CN113590180B - Detection strategy generation method and device - Google Patents
Detection strategy generation method and device Download PDFInfo
- Publication number
- CN113590180B CN113590180B CN202110886535.3A CN202110886535A CN113590180B CN 113590180 B CN113590180 B CN 113590180B CN 202110886535 A CN202110886535 A CN 202110886535A CN 113590180 B CN113590180 B CN 113590180B
- Authority
- CN
- China
- Prior art keywords
- detection
- item
- target
- parameter value
- target detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/36—Software reuse
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0637—Strategic management or analysis, e.g. setting a goal or target of an organisation; Planning actions based on goals; Analysis or evaluation of effectiveness of goals
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Economics (AREA)
- Entrepreneurship & Innovation (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Educational Administration (AREA)
- Tourism & Hospitality (AREA)
- Game Theory and Decision Science (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Development Economics (AREA)
- General Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Geophysics And Detection Of Objects (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the invention provides a detection strategy generation method and device, which relate to the technical field of Internet, and the method comprises the following steps: receiving a generation instruction aiming at a target detection strategy; judging whether detection items with the same functions as the target detection items exist in all the detection items which are generated in advance according to each target detection item contained in the target detection strategy; if the target detection item exists, the target detection item is obtained based on the detection item with the same function as the target detection item; if the target detection item does not exist, generating the target detection item based on the detection item data of the target detection item carried in the generation instruction; and combining all the target detection items according to a target combination mode represented by the combination mark carried in the generation instruction to obtain a target detection strategy. Based on the above processing, the generation efficiency of the detection policy can be improved.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a method and an apparatus for generating a detection policy.
Background
In order to ensure reliability of service processing, for a certain service, a risk score of a received service request accessing the service may be determined based on a detection policy, and further, a risk level of the service request may be determined according to a scoring result. For example, the determined risk level may include: no risk, low risk, medium risk, high risk. The risk-free indicates that the service request is normal, the low risk and the medium risk indicate that the service request has a certain risk, and the high risk indicates that the service request is abnormal. Further, the security control process may be performed on the service request based on the determined risk level.
In the related art, for each service, a technician is required to manually write a detection item included in a detection policy corresponding to the service, so that the efficiency of generating the detection policy is not high.
Disclosure of Invention
The embodiment of the invention aims to provide a method and a device for generating a detection strategy so as to improve the generation efficiency of the detection strategy. The specific technical scheme is as follows:
in a first aspect of the present invention, there is provided a detection policy generation method, including:
receiving a generation instruction aiming at a target detection strategy;
judging whether detection items with the same functions as the target detection items exist in all the detection items which are generated in advance according to each target detection item contained in the target detection strategy;
if the detection item with the same function as the target detection item exists, obtaining the target detection item based on the detection item with the same function as the target detection item;
if the detection item with the same function as the target detection item does not exist, generating the target detection item based on the detection item data of the target detection item carried in the generation instruction;
and combining all the target detection items according to a target combination mode represented by the combination mark carried in the generation instruction to obtain the target detection strategy.
Optionally, the respective target detection items include: a non-combination detection item including a detection condition and a detection parameter value corresponding to the detection condition, and a combination detection item for combining detection parameter values of other plurality of detection items;
after each target detection item is combined according to the target combination mode represented by the combination identifier carried in the generation instruction to generate the target detection strategy, the method further comprises the following steps:
receiving a service request corresponding to the target detection strategy;
for each non-combination detection item in each target detection item, acquiring a detection parameter value corresponding to a detection condition matched with the service request in the non-combination detection item as a first detection parameter value corresponding to the non-combination detection item of the service request;
combining detection parameter values of other detection items corresponding to each combination detection item in the target detection items to obtain a detection parameter value of the combination detection item corresponding to the service request as a second detection parameter value;
obtaining a target detection parameter value of the service request based on the second detection parameter value;
And carrying out security control processing on the service request based on the target detection parameter value.
Optionally, after the detection parameter value corresponding to the detection condition matched with the service request in the non-combination detection item is obtained for each non-combination detection item in the target detection items and is used as the first detection parameter value corresponding to the non-combination detection item in the service request, the method further includes:
storing a first detection parameter value of the service request corresponding to the non-combination detection item into a memory;
combining, for each combined detection item in each target detection item, detection parameter values of a plurality of other detection items corresponding to the combined detection item to obtain a detection parameter value of the service request corresponding to the combined detection item, where the detection parameter value is used as a second detection parameter value, and the method includes:
for each combined detection item in each target detection item, acquiring detection parameter values of other detection items corresponding to the combined detection item from all detection parameter values stored in the memory;
and combining the acquired detection parameter values to obtain a second detection parameter value of the service request corresponding to the combined detection item, and storing the second detection parameter value into the memory.
Optionally, after obtaining the target detection parameter value of the service request based on the second detection parameter value, the method further includes:
and determining the risk level corresponding to the target detection parameter value based on the corresponding relation between the preset detection parameter value and the risk level, and taking the risk level as the target risk level of the service request.
Optionally, the performing security control processing on the service request based on the target detection parameter value includes:
if the target detection parameter value belongs to a first preset parameter value range, responding to the service request;
if the target detection parameter value belongs to a second preset parameter value range, carrying out security verification on the service request;
and if the target detection parameter value belongs to a third preset parameter value range, refusing to respond to the service request.
Optionally, the obtaining the target detection item based on the detection item with the same function as the target detection item includes:
and based on the detection item data of the target detection item, performing an updating operation on the detection item with the same function as the target detection item to obtain the target detection item.
Optionally, the updating operation is performed on the detection item with the same function as the target detection item, including at least one of the following:
Adding detection items contained in the detection items having the same function as the target detection items;
deleting the detection items contained in the detection items having the same function as the target detection item;
updating the detection conditions and/or detection parameter values of the detection items with the same function as the target detection items;
the detection conditions and/or detection parameters of the detection items included in the detection items having the same function as the target detection item are updated.
Optionally, the obtaining the target detection item based on the detection item with the same function as the target detection item includes:
if multiple versions exist in the detection item with the same function as the target detection item, the target detection item is obtained based on the detection item of the latest version.
In a second aspect of the present invention, there is also provided a detection policy generating device, including:
the detection strategy generation instruction receiving module is used for receiving a generation instruction aiming at the target detection strategy;
the judging module is used for judging whether detection items which are generated in advance and have the same function as the target detection items exist in the detection items aiming at each target detection item contained in the target detection strategy;
the detection item acquisition module is used for acquiring the target detection item based on the detection item with the same function as the target detection item if the detection item with the same function as the target detection item exists;
The detection item generation module is used for generating the target detection item based on the detection item data of the target detection item carried in the generation instruction if the detection item with the same function as the target detection item does not exist;
and the target detection strategy generation module is used for combining all target detection items according to a target combination mode represented by the combination identifier carried in the generation instruction to obtain the target detection strategy.
Optionally, the respective target detection items include: a non-combination detection item including a detection condition and a detection parameter value corresponding to the detection condition, and a combination detection item for combining detection parameter values of other plurality of detection items;
the apparatus further comprises:
the service request acquisition module is used for combining all target detection items according to a target combination mode represented by a combination identifier carried in the generation instruction, and receiving a service request corresponding to the target detection strategy after the target detection strategy is generated;
the first detection parameter value acquisition module is used for acquiring detection parameter values corresponding to detection conditions matched with the service request in the non-combination detection items aiming at each non-combination detection item in each target detection item, and the detection parameter values are used as first detection parameter values corresponding to the non-combination detection items of the service request;
The second detection parameter value acquisition module is used for combining detection parameter values of other detection items corresponding to each combination detection item in the target detection items to obtain a detection parameter value corresponding to the combination detection item of the service request as a second detection parameter value;
the target detection parameter value acquisition module is used for acquiring a target detection parameter value of the service request based on the second detection parameter value;
and the service processing module is used for carrying out security control processing on the service request based on the target detection parameter value.
Optionally, the apparatus further includes:
the storage module is used for acquiring detection parameter values corresponding to detection conditions matched with the service request in the non-combination detection items as first detection parameter values of the service request corresponding to the non-combination detection items in the non-combination detection items aiming at each non-combination detection item in the target detection items, and then storing the first detection parameter values of the service request corresponding to the non-combination detection items into the memory;
the second detection parameter value acquisition module includes:
the detection parameter value acquisition sub-module is used for acquiring detection parameter values of other detection items corresponding to each combination detection item from all detection parameter values stored in the memory according to each combination detection item in all target detection items;
And the second detection parameter value acquisition sub-module is used for combining the acquired detection parameter values to obtain a second detection parameter value of the service request corresponding to the combined detection item, and storing the second detection parameter value into the memory.
Optionally, the apparatus further includes:
and the target risk level determining module is used for determining the risk level corresponding to the target detection parameter value based on the corresponding relation between the preset detection parameter value and the risk level after the target detection parameter value of the service request is obtained based on the second detection parameter value, and the risk level is used as the target risk level of the service request.
Optionally, the service processing module is specifically configured to respond to the service request if the target detection parameter value belongs to a first preset parameter value range;
if the target detection parameter value belongs to a second preset parameter value range, carrying out security verification on the service request;
and if the target detection parameter value belongs to a third preset parameter value range, refusing to respond to the service request.
Optionally, the detection item obtaining module is specifically configured to perform an update operation on a detection item with the same function as the target detection item based on detection item data of the target detection item, so as to obtain the target detection item.
Optionally, the detection item acquisition module is specifically configured to perform at least one of the following:
adding detection items contained in the detection items having the same function as the target detection items;
deleting the detection items contained in the detection items having the same function as the target detection item;
updating the detection conditions and/or detection parameter values of the detection items with the same function as the target detection items;
the detection conditions and/or detection parameters of the detection items included in the detection items having the same function as the target detection item are updated.
Optionally, the detection item obtaining module is specifically configured to obtain the target detection item based on the detection item of the latest version if there are multiple versions of the detection item having the same function as the target detection item.
In yet another aspect of the present invention, there is also provided an electronic device including a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory perform communication with each other through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing the detection strategy generation method according to any one of the first aspect when executing the program stored in the memory.
In yet another aspect of the implementation of the present invention, there is also provided a computer readable storage medium, in which a computer program is stored, the computer program implementing any one of the above detection policy generation methods when executed by a processor.
In yet another aspect of the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform any of the above-described detection policy generation methods.
The detection strategy generation method provided by the embodiment of the invention receives a generation instruction aiming at a target detection strategy; judging whether detection items with the same functions as the target detection items exist in all the detection items which are generated in advance according to each target detection item contained in the target detection strategy; if the target detection item exists, the target detection item is obtained based on the detection item with the same function as the target detection item; if the target detection item does not exist, generating the target detection item based on the detection item data of the target detection item carried in the generation instruction; and combining all the target detection items according to a target combination mode represented by the combination mark carried in the generation instruction to obtain a target detection strategy.
In this way, for the target detection policy to be generated, if the detection items with the same functions as the target detection items in the target detection policy are generated in advance, the target detection items can be obtained directly based on the detection items, and the technician is not required to rewrite the target detection items, i.e. multiplexing of the detection items can be realized, and further, the generation efficiency of the detection policy can be improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
FIG. 1 is a flowchart of a detection strategy generation method according to an embodiment of the present invention;
FIG. 2 is a flowchart of another method for generating a detection policy according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a page with non-combined detection items according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a page for setting a combination detection item according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a relationship between detection items included in a detection policy according to an embodiment of the present invention;
FIG. 6 is a flowchart of another method for generating a detection policy according to an embodiment of the present invention;
FIG. 7 is a schematic diagram illustrating a calculation sequence of detection parameter values corresponding to each detection item in the detection strategy shown in FIG. 5;
FIG. 8 is a schematic diagram of a process for calculating target detection parameter values based on the detection strategy shown in FIG. 7;
fig. 9 is a schematic diagram of a page for setting a correspondence between a detection parameter value and a risk level according to an embodiment of the present invention;
FIG. 10A is a schematic diagram of a detection item included in a target detection strategy before update according to the present invention;
FIG. 10B is a schematic diagram of the detection items included after the target detection policy of FIG. 10A is updated;
fig. 11 is a schematic diagram of a service request detection method according to an embodiment of the present invention;
fig. 12 is a block diagram of a detection policy generating device according to an embodiment of the present invention;
fig. 13 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described below with reference to the accompanying drawings in the embodiments of the present invention.
In the related art, for each service, a technician is required to manually write a detection item included in a detection policy corresponding to the service, so that the efficiency of generating the detection policy is not high.
In order to solve the above problems, an embodiment of the present invention provides a detection policy generation method, which may be applied to an electronic device, where the electronic device is configured to generate a detection policy, and may further process a service request based on the detection policy. Referring to fig. 1, fig. 1 is a flowchart of a detection policy generation method according to an embodiment of the present invention, where the method may include the following steps:
S101: and receiving a generation instruction aiming at the target detection strategy.
S102: for each target detection item contained in the target detection strategy, judging whether detection items which have the same function as the target detection item exist in the detection items which are generated in advance.
S103: if the detection item with the same function as the target detection item exists, the target detection item is obtained based on the detection item with the same function as the target detection item.
S104: if the detection item with the same function as the target detection item does not exist, the target detection item is generated based on the detection item data of the target detection item carried in the generation instruction.
S105: and combining all the target detection items according to a target combination mode represented by the combination mark carried in the generation instruction to obtain a target detection strategy.
According to the detection strategy generation method provided by the embodiment of the invention, if the detection items with the same functions as the target detection items in the detection items are generated in advance, the target detection items can be obtained directly based on the detection items, and a technician is not required to rewrite the target detection items, namely, multiplexing of the detection items can be realized, and further, the generation efficiency of the detection strategy can be improved.
For step S102, the technician may preset a plurality of detection items and store them locally in the electronic device, or may also store them in a preset storage device. Correspondingly, when the detection strategy needs to be generated, a technician can input a generation instruction of the detection strategy to the electronic equipment. The electronic device may then query each of the pre-generated detection items.
The function of a test item may be represented by the identity of the test item (e.g., the name of the test item), e.g., the name of a test item is "mobile phone intelligence risk test", which indicates that the test item is used to test mobile phone intelligence risk. If the functions of the two detection items are the same, the two detection items can realize the detection of the same function. However, for different services, or in different detection scenarios, even if the implemented functions are the same, the specific content of the two detection items may be different, for example, the detection conditions included in the two detection items may be different, and the detection parameter values corresponding to the detection conditions may be different. In addition, if the two detection items are combined detection items, the detection items included in the two detection items may be different.
For step S103, if the functions of the two detection items are the same, the two detection items may include a part of the same content even if the specific contents of the two detection items are different. Thus, if there is a detection item (which may be an alternative detection item) that has the same function as the target detection item, the portion of the alternative detection item that is different from the target detection item may be modified to obtain the target detection item without the need to regenerate the target detection item.
For step S105, in one manner, when detecting the service request, based on each detection item, a corresponding detection parameter value may be obtained, and correspondingly, based on the target combination manner, the detection parameter values corresponding to each detection item may be combined to obtain a final detection parameter value. The target combination may be a maximum, minimum, average or sum. Specifically, the target combination mode can be set by a technician according to service requirements.
In one embodiment, each target detection item includes: a non-combination detection item including a detection condition and a detection parameter value corresponding to the detection condition, and a combination detection item for combining the detection parameter values of the other plurality of detection items.
Accordingly, referring to fig. 2, after the above step S105, the method may further include the steps of:
s106: and receiving a service request corresponding to the target detection strategy.
S107: and aiming at each non-combination detection item in each target detection item, acquiring a detection parameter value corresponding to a detection condition matched with the service request in the non-combination detection item as a first detection parameter value corresponding to the non-combination detection item of the service request.
S108: and combining detection parameter values of other detection items corresponding to each combination detection item in the target detection items to obtain a detection parameter value of the combination detection item corresponding to the service request as a second detection parameter value.
S109: and obtaining the target detection parameter value of the service request based on the second detection parameter value.
S1010: and carrying out security control processing on the service request based on the target detection parameter value.
The service request may be a login request or a data access request, but is not limited thereto. The service request corresponding to the target detection policy, that is, the service request may be detected based on each target detection item included in the target detection policy.
In the embodiment of the invention, after the target detection strategy is generated, when a corresponding service request is received, a detection parameter value (i.e. a target detection parameter value) of the service request can be calculated according to the target detection strategy, and the service request can be processed based on the target detection parameter value.
The non-combinatorial test items may comprise at least one test condition and a test parameter value corresponding to each test condition. Therefore, the service request can be compared with the detection conditions to determine the matched detection conditions, and further, the corresponding detection parameter values, that is, the first detection parameter value of the service request aiming at the non-combination detection item, are obtained.
For example, a non-combinatorial test item may comprise: and judging whether the IP address of the service party sending the service request belongs to a preset address range and whether the time for the service party to send the service request belongs to a preset time range. Different address ranges may correspond to different detection parameter values, as may different time ranges. Further, detection parameter values for the service request for the non-combined detection term may be calculated.
Referring to fig. 3, fig. 3 is a schematic diagram of a page on which non-combination detection items are set according to an embodiment of the present invention.
The non-combined test item shown in fig. 3 represents a test for a specified parameter for calculating a specified parameter risk score (i.e., the first test parameter value of the non-combined test item).
In FIG. 3, six rows [1244], [3154], [1134], [2099], [5850], and [5125] represent the detection conditions of the non-combination detection item. If the service request satisfies the above condition, it may be determined that the detection parameter value corresponding to the non-combined detection item is 20 (i.e. the current risk point score=20 is set).
Wherein, row [1244] represents that the detection conditions of three rows [3154], [1134] and [2099] are taken as 'OR', that is, as long as the detection conditions of any row of [3154], [1134] and [2099] are met, that is, the detection conditions of row [1244] are met, that is, the detection parameter value of the non-combination detection item can be determined to be 20. In addition, line [1244] represents that the detection conditions of two lines [5850] and [5125] are "and", that is, the detection conditions of lines [2099] can be determined to be satisfied only if the detection conditions of lines [5850] and [5125] are satisfied at the same time.
Specifically, the technician can set the combination of rows [3154], [1134] and [2099] and the combination of rows [5850] and [5125] in the page shown in fig. 3. In addition, the specific content of each detection condition may also be set. For example, for row [3154], a specific value may be set, and when intelligence score 1 is not null and equal to that value, it is determined that row [3154] is satisfied. In fig. 3, the value set is 5.
The combined detection item is obtained by combining a plurality of other detection items, and the other detection items constituting the combined detection item may be non-combined detection items or combined detection items. Therefore, in order to obtain the parameter value (i.e., the second detection parameter value) of the service request for the combined detection item, the detection parameter value of the service request for each of the other detection items constituting the combined detection item may be calculated, and then, the detection parameter values are combined to obtain the detection parameter value corresponding to the combined detection item.
Accordingly, referring to fig. 4, fig. 4 is a schematic diagram of a page for setting a combination detection item according to an embodiment of the present invention.
The combined test item shown in fig. 4 represents an engine-specific test, and includes two other test items, namely a first parameter scoring card for the risk point parameter (i.e., test item for the first parameter) and a second parameter scoring card for the risk point parameter (i.e., test item for the second parameter). In fig. 4, the combination of the two detection items may be selected, for example, summation, maximum value, minimum value.
In addition, weights of the two detection items may be set, 1 and 1.5 in fig. 4, respectively, and based on the weights and the detection parameter values of the two detection items, the detection parameter values of the corresponding combination detection items may be calculated. The order of the two detection items described above may also be set based on the move-up and move-down components in the page shown in fig. 4.
Referring to fig. 5, fig. 5 is a schematic diagram of a relationship between detection items included in a detection policy according to an embodiment of the present invention.
In fig. 5, risk points are also the test items in the embodiment of the present invention. It can be seen that the detection strategy contains three combined detection items, namely risk point A1, risk point A2 and risk point A3. The combination mode of the three combination detection items is sum value, namely, the summarized value of the detection parameter values corresponding to the risk point A1, the risk point A2 and the risk point A3 is calculated, and the total score (namely, the target detection parameter value) is obtained.
The risk point A1 is obtained by combining the risk point B1 and the risk point B2 in a way of taking a sum (i.e. calculating a summary value). The risk point A2 is obtained by combining the risk point B3, the risk point B4 and the risk point B5 in a mode of taking the maximum value. The risk point A3 is obtained by combining the risk point B6, the risk point B7 and the risk point B8 in a mode of taking the minimum value.
In addition, the risk points B2 and B7 are also combined detection items; risk points B1, B3, B4, B5, B6, B8, C1, and C2 are non-combinatorial test items.
It can be seen that after the detection parameter values (i.e., the second detection parameter values) corresponding to the risk point A1, the risk point A2, and the risk point A3 are calculated, the final target detection parameter value can be directly calculated based on each second detection parameter value.
In addition, in fig. 5, if the detection items at the same level as the risk points A1, A2, and A3 further include the detection item risk point D1, and the risk point D1 is a non-combination detection item, that is, after the second detection parameter values corresponding to the risk points A1, A2, and A3 are calculated, the final target detection parameter value may be calculated by combining the first detection parameter values corresponding to the risk point D1.
For example, the detection policy formed by the detection items in fig. 5 may be used to detect whether the received service request is a malicious service request. The risk point A1 represents a detection item of the IP address layer, that is, a corresponding detection parameter value is obtained based on the IP address of the client that sends the service request. Correspondingly, the risk point B1 is used for detecting whether the IP address of the client side sending the service request is the common IP address of the account currently logged in or not so as to determine the corresponding detection parameter value; and the risk point B2 is used for determining the network segment to which the IP address of the client sending the service request belongs and determining the corresponding detection parameter value based on the number of the service requests sent by other clients in the network segment. Similarly, the risk point C1 and the risk point C2 may be specifically set by a technician according to the number of service requests sent by other clients in the network segment.
The risk point A2 represents a detection item of the device layer, that is, a corresponding detection parameter value is obtained based on device information of the client that sends the service request. Correspondingly, the risk point B3 is used for detecting whether the client side sending the service request is a client side commonly used by the account logged in currently so as to determine a corresponding detection parameter value; the risk point B4 is used for detecting whether other accounts are logged in the client side for sending the service request so as to determine corresponding detection parameter values; and the risk point B5 is used for detecting whether the equipment type of the client side sending the service request is the designated equipment type or not so as to determine the corresponding detection parameter value.
The risk point A3 represents a detection item of the user layer, i.e. based on the account of the current login client, a corresponding detection parameter value is obtained. Correspondingly, the risk point B6 is used for detecting whether the time of sending the service request by the client is the common access time of the account currently logged in or not so as to determine the corresponding detection parameter value; the risk point B7 is used for detecting whether the currently logged-in account is the person or not so as to determine a corresponding detection parameter value; and the risk point B8 is used for detecting whether the resource requested by the service request is the type of the resource frequently accessed by the account which is currently logged in or not so as to determine the corresponding detection parameter value.
In one embodiment, referring to fig. 6, after step S107 described above, the method may further include the steps of:
s1011: and storing the first detection parameter value of the service request corresponding to the non-combination detection item into a memory.
Accordingly, the step S108 may include:
s1081: and for each combined detection item in each target detection item, acquiring detection parameter values of other detection items corresponding to the combined detection item from all detection parameter values stored in a memory.
S1082: and combining the acquired detection parameter values to obtain a second detection parameter value of the service request corresponding to the combined detection item, and storing the second detection parameter value into a memory.
In the embodiment of the invention, the calculation sequence of the detection parameter values of the service request aiming at each detection item can be determined. In one implementation, since the combined detection items are obtained by combining other detection items, the detection parameter values corresponding to the non-combined detection items may be calculated first, and then the detection parameter values corresponding to the corresponding combined detection items may be calculated.
For example, in the detection strategy shown in fig. 5, the non-combined detection terms include: risk point B1, risk point B3, risk point B4, risk point B5, risk point B6, risk point B8, risk point C1, and risk point C2. For fig. 5, after the detection parameter values corresponding to the non-combination detection items are calculated, the detection parameter value corresponding to the risk point B2 may be calculated based on the detection parameter values corresponding to the risk point C1 and the risk point C2, and further, the detection parameter value corresponding to the risk point A1 may be calculated based on the detection parameter value corresponding to the risk point B2 and the detection parameter value corresponding to the risk point B1.
Referring to fig. 7, fig. 7 is a schematic diagram illustrating a calculation sequence of detection parameter values corresponding to each detection item in the detection strategy shown in fig. 5. The sequence numbers of the respective detection items in fig. 7 indicate the order in which the corresponding detection parameter values thereof are calculated. That is, the detection parameter value corresponding to the risk point B1 may be calculated first, then the detection parameter value corresponding to the risk point C1 may be calculated, and further, the detection parameter value corresponding to the risk point C2 may be calculated, then the detection parameter value corresponding to the risk point B2 may be calculated, and further, the detection parameter value corresponding to the risk point A1 may be calculated. Then, the detection parameter value corresponding to the risk point B3 may be calculated.
In addition, when the detection parameter values of the respective detection items are calculated in the above-described order, after the corresponding detection parameter value is calculated for a certain detection item, the detection parameter value may be stored (for example, may be stored in a memory). Because one detection item may belong to a plurality of different combination detection items, when the detection parameter values of the corresponding different combination detection items are required to be calculated based on the detection item, only the detection parameter values of the detection item are required to be obtained from the memory, and the detection parameter values of the detection item are not required to be calculated for a plurality of times, so that repeated calculation can be avoided, and the calculation efficiency of the target detection parameter values is improved.
For example, for each detection item in fig. 7, the order in which the detection parameter values are calculated can be seen in fig. 8. The memory is initialized, then, the detection parameter value (10) corresponding to the risk point B1 can be calculated and stored in the memory, then, the detection parameter value (10) corresponding to the risk point C1 is calculated and stored in the memory, and further, the detection parameter value (10) corresponding to the risk point C2 is calculated and stored in the memory. Then, based on the detection parameter values corresponding to the risk point C1 and the risk point C2, a detection parameter value (10) corresponding to the risk point B2 may be calculated and stored in the memory. And so on until a total score (sum=120) is calculated, i.e. the target detection parameter value.
After the detection parameter value corresponding to the risk point B2 is calculated, the detection parameter value corresponding to the risk point B2 may be stored in the memory, and subsequently, when the detection parameter value corresponding to the risk point B7 needs to be calculated, the detection parameter value corresponding to the risk point B2 may be directly obtained from the memory, without calculating based on the detection parameter values corresponding to the risk point C1 and the risk point C2 again. In one embodiment, the step S1010 may include the following steps:
step one, if the target detection parameter value belongs to a first preset parameter value range, responding to a service request.
And step two, if the target detection parameter value belongs to a second preset parameter value range, carrying out security verification on the service request.
And thirdly, if the target detection parameter value belongs to a third preset parameter value range, rejecting the response service request.
In the embodiment of the present invention, the first preset parameter value range, the second preset parameter value range and the third preset parameter value range may be set by a technician according to service requirements.
Specifically, the target detection parameter value belongs to the first preset parameter value range, which may indicate that the service request is risk-free, that is, the service request is a normal service request. Thus, the service request can be normally responded to.
The target detection parameter value belonging to the second preset parameter value range may indicate that the service request may be at risk. Thus, the service request can be securely validated. For example, the service party sending the service request may be presented with a verification page prompting the user to enter a verification code for security verification.
The target detection parameter value belongs to a third preset parameter value range, and can represent that the service request is an abnormal service request. Thus, the response service request can be refused, i.e. without any processing.
In one embodiment, after step S109, the method may further include the steps of:
and determining the risk level corresponding to the target detection parameter value based on the corresponding relation between the preset detection parameter value and the risk level, and taking the risk level as the target risk level of the service request.
The corresponding relation between the preset detection parameter value and the risk level can be set by a technician according to experience and business requirements.
In the embodiment of the present invention, the corresponding relationship between the preset detection parameter value and the risk level may be determined based on the first preset parameter value range, the second preset parameter value range, and the third preset parameter value range.
For example, the risk level corresponding to the first preset parameter value range may be risk-free; the risk level corresponding to the second preset parameter value range may include a low risk and a medium risk; the risk level corresponding to the third preset parameter value range may be a high risk.
Referring to fig. 9, fig. 9 is a schematic diagram of a page for setting a correspondence between a detection parameter value and a risk level according to an embodiment of the present invention.
The correspondence between the detection parameter value and the risk level may also be referred to as a risk classification decision table. Based on the risk classification decision table set in fig. 9, when the target detection parameter value is less than 10, it can be determined that there is no risk; when the target detection parameter value is 10 or more and less than 20, it can be determined as low risk; when the target detection parameter value is 20 or more and less than 200, it can be determined as a risk of stroke; when the target detection parameter value is 200 or more, it can be determined as high risk.
In one embodiment, the step S103 may include:
and based on the detection item data of the target detection item, performing an updating operation on the detection item with the same function as the target detection item to obtain the target detection item.
In one embodiment, if there is a detection item (i.e., an alternative detection item) that has the same function as the target detection item and the specific content of the alternative detection item is different from that of the target detection item, the alternative detection item may be updated based on the detection item data of the target detection item, so as to obtain the target detection item.
And updating the alternative detection items to obtain a plurality of detection items with the same function. That is, multiple different versions of the same-function test item are obtained. The alternative detection item may be referred to as a historical version of the target detection item, that is, an existing historical version may be directly modified, without regenerating the target detection item, so that the generation efficiency of the target detection policy may be further improved.
In one embodiment, if there is an alternative detection item, and the specific content of the alternative detection item is the same as that of the target detection item, the alternative detection item may be directly acquired as the target detection item.
Accordingly, each detection policy may also contain a plurality of different versions. In one embodiment, the modifications that occur to the target detection policy before and after the update may also be recorded and displayed.
Referring to fig. 10A and fig. 10B, fig. 10A is a schematic diagram of a detection item included in a target detection policy before update according to the present invention; FIG. 10B is a schematic diagram of the detection items included after the target detection policy of FIG. 10A is updated. In fig. 10A and 10B, each row represents a detection item contained in the target detection policy. Based on fig. 10A and 10B, a technician can conveniently observe modified detection items in the target detection strategy.
In addition, for each update of the target detection strategy, a corresponding version number can be generated, the update time is recorded, and the follow-up is convenient for tracing and rollback of the target detection strategy.
In one embodiment, the update operation is performed on the detection item that is functionally identical to the target detection item, including at least one of:
adding detection items contained in the detection items having the same function as the target detection items; deleting the detection items contained in the detection items having the same function as the target detection item; updating the detection conditions and/or detection parameter values of the detection items with the same function as the target detection items; the detection conditions and/or detection parameters of the detection items included in the detection items having the same function as the target detection item are updated.
In the embodiment of the invention, if the alternative detection items are combined detection items, new detection items can be added in the alternative detection items, existing detection items can be deleted, and detection conditions and/or detection parameter values of the detection items contained in the alternative detection items can be modified. If the alternative test item is a non-combinatorial test item, its test conditions and/or test parameter values may be modified.
Therefore, according to the method provided by the embodiment of the invention, the existing history version detection item can be directly modified without regenerating the target detection item, and further, the generation efficiency of the target detection strategy can be further improved.
In one embodiment, the step S103 may include:
if multiple versions exist in the detection item with the same function as the target detection item, the target detection item is obtained based on the detection item of the latest version.
In the embodiment of the invention, the similarity degree between the latest version of the alternative detection item and the specific content of the target detection item is higher, so that if a plurality of versions of the alternative detection item exist, the latest version of the alternative detection item can be updated to obtain the target detection item, the operation of updating the alternative detection item can be reduced, and the generation efficiency of the target detection strategy is improved.
Referring to fig. 11, fig. 11 is a schematic diagram of a service request detection method according to an embodiment of the present invention.
Risk point management: and determining each detection item and generating a target detection strategy. Risk point execution: and detecting the service request based on the target detection strategy. The risk points in the embodiment of the invention are the detection items. In fig. 11, risk points 1 to 5 constitute a target detection strategy.
Risk point configuration: determining risk points 1-5 and combining the risk points.
Risk grading configuration: and determining the corresponding relation between the detection parameter value and the risk level.
Risk point compilation: and determining the calculation sequence of the detection parameter values corresponding to the risk points based on the risk point configuration.
And (3) issuing risk points: a target detection policy is generated.
In addition, the above information may be stored in a database. Further, when a service request sent by a service party is received, the above information may be acquired from a database.
Risk point calculation: and calculating detection parameter values corresponding to the detection items to obtain target detection parameter values.
Risk grading: and determining a risk level corresponding to the target detection parameter value based on the risk grading configuration, and taking the risk level as the risk level of the service request.
Based on the same inventive concept, the embodiment of the present invention further provides a detection policy generating device, referring to fig. 12, fig. 12 is a structural diagram of the detection policy generating device provided by the embodiment of the present invention, where the device includes:
a detection policy generation instruction receiving module 1201, configured to receive a generation instruction for a target detection policy;
a judging module 1202, configured to judge, for each target detection item included in the target detection policy, whether a detection item having the same function as the target detection item exists in each detection item generated in advance;
the detection item acquisition module 1203 is configured to obtain, if a detection item having the same function as the target detection item exists, the target detection item based on the detection item having the same function as the target detection item;
the detection item generating module 1204 is configured to generate, if there is no detection item with the same function as the target detection item, the target detection item based on detection item data of the target detection item carried in the generating instruction;
the target detection policy generating module 1205 is configured to combine each target detection item according to a target combination manner represented by the combination identifier carried in the generating instruction, so as to obtain the target detection policy.
Optionally, the respective target detection items include: a non-combination detection item including a detection condition and a detection parameter value corresponding to the detection condition, and a combination detection item for combining detection parameter values of other plurality of detection items;
the apparatus further comprises:
the service request acquisition module is used for combining all target detection items according to a target combination mode represented by a combination identifier carried in the generation instruction, and receiving a service request corresponding to the target detection strategy after the target detection strategy is generated;
the first detection parameter value acquisition module is used for acquiring detection parameter values corresponding to detection conditions matched with the service request in the non-combination detection items aiming at each non-combination detection item in each target detection item, and the detection parameter values are used as first detection parameter values corresponding to the non-combination detection items of the service request;
the second detection parameter value acquisition module is used for combining detection parameter values of other detection items corresponding to each combination detection item in the target detection items to obtain a detection parameter value corresponding to the combination detection item of the service request as a second detection parameter value;
The target detection parameter value acquisition module is used for acquiring a target detection parameter value of the service request based on the second detection parameter value;
and the service processing module is used for carrying out security control processing on the service request based on the target detection parameter value.
Optionally, the apparatus further includes:
the storage module is used for acquiring detection parameter values corresponding to detection conditions matched with the service request in the non-combination detection items as first detection parameter values of the service request corresponding to the non-combination detection items in the non-combination detection items aiming at each non-combination detection item in the target detection items, and then storing the first detection parameter values of the service request corresponding to the non-combination detection items into the memory;
the second detection parameter value acquisition module includes:
the detection parameter value acquisition sub-module is used for acquiring detection parameter values of other detection items corresponding to each combination detection item from all detection parameter values stored in the memory according to each combination detection item in all target detection items;
and the second detection parameter value acquisition sub-module is used for combining the acquired detection parameter values to obtain a second detection parameter value of the service request corresponding to the combined detection item, and storing the second detection parameter value into the memory.
Optionally, the apparatus further includes:
and the target risk level determining module is used for determining the risk level corresponding to the target detection parameter value based on the corresponding relation between the preset detection parameter value and the risk level after the target detection parameter value of the service request is obtained based on the second detection parameter value, and the risk level is used as the target risk level of the service request.
Optionally, the service processing module is specifically configured to respond to the service request if the target detection parameter value belongs to a first preset parameter value range;
if the target detection parameter value belongs to a second preset parameter value range, carrying out security verification on the service request;
and if the target detection parameter value belongs to a third preset parameter value range, refusing to respond to the service request.
Optionally, the detection item obtaining module 1203 is specifically configured to perform an update operation on the detection item with the same function as the target detection item based on the detection item data of the target detection item, to obtain the target detection item.
Optionally, the detection item obtaining module 1203 is specifically configured to perform at least one of the following:
adding detection items contained in the detection items having the same function as the target detection items;
Deleting the detection items contained in the detection items having the same function as the target detection item;
updating the detection conditions and/or detection parameter values of the detection items with the same function as the target detection items;
the detection conditions and/or detection parameters of the detection items included in the detection items having the same function as the target detection item are updated.
Optionally, the detection item obtaining module 1203 is specifically configured to obtain, if there are multiple versions of the detection item having the same function as the target detection item, the target detection item based on the detection item of the latest version.
The embodiment of the present invention further provides an electronic device, as shown in fig. 13, including a processor 1301, a communication interface 1302, a memory 1303 and a communication bus 1304, where the processor 1301, the communication interface 1302, and the memory 1303 complete communication with each other through the communication bus 1304,
a memory 1303 for storing a computer program;
processor 1301, when executing the program stored in memory 1303, implements the following steps:
receiving a generation instruction aiming at a target detection strategy;
judging whether detection items with the same functions as the target detection items exist in all the detection items which are generated in advance according to each target detection item contained in the target detection strategy;
If the detection item with the same function as the target detection item exists, obtaining the target detection item based on the detection item with the same function as the target detection item;
if the detection item with the same function as the target detection item does not exist, generating the target detection item based on the detection item data of the target detection item carried in the generation instruction;
and combining all the target detection items according to a target combination mode represented by the combination mark carried in the generation instruction to obtain the target detection strategy.
The communication bus mentioned by the above electronic device may be a peripheral component interconnect standard (Peripheral Component Interconnect, abbreviated as PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) bus, or the like. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the electronic device and other devices.
The memory may include random access memory (Random Access Memory, RAM) or non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but also digital signal processors (Digital Signal Processor, DSP for short), application specific integrated circuits (Application Specific Integrated Circuit, ASIC for short), field-programmable gate arrays (Field-Programmable Gate Array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
In yet another embodiment of the present invention, a computer readable storage medium is provided, where a computer program is stored, where the computer program is executed by a processor to implement the detection policy generation method according to any one of the foregoing embodiments.
In a further embodiment of the present invention, a computer program product comprising instructions, which when run on a computer, causes the computer to perform the detection policy generation method according to any of the above embodiments is also provided.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the apparatus, electronic device, computer readable storage medium, and computer program product embodiments, the description is relatively simple, as relevant to the method embodiments being referred to in the section of the description of the method embodiments.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.
Claims (10)
1. A method of generating a detection strategy, the method comprising:
receiving a generation instruction aiming at a target detection strategy;
judging whether detection items with the same functions as the target detection items exist in all the detection items which are generated in advance according to each target detection item contained in the target detection strategy;
if the detection item with the same function as the target detection item exists, obtaining the target detection item based on the detection item with the same function as the target detection item;
if the detection item with the same function as the target detection item does not exist, generating the target detection item based on the detection item data of the target detection item carried in the generation instruction;
combining all target detection items according to a target combination mode represented by a combination mark carried in the generation instruction to obtain the target detection strategy;
the respective target detection items include: a non-combination detection item including a detection condition and a detection parameter value corresponding to the detection condition, and a combination detection item for combining detection parameter values of other plurality of detection items;
After each target detection item is combined according to the target combination mode represented by the combination identifier carried in the generation instruction to generate the target detection strategy, the method further comprises the following steps:
receiving a service request corresponding to the target detection strategy;
for each non-combination detection item in each target detection item, acquiring a detection parameter value corresponding to a detection condition matched with the service request in the non-combination detection item as a first detection parameter value corresponding to the non-combination detection item of the service request;
combining detection parameter values of other detection items corresponding to each combination detection item in the target detection items to obtain a detection parameter value of the combination detection item corresponding to the service request as a second detection parameter value;
obtaining a target detection parameter value of the service request based on the second detection parameter value;
and carrying out security control processing on the service request based on the target detection parameter value.
2. The method according to claim 1, wherein after the detection parameter value corresponding to the detection condition matched to the service request in the non-combination detection item is obtained as the first detection parameter value of the non-combination detection item for the service request for each non-combination detection item in the respective target detection items, the method further comprises:
Storing a first detection parameter value of the service request corresponding to the non-combination detection item into a memory;
combining, for each combined detection item in each target detection item, detection parameter values of a plurality of other detection items corresponding to the combined detection item to obtain a detection parameter value of the service request corresponding to the combined detection item, where the detection parameter value is used as a second detection parameter value, and the method includes:
for each combined detection item in each target detection item, acquiring detection parameter values of other detection items corresponding to the combined detection item from all detection parameter values stored in the memory;
and combining the acquired detection parameter values to obtain a second detection parameter value of the service request corresponding to the combined detection item, and storing the second detection parameter value into the memory.
3. The method according to claim 1, wherein after deriving the target detection parameter value of the service request based on the second detection parameter value, the method further comprises:
and determining the risk level corresponding to the target detection parameter value based on the corresponding relation between the preset detection parameter value and the risk level, and taking the risk level as the target risk level of the service request.
4. The method of claim 1, wherein the performing security control processing on the service request based on the target detection parameter value comprises:
if the target detection parameter value belongs to a first preset parameter value range, responding to the service request;
if the target detection parameter value belongs to a second preset parameter value range, carrying out security verification on the service request;
and if the target detection parameter value belongs to a third preset parameter value range, refusing to respond to the service request.
5. The method according to claim 1, wherein the obtaining the target detection item based on the detection item having the same function as the target detection item includes:
and based on the detection item data of the target detection item, performing an updating operation on the detection item with the same function as the target detection item to obtain the target detection item.
6. The method of claim 5, wherein the performing an update operation on the detection item that is functionally identical to the target detection item comprises at least one of:
adding detection items contained in the detection items having the same function as the target detection items;
deleting the detection items contained in the detection items having the same function as the target detection item;
Updating the detection conditions and/or detection parameter values of the detection items with the same function as the target detection items;
the detection conditions and/or detection parameters of the detection items included in the detection items having the same function as the target detection item are updated.
7. The method according to claim 1, wherein the obtaining the target detection item based on the detection item having the same function as the target detection item includes:
if multiple versions exist in the detection item with the same function as the target detection item, the target detection item is obtained based on the detection item of the latest version.
8. A detection policy generation apparatus, the apparatus comprising:
the detection strategy generation instruction receiving module is used for receiving a generation instruction aiming at the target detection strategy;
the judging module is used for judging whether detection items which are generated in advance and have the same function as the target detection items exist in the detection items aiming at each target detection item contained in the target detection strategy;
the detection item acquisition module is used for acquiring the target detection item based on the detection item with the same function as the target detection item if the detection item with the same function as the target detection item exists;
The detection item generation module is used for generating the target detection item based on the detection item data of the target detection item carried in the generation instruction if the detection item with the same function as the target detection item does not exist;
the target detection strategy generation module is used for combining all target detection items according to a target combination mode represented by a combination identifier carried in the generation instruction to obtain the target detection strategy;
the respective target detection items include: a non-combination detection item including a detection condition and a detection parameter value corresponding to the detection condition, and a combination detection item for combining detection parameter values of other plurality of detection items;
the apparatus further comprises:
the service request acquisition module is used for combining all target detection items according to a target combination mode represented by a combination identifier carried in the generation instruction, and receiving a service request corresponding to the target detection strategy after the target detection strategy is generated;
the first detection parameter value acquisition module is used for acquiring detection parameter values corresponding to detection conditions matched with the service request in the non-combination detection items aiming at each non-combination detection item in each target detection item, and the detection parameter values are used as first detection parameter values corresponding to the non-combination detection items of the service request;
The second detection parameter value acquisition module is used for combining detection parameter values of other detection items corresponding to each combination detection item in the target detection items to obtain a detection parameter value corresponding to the combination detection item of the service request as a second detection parameter value;
the target detection parameter value acquisition module is used for acquiring a target detection parameter value of the service request based on the second detection parameter value;
and the service processing module is used for carrying out security control processing on the service request based on the target detection parameter value.
9. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
a processor for carrying out the method steps of any one of claims 1-7 when executing a program stored on a memory.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored therein a computer program which, when executed by a processor, implements the method steps of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110886535.3A CN113590180B (en) | 2021-08-03 | 2021-08-03 | Detection strategy generation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110886535.3A CN113590180B (en) | 2021-08-03 | 2021-08-03 | Detection strategy generation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113590180A CN113590180A (en) | 2021-11-02 |
| CN113590180B true CN113590180B (en) | 2023-07-28 |
Family
ID=78254434
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110886535.3A Active CN113590180B (en) | 2021-08-03 | 2021-08-03 | Detection strategy generation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113590180B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114115201A (en) * | 2021-11-29 | 2022-03-01 | 上海地铁维护保障有限公司 | Vehicle-mounted controller static test method and system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003076937A (en) * | 2001-09-06 | 2003-03-14 | Shinichi Morishita | Method and system for extracting association rule and association rule extraction program |
| US8527475B1 (en) * | 2011-09-21 | 2013-09-03 | Amazon Technologies, Inc. | System and method for identifying structured data items lacking requisite information for rule-based duplicate detection |
| CN109753281A (en) * | 2017-11-01 | 2019-05-14 | 北京德意新能电气有限公司 | A kind of microgrid energy management strategy visualization toolkit based on graphic programming |
| KR102008707B1 (en) * | 2019-03-26 | 2019-08-09 | 이종훈 | Risk management system |
| CN111460298A (en) * | 2020-03-31 | 2020-07-28 | 深圳市酷开网络科技有限公司 | Service data processing method and device, computer equipment and storage medium |
| CN111738623A (en) * | 2020-07-17 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Business risk detection method and device |
| CN111787094A (en) * | 2020-06-29 | 2020-10-16 | 腾讯科技(深圳)有限公司 | Data processing method, device, storage medium and equipment |
| CN112988607A (en) * | 2021-05-11 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Application program component detection method and device and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10354220B2 (en) * | 2016-12-05 | 2019-07-16 | Oracle International Corporation | Rule based source sequencing for allocation |
-
2021
- 2021-08-03 CN CN202110886535.3A patent/CN113590180B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003076937A (en) * | 2001-09-06 | 2003-03-14 | Shinichi Morishita | Method and system for extracting association rule and association rule extraction program |
| US8527475B1 (en) * | 2011-09-21 | 2013-09-03 | Amazon Technologies, Inc. | System and method for identifying structured data items lacking requisite information for rule-based duplicate detection |
| CN109753281A (en) * | 2017-11-01 | 2019-05-14 | 北京德意新能电气有限公司 | A kind of microgrid energy management strategy visualization toolkit based on graphic programming |
| KR102008707B1 (en) * | 2019-03-26 | 2019-08-09 | 이종훈 | Risk management system |
| CN111460298A (en) * | 2020-03-31 | 2020-07-28 | 深圳市酷开网络科技有限公司 | Service data processing method and device, computer equipment and storage medium |
| CN111787094A (en) * | 2020-06-29 | 2020-10-16 | 腾讯科技(深圳)有限公司 | Data processing method, device, storage medium and equipment |
| CN111738623A (en) * | 2020-07-17 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Business risk detection method and device |
| CN112988607A (en) * | 2021-05-11 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Application program component detection method and device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113590180A (en) | 2021-11-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11658992B2 (en) | Lateral movement candidate detection in a computer network | |
| CN110798472B (en) | Data leakage detection method and device | |
| US8832840B2 (en) | Mobile application security and management service | |
| US8813239B2 (en) | Online fraud detection dynamic scoring aggregation systems and methods | |
| CN109831504B (en) | Micro service request processing method, device and equipment | |
| WO2020248658A1 (en) | Abnormal account detection method and apparatus | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN103607385A (en) | Method and apparatus for security detection based on browser | |
| CN115065512B (en) | Account login method, system, device, electronic equipment and storage medium | |
| CN115242434A (en) | Application program interface API identification method and device | |
| CN115695012A (en) | Login request processing method and device, electronic equipment and storage medium | |
| CN113590180B (en) | Detection strategy generation method and device | |
| CN113949579B (en) | Website attack defense method and device, computer equipment and storage medium | |
| CN114328029A (en) | Backup method and device of application resources, electronic equipment and storage medium | |
| CN111131166B (en) | User behavior prejudging method and related equipment | |
| CN114567678B (en) | Resource calling method and device for cloud security service and electronic equipment | |
| CN115714660A (en) | Authority configuration method and device | |
| CN112217770B (en) | Security detection method, security detection device, computer equipment and storage medium | |
| CN115022008A (en) | Access risk assessment method, device, equipment and medium | |
| CN107704557B (en) | Processing method and device for operating mutually exclusive data, computer equipment and storage medium | |
| CN115987683B (en) | Node access control method, device, equipment and medium in block chain network | |
| CN111949363B (en) | Service access management method, computer equipment, storage medium and system | |
| CN111935162A (en) | Cloud file access method and device and related components | |
| CN117014217A (en) | Abnormality detection method, abnormality detection device, electronic device, and storage medium | |
| CN111614669A (en) | Method, device and equipment for processing user information operation request and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |