, and generally, no risk exists in the running and access of the software; the blacklist software refers to software which is in doubt or has operation and access risks, for example, data transmitted by the software may carry trojans or such software may interfere with normal operation of the server or steal or tamper data stored on the server. The black-and-white list of the preset software is a pre-constructed list which can be set and updated according to the operation records of the historical software and the requirements of management personnel, and the software can be removed from the white list and directly classified into the black list if the access risk (such as the situations of attacking, stealing, tampering the data on a server or a terminal and the like) of the software in the white list is found in later operation.
S500: and carrying out correlation pushing on the convergence calculation result and the software identification result.
The related push refers to pushing two pieces of partial data with a certain relevance. The convergence calculation result and the software recognition result may be pushed visually, for example, by the server directly displaying the convergence calculation result and the software recognition result on the attached or externally attached display device in the same display interface. Furthermore, the convergence calculation result and the software identification result can be analyzed to a certain degree, and the analyzed data can be visually pushed. Or taking the power grid as an example, the software types existing in each subordinate provincial terminal, the data of each type of software, the software convergence progress in the provincial terminal and the like can be displayed in the final display interface.
According to the terminal software management method, the software installation data uploaded by the terminal are collected, the software installed on the terminal is classified, convergence calculation is carried out based on the software classification result so as to realize collection of different types of software, and the convergence calculation result and the black-and-white list software identification result are pushed to a manager in a correlated mode. In the whole process, software installed in all terminals is managed and controlled, the software is classified and converged, and converged data and the recognition result of the black-and-white list software are pushed in a correlation mode, so that the relevant software is converged together, the black-and-white list software is obviously identified, the software with access risk (black-list software) can be efficiently prompted, and the terminal software can be well managed.
As shown in fig. 3, in one embodiment, S100 includes: and receiving the software installation data uploaded by the terminal through the kafka message queue.
Kafka is a high-throughput distributed publish-subscribe messaging system that can handle all the action flow data of a consumer in a web site. This action (web browsing, searching and other user actions) is a key factor in many social functions on modern networks. These data are typically addressed by handling logs and log aggregations due to throughput requirements. This is a viable solution to the limitations of Hadoop-like log data and offline analysis systems, but which require real-time processing. Receiving data through the kafka message queue may ensure efficient and secure transmission of the data. In practical application, the terminal can upload the software installation data to a data center corresponding to the server through the kafka message queue, and the server reads the data from the data center.
As shown in fig. 3, in one embodiment, S400 includes:
s420: acquiring a preset software classification database;
s440: and classifying the terminal installation software according to the software installation data and a preset software classification database to obtain a software classification result.
The software classification database is a pre-constructed database in which the software classification criteria or the corresponding relationship between the software type and the identity is stored. The pre-set software classification database also supports late updates so that the requirements of late applications can be met. Software classification may be accomplished efficiently and accurately by presetting a software classification database.
As shown in fig. 3, in one embodiment, S500 includes:
s520: extracting a corresponding relation table of software identity identification, white list identification and black list identification in the software identification result;
s540: generating visual interface data according to the software convergence calculation result, the software identity identification and a corresponding relation table of the software identity identification, the white list identification and the black list identification;
s560: and pushing the visual interface data.
And accurately distinguishing white list software and black list software in the terminal installation software in the recognition result, and associating the white list identification and the black list identification with corresponding software identity identifications respectively to generate a corresponding relation table. And combining the corresponding relation table, the software convergence result and the software identity identifier together to generate visual interface data, pushing the visual interface data to display equipment, such as display equipment attached to a server or a display interface of a manager, and the like, so that a manager can browse information including the software convergence calculation result, the software identity identifier, the corresponding relation table of the software identity identifier, the white list identifier and the black list identifier and the like on the display equipment, and intuitively and efficiently realize the next-step management of the installed software of the terminal. Optionally, the software id may specifically adopt a unique graphic or icon.
In one embodiment, after pushing the visualization interface data, the method further includes:
responding to the query operation of the user; identifying query items corresponding to the query operation; obtaining a query result corresponding to the query item according to the software convergence calculation result, the software identity identifier and a corresponding relation table of the software identity identifier, the white list identifier and the black list identifier; and feeding back a query result.
In this embodiment, after browsing the visual interface data pushed before, the administrator needs to perform a query operation in a targeted manner, the server responds to the user query operation, identifies corresponding query items, obtains a corresponding query result based on the software convergence calculation result, the software identity identifier and the correspondence table of the software identity identifier and the white list identifier and the black list identifier, and feeds back the query result to the administrator.
Taking power grid networking as an example, a server in the power grid networking pushes a convergence calculation result of installed software of a terminal, a software identity (software icon) and a black-and-white list identifier corresponding to the software to a manager, the manager needs to inquire data of province A at present, the server responds to inquiry operation of the manager, identifies and inquires software installation data corresponding to the terminal of province A, specifically comprises a software convergence result corresponding to the server, the installed software identity identifier, black-list software and white-list software, and feeds back the inquired results to the manager.
In one embodiment, after the convergence calculation result and the software identification result are pushed in an associated manner, the method includes: monitoring the running state of software in the terminal; and when the abnormal event of software access is intercepted, generating and pushing an alarm prompt.
