CN114422223A - Information attack processing method and system applied to cloud service big data - Google Patents

Information attack processing method and system applied to cloud service big data Download PDF

Info

Publication number
CN114422223A
CN114422223A CN202210030325.9A CN202210030325A CN114422223A CN 114422223 A CN114422223 A CN 114422223A CN 202210030325 A CN202210030325 A CN 202210030325A CN 114422223 A CN114422223 A CN 114422223A
Authority
CN
China
Prior art keywords
session
cloud service
sessions
target
service interaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202210030325.9A
Other languages
Chinese (zh)
Inventor
吴笛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wu Di
Original Assignee
Pu'er Blue Ocean Data Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pu'er Blue Ocean Data Service Co ltd filed Critical Pu'er Blue Ocean Data Service Co ltd
Priority to CN202210030325.9A priority Critical patent/CN114422223A/en
Publication of CN114422223A publication Critical patent/CN114422223A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides an information attack processing method and system applied to cloud service big data, which can comprehensively and comprehensively consider the differential information attack situation of a threat event on different cloud service interaction sessions, thereby pertinently realizing the analysis and processing of the safety session information of different cloud service interaction sessions, improving the flexibility and reliability of information attack analysis, for example, analyzing the specific information attack mode and the caused consequences of the threat event on different cloud service interaction sessions through the technical scheme.

