CN113590180A - Detection strategy generation method and device - Google Patents
Detection strategy generation method and device Download PDFInfo
- Publication number
- CN113590180A CN113590180A CN202110886535.3A CN202110886535A CN113590180A CN 113590180 A CN113590180 A CN 113590180A CN 202110886535 A CN202110886535 A CN 202110886535A CN 113590180 A CN113590180 A CN 113590180A
- Authority
- CN
- China
- Prior art keywords
- detection
- item
- target
- parameter value
- target detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/36—Software reuse
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0637—Strategic management or analysis, e.g. setting a goal or target of an organisation; Planning actions based on goals; Analysis or evaluation of effectiveness of goals
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The embodiment of the invention provides a detection strategy generation method and a detection strategy generation device, which relate to the technical field of Internet, and the method comprises the following steps: receiving a generation instruction aiming at a target detection strategy; judging whether a detection item with the same function as the target detection item exists in each pre-generated detection item aiming at each target detection item contained in the target detection strategy; if so, obtaining the target detection item based on the detection item with the same function as the target detection item; if the target detection item does not exist, generating the target detection item based on the detection item data of the target detection item carried in the generation instruction; and combining the target detection items according to a target combination mode represented by the combination identifier carried in the generation instruction to obtain a target detection strategy. Based on the above processing, the generation efficiency of the detection policy can be improved.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a detection strategy generation method and device.
Background
In order to ensure the reliability of service processing, for a certain service, a risk score of a received service request for accessing the service may be determined based on a detection policy, and further, a risk level of the service request may be determined according to a score result. For example, the determined risk level may include: no risk, low risk, medium risk, high risk. No risk means that the service request is normal, low risk and medium risk mean that the service request has a certain risk, and high risk means that the service request is abnormal. Further, the service request may be subjected to security control processing based on the determined risk level.
In the related art, for each service, a technician is required to manually write a detection item included in a detection strategy corresponding to the service, which results in low efficiency of generating the detection strategy.
Disclosure of Invention
The embodiment of the invention aims to provide a detection strategy generation method and device so as to improve the generation efficiency of a detection strategy. The specific technical scheme is as follows:
in a first aspect of the present invention, there is provided a method for generating a detection policy, where the method includes:
receiving a generation instruction aiming at a target detection strategy;
judging whether a detection item with the same function as the target detection item exists in each pre-generated detection item aiming at each target detection item contained in the target detection strategy;
if a detection item with the same function as the target detection item exists, obtaining the target detection item based on the detection item with the same function as the target detection item;
if the detection item with the same function as the target detection item does not exist, generating the target detection item based on the detection item data of the target detection item carried in the generation instruction;
and combining the target detection items according to a target combination mode represented by the combination identifier carried in the generation instruction to obtain the target detection strategy.
Optionally, each target detection item includes: the detection method comprises the following steps of including a detection condition and a non-combined detection item of a detection parameter value corresponding to the detection condition, and a combined detection item used for combining the detection parameter values of other multiple detection items;
after combining the target detection items according to the target combination mode represented by the combination identifier carried in the generation instruction and generating the target detection strategy, the method further includes:
receiving a service request corresponding to the target detection strategy;
for each non-combined detection item in each target detection item, acquiring a detection parameter value corresponding to a detection condition matched with the service request in the non-combined detection item, and taking the detection parameter value as a first detection parameter value corresponding to the non-combined detection item of the service request;
combining the detection parameter values of other multiple detection items corresponding to each target detection item to obtain a detection parameter value of the combined detection item corresponding to the service request as a second detection parameter value;
obtaining a target detection parameter value of the service request based on the second detection parameter value;
and carrying out safety control processing on the service request based on the target detection parameter value.
Optionally, after the obtaining, for each non-combined detection item in the target detection items, a detection parameter value corresponding to a detection condition matched with the service request in the non-combined detection item, as a first detection parameter value of the non-combined detection item corresponding to the service request, the method further includes:
storing a first detection parameter value of the service request corresponding to the non-combined detection item to a memory;
the combining, for each combined detection item in each target detection item, the detection parameter values of the other multiple detection items corresponding to the combined detection item to obtain the detection parameter value of the combined detection item corresponding to the service request as a second detection parameter value includes:
for each combined detection item in each target detection item, obtaining detection parameter values of other multiple detection items corresponding to the combined detection item from the detection parameter values stored in the memory;
and combining the obtained multiple detection parameter values to obtain a second detection parameter value of the service request corresponding to the combined detection item, and storing the second detection parameter value in the memory.
Optionally, after obtaining the target detection parameter value of the service request based on the second detection parameter value, the method further includes:
and determining a risk level corresponding to the target detection parameter value as a target risk level of the service request based on a preset corresponding relation between the detection parameter value and the risk level.
Optionally, the performing, based on the target detection parameter value, security control processing on the service request includes:
if the target detection parameter value belongs to a first preset parameter value range, responding to the service request;
if the target detection parameter value belongs to a second preset parameter value range, performing security verification on the service request;
and if the target detection parameter value belongs to a third preset parameter value range, refusing to respond to the service request.
Optionally, obtaining the target detection item based on the detection item having the same function as the target detection item includes:
and based on the detection item data of the target detection item, updating the detection item with the same function as the target detection item to obtain the target detection item.
Optionally, the performing an update operation on the detection item having the same function as the target detection item includes at least one of:
adding detection items contained in detection items with the same functions as the target detection items;
deleting the detection items contained in the detection items with the same functions as the target detection items;
updating the detection condition and/or the detection parameter value of the detection item with the same function as the target detection item;
and updating the detection conditions and/or the detection parameters of the detection items contained in the detection items with the same functions as the target detection items.
Optionally, obtaining the target detection item based on the detection item having the same function as the target detection item includes:
and if the detection item with the same function as the target detection item has a plurality of versions, obtaining the target detection item based on the detection item with the latest version.