The server monitors the software running state in the terminal in daily running, continuously monitors and judges whether software access abnormality exists in the terminal, and generates and pushes an alarm prompt when the software access abnormal event is monitored, wherein the alarm prompt can carry messages such as a software identity corresponding to the access abnormal event, an IP address of the terminal with the access abnormal event, the abnormal event type and the like. The specific alarm prompt can be directly pushed to the manager of the server and the terminal of the operation and maintenance personnel in the lower networking terminal. The access exception specifically includes an access message carrying a key data error, a tampering condition, an attack on a server, or a broadcast of junk data in an uplink network, and the like.
In one embodiment, the terminal software management further includes: when a software access abnormal event is monitored, positioning an abnormal terminal with software access abnormality; and (4) plugging the IP address of the abnormal terminal.
When the server detects the software access abnormal event, the abnormal terminal with the software access abnormal is directly positioned, the IP address of the abnormal terminal is blocked, the abnormal terminal is prevented from carrying out data interaction with other equipment (including other terminals and the server), the risk of the whole networking caused by the software with the access abnormal in the abnormal terminal is avoided, particularly the loss and the tampering of the core data on the server are avoided, and the safety of the core data is ensured.
It should be understood that, although the steps in the flowcharts are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a part of the steps in each of the flowcharts described above may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of performing the steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least a part of the steps or stages in other steps.
As shown in fig. 4, the present application also provides a terminal software management apparatus, including:
the acquisition module 100 is used for acquiring software installation data uploaded by a terminal;
the classification module 200 is used for classifying the terminal installation software according to the software installation data to obtain a software classification result;
a convergence calculation module 300, configured to perform convergence calculation on different types of software according to the software classification result;
the identification module 400 is used for identifying white list software and black list software in the software classification result according to a black list and a white list of preset software to obtain a software identification result;
and a pushing module 500, configured to perform association pushing on the convergence calculation result and the software identification result.
The terminal software management device collects the software installation data uploaded by the terminal, classifies the software installed by the terminal, performs convergence calculation based on software classification results to realize collection of different types of software, and pushes the convergence calculation results and black and white list software identification results to a manager in a correlated manner. In the whole process, software installed in all terminals is managed and controlled, the software is classified and converged, and converged data and the recognition result of the black-and-white list software are pushed in a correlation mode, so that the relevant software is converged together, the black-and-white list software is obviously identified, the software with access risk (black-list software) can be efficiently prompted, and the terminal software can be well managed.
In one embodiment, the collection module 100 is further configured to receive the software installation data uploaded by the terminal through the kafka message queue.
In one embodiment, the classification module 200 is further configured to obtain a preset software classification database; and classifying the terminal installation software according to the software installation data and a preset software classification database to obtain a software classification result.
In one embodiment, the convergence calculating module 300 is further configured to extract a correspondence table between the software identity identifier and the white list identifier and the black list identifier in the software identification result; generating visual interface data according to the software convergence calculation result, the software identity identification and a corresponding relation table of the software identity identification, the white list identification and the black list identification; and pushing the visual interface data.
In one embodiment, the terminal software management further includes a query feedback module, configured to respond to a user query operation; identifying query items corresponding to the query operation; obtaining a query result corresponding to the query item according to the software convergence calculation result, the software identity identifier and a corresponding relation table of the software identity identifier, the white list identifier and the black list identifier; and feeding back a query result.
In one embodiment, the terminal software management device further includes a monitoring module, configured to monitor a software running state in the terminal; and when the abnormal event of software access is intercepted, generating and pushing an alarm prompt.
In one embodiment, the terminal software management device further includes a blocking module, configured to locate an abnormal terminal with abnormal software access when a software access abnormal event is detected; and (4) plugging the IP address of the abnormal terminal.
For specific limitations of the terminal software management apparatus, reference may be made to the above limitations of the terminal software management method, which is not described herein again. The respective modules in the terminal software management apparatus may be wholly or partially implemented by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 5. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing preset database data, preset server configuration data and other data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a terminal software management method.
Those skilled in the art will appreciate that the architecture shown in fig. 5 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
acquiring software installation data uploaded by a terminal;
classifying the terminal installation software according to the software installation data to obtain a software classification result;
performing convergence calculation on different types of software according to the software classification result;
acquiring software identification results according to white list software and black list software in the black list and white list identification software classification results of the preset software;
and carrying out correlation pushing on the convergence calculation result and the software identification result.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
and receiving the software installation data uploaded by the terminal through the kafka message queue.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
acquiring a preset software classification database; and classifying the terminal installation software according to the software installation data and a preset software classification database to obtain a software classification result.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
extracting a corresponding relation table of software identity identification, white list identification and black list identification in the software identification result; generating visual interface data according to the software convergence calculation result, the software identity identification and a corresponding relation table of the software identity identification, the white list identification and the black list identification; and pushing the visual interface data.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
responding to the query operation of the user; identifying query items corresponding to the query operation; obtaining a query result corresponding to the query item according to the software convergence calculation result, the software identity identifier and a corresponding relation table of the software identity identifier, the white list identifier and the black list identifier; and feeding back a query result.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
monitoring the running state of software in the terminal; and when the abnormal event of software access is intercepted, generating and pushing an alarm prompt.
In one embodiment, the processor, when executing the computer program, further performs the steps of: when a software access abnormal event is monitored, positioning an abnormal terminal with software access abnormality; and (4) plugging the IP address of the abnormal terminal.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring software installation data uploaded by a terminal;
classifying the terminal installation software according to the software installation data to obtain a software classification result;
performing convergence calculation on different types of software according to the software classification result;
acquiring software identification results according to white list software and black list software in the black list and white list identification software classification results of the preset software;
and carrying out correlation pushing on the convergence calculation result and the software identification result.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and receiving the software installation data uploaded by the terminal through the kafka message queue.
In one embodiment, the computer program when executed by the processor further performs the steps of:
acquiring a preset software classification database; and classifying the terminal installation software according to the software installation data and a preset software classification database to obtain a software classification result.
In one embodiment, the computer program when executed by the processor further performs the steps of:
extracting a corresponding relation table of software identity identification, white list identification and black list identification in the software identification result; generating visual interface data according to the software convergence calculation result, the software identity identification and a corresponding relation table of the software identity identification, the white list identification and the black list identification; and pushing the visual interface data.
In one embodiment, the computer program when executed by the processor further performs the steps of:
responding to the query operation of the user; identifying query items corresponding to the query operation; obtaining a query result corresponding to the query item according to the software convergence calculation result, the software identity identifier and a corresponding relation table of the software identity identifier, the white list identifier and the black list identifier; and feeding back a query result.
In one embodiment, the computer program when executed by the processor further performs the steps of:
monitoring the running state of software in the terminal; and when the abnormal event of software access is intercepted, generating and pushing an alarm prompt.
In one embodiment, the computer program when executed by the processor further performs the steps of:
when a software access abnormal event is monitored, positioning an abnormal terminal with software access abnormality; and (4) plugging the IP address of the abnormal terminal.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A terminal software management method is characterized by comprising the following steps:
acquiring software installation data uploaded by a terminal;
classifying the terminal installation software according to the software installation data to obtain a software classification result;
performing convergence calculation on different types of software according to the software classification result;
acquiring software identification results according to white list software and black list software in the black list and white list identification software classification results of the preset software;
and carrying out correlation pushing on the convergence calculation result and the software identification result.
2. The method according to claim 1, wherein the acquiring the software installation data uploaded by the terminal comprises:
and receiving the software installation data uploaded by the terminal through the kafka message queue.
3. The method according to claim 1, wherein the classifying the terminal installation software according to the software installation data to obtain a software classification result comprises:
acquiring a preset software classification database;
and classifying the terminal installation software according to the software installation data and the preset software classification database to obtain a software classification result.
4. The method of claim 1, wherein the correlating and pushing the convergence calculation result and the software identification result comprises:
extracting a corresponding relation table of software identity identification, white list identification and black list identification in the software identification result;
generating visual interface data according to the software convergence calculation result, the software identity identification and a corresponding relation table of the software identity identification, the white list identification and the black list identification;
and pushing the visual interface data.
5. The method of claim 4, wherein after pushing the visual interface data, further comprising:
responding to the query operation of the user;
identifying query items corresponding to the query operation;
obtaining a query result corresponding to the query item according to the software convergence calculation result, the software identity identifier and a corresponding relation table of the software identity identifier, the white list identifier and the black list identifier;
and feeding back the query result.
6. The method according to claim 1, wherein after the pushing the convergence calculation result and the software identification result in association with each other, the method comprises:
monitoring the running state of software in the terminal;
and when the abnormal event of software access is intercepted, generating and pushing an alarm prompt.
7. The method of claim 6, further comprising:
when a software access abnormal event is monitored, positioning an abnormal terminal with software access abnormality;
and blocking the IP address of the abnormal terminal.
8. A terminal software management apparatus, characterized in that the apparatus comprises:
the acquisition module is used for acquiring software installation data uploaded by the terminal;
the classification module is used for classifying the terminal installation software according to the software installation data to obtain a software classification result;
the convergence calculation module is used for carrying out convergence calculation on different types of software according to the software classification result;
the identification module is used for identifying white list software and black list software in the software classification result according to a black list and a white list of preset software to obtain a software identification result;
and the pushing module is used for carrying out correlation pushing on the convergence calculation result and the software identification result.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN202110857927.7A 2021-07-28 2021-07-28 Terminal software management method Pending CN113553588A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110857927.7A CN113553588A (en) 2021-07-28 2021-07-28 Terminal software management method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110857927.7A CN113553588A (en) 2021-07-28 2021-07-28 Terminal software management method

Publications (1)

Publication Number Publication Date
CN113553588A true CN113553588A (en) 2021-10-26

Family

ID=78133083

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110857927.7A Pending CN113553588A (en) 2021-07-28 2021-07-28 Terminal software management method

Country Status (1)

Country Link
CN (1) CN113553588A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116010905A (en) * 2022-12-29 2023-04-25 昆仑数智科技有限责任公司 Software management method, system and management device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103646215A (en) * 2013-12-23 2014-03-19 北京奇虎科技有限公司 Application installation control method, related system and related device
CN104202323A (en) * 2014-09-05 2014-12-10 绿网天下(福建)网络科技股份有限公司 Method for controlling application software based on mobile terminal
CN104484103A (en) * 2014-12-12 2015-04-01 深圳市财富之舟科技有限公司 Management method for software in mobile terminal
KR20150056244A (en) * 2013-11-15 2015-05-26 (주)닥터소프트 Terminal device and software managing method thereof
CN109241734A (en) * 2018-08-10 2019-01-18 航天信息股份有限公司 A kind of securing software operational efficiency optimization method and system
CN109657892A (en) * 2018-09-27 2019-04-19 深圳壹账通智能科技有限公司 Machine Activity recognition method, apparatus, equipment and medium based on data analysis
CN109784052A (en) * 2018-12-29 2019-05-21 360企业安全技术(珠海)有限公司 The management method and server-side, terminal, system of software action detection

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20150056244A (en) * 2013-11-15 2015-05-26 (주)닥터소프트 Terminal device and software managing method thereof
CN103646215A (en) * 2013-12-23 2014-03-19 北京奇虎科技有限公司 Application installation control method, related system and related device
CN104202323A (en) * 2014-09-05 2014-12-10 绿网天下(福建)网络科技股份有限公司 Method for controlling application software based on mobile terminal
CN104484103A (en) * 2014-12-12 2015-04-01 深圳市财富之舟科技有限公司 Management method for software in mobile terminal
CN109241734A (en) * 2018-08-10 2019-01-18 航天信息股份有限公司 A kind of securing software operational efficiency optimization method and system
CN109657892A (en) * 2018-09-27 2019-04-19 深圳壹账通智能科技有限公司 Machine Activity recognition method, apparatus, equipment and medium based on data analysis
CN109784052A (en) * 2018-12-29 2019-05-21 360企业安全技术(珠海)有限公司 The management method and server-side, terminal, system of software action detection

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116010905A (en) * 2022-12-29 2023-04-25 昆仑数智科技有限责任公司 Software management method, system and management device
CN116010905B (en) * 2022-12-29 2023-11-03 昆仑数智科技有限责任公司 Software management method, system and management device

Similar Documents

Publication Publication Date Title
EP2487860B1 (en) Method and system for improving security threats detection in communication networks
CN105100032B (en) A kind of method and device for preventing resource from stealing
CN108304704A (en) Authority control method, device, computer equipment and storage medium
CN111767173A (en) Network equipment data processing method and device, computer equipment and storage medium
CN108234400B (en) Attack behavior determination method and device and situation awareness system
CN102906756A (en) Security threat detection associated with security events and actor category model
CN108809702B (en) Equipment management method and equipment management platform
Wang et al. A centralized HIDS framework for private cloud
CN111539862B (en) Emergency processing method and device based on individual dispatch and computer equipment
CN111507571B (en) Emergency group scheduling method, device, computer equipment and storage medium
US20210365564A1 (en) Techniques for monitoring computing infrastructure
CN113672475B (en) Alarm processing method and device, computer equipment and storage medium
CN113553588A (en) Terminal software management method
CN208046653U (en) A kind of electric power monitoring system network security monitoring main website plateform system
CN114090380A (en) Terminal monitoring method, device, equipment and storage medium
CN113672912A (en) Network security monitoring system based on computer hardware indication and behavior analysis
CN113239327A (en) Method, apparatus, computer device and storage medium for monitoring software licenses
CN111818025A (en) User terminal detection method and device
KR101973728B1 (en) Integration security anomaly symptom monitoring system
CN113592114A (en) User fault reporting research and judgment method and device in power grid, computer equipment and storage medium
CN113806187A (en) Intelligent one-stop operation and maintenance service method and platform
CN109412861B (en) Method for establishing security association display of terminal network
CN113672449A (en) Intelligent operation and maintenance abnormity monitoring method and device, computer equipment and storage medium
CN114362980A (en) Protocol hang login account identification method and device, computer equipment and storage medium
CN111259383A (en) Safety management center system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Guo jiahuodiqu after: Zhong Guo

Address after: 510623 No.11 Kexiang Road, Science City, Huangpu District, Guangzhou City, Guangdong Province

Applicant after: CHINA SOUTHERN POWER GRID Co.,Ltd.

Applicant after: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

Address before: 510623 No.11 Kexiang Road, Science City, Huangpu District, Guangzhou City, Guangdong Province

Applicant before: CHINA SOUTHERN POWER GRID Co.,Ltd.

Guo jiahuodiqu before: Zhong Guo

Applicant before: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

CB02 Change of applicant information
TA01 Transfer of patent application right

Effective date of registration: 20240312

Address after: 510623 No.11 Kexiang Road, Science City, Huangpu District, Guangzhou City, Guangdong Province

Applicant after: CHINA SOUTHERN POWER GRID Co.,Ltd.

Guo jiahuodiqu after: Zhong Guo

Applicant after: China Southern Power Grid Digital Power Grid Group Information Communication Technology Co.,Ltd.

Address before: 510623 No.11 Kexiang Road, Science City, Huangpu District, Guangzhou City, Guangdong Province

Applicant before: CHINA SOUTHERN POWER GRID Co.,Ltd.

Guo jiahuodiqu before: Zhong Guo

Applicant before: Southern Power Grid Digital Grid Research Institute Co.,Ltd.

TA01 Transfer of patent application right