Description

Information attack processing method and system applied to cloud service big data
Technical Field
The invention relates to the technical field of big data, in particular to an information attack processing method and system applied to cloud service big data.
Background
The big data processing technology is widely applied to various industries nowadays, and the requirements of mass storage and mass analysis are met for various services. The explosive growth of the amount of data now poses more challenges to the data processing capacity, and also places higher demands on the timeliness. Nowadays, the demand of big data information processing is more and more diversified, but at the same time, the problem of information security is also faced. The inventor of the invention has found through long-term intensive research that the existing big data security analysis processing technology is too mechanized and hardened, and the reliability of the security analysis processing is difficult to guarantee.
Disclosure of Invention
The invention provides an information attack processing method and system applied to cloud service big data, and the following technical scheme is adopted in the application to achieve the technical purpose.
The first aspect is an information attack processing method applied to cloud service big data, applied to an information attack processing system, and the method at least comprises the following steps: determining a first cloud service interaction session containing a target threat event in a cloud service interaction record, and adding the target threat event in the target cloud service interaction session containing the first cloud service interaction session and X groups of cloud service interaction sessions after the first cloud service interaction session to a session set to be processed, wherein X is a positive integer; on the basis of determining a group of second cloud service interaction sessions in the cloud service interaction records after the first cloud service interaction session, determining at least one target threat event from the set of sessions to be processed, and fusing the determined target threat events into an auxiliary interaction session; the number difference between the second cloud service interaction session and the first cloud service interaction session is not less than a first specified number of sessions, and the second cloud service interaction session also comprises the target threat event; and carrying out global processing on the second cloud service interaction session and the auxiliary type interaction session to obtain a global type interaction session, wherein the global type interaction session comprises a target threat event contained in the second cloud service interaction session and a target threat event contained in the auxiliary type interaction session.
The method and the device for processing the target cloud service interaction session merge a target threat event in the target cloud service interaction session into an auxiliary type interaction session, and the auxiliary type interaction session and a second cloud service interaction session behind a first cloud service interaction session in the target cloud service interaction session are processed in a global mode, so that the first threat event and the second threat event are marked in the global type interaction session at the same time. The first threat event is a target threat event contained in the second cloud service interaction session before the global processing, and the second threat event is a target threat event contained in the auxiliary interaction session. Compared with the idea of directly adjusting the secure session information of the cloud service interaction session, the cloud service interaction record processing method disclosed by the invention can comprehensively and comprehensively consider the differential information attack situation of the threat event on different cloud service interaction sessions, so that the secure session information analysis processing of different cloud service interaction sessions is pertinently realized, the flexibility and the reliability of information attack analysis are improved, and for example, the specific information attack mode and the caused consequences of the threat event on different cloud service interaction sessions can be analyzed through the technical scheme.
In some possible embodiments, the adding the targeted threat events in the targeted cloud commerce interaction session encompassing the first cloud commerce interaction session and X groups of cloud commerce interaction sessions following the first cloud commerce interaction session to the set of pending sessions includes: for each group of target cloud service interaction sessions, determining a first visual index, wherein the first visual index is used for reflecting the current storage distribution tag in the session set to be processed; adding a target threat event in the target cloud service interaction session to a storage distribution tag corresponding to the first visual index, and migrating the first visual index to a next storage distribution tag in the set of sessions to be processed. Therefore, by combining the first visual index, the current storage distribution label in the session set to be processed can be determined timely and accurately, and the efficiency of adding the target threat event to the session set to be processed can be improved, so that the processing efficiency of the cloud service interactive record is improved, and meanwhile, the global interactive session can be acquired in real time.
In some possible embodiments, the determining at least one target threat event from the set of pending sessions comprises: determining a second visual index intended to reflect a storage distribution tag of a current target threat event to be determined in the set of pending sessions; and determining at least one target threat event from the storage distribution tag corresponding to the second visual index, and migrating the second visual index to a storage distribution tag of the next target threat event to be determined in the session set to be processed. Therefore, by combining the second visual index, the storage distribution label of the current target threat event to be determined in the to-be-processed session set can be determined timely and accurately, the efficiency of determining the target threat event from the to-be-processed session set is improved, the cloud service interaction record processing efficiency is improved, and meanwhile, the global interactive session can be obtained in real time.
In some possible embodiments, before adding a targeted threat event in a targeted cloud commerce interaction session encompassing the first cloud commerce interaction session and an X group of cloud commerce interaction sessions following the first cloud commerce interaction session to a set of pending sessions, the method further comprises: generating the session set to be processed, and configuring a first visual index and a second visual index under an initial storage distribution tag of the session set to be processed; the first visual index is intended to reflect a current storage distribution tag in the set of pending sessions; the second visual index is intended to reflect a storage distribution tag of a current targeted threat event to be determined in the set of pending sessions.
In some possible embodiments, the method further comprises: and obtaining an auxiliary interactive session carrying a target annotation on the basis that the second cloud service interactive session is not determined.
In some possible embodiments, the number of sets of pending sessions is Y; adding a target threat event in a target cloud traffic interaction session covering the first cloud traffic interaction session and an X group of cloud traffic interaction sessions following the first cloud traffic interaction session to a set of pending sessions, comprising: on the basis of determining the u-th first cloud service interaction session, adding a target threat event covering the u-th first cloud service interaction session and a target cloud service interaction session of an X group of cloud service interaction sessions after the u-th first cloud service interaction session to a to-be-processed session set with u as a keyword, wherein the v-th first cloud service interaction session is positioned after the u-th first cloud service interaction session, the difference of the number of sessions between the u-th first cloud service interaction session and the v-th first cloud service interaction session is equal to a second specified number of sessions, u is greater than or equal to 1 and less than or equal to Y, and u and Y are both positive integers; the determining, from the set of sessions to be processed, at least one target threat event on the basis of determining a set of second cloud service interaction sessions in the cloud service interaction record after the first cloud service interaction session includes: and respectively determining at least one target threat event from each to-be-processed session set in each to-be-processed session set of which the keyword is not greater than u on the basis of determining a group of second cloud service interaction sessions in the cloud service interaction records, which are positioned behind the u-th first cloud service interaction session.
Therefore, a plurality of second threat events can be added to one global type interactive session, and different second threat events can originate from different target cloud service interactive sessions, so that the binding integrity of the threat events can be guaranteed.
In some possible embodiments, the method further comprises: obtaining a configuration request containing a quantization index of X; configuring the quantization index of X through the configuration request containing the quantization index of X; and/or obtaining a configuration request comprising the first specified number of sessions; configuring the first specified number of sessions with the configuration request containing the first specified number of sessions.
In some possible embodiments, the method further comprises: on the basis of the configuration request which does not obtain the quantization index containing X, configuring the quantization index containing X into a reference quantization label; and/or configuring the first specified session number as a reference session number on the basis of the configuration request containing the first specified session number which is not acquired.
In some possible embodiments, the fusing the determined targeted threat events into an assisted interactive session includes: carrying out pre-operation on the determined target threat event to obtain a target threat event which completes the pre-operation, wherein the information attack influence description of the target threat event which completes the pre-operation is different from that of the determined target threat event; and fusing the target threat event which completes the preposition operation into the auxiliary interactive session. Therefore, through the embodiment, the second threat event can obtain different information attack influence descriptions, so that the second threat event expresses different modes in the global interactive session, and the binding integrity of the threat event can be further ensured.
In some possible embodiments, the adding the targeted threat events in the targeted cloud commerce interaction session encompassing the first cloud commerce interaction session and X groups of cloud commerce interaction sessions following the first cloud commerce interaction session to the set of pending sessions includes: adding a target cloud service interaction session covering the first cloud service interaction session and an X group of cloud service interaction sessions after the first cloud service interaction session to a set of sessions to be processed; or the target threat events are disassembled from each group of target cloud service interaction sessions, and the disassembled target threat events are added to a session set to be processed.
In some possible embodiments, the determining at least one target threat event from a set of pending sessions based on adding a target cloud interaction session encompassing the first cloud interaction session and an X group of cloud interaction sessions following the first cloud interaction session to the set of pending sessions includes: carrying out threat event identification on the cloud service interaction session in the session set to be processed to obtain an identification condition; and determining the target threat event from the set of pending sessions according to the identification condition.
In some possible embodiments, the determining the targeted threat event from the set of pending sessions through the identification case includes: performing safety session information dismantling on the target cloud service interaction sessions in the session set to be processed to obtain a positioning result of a target threat event in the target cloud service interaction sessions in the session set to be processed; distinguishing the target cloud service interaction sessions in the session set to be processed according to the positioning result of the target threat events in the target cloud service interaction sessions in the session set to be processed, and determining the target threat events from the target cloud service interaction sessions in the session set to be processed based on the result of the distinguishing operation.
In some possible embodiments, the adding the targeted threat events in the targeted cloud commerce interaction session encompassing the first cloud commerce interaction session and X groups of cloud commerce interaction sessions following the first cloud commerce interaction session to the set of pending sessions includes: for each group of target cloud service interaction sessions, on the basis of saturation of the session set to be processed, after the target threat event which is added to the session set to be processed first is filtered from the session set to be processed, adding the target threat event in the target cloud service interaction session to the session set to be processed. Therefore, the session set to be processed can be filtered in time through the method, and then the current target threat event can be continuously added to the session set to be processed, so that a new second threat event can be continuously marked in the global interactive session.
In some possible embodiments, the method further comprises: determining a threat impact tag for a first of the target threat events contained in the global-type interactive session; and binding a derived threat event for the first target threat event by a threat impact tag of the first target threat event, and marking the derived threat event in the global type interaction session.
In some possible embodiments, the method further comprises: session scene characteristics in the first cloud service interaction session are mined; and binding derived threat events for the target threat events in the auxiliary interactive sessions contained in the global interactive session through the session scene characteristics, and marking the derived threat events in the global interactive session. Therefore, by combining with the binding derivative threat event, the cloud service interaction session mark which completes global processing can have more comprehensive session content, so that the richness and the integrity of the cloud service interaction record processing result are further improved.
In some possible embodiments, the adding the targeted threat events in the targeted cloud commerce interaction session encompassing the first cloud commerce interaction session and X groups of cloud commerce interaction sessions following the first cloud commerce interaction session to the set of pending sessions includes: adding target threat events in each group of target cloud service interaction sessions to the session set to be processed one by one according to the distribution labels of each group of target cloud service interaction sessions in the cloud service interaction records; the determining at least one target threat event from the set of pending sessions and fusing the determined target threat event into an auxiliary interactive session includes: and determining the target threat events from the session set to be processed according to the relative position relationship of each target threat event in the session set to be processed, and fusing the determined target threat events into the auxiliary interactive session. In this way, the upstream and downstream correlation and the information attack causal relationship between different threat events can be taken into account, thereby ensuring the integrity and reliability of the information attack analysis for a series of threat events.
The second aspect is an information attack processing system, including a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; wherein the computer instructions, when executed by the processor, cause the information attack processing system to perform the method of the first aspect.
Drawings
Fig. 1 is a schematic flowchart of an information attack processing method applied to cloud service big data according to an embodiment of the present invention.
Fig. 2 is a block diagram of an information attack processing apparatus applied to cloud service big data according to an embodiment of the present invention.
Detailed Description
In the following, the terms "first", "second" and "third", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," or "third," etc., may explicitly or implicitly include one or more of that feature.
Fig. 1 is a schematic flowchart illustrating an information attack processing method applied to cloud service big data according to an embodiment of the present invention, where the information attack processing method applied to cloud service big data may be implemented by an information attack processing system, and the information attack processing system may include a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; wherein, when the processor executes the computer instructions, the information attack processing system is caused to execute the technical scheme described in the following steps.
Step S201, determining a first cloud service interaction session containing a target threat event in a cloud service interaction record, and adding the target threat event in the target cloud service interaction session containing the first cloud service interaction session and X groups of cloud service interaction sessions after the first cloud service interaction session to a session set to be processed, where X is a positive integer.
For example, the cloud service interaction record comprises a series of cloud service interaction sessions, and the fields involved in the cloud service interaction sessions include but are not limited to digital payment, remote education, online office, smart medical, VR/AR and the like. The threat event may be a detected session event with an information attack attribute from a cloud service interaction session. It can be understood that the first cloud service interaction session containing the target threat event records the information attack influence or data risk influence and the like of the target threat event on the first cloud service interaction session. The set of pending sessions may be understood as a sequence of buffers.
Step S202, on the basis of determining a group of second cloud service interaction sessions behind the first cloud service interaction session in the cloud service interaction record, determining at least one target threat event from the set of sessions to be processed, and fusing the determined target threat events into an auxiliary interaction session; the number difference between the second cloud service interaction session and the first cloud service interaction session is not less than a first specified number of sessions, and the second cloud service interaction session also comprises the target threat event.
For example, an assisted interactive session may be understood as an intermediate session or an interactive session for caching.
Step S203, performing global processing on the second cloud service interaction session and the auxiliary type interaction session to obtain a global type interaction session, where the global type interaction session includes a target threat event included in the second cloud service interaction session and a target threat event included in the auxiliary type interaction session.
For example, the global processing may be synthesis processing, and accordingly, the global interaction session is a synthesis session, and it can be understood that, since the global interaction session includes a target threat event included in the second cloud service interaction session and a target threat event included in the auxiliary interaction session, the global interaction session may completely record an information attack influence/data risk condition of the target threat event included in the second cloud service interaction session and an information attack influence/data risk condition of the target threat event included in the auxiliary interaction session, so that information attack conditions, data risk consequences and the like of different threat events in different cloud service interaction sessions can be determined more adaptively.
The method and the device for processing the target cloud service interaction session merge a target threat event in the target cloud service interaction session into an auxiliary type interaction session, and the auxiliary type interaction session and a second cloud service interaction session behind a first cloud service interaction session in the target cloud service interaction session are processed in a global mode, so that the first threat event and the second threat event are marked in the global type interaction session at the same time. The first threat event is a target threat event contained in the second cloud service interaction session before the global processing, and the second threat event is a target threat event contained in the auxiliary interaction session. Compared with the idea of directly adjusting the secure session information of the cloud service interaction session, the cloud service interaction record processing method disclosed by the invention can comprehensively and comprehensively consider the differential information attack situation of the threat event on different cloud service interaction sessions, so that the secure session information analysis processing of different cloud service interaction sessions is pertinently realized, the flexibility and the reliability of information attack analysis are improved, and for example, the specific information attack mode and the caused consequences of the threat event on different cloud service interaction sessions can be analyzed through the technical scheme.
For step S201, it can be understood that the target cloud service interaction session may include an X +1 group of persistent cloud service interaction sessions starting from the first cloud service interaction session. If the first cloud service interaction session is the Q-th group of cloud service interaction sessions in the cloud service interaction record, the Q-th group of cloud service interaction sessions, the Q + 1-th group of cloud service interaction sessions, the Q + 2-th group of cloud service interaction sessions, … …, and the Q + X-th group of cloud service interaction sessions may be determined as target cloud service interaction sessions. Or, each cloud service interaction session included in the target cloud service interaction session may also be an inconsistent cloud service interaction session. Such as: the cloud service interaction session can be determined once every certain session number difference exists from the first cloud service interaction session, and the determined cloud service interaction session is determined as one group of target cloud service interaction sessions until the X +1 group of target cloud service interaction sessions is determined. For another example: the cloud service interaction session which is located after the first cloud service interaction session and the key words of which accord with the specified indexes can be determined, and the determined cloud service interaction session is determined as one group of target cloud service interaction sessions until the X +1 group of target cloud service interaction sessions is determined. The specified index may be determined according to the actual demand condition, such as: configured to be an integer multiple of a service interaction session key of the first cloud service interaction session. For another example: starting from the first cloud service interaction session, determining an X +1 group of cloud service interaction sessions with quality meeting specified quality indexes as a target cloud service interaction session. For another example: the method includes the steps that X groups of cloud service interaction sessions are selected from W groups of cloud service interaction sessions started from a first cloud service interaction session, the first cloud service interaction session and the selected X groups of cloud service interaction sessions are determined to be target cloud service interaction sessions, wherein W is a positive integer and is larger than X.
It can be understood that after the target cloud service interaction sessions are determined, each target cloud service interaction session can be directly added to the session set to be processed, or the target threat events can be firstly disassembled from each target cloud service interaction session, and the disassembled target threat events are added to the session set to be processed. The set of pending sessions is a set for handling a targeted threat event, and in some possible embodiments, the set of pending sessions is a recyclable set of sessions.
The cloud service interaction session including the target threat event, which is located for the first time, may be used as the first cloud service interaction session, the cloud service interaction session including the target threat event, which is located for the first time after the obtained cloud service interaction record processing request, the cloud service interaction session including the target threat event, which is located in the specified keyword set, may be used as the first cloud service interaction session, or the first cloud service interaction session may be determined based on other criteria.
In this embodiment of the application, target threat events in each group of target cloud service interaction sessions may be added to the session set to be processed one by one according to a distribution label of each group of target cloud service interaction sessions in the cloud service interaction record. Each group of target cloud service interaction sessions can correspond to a service interaction session keyword or a digital signature for uniquely identifying the target cloud service interaction session. Target threat events in the target group cloud service interaction sessions can be added to the session set to be processed one by one based on the service interaction session keywords or the digital signatures of the target cloud service interaction sessions. Such as: adding a target cloud service interaction session with a keyword u1 to a session set to be processed, adding a target cloud service interaction session with a keyword u2 to the session set to be processed, and adding a target cloud service interaction session with a keyword u3 to the session set to be processed according to a similar idea, wherein u1 is more than u2 and less than u 3.
Each cloud service interaction session in the target cloud service interaction session except for the first cloud service interaction session may partially or entirely include a target threat event, which is not limited in the embodiments of the present application. Such as: if the target cloud service interaction session comprises a continuous X +1 group of cloud service interaction sessions with service interaction session keywords Q to Q + X, wherein the cloud service interaction session with the service interaction session keywords Q is a first cloud service interaction session, the cloud service interaction sessions with the service interaction session keywords Q +1, Q +2, … … and Q + X can all contain target threat events; or the cloud service interaction session of the service interaction session keyword Q +1 includes a target threat event, the cloud service interaction session of the service interaction session keyword Q +2 does not include a target threat event, and the cloud service interaction sessions of the service interaction session keywords Q +3, … … and Q + X all include a target threat event. The number of target threat events in a target cloud services interaction session containing a target threat event may be no less than 1.
To facilitate determining a storage distribution tag of the targeted threat event in the pending session set, a current storage distribution tag in the pending session set may be indicated by the first visualization index _ a. In specific implementation, for each group of target cloud service interaction sessions, a first visual index is determined, and the first visual index is intended to reflect a current storage distribution tag in the set of sessions to be processed. Adding a target threat event in the target cloud service interaction session to a storage distribution tag corresponding to the first visual index, and migrating the first visual index to a next storage distribution tag in the set of sessions to be processed.
For example, taking the target cloud service interaction session as an example including a persistent X +1 group of cloud service interaction sessions starting from the first cloud service interaction session, at time1, a cloud service interaction session with a service interaction session keyword of key _1 and a cloud service interaction session with a service interaction session keyword of key _2 have been added to the set of sessions to be processed, the current storage distribution tag in the set of sessions to be processed is shown as a visual index _ a1, and the target cloud service interaction session to be cached includes a cloud service interaction session with a keyword not less than 3. In time2, migrating the cloud service interaction session with the service interaction session keyword key _3 to the storage distribution tag corresponding to the first visual index _ a1 in the session set to be processed, and migrating the visual index _ a1 to the next storage distribution tag in the session set to be processed, as shown by the visual index _ a 2.
For step S202, on the basis of determining a set of second cloud service interaction sessions in the cloud service interaction record after the first cloud service interaction session, at least one target threat event may be determined from the set of sessions to be processed. Such as: only one targeted threat event may be determined per round. For another example: target threat events belonging to the same group of target cloud service interaction sessions can be determined from the set of pending sessions in each round. Or, the target threat events in at least two groups of target cloud service interaction sessions associated in the target cloud service interaction sessions can be determined from the set of sessions to be processed in each round. A specified number of targeted threat events may also be determined from the set of pending sessions on a per-pass basis, regardless of which cloud services interaction session the determined targeted threat event belongs to. In addition, other ways of determining the target threat event may also be used, and embodiments of the present application are not described herein too much.
When fusing the determined target threat event into the auxiliary interactive session, an auxiliary interactive session carrying a target annotation may be created first, and then the determined target threat event is copied into the auxiliary interactive session carrying the target annotation. The fused distribution label may be consistent with or inconsistent with a distribution label of the target threat event in the target cloud service interaction session. Such as: the determined target threat event can be arbitrarily fused into the auxiliary interactive session carrying the target annotation, or the determined target threat event can be fused into the auxiliary interactive session carrying the target annotation at a benchmark or set fusion distribution label. In each round of embodiment for determining the target threat events in the target cloud service interaction sessions belonging to the same group from the session set to be processed, if the target cloud service interaction sessions do not contain the target threat events, the auxiliary type interaction sessions carrying the target annotations can be directly obtained.
For example, one or more targeted threat events may be merged into an assisted interactive session, such as: each target threat event belonging to the same group of target cloud service interaction sessions can be fused into the same auxiliary type interaction session, a specified number of target threat events can be fused into one auxiliary type interaction session, and other target threat events are fused into the current auxiliary type interaction session on the basis that the number of the fused target threat events in the auxiliary type interaction session reaches the specified number.
For step S201, adding the target threat events in each group of target cloud service interaction sessions to the session set to be processed one by one according to the distribution tags of each group of target cloud service interaction sessions in the cloud service interaction records, and according to the relative position relationship of each target threat event in the session set to be processed, determining the target threat events from the session set to be processed, and fusing the determined target threat events into the auxiliary interaction sessions.
In this embodiment of the application, the operation of fusing the determined target threat event into the auxiliary interactive session may be performed on the basis of determining the second cloud service interactive session. Wherein the difference in the number of sessions (the first specified number of sessions) between the second cloud service interaction session and the first cloud service interaction session is Z. And if the Q & ltth & gt group of cloud service interaction sessions is the first cloud service interaction session, the second cloud service interaction session comprises at least one group of cloud service interaction sessions starting from the Q & ltth & gt + Z & ltth & gt group of cloud service interaction sessions. In some possible embodiments, each time a group of second cloud service interaction sessions is determined, at least one target threat event may be determined from the set of pending sessions, and the determined target threat events may be merged into an auxiliary type interaction session. In each round of embodiment of determining target threat events belonging to the same group of target cloud service interaction sessions from the to-be-processed session set, on the basis of determining a Q + Z group of cloud service interaction sessions, each target threat event included in the Q group of cloud service interaction sessions can be screened out from the to-be-processed session set, and each target threat event included in the Q group of cloud service interaction sessions is fused to an auxiliary interaction session 1; on the basis of determining the Q + Z +1 th group of cloud service interaction sessions, all target threat events contained in the Q +1 th group of cloud service interaction sessions can be screened out from the session set to be processed, all target threat events contained in the Q +1 th group of cloud service interaction sessions are fused to an auxiliary type interaction session2, and similar ideas are adopted.
The above auxiliary interactive session1 and auxiliary interactive session2 may be the same auxiliary interactive session. Such as: each determined targeted threat event is merged into the same set of auxiliary-type interactive sessions, so that the second threat events tagged in the u-th set of global-type interactive sessions include all second threat events tagged in the u-1-th set of global-type interactive sessions. For another example: local or global target threat events already in the auxiliary interactive session may be filtered before fusing the target threat events into the auxiliary interactive session. Alternatively, the auxiliary interactive session1 and the auxiliary interactive session2 may be different auxiliary interactive sessions. Thus, the second threat events flagged in each set of global-type interactive sessions are different.
For step S201, the first cloud service interaction session and the target cloud service interaction sessions of the X groups of cloud service interaction sessions after the first cloud service interaction session are directly included in the to-be-processed session set, and in this step, at least one group of target cloud service interaction sessions may be determined from the to-be-processed session set, a target threat event may be disassembled from the determined cloud service interaction sessions, and the disassembled target threat event may be fused to the auxiliary interaction session. For step S201, the disassembled target threat events are added to the pending session set, and this step may determine at least one target threat event directly from the pending session set.
It is to be understood that, in order to facilitate the merging of the target threat events into the auxiliary-type interactive session, the storage distribution tags of the target threat events to be currently screened out in the set of pending sessions may be guided by the second visual index _ B. In particular implementations, a second visual index may be determined that is intended to reflect a storage distribution tag of a current targeted threat event to be determined in the set of pending sessions; and determining at least one target threat event from the storage distribution tag corresponding to the second visual index, and migrating the second visual index to a storage distribution tag of the next target threat event to be determined in the session set to be processed.
In some possible embodiments, if a session set to be processed does not exist on the basis of determining the first cloud service interaction session, a session set to be processed may be further generated, and the first visual index _ a and the second visual index _ B are both configured under the initial storage distribution tag of the session set to be processed, that is, the storage distribution tags corresponding to the first visual index _ a and the second visual index _ B are both the initial storage distribution tag of the session set to be processed. Since the processing manner of each set of target cloud service interaction sessions is similar, the processing procedure of one set of target cloud service interaction sessions is described here.
Step S501, a target cloud service interaction session is input, where the target cloud service interaction session may include a first cloud service interaction session and an X group of cloud service interaction sessions after the first cloud service interaction session.
Step S502, judge whether there is already session set to be processed. If yes, jumping to step S504, otherwise jumping to step S503.
Step S503 is to generate a pending session set with the number of sessions X, and adjust both the first visual index _ a and the second visual index _ B to match the initial storage distribution tag of the pending session set.
Step S504, storing the input cloud service interaction session to the first visual index _ a of the session set to be processed, and adjusting the first visual index _ a.
Step S505, it is determined whether the session number difference between the cloud service interaction session and the first cloud service interaction session is not less than the designated session number Z. If yes, go to step S506, otherwise go to step S507.
Step S506, fusing the target threat event in the cloud service interaction session stored at the second visual index _ B into the auxiliary type interaction session, and skipping to step S508.
And step S507, returning the auxiliary interactive session carrying the target annotation.
Step S508, an auxiliary interactive session is obtained.
For step S203, the second cloud service interaction session and the auxiliary type interaction session may be processed globally. Each set of second cloud service interaction sessions can be processed globally with at least one set of auxiliary type interaction sessions. The second cloud services interaction session may contain the target threat event prior to the globalization process. And the target threat event is migrated to the session set to be processed in different migration forms and/or is fused into the auxiliary interactive session through different fusion strategies, so that the effect of the second threat event marked in the global interactive session is different. For convenience of understanding, each target cloud service interaction session is described as covering one target threat event.
For example, a1, a2, A3 and a4 represent cloud service interactive sessions before global processing, and a2, A3 and a4 represent global type interactive sessions. The case301, the case302, the case303, and the case304 respectively represent a first threat event in a corresponding second cloud service interaction session, and the intent1, intent2, and intent3 represent second threat events. If a1 is regarded as the first cloud service interaction session, and if the first designated number of sessions is 1, the cloud service interaction session starting from a2 is the second cloud service interaction session. In other words, each second cloud service interaction session is globally processed with the previous cloud service interaction session of the second cloud service interaction session. It is understood that the first threat event case301 in a1 serves as the second threat event intent1 of the first threat event case302 in a2, the first threat event case302 in a2 serves as the second threat event intent2 of the first threat event case303 in a3, and the first threat event case303 in a3 serves as the second threat event intent3 of the first threat event case304 in a 4. Namely, the target threat event in each set of cloud service interaction session is used as a second threat event in the subsequent set of cloud service interaction session, the second threat event on each second cloud service interaction session repeats the threat influence of the first threat event in the previous set, that is, the threat influence of the second threat event and the threat influence of the first threat event in the global type interaction session maintain the hysteresis of 1 set.
For example, each second cloud service interaction session is globally processed with all target cloud service interaction sessions before the second cloud service interaction session. It is understood that the second threat event intent1 contained in a2 is the first threat event in a1, the second threat event contained in A3 is the first threat event in a1 and the first threat event in a2, and the second threat event contained in a4 is the first threat event in a1, the first threat event in a2 and the first threat event in A3.
In some possible embodiments, for each group of target cloud service interaction sessions, on the basis of saturation of the set of pending sessions, after filtering the target threat event that is first added to the set of pending sessions from the set of pending sessions, adding the target threat event in the target cloud service interaction session to the set of pending sessions, such as: taking the case of directly adding the cloud service interaction sessions to the session set to be processed as an example, each cloud service interaction session is added to the session set to be processed one by one according to the ascending order of the keywords, and if the session set to be processed can migrate 4 cloud service interaction sessions at most. The 5 th group of cloud service interactive sessions needs to be added in the time1 period, but the set of pending sessions is saturated at this time, so the cloud service interactive sessions with the key of key1 are filtered from the set of pending sessions in the time2 period, and the cloud service interactive sessions with the key of key5 are added to the set of pending sessions in the time3 period. This enables the threat impact between the second threat event and the first threat event to be maintained for a period of time in a subsequently globally processed global-type interactive session. If the number of the first specified sessions is 5, in the global type interactive session obtained after the cloud service interactive session with the key6 as the keyword is processed globally, the threat influence in the cloud service interactive session with the key1 as the second threat event repeated keyword is, and in the global type interactive session obtained after the cloud service interactive session with the key7 as the keyword is processed globally, the threat influence in the cloud service interactive session with the key2 as the second threat event repeated keyword is based on similar ideas. That is, the threat impact between the second threat event and the first threat event in the global-type interactive session can be maintained for a period of time.
In other possible embodiments, the target threat events in the target cloud service interaction session may be added to the session set to be processed one by one only on the basis that the session set to be processed is not saturated, the target threat events are not added to the session set to be processed any more on the basis that the session set to be processed is saturated, and the information attack processing method applied to the cloud service big data according to the embodiment of the present disclosure is terminated after all the target threat events in the session set to be processed are screened out. In this way, a global type interactive session, the portion of which includes the second threat event, can be globally processed. If the first designated number of sessions is 5, and if the number of added sessions is 2, and the currently added cloud service interaction sessions include a cloud service interaction session with a key of 1 and a cloud service interaction session with a key of 2. In this embodiment, in the global interactive session obtained after the cloud service interactive session with the key6 as the keyword is globally processed, the second threat event repeated key is a threat influence in the cloud service interactive session with the key1, and in the global interactive session obtained after the cloud service interactive session with the key7 as the keyword is globally processed, the second threat event repeated key is a threat influence in the cloud service interactive session with the key 2. Since all the cloud service interaction sessions in the session set to be processed are screened out after the global processing for multiple times, the global processing is not required for each cloud service interaction session starting from the cloud service interaction session with the key 8.
On the basis that the session set to be processed is an updatable sequence, cloud service interaction sessions in the sequence can be repeatedly determined, so that a second threat event in a global type interaction session of subsequent global processing is subjected to a periodic circulation group of threat influences. If the first designated session number is 5, and if the cache session number is 2, and the currently added target cloud service interaction session includes a cloud service interaction session with a key of 1 and a cloud service interaction session with a key of 2. In this embodiment, in the global interactive session obtained after global processing of the cloud service interactive session with the key6 as the keyword, the repeated key of the second threat event is the threat influence in the cloud service interactive session with the key 1; in the global interactive session obtained after global processing of the cloud service interactive session with the key7 as the keyword, the repeated key of the second threat event is the threat influence in the cloud service interactive session with the key 2; in the global interactive session obtained after global processing of the cloud service interactive session with the key8 as the keyword, the repeated key of the second threat event is the threat influence in the cloud service interactive session with the key 1; in the global interactive session obtained after global processing of the cloud service interactive session with the key9 as the keyword, the repeated key of the second threat event is the threat influence in the cloud service interactive session with the key 2; following a similar approach.
In some possible embodiments, the number of sets of sessions to be processed is Y. On the basis of determining the u-th first cloud service interaction session, adding a target threat event covering the u-th first cloud service interaction session and a target cloud service interaction session of an X group of cloud service interaction sessions after the u-th first cloud service interaction session to a to-be-processed session set with u as a keyword, wherein the v-th first cloud service interaction session is positioned after the u-th first cloud service interaction session, the difference between the u-th first cloud service interaction session and the v-th first cloud service interaction session in session number is equal to a second specified session number, u is greater than or equal to 1 and less than or equal to Y, and u and Y are both positive integers. And respectively determining at least one target threat event from each to-be-processed session set in each to-be-processed session set of which the keyword is not greater than u on the basis of determining a group of second cloud service interaction sessions in the cloud service interaction records, which are positioned behind the u-th first cloud service interaction session.
It can be understood that, in the present application, the number of the session sets to be processed is 2, the cloud service interaction session a1 is the 1 st first cloud service interaction session, and the cloud service interaction session a2 is the 2 nd first cloud service interaction session, that is, both the first specified session number and the second specified session number are 1. For the cloud service interaction session a1, each cloud service interaction session starting from the cloud service interaction session a2 is a second cloud service interaction session; for the cloud service interaction session a2, each cloud service interaction session starting from the cloud service interaction session a3 is a second cloud service interaction session. Thus, after determining the cloud service interactive session a1, the cloud service interactive session a1 is added to the pending session set 1. On the basis of determining the cloud service interaction session a2, screening a1 from the session set1 to be processed, and thus processing the session set with a2 globally to obtain the cloud service interaction session A2. Meanwhile, the cloud service interactive session a2 is added to the pending session set1 and the pending session set2, respectively. On the basis of determining the cloud service interaction session a3, a2 is screened from the to-be-processed session set1, and a1 is screened from the to-be-processed session set2, so that the cloud service interaction session A3 is obtained through global processing with a 3. Meanwhile, the cloud service interactive session a3 is added to the pending session set1 and the pending session set2, respectively. On the basis of determining the cloud service interaction session a4, a3 is screened from the to-be-processed session set1, and a2 is screened from the to-be-processed session set2, so that the cloud service interaction session A4 is obtained through global processing with a 4.
It is understood that X, the first specified number of sessions, the second specified number of sessions, and the number of pending session sets can be configured according to the request. In specific implementation, a configuration request may be obtained, where the configuration request includes at least any one of the following information: the quantitative index of X, the first specified session number, the second specified session number and the number of the session sets to be processed; and configuring the corresponding quantization index through the configuration request. Further, the reference value of each set of information may be stored in advance. And configuring the corresponding information as a reference value on the basis of the configuration request of the corresponding information which is not acquired.
In some possible embodiments, the information attack impact description of the target threat event in the auxiliary interactive session is the same as the information attack impact description of the target threat event in the target cloud service interactive session. The information attack impact description may include, but is not limited to, at least one of a distribution label, a dimension, an attack impact, a degree of attention, a data risk consequence, a time period, a trigger condition, a threat impact, etc. of the target threat event. In other possible embodiments, the information attack impact description of the target threat event in the auxiliary interactive session may be different from the information attack impact description of the target threat event in the target cloud service interactive session. The information attack impact description of the target threat event in the assisted interactive session may be optimized by an information attack impact description optimization process. The information attack impact description optimization process includes but is not limited to at least one of the following: adjusting an attack object, modifying a trigger condition, updating a time period, processing attack influence, processing attention degree and processing data risk consequences. In specific implementation, the pre-operation may be performed on the determined target threat event, and then the target threat event that has completed the pre-operation may be bound to the auxiliary interactive session. Or, after the target threat event is bound to the auxiliary interactive session, performing information attack impact description optimization processing on the target threat event in the auxiliary interactive session. The information attack impact description of the target threat event completing the pre-operation is different from the information attack impact description of the target threat event determined from the session set to be processed, so that the target threat event can be subjected to information attack in different modes through the pre-operation.
In some possible embodiments, derived threat events may also be bound for respective second threat events. It is to be appreciated that a threat impact signature for a first of the targeted threat events contained in the global-type interactive session may be determined; and binding a derived threat event for the first target threat event by a threat impact tag of the first target threat event, and marking the derived threat event in the global type interaction session. The derived threat event may be a potential threat event associated with the presence of a second threat event. The first target threat event may be a first threat event in a global interactive session, or may be a second threat event in the global interactive session, and the number of the first target threat events is not limited in the embodiments of the present disclosure.
In some possible embodiments, since the user feedback is often related to information of the target threat event in the cloud service interaction record, session scene characteristics in the first cloud service interaction session may also be mined; and binding derived threat events for the target threat events in the auxiliary interactive sessions contained in the global interactive session through the session scene characteristics, and marking the derived threat events in the global interactive session. In particular implementations, a hashtag in a conversation scene feature can be identified, which can be information added online to a hashtag library. Derivative indications between the hashtags and derived threat events may be generated, and upon identifying a hashtag, the corresponding derived threat event may be looked up from a cloud service space storing derived threat events via the derivative indications.
In the embodiment of binding the derivative threat event, the derivative threat event may also be bound to the auxiliary-type interactive session, and the auxiliary-type interactive session to which the derivative threat event is bound and the second cloud service interactive session are subjected to global processing when the cloud service interactive session is integrated. Alternatively, the derivative threat event may be bound to the global interactive session after the auxiliary interactive session to which the derivative threat event is not bound and the second cloud service interactive session are processed globally. The derived threat event can be bound to a to-be-processed queue without the bound target threat event, and the auxiliary type interactive session, the to-be-processed queue bound with the derived threat event and the second cloud service interactive session are processed globally. By binding the derived threat event, the cloud service interaction session mark which completes global processing can have more comprehensive session content, so that the richness and integrity of the cloud service interaction record processing result are further improved.
In some possible embodiments, threat event identification may be performed on cloud service interaction sessions in the set of sessions to be processed, an identification condition is obtained, and the target threat event is determined from the set of sessions to be processed through the identification condition. During specific implementation, the secure session information of the target cloud service interaction session in the session set to be processed can be disassembled to obtain a positioning result of a target threat event in the target cloud service interaction session in the session set to be processed; distinguishing the target cloud service interaction sessions in the session set to be processed according to the positioning result of the target threat events in the target cloud service interaction sessions in the session set to be processed, and determining the target threat events from the target cloud service interaction sessions in the session set to be processed based on the result of the distinguishing operation. The positioning result of the target threat event is used for extracting the target threat event from the target cloud service interaction session, and the target threat event generally has an association relation with the target threat event.
Based on the same inventive concept, fig. 2 shows a block diagram of a module of an information attack processing apparatus applied to cloud service big data according to an embodiment of the present invention, and an information attack processing apparatus applied to cloud service big data may include the following modules that implement the relevant method steps shown in fig. 1.
The session determining module 21 is configured to determine a first cloud service interaction session in the cloud service interaction record, where the first cloud service interaction session includes a target threat event, and add the target threat event in the target cloud service interaction session, which includes the first cloud service interaction session and an X group of cloud service interaction sessions after the first cloud service interaction session, to a session set to be processed, where X is a positive integer.
The event fusion module 22 is configured to determine at least one target threat event from the set of sessions to be processed on the basis of determining a group of second cloud service interaction sessions in the cloud service interaction record after the first cloud service interaction session, and fuse the determined target threat event into an auxiliary interaction session; the number difference between the second cloud service interaction session and the first cloud service interaction session is not less than a first specified number of sessions, and the second cloud service interaction session also comprises the target threat event.
The session processing module 23 is configured to perform global processing on the second cloud service interaction session and the auxiliary type interaction session to obtain a global type interaction session, where the global type interaction session includes a target threat event included in the second cloud service interaction session and a target threat event included in the auxiliary type interaction session.
The related embodiment applied to the invention can achieve the following technical effects: fusing a target threat event in a target cloud service interaction session into an auxiliary type interaction session, and performing global processing on the auxiliary type interaction session and a second cloud service interaction session behind a first cloud service interaction session in the target cloud service interaction session so as to mark the first threat event and the second threat event in the global type interaction session at the same time. The first threat event is a target threat event contained in the second cloud service interaction session before the global processing, and the second threat event is a target threat event contained in the auxiliary interaction session. Compared with the idea of directly adjusting the secure session information of the cloud service interaction session, the cloud service interaction record processing method disclosed by the invention can comprehensively and comprehensively consider the differential information attack situation of the threat event on different cloud service interaction sessions, so that the secure session information analysis processing of different cloud service interaction sessions is pertinently realized, the flexibility and the reliability of information attack analysis are improved, and for example, the specific information attack mode and the caused consequences of the threat event on different cloud service interaction sessions can be analyzed through the technical scheme.
The foregoing is only illustrative of the present application. Those skilled in the art can conceive of changes or substitutions based on the specific embodiments provided in the present application, and all such changes or substitutions are intended to be included within the scope of the present application.

Claims (10)

1. An information attack processing method applied to cloud service big data is characterized by being applied to an information attack processing system, and the method at least comprises the following steps:
determining a first cloud service interaction session containing a target threat event in a cloud service interaction record, and adding the target threat event in the target cloud service interaction session containing the first cloud service interaction session and X groups of cloud service interaction sessions after the first cloud service interaction session to a session set to be processed, wherein X is a positive integer;
on the basis of determining a group of second cloud service interaction sessions in the cloud service interaction records after the first cloud service interaction session, determining at least one target threat event from the set of sessions to be processed, and fusing the determined target threat events into an auxiliary interaction session; the number difference between the second cloud service interaction session and the first cloud service interaction session is not less than a first specified number of sessions, and the second cloud service interaction session also comprises the target threat event;
and carrying out global processing on the second cloud service interaction session and the auxiliary type interaction session to obtain a global type interaction session, wherein the global type interaction session comprises a target threat event contained in the second cloud service interaction session and a target threat event contained in the auxiliary type interaction session.
2. The method of claim 1, wherein adding targeted threat events in targeted cloud business interaction sessions encompassing the first cloud business interaction session and an X group of cloud business interaction sessions subsequent to the first cloud business interaction session to a set of pending sessions comprises:
adding a target cloud service interaction session covering the first cloud service interaction session and an X group of cloud service interaction sessions after the first cloud service interaction session to a set of sessions to be processed;
or the target threat events are disassembled from each group of target cloud service interaction sessions, and the disassembled target threat events are added to a session set to be processed;
wherein, on the basis of adding a target cloud traffic interaction session covering the first cloud traffic interaction session and an X group of cloud traffic interaction sessions following the first cloud traffic interaction session to a set of pending sessions, the determining at least one target threat event from the set of pending sessions comprises:
carrying out threat event identification on the cloud service interaction session in the session set to be processed to obtain an identification condition;
determining the target threat event from the set of pending sessions by the identifying condition; wherein the determining the targeted threat event from the set of pending sessions via the identified condition comprises: performing safety session information dismantling on the target cloud service interaction sessions in the session set to be processed to obtain a positioning result of a target threat event in the target cloud service interaction sessions in the session set to be processed; distinguishing the target cloud service interaction sessions in the session set to be processed according to the positioning result of the target threat events in the target cloud service interaction sessions in the session set to be processed, and determining the target threat events from the target cloud service interaction sessions in the session set to be processed based on the result of the distinguishing operation.
3. The method of claim 1, wherein adding targeted threat events in targeted cloud business interaction sessions encompassing the first cloud business interaction session and an X group of cloud business interaction sessions subsequent to the first cloud business interaction session to a set of pending sessions comprises:
for each group of target cloud service interaction sessions, on the basis of saturation of the session set to be processed, after the target threat event which is added to the session set to be processed first is filtered from the session set to be processed, adding the target threat event in the target cloud service interaction session to the session set to be processed.
4. The method of claim 1, wherein adding targeted threat events in targeted cloud business interaction sessions encompassing the first cloud business interaction session and an X group of cloud business interaction sessions subsequent to the first cloud business interaction session to a set of pending sessions comprises: adding target threat events in each group of target cloud service interaction sessions to the session set to be processed one by one according to the distribution labels of each group of target cloud service interaction sessions in the cloud service interaction records;
the determining at least one target threat event from the set of pending sessions and fusing the determined target threat event into an auxiliary interactive session includes: and determining the target threat events from the session set to be processed according to the relative position relationship of each target threat event in the session set to be processed, and fusing the determined target threat events into the auxiliary interactive session.
5. The method of claim 1, wherein adding targeted threat events in targeted cloud business interaction sessions encompassing the first cloud business interaction session and an X group of cloud business interaction sessions subsequent to the first cloud business interaction session to a set of pending sessions comprises:
for each group of target cloud service interaction sessions, determining a first visual index, wherein the first visual index is used for reflecting the current storage distribution tag in the session set to be processed;
adding a target threat event in the target cloud service interaction session to a storage distribution tag corresponding to the first visual index, and migrating the first visual index to a next storage distribution tag in the set of sessions to be processed.
6. The method of claim 1, wherein the determining at least one targeted threat event from the set of pending sessions comprises:
determining a second visual index intended to reflect a storage distribution tag of a current target threat event to be determined in the set of pending sessions;
determining at least one target threat event from the storage distribution tag corresponding to the second visual index, and migrating the second visual index to a storage distribution tag of a next target threat event to be determined in the session set to be processed;
the fusing the determined target threat event into the auxiliary type interactive session comprises the following steps:
carrying out pre-operation on the determined target threat event to obtain a target threat event which completes the pre-operation, wherein the information attack influence description of the target threat event which completes the pre-operation is different from that of the determined target threat event;
and fusing the target threat event which completes the preposition operation into the auxiliary interactive session.
7. The method of claim 1, wherein prior to adding a targeted threat event in a targeted cloud commerce interaction session encompassing the first cloud commerce interaction session and an X group of cloud commerce interaction sessions following the first cloud commerce interaction session to a set of pending sessions, the method further comprises: generating the session set to be processed, and configuring a first visual index and a second visual index under an initial storage distribution tag of the session set to be processed; the first visual index is intended to reflect a current storage distribution tag in the set of pending sessions; the second visual index is intended to reflect a storage distribution tag of a current targeted threat event to be determined in the set of pending sessions.
8. The method of claim 1, wherein the number of the pending conversation sets is Y; adding a target threat event in a target cloud traffic interaction session covering the first cloud traffic interaction session and an X group of cloud traffic interaction sessions following the first cloud traffic interaction session to a set of pending sessions, comprising: on the basis of determining the u-th first cloud service interaction session, adding a target threat event covering the u-th first cloud service interaction session and a target cloud service interaction session of an X group of cloud service interaction sessions after the u-th first cloud service interaction session to a to-be-processed session set with u as a keyword, wherein the v-th first cloud service interaction session is positioned after the u-th first cloud service interaction session, the difference of the number of sessions between the u-th first cloud service interaction session and the v-th first cloud service interaction session is equal to a second specified session number, u is greater than or equal to 1 and less than or equal to Y, u and Y are both positive integers, and v = u + 1;
the determining, from the set of sessions to be processed, at least one target threat event on the basis of determining a set of second cloud service interaction sessions in the cloud service interaction record after the first cloud service interaction session includes: and respectively determining at least one target threat event from each to-be-processed session set in each to-be-processed session set of which the keyword is not greater than u on the basis of determining a group of second cloud service interaction sessions in the cloud service interaction records, which are positioned behind the u-th first cloud service interaction session.
9. The method of claim 1, further comprising:
determining a threat impact tag for a first of the target threat events contained in the global-type interactive session;
binding a derived threat event for the first target threat event by a threat impact tag of the first target threat event, and tagging the derived threat event in the global-type interaction session;
wherein the method further comprises:
session scene characteristics in the first cloud service interaction session are mined;
binding derivative threat events for target threat events in the auxiliary interactive sessions included in the global interactive session through the session scene features, and marking the derivative threat events in the global interactive session;
the method further comprises the following steps: obtaining an auxiliary interactive session carrying a target annotation on the basis that the second cloud service interactive session is not determined;
the method further comprises at least one of: obtaining a configuration request containing a quantization index of X; configuring the quantization index of X through the configuration request containing the quantization index of X; obtaining a configuration request containing the first specified number of sessions; configuring the first specified number of sessions with the configuration request containing the first specified number of sessions;
wherein the method further comprises at least one of: on the basis of the configuration request which does not obtain the quantization index containing X, configuring the quantization index containing X into a reference quantization label; and configuring the first specified session number as a reference session number on the basis of the configuration request containing the first specified session number which is not acquired.
10. An information attack processing system, comprising: a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; wherein the computer instructions, when executed by the processor, cause the information attack processing system to perform the method of any one of claims 1-9.
CN202210030325.9A 2022-01-12 2022-01-12 Information attack processing method and system applied to cloud service big data Withdrawn CN114422223A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210030325.9A CN114422223A (en) 2022-01-12 2022-01-12 Information attack processing method and system applied to cloud service big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210030325.9A CN114422223A (en) 2022-01-12 2022-01-12 Information attack processing method and system applied to cloud service big data

Publications (1)

Publication Number Publication Date
CN114422223A true CN114422223A (en) 2022-04-29

Family

ID=81272624

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210030325.9A Withdrawn CN114422223A (en) 2022-01-12 2022-01-12 Information attack processing method and system applied to cloud service big data

Country Status (1)

Country Link
CN (1) CN114422223A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113691557A (en) * 2021-09-02 2021-11-23 朱刚 Information security threat processing method based on artificial intelligence and server
CN113691556A (en) * 2021-09-02 2021-11-23 朱刚 Big data processing method and server applied to information protection detection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113691557A (en) * 2021-09-02 2021-11-23 朱刚 Information security threat processing method based on artificial intelligence and server
CN113691556A (en) * 2021-09-02 2021-11-23 朱刚 Big data processing method and server applied to information protection detection

Similar Documents

Publication Publication Date Title
CN109034809B (en) Block chain generation method and device, block chain node and storage medium
CN102016789B (en) Data processing apparatus and method of processing data
US20170236130A1 (en) Emulating Manual System of Filing Using Electronic Document and Electronic File
CN110674140B (en) Block chain-based content processing method, device, equipment and storage medium
CN108647357B (en) Data query method and device
CN109255056B (en) Data reference processing method, device, equipment and storage medium of block chain
CN105049287A (en) Log processing method and log processing devices
US20230273901A1 (en) Systems and methods for data distillation
CN110046155B (en) Method, device and equipment for updating feature database and determining data features
CN111177795A (en) Method, device and computer storage medium for identifying video tampering by using block chain
CN108846292B (en) Desensitization rule generation method and device
US11797617B2 (en) Method and apparatus for collecting information regarding dark web
US20170235757A1 (en) Electronic processing system for electronic document and electronic file
US20210144451A1 (en) Control method, content management system, recording medium, and data structure
CN114422223A (en) Information attack processing method and system applied to cloud service big data
US10509659B1 (en) Input processing logic to produce outputs for downstream systems using configurations
CN115578180A (en) Bank outlet cash resource management method and device
CN110602246B (en) Resource distribution method and device based on block chain and block chain system
CN110929207B (en) Data processing method, device and computer readable storage medium
CN108920700B (en) False picture identification method and device
CN110851517A (en) Source data extraction method, device and equipment and computer storage medium
CN110879835A (en) Data processing method, device and equipment based on block chain and readable storage medium
CN116166617B (en) Catalog generation method and device for combined open format document OFD
CN111339574B (en) Block data processing method and device, computer equipment and storage medium
CN114219427B (en) Information security processing method and storage medium for handling big data office work

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220608

Address after: Room 501, unit 3, building 2, No. 138, Sanzhong Road, Liuzhou City, Guangxi Zhuang Autonomous Region, 545000

Applicant after: Wu Di

Address before: 665000 No. 8 Pingyuan Renjia, siting Road, Simao District, Pu'er City, Yunnan Province

Applicant before: Pu'er Blue Ocean Data Service Co.,Ltd.

WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20220429