In a second aspect of the present invention, there is also provided a detection policy generation apparatus, including:
the detection strategy generation instruction receiving module is used for receiving a generation instruction aiming at a target detection strategy;
the judging module is used for judging whether a detection item with the same function as the target detection item exists in each pre-generated detection item aiming at each target detection item contained in the target detection strategy;
the detection item acquisition module is used for obtaining the target detection item based on the detection item with the same function as the target detection item if the detection item with the same function as the target detection item exists;
a detection item generation module, configured to generate the target detection item based on detection item data of the target detection item carried in the generation instruction if there is no detection item with the same function as the target detection item;
and the target detection strategy generation module is used for combining all the target detection items according to a target combination mode represented by the combination identifier carried in the generation instruction to obtain the target detection strategy.
Optionally, each target detection item includes: the detection method comprises the following steps of including a detection condition and a non-combined detection item of a detection parameter value corresponding to the detection condition, and a combined detection item used for combining the detection parameter values of other multiple detection items;
the device further comprises:
a service request acquisition module, configured to combine each target detection item according to a target combination manner indicated by a combination identifier carried in the generation instruction, generate the target detection policy, and then receive a service request corresponding to the target detection policy;
a first detection parameter value obtaining module, configured to obtain, for each non-combined detection item in each target detection item, a detection parameter value corresponding to a detection condition matched with the service request in the non-combined detection item, as a first detection parameter value of the non-combined detection item corresponding to the service request;
a second detection parameter value obtaining module, configured to combine, for each combined detection item in each target detection item, detection parameter values of other multiple detection items corresponding to the combined detection item, to obtain a detection parameter value of the combined detection item corresponding to the service request, where the detection parameter value is used as a second detection parameter value;
a target detection parameter value obtaining module, configured to obtain a target detection parameter value of the service request based on the second detection parameter value;
and the service processing module is used for carrying out safety control processing on the service request based on the target detection parameter value.
Optionally, the apparatus further comprises:
a storage module, configured to, after obtaining, for each non-combined detection item in each target detection item, a detection parameter value corresponding to a detection condition that matches the service request in the non-combined detection item, as a first detection parameter value corresponding to the non-combined detection item for the service request, store the first detection parameter value corresponding to the non-combined detection item for the service request in a memory;
the second detection parameter value obtaining module includes:
a detection parameter value acquisition sub-module, configured to, for each combined detection item in each target detection item, acquire, from each detection parameter value stored in the memory, a detection parameter value of another plurality of detection items corresponding to the combined detection item;
and the second detection parameter value acquisition submodule is used for combining the acquired multiple detection parameter values to obtain a second detection parameter value of the service request corresponding to the combined detection item, and storing the second detection parameter value in the memory.
Optionally, the apparatus further comprises:
and the target risk level determining module is used for determining a risk level corresponding to the target detection parameter value as the target risk level of the service request based on a preset corresponding relation between the detection parameter value and the risk level after the target detection parameter value of the service request is obtained based on the second detection parameter value.
Optionally, the service processing module is specifically configured to respond to the service request if the target detection parameter value belongs to a first preset parameter value range;
if the target detection parameter value belongs to a second preset parameter value range, performing security verification on the service request;
and if the target detection parameter value belongs to a third preset parameter value range, refusing to respond to the service request.
Optionally, the detection item acquisition module is specifically configured to, based on the detection item data of the target detection item, perform an update operation on a detection item having the same function as the target detection item, so as to obtain the target detection item.
Optionally, the detection item obtaining module is specifically configured to perform at least one of the following:
adding detection items contained in detection items with the same functions as the target detection items;
deleting the detection items contained in the detection items with the same functions as the target detection items;
updating the detection condition and/or the detection parameter value of the detection item with the same function as the target detection item;
and updating the detection conditions and/or the detection parameters of the detection items contained in the detection items with the same functions as the target detection items.
Optionally, the detection item obtaining module is specifically configured to, if there are multiple versions of a detection item having the same function as the target detection item, obtain the target detection item based on the detection item of the latest version.
In another aspect of the present invention, there is also provided an electronic device, including a processor, a communication interface, a memory and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
a processor configured to implement the detection policy generation method according to any one of the first aspect described above when executing a program stored in a memory.
In yet another aspect of the present invention, there is also provided a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements any of the detection policy generation methods described above.
In yet another aspect of the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform any of the detection policy generation methods described above.
The detection strategy generation method provided by the embodiment of the invention receives a generation instruction aiming at a target detection strategy; judging whether a detection item with the same function as the target detection item exists in each pre-generated detection item aiming at each target detection item contained in the target detection strategy; if so, obtaining the target detection item based on the detection item with the same function as the target detection item; if the target detection item does not exist, generating the target detection item based on the detection item data of the target detection item carried in the generation instruction; and combining the target detection items according to a target combination mode represented by the combination identifier carried in the generation instruction to obtain a target detection strategy.
Thus, for the target detection strategy to be generated, if the detection items with the same functions as the target detection items are generated in advance, the target detection items can be directly obtained based on the detection items without rewriting the target detection items by technicians, that is, the multiplexing of the detection items can be realized, and further, the generation efficiency of the detection strategy can be improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
Fig. 1 is a flowchart of a detection policy generation method according to an embodiment of the present invention;
fig. 2 is a flowchart of another detection policy generation method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a page for setting an unassembled test item according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating a page for setting a combined check item according to an embodiment of the present invention;
fig. 5 is a schematic diagram illustrating a relationship between detection items included in a detection policy according to an embodiment of the present invention;
fig. 6 is a flowchart of another detection policy generation method according to an embodiment of the present invention;
FIG. 7 is a schematic diagram illustrating a calculation sequence of detection parameter values corresponding to the detection items in the detection strategy shown in FIG. 5;
FIG. 8 is a schematic diagram of a process for calculating a target detection parameter value based on the detection strategy shown in FIG. 7;
fig. 9 is a schematic diagram of a page for setting a correspondence between a detection parameter value and a risk level according to an embodiment of the present invention;
FIG. 10A is a diagram illustrating detection terms included in a pre-update target detection strategy according to an embodiment of the present invention;
FIG. 10B is a diagram illustrating the detection items included after the target detection strategy of FIG. 10A is updated;
fig. 11 is a schematic diagram illustrating a principle of detecting a service request according to an embodiment of the present invention;
fig. 12 is a structural diagram of a detection policy generation apparatus according to an embodiment of the present invention;
fig. 13 is a structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention.
In the related art, for each service, a technician is required to manually write a detection item included in a detection strategy corresponding to the service, which results in low efficiency of generating the detection strategy.
In order to solve the foregoing problems, an embodiment of the present invention provides a detection policy generation method, which may be applied to an electronic device, where the electronic device is configured to generate a detection policy, and may further process a service request based on the detection policy. Referring to fig. 1, fig. 1 is a flowchart of a detection policy generation method according to an embodiment of the present invention, where the method may include the following steps:
s101: generating instructions for a target detection policy are received.
S102: and judging whether a detection item with the same function as the target detection item exists in the pre-generated detection items aiming at each target detection item contained in the target detection strategy.
S103: and if the detection item with the same function as the target detection item exists, obtaining the target detection item based on the detection item with the same function as the target detection item.
S104: and if the detection item with the same function as the target detection item does not exist, generating the target detection item based on the detection item data of the target detection item carried in the generation instruction.
S105: and combining the target detection items according to a target combination mode represented by the combination identifier carried in the generation instruction to obtain a target detection strategy.
Based on the detection strategy generation method provided by the embodiment of the invention, if the detection items with the same functions as the target detection items in the detection items are generated in advance, the target detection items can be directly obtained based on the detection items without rewriting the target detection items by technicians, that is, the multiplexing of the detection items can be realized, and further, the generation efficiency of the detection strategy can be improved.
For step S102, a technician may preset a plurality of detection items and store the detection items locally in the electronic device, or may also store the detection items in a preset storage device. Accordingly, when the detection strategy needs to be generated, the technician can input a generation instruction of the detection strategy to the electronic device. Furthermore, the electronic device may perform a query among the detection items generated in advance.
The function of a detection item can be embodied by the identifier of the detection item (e.g., the name of the detection item), for example, the name of a detection item is "mobile phone intelligence risk detection", which means that the detection item is used for detecting mobile phone intelligence risk. If the functions of the two detection items are the same, the two detection items can realize the detection of the same function. However, for different services, or in different detection scenarios, even if the implemented functions are the same, the specific contents of the two detection items may be different, for example, the detection conditions included in the two detection items may be different, and the detection parameter values corresponding to the detection conditions may be different. In addition, if the two detection items are combined detection items, the detection items included in the two detections may be different.
For step S103, if the functions of two detection items are the same, even if the specific contents of the two detection items are different, the two detection items may also include a part of the same content. Therefore, if there is a detection item (which may be an alternative detection item) with the same function as the target detection item, the part of the alternative detection item that is different from the target detection item may be modified to obtain the target detection item, without regenerating the target detection item.
In step S105, in one mode, when detecting the service request, based on each detection item, a corresponding detection parameter value may be obtained, and correspondingly, based on the target combination mode, the detection parameter values corresponding to each detection item may be combined to obtain a final detection parameter value. The target combination may be maximum, minimum, average, or sum. Specifically, the target combination mode may be set by a technician according to a service requirement.
In one embodiment, each target detection item includes: the detection condition detection method comprises a non-combined detection item containing the detection condition and a detection parameter value corresponding to the detection condition, and a combined detection item used for combining the detection parameter values of other multiple detection items.
Accordingly, referring to fig. 2, on the basis of fig. 1, after the step S105, the method may further include the steps of:
s106: and receiving a service request corresponding to the target detection strategy.
S107: and acquiring a detection parameter value corresponding to the detection condition matched with the service request in each non-combined detection item in each target detection item as a first detection parameter value corresponding to the non-combined detection item of the service request.
S108: and combining the detection parameter values of other multiple detection items corresponding to the combined detection item aiming at each combined detection item in each target detection item to obtain the detection parameter value of the combined detection item corresponding to the service request as a second detection parameter value.
S109: and obtaining a target detection parameter value of the service request based on the second detection parameter value.
S1010: and performing safety control processing on the service request based on the target detection parameter value.
The service request may be a login request, or may also be a data access request, but is not limited thereto. The service request corresponding to the target detection policy, that is, the service request may be detected based on each target detection item included in the target detection policy.
In the embodiment of the present invention, after the target detection policy is generated, when a corresponding service request is received, a detection parameter value of the service request (i.e., a target detection parameter value) may be calculated according to the target detection policy, and the service request is processed based on the target detection parameter value.
The non-combined detection item may include at least one detection condition and a detection parameter value corresponding to each detection condition. Therefore, the service request can be compared with the detection conditions to determine the matched detection conditions, and then the corresponding detection parameter values, that is, the first detection parameter values of the service request for the non-combined detection items, are obtained.
For example, a non-combinatorial test item may comprise: and judging whether the IP address of the service party sending the service request belongs to a preset address range or not and whether the time for sending the service request by the service party belongs to a preset time range or not. Different address ranges may correspond to different detection parameter values, and likewise, different time ranges may also correspond to different detection parameter values. Further, a detection parameter value of the service request for the non-combinatorial detection item may be calculated.
Referring to fig. 3, fig. 3 is a schematic diagram of a page for setting an unassembled detection item according to an embodiment of the present invention.
The non-combinatorial test items shown in fig. 3 represent tests for a given parameter for calculating a given parameter risk score (i.e., the first test parameter value of the non-combinatorial test item).
In fig. 3, six rows [1244], [3154], [1134], [2099], [5850], and [5125] represent the detection conditions of the non-combination detection item. If the service request meets the above condition, it may be determined that the detection parameter value corresponding to the non-combined detection item is 20 (i.e., the current risk point score is set to 20).
Here, the row [1244] indicates that the detection conditions of the three rows [3154], [1134], [2099] are "or", that is, as long as the detection conditions of any one row [3154], [1134], [2099] are satisfied, the detection conditions of the row [1244] are also satisfied, that is, the detection parameter value of the non-combination detection item can be determined to be 20. In addition, the line [1244] indicates that "and" are taken for the detection conditions of the lines [5850] and [5125], that is, the detection condition of the line [2099] can be determined to be satisfied only if the detection conditions of the lines [5850] and [5125] are satisfied at the same time.
Specifically, the technician may set the combination of the lines [3154], [1134], and [2099], and the combination of the lines [5850], and [5125] in the page shown in fig. 3. In addition, the specific contents of each detection condition may also be set. For example, for the [3154] row, a specific numerical value may be set, and when the intelligence score of 1 is not empty and is equal to the numerical value, it is determined that the [3154] row is satisfied. In fig. 3, the set value is 5.
The combined detection item is obtained by combining a plurality of other detection items, and the other detection items forming the combined detection item can be non-combined detection items or combined detection items. Therefore, in order to obtain the parameter value (i.e., the second detection parameter value) of the service request for the combined detection item, the detection parameter values of the service request for each of the other detection items constituting the combined detection item may be calculated, and then the detection parameter values are combined to obtain the detection parameter value corresponding to the combined detection item.
Correspondingly, referring to fig. 4, fig. 4 is a schematic diagram of a page for setting a combined detection item according to an embodiment of the present invention.
The combined test item shown in fig. 4 represents an engine-specific test, and the combined test item includes two other test items, namely, a first parameter scoring card (i.e., a test item for a first parameter) of the risk point parameter and a second parameter scoring card (i.e., a test item for a second parameter) of the risk point parameter. In fig. 4, a combination of the two detection items may be selected, for example, summation, maximum value calculation, and minimum value calculation may be performed.
In addition, weights of the two detection items may be set, which are 1 and 1.5 in fig. 4, respectively, and the detection parameter value of the corresponding combined detection item may be calculated based on the weight and the detection parameter value of each of the two detection items. The order of the two detection items can also be set based on the move up and move down components in the page shown in FIG. 4.
Referring to fig. 5, fig. 5 is a schematic diagram illustrating a relationship between detection items included in a detection strategy according to an embodiment of the present invention.
In fig. 5, the risk point is the detection item in the embodiment of the present invention. It can be seen that the test strategy contains three combinatorial test items, namely risk point a1, risk point a2, and risk point A3. The combination mode of the three combined detection items is a sum value, that is, a summary value of the detection parameter values corresponding to the risk point a1, the risk point a2 and the risk point A3 is calculated to obtain a total score (i.e., a target detection parameter value).
Wherein, the risk point A1 is obtained by combining the risk point B1 and the risk point B2 in a mode of taking a sum (namely calculating a summary value). Risk point a2 is obtained by combining risk point B3, risk point B4, and risk point B5 in such a way as to take the maximum value. Risk point a3 is obtained by combining risk point B6, risk point B7, and risk point B8 in such a way that the minimum value is taken.
In addition, the risk point B2 and the risk point B7 are also combined detection items; risk point B1, risk point B3, risk point B4, risk point B5, risk point B6, risk point B8, risk point C1, and risk point C2 are non-combination test items.
As can be seen, after the detection parameter values (i.e., the second detection parameter values) corresponding to the risk point a1, the risk point a2, and the risk point A3 are obtained through calculation, the final target detection parameter value can be obtained through calculation directly based on each second detection parameter value.
In addition, in fig. 5, if the detection items at the same level as the risk point a1, the risk point a2, and the risk point A3 further include a detection item risk point D1, and the risk point D1 is a non-combination detection item, that is, after calculating the second detection parameter values corresponding to the risk point a1, the risk point a2, and the risk point A3, the final target detection parameter value may be calculated by combining the first detection parameter value corresponding to the risk point D1.
For example, the detection policy formed by the detection items in fig. 5 may be used to detect whether the received service request is a malicious service request. Risk point a1 represents a detection item of the IP address layer, i.e. a corresponding detection parameter value is obtained based on the IP address of the client sending the service request. Correspondingly, the risk point B1 is configured to detect whether the IP address of the client sending the service request is a commonly used IP address of the currently logged account, so as to determine a corresponding detection parameter value; and the risk point B2 is configured to determine a network segment to which the IP address of the client sending the service request belongs, and determine a corresponding detection parameter value based on the number of service requests sent by other clients in the network segment. Similarly, risk point C1 and risk point C2 may be specifically set by a technician according to the number of service requests sent by other clients in the network segment.
Risk point a2 represents a detection item of the device layer, i.e. a corresponding detection parameter value is obtained based on the device information of the client sending the service request. Correspondingly, the risk point B3 is configured to detect whether the client sending the service request is a client commonly used for the currently logged account, so as to determine a corresponding detection parameter value; the risk point B4 is used for detecting whether other accounts are logged in the client sending the service request or not so as to determine a corresponding detection parameter value; and the risk point B5 is configured to detect whether the device type of the client sending the service request is a specified device type, so as to determine a corresponding detection parameter value.
The risk point a3 represents a detection item of the user layer, that is, a corresponding detection parameter value is obtained based on the account of the currently logged-in client. Correspondingly, the risk point B6 is configured to detect whether the time when the client sends the service request is the common access time of the currently logged account, so as to determine a corresponding detection parameter value; the risk point B7 is used for detecting whether the currently logged account is the principal or not so as to determine a corresponding detection parameter value; and the risk point B8 is used for detecting whether the resource requested by the service request is a resource type frequently accessed by the currently logged account so as to determine a corresponding detection parameter value.
In one embodiment, referring to fig. 6, on the basis of fig. 2, after the step S107, the method may further include the steps of:
s1011: and storing the first detection parameter value of the service request corresponding to the non-combined detection item in a memory.
Accordingly, the step S108 may include:
s1081: and aiming at each combined detection item in each target detection item, obtaining the detection parameter values of other multiple detection items corresponding to the combined detection item from the detection parameter values stored in the memory.
S1082: and combining the obtained multiple detection parameter values to obtain a second detection parameter value of the service request corresponding to the combined detection item, and storing the second detection parameter value in the memory.
In the embodiment of the present invention, the calculation order of the detection parameter values of the service request for each detection item may be determined. In one implementation, since the combined detection item is obtained by combining other detection items, the detection parameter value corresponding to the non-combined detection item may be calculated first, and then the detection parameter value corresponding to the corresponding combined detection item may be calculated.
For example, in the detection strategy shown in fig. 5, the non-combined detection items include: risk point B1, risk point B3, risk point B4, risk point B5, risk point B6, risk point B8, risk point C1, and risk point C2. With reference to fig. 5, after the detection parameter values corresponding to the non-combined detection items are calculated, the detection parameter value corresponding to the risk point B2 may be calculated based on the detection parameter values corresponding to the risk points C1 and C2, and further, the detection parameter value corresponding to the risk point a1 may be calculated based on the detection parameter value corresponding to the risk point B2 and the detection parameter value corresponding to the risk point B1.
Referring to fig. 7, fig. 7 is a schematic diagram illustrating a calculation sequence of detection parameter values corresponding to each detection item in the detection strategy shown in fig. 5. The sequence numbers of the respective detection items in fig. 7 indicate the order in which the corresponding detection parameter values are calculated. That is, the detection parameter value corresponding to the risk point B1 may be calculated first, then the detection parameter value corresponding to the risk point C1 may be calculated, then the detection parameter value corresponding to the risk point C2 may be calculated, then the detection parameter value corresponding to the risk point B2 may be calculated, and then the detection parameter value corresponding to the risk point a1 may be calculated. Then, the detection parameter value corresponding to the risk point B3 can be calculated.
In addition, when the detection parameter values of the respective detection items are calculated in the above-described order, the detection parameter value may be stored (for example, in a memory) after the corresponding detection parameter value is calculated for a certain detection item. Because one detection item may belong to a plurality of different combined detection items, when the detection parameter values of the corresponding different combined detection items need to be calculated based on the detection item, only the detection parameter value of the detection item needs to be acquired from the memory, and the detection parameter value of the detection item does not need to be calculated for many times, so that repeated calculation can be avoided, and the calculation efficiency of the target detection parameter value is improved.
For example, for each test item in fig. 7, the order of calculating the test parameter values can be seen in fig. 8. The memory is initialized, then the detection parameter value (10) corresponding to the risk point B1 can be calculated and stored in the memory, then the detection parameter value (10) corresponding to the risk point C1 is calculated and stored in the memory, and further the detection parameter value (10) corresponding to the risk point C2 is calculated and stored in the memory. Then, the testing parameter value (10) corresponding to the risk point B2 may be calculated based on the testing parameter values corresponding to the risk points C1 and C2, and stored in the memory. And so on until a total score (sum) is calculated, namely the target detection parameter value is calculated.
After the detection parameter value corresponding to the risk point B2 is calculated, the detection parameter value may be stored in the memory, and subsequently, when the detection parameter value corresponding to the risk point B7 needs to be calculated, the detection parameter value corresponding to the risk point B2 may be directly obtained from the memory without calculating based on the detection parameter values corresponding to the risk points C1 and C2 again. In one embodiment, the step S1010 may include the following steps:
step one, if the target detection parameter value belongs to a first preset parameter value range, a service request is responded.
And step two, if the target detection parameter value belongs to a second preset parameter value range, performing safety verification on the service request.
And step three, if the target detection parameter value belongs to a third preset parameter value range, refusing to respond to the service request.
In the embodiment of the present invention, the first preset parameter value range, the second preset parameter value range, and the third preset parameter value range may be set by a technician according to a service requirement.
Specifically, the target detection parameter value belongs to a first preset parameter value range, which may indicate that the service request is risk-free, that is, the service request is a normal service request. Therefore, the service request can be responded to normally.
The target detection parameter value belongs to a second preset parameter value range, which may indicate that the service request may be at risk. Thus, the service request can be securely authenticated. For example, a verification page may be presented to the business party that sent the business request, prompting the user to enter a verification code for security verification.
The target detection parameter value belongs to a third preset parameter value range, and may indicate that the service request is an abnormal service request. Thus, the response service request can be rejected, i.e. no processing is performed.
In one embodiment, after step S109, the method may further include the steps of:
and determining a risk grade corresponding to the target detection parameter value as a target risk grade of the service request based on the corresponding relation between the preset detection parameter value and the risk grade.
The corresponding relationship between the preset detection parameter value and the risk level can be set by technical personnel according to experience and business requirements.
In the embodiment of the present invention, the corresponding relationship between the preset detection parameter value and the risk level may be determined based on the first preset parameter value range, the second preset parameter value range, and the third preset parameter value range.
For example, the risk level corresponding to the first preset parameter value range may be risk-free; the risk level corresponding to the second preset parameter value range can comprise low risk and medium risk; the risk level corresponding to the third preset parameter value range may be a high risk.
Referring to fig. 9, fig. 9 is a schematic diagram of a page for setting a correspondence between a detection parameter value and a risk level according to an embodiment of the present invention.
The corresponding relationship between the detection parameter value and the risk level can also be referred to as a risk grading decision table. Based on the risk classification decision table set in fig. 9, when the target detection parameter value is less than 10, it may be determined as no risk; when the target detection parameter value is greater than or equal to 10 and less than 20, it may be determined as a low risk; when the target detection parameter value is greater than or equal to 20 and less than 200, the risk can be determined as medium risk; when the target detection parameter value is 200 or more, it may be determined as a high risk.
In one embodiment, the step S103 may include:
and based on the detection item data of the target detection item, updating the detection item with the same function as the target detection item to obtain the target detection item.
In an embodiment, if there is a detection item (i.e., an alternative detection item) with the same function as the target detection item and the specific content of the alternative detection item is different from that of the target detection item, the alternative detection item may be updated based on the detection item data of the target detection item to obtain the target detection item.
And updating the alternative detection items to obtain a plurality of detection items with the same function. Namely, a plurality of detection items with the same function in different versions are obtained. The alternative detection item may be referred to as a historical version of the target detection item, that is, the existing historical version may be directly modified without regenerating the target detection item, and thus, the generation efficiency of the target detection policy may be further improved.
In one embodiment, if there is an alternative detection item and the specific content of the alternative detection item is the same as that of the target detection item, the alternative detection item may be directly acquired as the target detection item.
Accordingly, each detection strategy may also contain a plurality of different versions. In one embodiment, the modification of the target detection strategy before and after updating can be recorded and displayed.
Referring to fig. 10A and 10B, fig. 10A is a schematic diagram illustrating detection items included in a target detection policy before update according to an embodiment of the present invention; FIG. 10B is a diagram illustrating the detection items included after the target detection strategy of FIG. 10A is updated. In fig. 10A and 10B, each row represents a detection item included in the target detection policy. Based on fig. 10A and 10B, it is possible to facilitate a technician to observe the modified detection item in the target detection policy.
In addition, for each update of the target detection strategy, a corresponding version number can be generated, and the update time is recorded and then traced back and returned conveniently.
In one embodiment, performing an update operation on a detection item that is functionally the same as the target detection item includes at least one of:
adding detection items contained in detection items with the same functions as the target detection items; deleting the detection items contained in the detection items with the same functions as the target detection items; updating the detection condition and/or the detection parameter value of the detection item with the same function as the target detection item; and updating the detection conditions and/or the detection parameters of the detection items contained in the detection items with the same functions as the target detection items.
In the embodiment of the present invention, if the candidate detection item is a combined detection item, a new detection item may be added to the candidate detection item, an existing detection item may also be deleted, and a detection condition and/or a detection parameter value of the detection item included therein may also be modified. If the alternative detection item is a non-combined detection item, the detection condition and/or the detection parameter value of the alternative detection item can be modified.
Therefore, based on the method provided by the embodiment of the invention, the detection item of the existing historical version can be directly modified without regenerating the target detection item, and further, the generation efficiency of the target detection strategy can be further improved.
In one embodiment, the step S103 may include:
and if the detection item with the same function as the target detection item has a plurality of versions, obtaining the target detection item based on the detection item with the latest version.
In the embodiment of the present invention, the degree of similarity between the specific content of the candidate detection item of the latest version and the specific content of the target detection item is high, and therefore, if there are multiple versions of candidate detection items, the candidate detection item of the latest version may be updated to obtain the target detection item, which can reduce the operation of updating the candidate detection items and improve the generation efficiency of the target detection policy.
Referring to fig. 11, fig. 11 is a schematic diagram illustrating a principle of detecting a service request according to an embodiment of the present invention.
And (3) risk point management: determining each detection item and generating a target detection strategy. And (4) executing the risk points: and detecting the service request based on the target detection strategy. The risk points in the embodiment of the invention are detection items. In fig. 11, risk points 1-5 constitute the target detection strategy.
And (3) risk point configuration: and determining the risk points 1-5 and the combination mode of the risk points.
Risk grading configuration: and determining the corresponding relation between the detection parameter value and the risk level.
Risk point compilation: and determining the calculation sequence of the detection parameter values corresponding to the risk points based on the risk point configuration.
Risk point issuing: and generating a target detection strategy.
In addition, the above information may be stored in a database. Further, when a service request sent by a service party is received, the information can be obtained from the database.
Calculating risk points: and calculating the detection parameter value corresponding to each detection item to obtain a target detection parameter value.
Risk grading: and determining a risk level corresponding to the target detection parameter value as a risk level of the service request based on the risk grading configuration.
Based on the same inventive concept, an embodiment of the present invention further provides a detection policy generating apparatus, referring to fig. 12, where fig. 12 is a structural diagram of the detection policy generating apparatus provided in the embodiment of the present invention, and the apparatus includes:
a detection policy generation instruction receiving module 1201, configured to receive a generation instruction for a target detection policy;
a determining module 1202, configured to determine, for each target detection item included in the target detection policy, whether a detection item having the same function as the target detection item exists in each pre-generated detection item;
a detection item obtaining module 1203, configured to, if there is a detection item with the same function as the target detection item, obtain the target detection item based on the detection item with the same function as the target detection item;
a detection item generating module 1204, configured to generate the target detection item based on the detection item data of the target detection item carried in the generation instruction if there is no detection item with the same function as the target detection item;
and a target detection policy generation module 1205, configured to combine each target detection item according to a target combination manner indicated by the combination identifier carried in the generation instruction, to obtain the target detection policy.
Optionally, each target detection item includes: the detection method comprises the following steps of including a detection condition and a non-combined detection item of a detection parameter value corresponding to the detection condition, and a combined detection item used for combining the detection parameter values of other multiple detection items;
the device further comprises:
a service request acquisition module, configured to combine each target detection item according to a target combination manner indicated by a combination identifier carried in the generation instruction, generate the target detection policy, and then receive a service request corresponding to the target detection policy;
a first detection parameter value obtaining module, configured to obtain, for each non-combined detection item in each target detection item, a detection parameter value corresponding to a detection condition matched with the service request in the non-combined detection item, as a first detection parameter value of the non-combined detection item corresponding to the service request;
a second detection parameter value obtaining module, configured to combine, for each combined detection item in each target detection item, detection parameter values of other multiple detection items corresponding to the combined detection item, to obtain a detection parameter value of the combined detection item corresponding to the service request, where the detection parameter value is used as a second detection parameter value;
a target detection parameter value obtaining module, configured to obtain a target detection parameter value of the service request based on the second detection parameter value;
and the service processing module is used for carrying out safety control processing on the service request based on the target detection parameter value.
Optionally, the apparatus further comprises:
a storage module, configured to, after obtaining, for each non-combined detection item in each target detection item, a detection parameter value corresponding to a detection condition that matches the service request in the non-combined detection item, as a first detection parameter value corresponding to the non-combined detection item for the service request, store the first detection parameter value corresponding to the non-combined detection item for the service request in a memory;
the second detection parameter value obtaining module includes:
a detection parameter value acquisition sub-module, configured to, for each combined detection item in each target detection item, acquire, from each detection parameter value stored in the memory, a detection parameter value of another plurality of detection items corresponding to the combined detection item;
and the second detection parameter value acquisition submodule is used for combining the acquired multiple detection parameter values to obtain a second detection parameter value of the service request corresponding to the combined detection item, and storing the second detection parameter value in the memory.
Optionally, the apparatus further comprises:
and the target risk level determining module is used for determining a risk level corresponding to the target detection parameter value as the target risk level of the service request based on a preset corresponding relation between the detection parameter value and the risk level after the target detection parameter value of the service request is obtained based on the second detection parameter value.
Optionally, the service processing module is specifically configured to respond to the service request if the target detection parameter value belongs to a first preset parameter value range;
if the target detection parameter value belongs to a second preset parameter value range, performing security verification on the service request;
and if the target detection parameter value belongs to a third preset parameter value range, refusing to respond to the service request.
Optionally, the detection item obtaining module 1203 is specifically configured to, based on the detection item data of the target detection item, perform an update operation on a detection item having the same function as the target detection item, so as to obtain the target detection item.
Optionally, the detection item obtaining module 1203 is specifically configured to perform at least one of the following:
adding detection items contained in detection items with the same functions as the target detection items;
deleting the detection items contained in the detection items with the same functions as the target detection items;
updating the detection condition and/or the detection parameter value of the detection item with the same function as the target detection item;
and updating the detection conditions and/or the detection parameters of the detection items contained in the detection items with the same functions as the target detection items.
Optionally, the detection item obtaining module 1203 is specifically configured to, if multiple versions exist in a detection item with the same function as the target detection item, obtain the target detection item based on the detection item with the latest version.
An embodiment of the present invention further provides an electronic device, as shown in fig. 13, including a processor 1301, a communication interface 1302, a memory 1303, and a communication bus 1304, where the processor 1301, the communication interface 1302, and the memory 1303 complete mutual communication through the communication bus 1304,
a memory 1303 for storing a computer program;
the processor 1301 is configured to implement the following steps when executing the program stored in the memory 1303:
receiving a generation instruction aiming at a target detection strategy;
judging whether a detection item with the same function as the target detection item exists in each pre-generated detection item aiming at each target detection item contained in the target detection strategy;
if a detection item with the same function as the target detection item exists, obtaining the target detection item based on the detection item with the same function as the target detection item;
if the detection item with the same function as the target detection item does not exist, generating the target detection item based on the detection item data of the target detection item carried in the generation instruction;
and combining the target detection items according to a target combination mode represented by the combination identifier carried in the generation instruction to obtain the target detection strategy.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
In another embodiment of the present invention, a computer-readable storage medium is further provided, in which a computer program is stored, and the computer program, when executed by a processor, implements the detection policy generation method described in any of the above embodiments.
In yet another embodiment, the present invention further provides a computer program product containing instructions, which when run on a computer, causes the computer to execute the detection policy generation method described in any of the above embodiments.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus, the electronic device, the computer-readable storage medium, and the computer program product embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiments.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (11)
1. A detection strategy generation method is characterized by comprising the following steps:
receiving a generation instruction aiming at a target detection strategy;
judging whether a detection item with the same function as the target detection item exists in each pre-generated detection item aiming at each target detection item contained in the target detection strategy;
if a detection item with the same function as the target detection item exists, obtaining the target detection item based on the detection item with the same function as the target detection item;
if the detection item with the same function as the target detection item does not exist, generating the target detection item based on the detection item data of the target detection item carried in the generation instruction;
and combining the target detection items according to a target combination mode represented by the combination identifier carried in the generation instruction to obtain the target detection strategy.
2. The method of claim 1, wherein each target detection item comprises: the detection method comprises the following steps of including a detection condition and a non-combined detection item of a detection parameter value corresponding to the detection condition, and a combined detection item used for combining the detection parameter values of other multiple detection items;
after combining the target detection items according to the target combination mode represented by the combination identifier carried in the generation instruction and generating the target detection strategy, the method further includes:
receiving a service request corresponding to the target detection strategy;
for each non-combined detection item in each target detection item, acquiring a detection parameter value corresponding to a detection condition matched with the service request in the non-combined detection item, and taking the detection parameter value as a first detection parameter value corresponding to the non-combined detection item of the service request;
combining the detection parameter values of other multiple detection items corresponding to each target detection item to obtain a detection parameter value of the combined detection item corresponding to the service request as a second detection parameter value;
obtaining a target detection parameter value of the service request based on the second detection parameter value;
and carrying out safety control processing on the service request based on the target detection parameter value.
3. The method according to claim 2, wherein after the obtaining, for each non-combined detection item in the target detection items, a detection parameter value corresponding to a detection condition matching the service request in the non-combined detection item as a first detection parameter value corresponding to the non-combined detection item for the service request, the method further comprises:
storing a first detection parameter value of the service request corresponding to the non-combined detection item to a memory;
the combining, for each combined detection item in each target detection item, the detection parameter values of the other multiple detection items corresponding to the combined detection item to obtain the detection parameter value of the combined detection item corresponding to the service request as a second detection parameter value includes:
for each combined detection item in each target detection item, obtaining detection parameter values of other multiple detection items corresponding to the combined detection item from the detection parameter values stored in the memory;
and combining the obtained multiple detection parameter values to obtain a second detection parameter value of the service request corresponding to the combined detection item, and storing the second detection parameter value in the memory.
4. The method of claim 2, wherein after obtaining the target detection parameter value of the service request based on the second detection parameter value, the method further comprises:
and determining a risk level corresponding to the target detection parameter value as a target risk level of the service request based on a preset corresponding relation between the detection parameter value and the risk level.
5. The method of claim 2, wherein the performing security control processing on the service request based on the target detection parameter value comprises:
if the target detection parameter value belongs to a first preset parameter value range, responding to the service request;
if the target detection parameter value belongs to a second preset parameter value range, performing security verification on the service request;
and if the target detection parameter value belongs to a third preset parameter value range, refusing to respond to the service request.
6. The method of claim 1, wherein obtaining the target detection item based on the detection item having the same function as the target detection item comprises:
and based on the detection item data of the target detection item, updating the detection item with the same function as the target detection item to obtain the target detection item.
7. The method of claim 6, wherein the performing an update operation on the detection item having the same function as the target detection item comprises at least one of:
adding detection items contained in detection items with the same functions as the target detection items;
deleting the detection items contained in the detection items with the same functions as the target detection items;
updating the detection condition and/or the detection parameter value of the detection item with the same function as the target detection item;
and updating the detection conditions and/or the detection parameters of the detection items contained in the detection items with the same functions as the target detection items.
8. The method of claim 1, wherein obtaining the target detection item based on the detection item having the same function as the target detection item comprises:
and if the detection item with the same function as the target detection item has a plurality of versions, obtaining the target detection item based on the detection item with the latest version.
9. A detection policy generation apparatus, characterized in that the apparatus comprises:
the detection strategy generation instruction receiving module is used for receiving a generation instruction aiming at a target detection strategy;
the judging module is used for judging whether a detection item with the same function as the target detection item exists in each pre-generated detection item aiming at each target detection item contained in the target detection strategy;
the detection item acquisition module is used for obtaining the target detection item based on the detection item with the same function as the target detection item if the detection item with the same function as the target detection item exists;
a detection item generation module, configured to generate the target detection item based on detection item data of the target detection item carried in the generation instruction if there is no detection item with the same function as the target detection item;
and the target detection strategy generation module is used for combining all the target detection items according to a target combination mode represented by the combination identifier carried in the generation instruction to obtain the target detection strategy.
10. An electronic device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing mutual communication by the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any of claims 1 to 8 when executing a program stored in the memory.
11. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of the claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110886535.3A CN113590180B (en) | 2021-08-03 | 2021-08-03 | Detection strategy generation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110886535.3A CN113590180B (en) | 2021-08-03 | 2021-08-03 | Detection strategy generation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113590180A true CN113590180A (en) | 2021-11-02 |
| CN113590180B CN113590180B (en) | 2023-07-28 |
Family
ID=78254434
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110886535.3A Active CN113590180B (en) | 2021-08-03 | 2021-08-03 | Detection strategy generation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113590180B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114115201A (en) * | 2021-11-29 | 2022-03-01 | 上海地铁维护保障有限公司 | Vehicle-mounted controller static test method and system |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003076937A (en) * | 2001-09-06 | 2003-03-14 | Shinichi Morishita | Method and system for extracting association rule and association rule extraction program |
| US8527475B1 (en) * | 2011-09-21 | 2013-09-03 | Amazon Technologies, Inc. | System and method for identifying structured data items lacking requisite information for rule-based duplicate detection |
| US20180158014A1 (en) * | 2016-12-05 | 2018-06-07 | Oracle International Corporation | Rule based source sequencing for allocation |
| CN109753281A (en) * | 2017-11-01 | 2019-05-14 | 北京德意新能电气有限公司 | A kind of microgrid energy management strategy visualization toolkit based on graphic programming |
| KR102008707B1 (en) * | 2019-03-26 | 2019-08-09 | 이종훈 | Risk management system |
| CN111460298A (en) * | 2020-03-31 | 2020-07-28 | 深圳市酷开网络科技有限公司 | Service data processing method and device, computer equipment and storage medium |
| CN111738623A (en) * | 2020-07-17 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Business risk detection method and device |
| CN111787094A (en) * | 2020-06-29 | 2020-10-16 | 腾讯科技(深圳)有限公司 | Data processing method, device, storage medium and equipment |
| CN112988607A (en) * | 2021-05-11 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Application program component detection method and device and storage medium |
-
2021
- 2021-08-03 CN CN202110886535.3A patent/CN113590180B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003076937A (en) * | 2001-09-06 | 2003-03-14 | Shinichi Morishita | Method and system for extracting association rule and association rule extraction program |
| US8527475B1 (en) * | 2011-09-21 | 2013-09-03 | Amazon Technologies, Inc. | System and method for identifying structured data items lacking requisite information for rule-based duplicate detection |
| US20180158014A1 (en) * | 2016-12-05 | 2018-06-07 | Oracle International Corporation | Rule based source sequencing for allocation |
| CN109753281A (en) * | 2017-11-01 | 2019-05-14 | 北京德意新能电气有限公司 | A kind of microgrid energy management strategy visualization toolkit based on graphic programming |
| KR102008707B1 (en) * | 2019-03-26 | 2019-08-09 | 이종훈 | Risk management system |
| CN111460298A (en) * | 2020-03-31 | 2020-07-28 | 深圳市酷开网络科技有限公司 | Service data processing method and device, computer equipment and storage medium |
| CN111787094A (en) * | 2020-06-29 | 2020-10-16 | 腾讯科技(深圳)有限公司 | Data processing method, device, storage medium and equipment |
| CN111738623A (en) * | 2020-07-17 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Business risk detection method and device |
| CN112988607A (en) * | 2021-05-11 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Application program component detection method and device and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114115201A (en) * | 2021-11-29 | 2022-03-01 | 上海地铁维护保障有限公司 | Vehicle-mounted controller static test method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113590180B (en) | 2023-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11245718B2 (en) | Method and system for tracking fraudulent activity | |
| US10924514B1 (en) | Machine learning detection of fraudulent validation of financial institution credentials | |
| US11848760B2 (en) | Malware data clustering | |
| US20200285978A1 (en) | Model training system and method, and storage medium | |
| EP2805286B1 (en) | Online fraud detection dynamic scoring aggregation systems and methods | |
| CN103679031B (en) | A kind of immune method and apparatus of file virus | |
| US8832840B2 (en) | Mobile application security and management service | |
| US20040006704A1 (en) | System and method for determining security vulnerabilities | |
| US11386224B2 (en) | Method and system for managing personal digital identifiers of a user in a plurality of data elements | |
| CN107911397B (en) | Threat assessment method and device | |
| EP2880579A1 (en) | Conjoint vulnerability identifiers | |
| CN113591068A (en) | Online login equipment management method and device and electronic equipment | |
| CN111404937B (en) | Method and device for detecting server vulnerability | |
| CN115695012A (en) | Login request processing method and device, electronic equipment and storage medium | |
| CN113590180A (en) | Detection strategy generation method and device | |
| CN111131166B (en) | User behavior prejudging method and related equipment | |
| CN115065512B (en) | Account login method, system, device, electronic equipment and storage medium | |
| CN115242436B (en) | Malicious traffic detection method and system based on command line characteristics | |
| CN110597573A (en) | Warehouse entry request data processing method and device | |
| US20130247179A1 (en) | System, method, and computer program product for sending data associated with content to a server for analysis | |
| CN115643044A (en) | Data processing method, device, server and storage medium | |
| CN113468217A (en) | Data query management method and device, computer equipment and readable storage medium | |
| CN111949363A (en) | Service access management method, computer equipment, storage medium and system | |
| CN106875183B (en) | Method and device for determining bank account number, identity card number and state of information to be checked | |
| CN111614669A (en) | Method, device and equipment for processing user information operation request and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |