CN115062304A - Risk identification method and device, electronic equipment and readable storage medium - Google Patents
Risk identification method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN115062304A CN115062304A CN202210706134.XA CN202210706134A CN115062304A CN 115062304 A CN115062304 A CN 115062304A CN 202210706134 A CN202210706134 A CN 202210706134A CN 115062304 A CN115062304 A CN 115062304A
- Authority
- CN
- China
- Prior art keywords
- application
- service request
- data
- page data
- operation data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The disclosure provides a risk identification method, a risk identification device, electronic equipment and a readable storage medium, and relates to the technical field of computers, in particular to the technical fields of artificial intelligence such as big data and information security. According to the method and the device, the currently acquired application page data and application operation data of the application are acquired in response to the application service request, the risk condition of the service request is determined according to the application page data and the application operation data, the service request can be executed or intercepted according to the risk condition of the service request, the risk condition is judged by acquiring the application page data and the application operation data of the application and further identifying whether the service request has reasonable operation behaviors, the service request of the application simulated by non-real personnel can be effectively identified, the application is prevented from being maliciously attacked, and therefore the safety and the reliability of the application are improved.
Description
Technical Field
The present disclosure relates to the field of computer technology, and more particularly to the field of artificial intelligence techniques such as big data and information security.
Background
With the deep development of the internet, Applications (APPs) applied to terminals are in the endlessly. In the process of using the application, a user may analyze the service request after the service request of the application is maliciously captured by the automatic capture tool, so as to simulate the service request of the application.
Therefore, how to effectively identify the service request of the application simulated by the non-real person and prevent the application from being attacked maliciously has important significance.
Disclosure of Invention
The disclosure provides a risk identification method and device, an electronic device and a readable storage medium.
According to an aspect of the present disclosure, there is provided a risk identification method, including:
responding to a service request of an application, and acquiring currently acquired application page data and application operation data of the application;
determining the risk condition of the service request according to the application page data and the application operation data;
and executing the service request or intercepting the service request according to the risk condition of the service request.
According to another aspect of the present disclosure, there is provided a risk identification apparatus including:
the acquisition unit is used for responding to a service request of an application and acquiring currently acquired application page data and application operation data of the application;
the determining unit is used for determining the risk condition of the service request according to the application page data and the application operation data;
and the execution unit is used for executing the service request or intercepting the service request according to the risk condition of the service request.
According to still another aspect of the present disclosure, there is provided an electronic device including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the method of the aspects and any possible implementation described above.
According to yet another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of the above-described aspect and any possible implementation.
According to the technical scheme, the application page data and the application operation data of the application, which are acquired currently, are acquired in response to the service request of the application, and then the risk condition of the service request is determined according to the application page data and the application operation data, so that the service request can be executed or intercepted according to the risk condition of the service request, and the risk condition is judged by acquiring the application page data and the application operation data of the application and further identifying whether the service request has reasonable operation behaviors, so that the service request of the application simulated by non-real persons can be effectively identified, the application is prevented from being attacked maliciously, and the safety and the reliability of the application are improved.
In addition, by adopting the technical scheme provided by the disclosure, the service request and the operation behavior of the real user are bound together, and then whether the reasonable operation behavior exists in the service request or not is identified to judge the risk condition, so that the service request of the application simulated by the non-real person can be further effectively identified, and the application is prevented from being maliciously attacked.
In addition, by adopting the technical scheme provided by the disclosure, the user experience can be effectively improved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
To more clearly illustrate the technical solutions in the embodiments of the present disclosure, the drawings needed for the embodiments or the prior art descriptions will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present disclosure, and those skilled in the art can also obtain other drawings according to the drawings without inventive labor. The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 is a schematic diagram according to a first embodiment of the present disclosure;
FIG. 2 is a schematic diagram according to a second embodiment of the present disclosure;
FIG. 3 is a block diagram of an electronic device for implementing a risk identification method of an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
It is to be understood that the described embodiments are only a few, and not all, of the disclosed embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It should be noted that the terminal device involved in the embodiments of the present disclosure may include, but is not limited to, a mobile phone, a Personal Digital Assistant (PDA), a wireless handheld device, a Tablet Computer (Tablet Computer), and other intelligent devices; the display device may include, but is not limited to, a personal computer, a television, and the like having a display function.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
With the continuous development of networks, the special hacker industry based on network attacks has been developed, and various automation tools, such as tool software for website crawlers, website scanners, website vulnerability scanning, etc., or, for example, an automation service script tool for a specific website and a specific Application (App) appear in the market. The automation tools mainly analyze service requests of target applications to be attacked, for example, account numbers of login services of the applications and the service requests generated after how passwords are encrypted, and further simulate messages the same as the service requests by using scripting languages such as python, go, shell and the like according to analysis results, so that batch and efficient automatic login and library collision attacks are completed.
In order to prevent the attack of the automated script operated by the non-real person, it is necessary to provide a risk identification method capable of effectively identifying the service request of the application simulated by the non-real person.
Fig. 1 is a schematic diagram according to a first embodiment of the present disclosure, as shown in fig. 1.
101. And responding to the service request of the application, and acquiring the currently acquired application page data and application operation data of the application.
At this time, the service request of the application is associated with the currently collected application page data and application operation data of the application. When a service request of an application needs to be sent, currently acquired application page data and application operation data of the application can be acquired.
102. And determining the risk condition of the service request according to the application page data and the application operation data.
103. And executing the service request or intercepting the service request according to the risk condition of the service request.
Therefore, the abnormal service request can be intercepted according to the determined risk condition of the service request of the application, and the application is effectively prevented from being attacked maliciously.
It should be noted that part or all of the execution subjects 101 to 103 may be an application located at the local terminal, or may also be a functional unit such as a plug-in or Software Development Kit (SDK) set in the application located at the local terminal, or may also be a processing engine located in a server on the network side, or may also be a distributed system located on the network side, for example, a processing engine or a distributed system in a risk identification processing platform on the network side, which is not particularly limited in this embodiment.
It is to be understood that the application may be a native application (native app) installed on the local terminal, or may also be a web page program (webApp) of a browser on the local terminal, which is not limited in this embodiment.
Therefore, by responding to the service request of the application, acquiring the currently acquired application page data and application operation data of the application, and further determining the risk condition of the service request according to the application page data and the application operation data, the service request can be executed or intercepted according to the risk condition of the service request, and the risk condition can be judged by acquiring the application page data and the application operation data of the application and further identifying whether the service request has reasonable operation behaviors, so that the service request of the application simulated by non-real personnel can be effectively identified, the application is prevented from being maliciously attacked, and the safety and the reliability of the application are improved.
In the present disclosure, the terminal may collect application page data and application operation data of an application running on the terminal.
The application page data of the application refers to page related data of the application, and may be page related data of a page output by the application, and may include, but is not limited to, at least one of the following data:
applying the page name of the output page;
applying page coordinates of the output page; and
the page size of the output page is applied.
The application operation data of the application refers to operation-related data of the application, and may be operation event data triggered when the user operates on a page output by the application, for example, data related to a login operation event triggered when the user clicks an operation control such as an input box or a login button, and may include, but is not limited to, at least one of the following data:
applying the operation position coordinates of the operation events on the output page;
applying the operation control name of the operation event on the output page; and
and applying the operation time of the operation event on the output page.
Optionally, in a possible implementation manner of this embodiment, the real-time acquisition of the application page data and the application operation data of the application may be specifically triggered in response to the start of the application.
In the implementation mode, when a user starts an application on the terminal, the terminal is automatically triggered to collect application page data and application operation data of the application in real time. The method and the device can effectively acquire the application page data and the application operation data of all the applications started on the terminal, further identify the service requests of all the applications simulated by non-real personnel, prevent the applications from being maliciously attacked, and further improve the safety and the reliability of the applications started on the terminal.
Optionally, in another possible implementation manner of this embodiment, the acquisition of the application page data and the application operation data of the application may be specifically triggered in response to the specified page of the application.
In this implementation manner, when the application outputs a specified page, for example, a login page, the terminal is automatically triggered to collect application page data and application operation data of the application in real time. The method and the device can effectively acquire the application page data and the application operation data of the specified page output by the application started on the terminal, further identify the service request of the application specified page simulated by the unreal person, prevent the application from being maliciously attacked, and further improve the safety and the reliability of the application started on the terminal.
Optionally, in a possible implementation manner of this embodiment, the application page data and the application operation data of the application collected by the terminal may be reported to the server corresponding to the application by the terminal together with the service request of the application, or may be separately reported to the server corresponding to the application by the terminal and associated with the service request of the application.
After acquiring the application page data and the application operation data of the application reported by the terminal, the server may continue to execute the relevant operations of 102 and 103.
In a specific implementation process, specifically, in response to a received service request of the application triggered by the terminal, the application page data and the application operation data of the application currently acquired by the terminal are acquired from the service request.
In another specific implementation process, the currently acquired application page data and application operation data of the application reported by the terminal may be specifically obtained in response to the received service request of the application triggered by the terminal.
Optionally, in a possible implementation manner of this embodiment, in 102, operation behavior data corresponding to the service request may be specifically obtained according to the service request, and further, a risk condition of the service request may be determined according to the application page data, the application operation data, and the operation behavior data.
In the implementation mode, the business request and the operation behavior of the real user are bound together, and then whether the business request has reasonable operation behavior or not is identified to judge the risk condition, so that the business request of the application simulated by non-real personnel can be further effectively identified, and the application is prevented from being maliciously attacked.
In a specific implementation process, it may be specifically determined whether the application page data and the application operation data can satisfy the operation behavior data.
If the application page data and the application operation data do not meet the operation behavior data, it can be determined that the risk condition of the service request is an abnormal request, which indicates an attack behavior with risk.
For example, in a normal service request, a corresponding reasonable operation behavior is that a user needs to operate a page, and further, a click operation needs to be performed on an operation control on the page. Then, for a service request without application page data and application operation data, it may be determined as an abnormal request, which indicates an attack behavior with a risk.
Or, for another example, a service request of application login, whose corresponding reasonable operation behavior is triggered when the user operates the login page. Then, if the page size of the application page indicated by the application page data is different from the page size of the standard login page, it may be determined as an abnormal request, which indicates an attack behavior with a risk.
Or, for another example, a service request of application login, whose corresponding reasonable operation behavior is triggered when the user operates the login page. Then, for a service request that the application page indicated by the application page data is not triggered by the login page, it may be determined as an abnormal request, which indicates an attack behavior with a risk.
Or, for another example, when the user operates the login page, the corresponding reasonable operation behavior of the service request for application login is that the login controls such as an account number input control, a password input control, an authentication code input control, and a login button control are operated to trigger. Then, for a service request that the operation control indicated by the application operation data is not triggered by the login control, it may be determined as an abnormal request, which indicates an attack behavior with a risk.
Or, for another example, when the user operates the login page, the corresponding reasonable operation behavior of the service request for application login is that the login controls such as an account number input control, a password input control, an authentication code input control, and a login button control are manually operated to trigger, and the manual operation is not very quick and the operation time is not the same every time. Then, for a service request whose operation time indicated by the application operation data is less than a time threshold (e.g., 5 seconds, etc.), or a service request whose operation time is the same for each time indicated by the application operation data, it may be determined as an abnormal request, which indicates a risky attack behavior.
If the application page data and the application operation data meet the operation behavior data, it can be determined that the risk condition of the service request is a normal request.
It can be understood that, if there is no situation that the application page data and the application operation data do not satisfy the operation behavior data, both the application page data and the application operation data may be determined to satisfy the operation behavior data. Further, the risk condition of the service request can be determined as a normal request.
In the disclosure, the risk condition of the received service request of the application associated with the server can be analyzed by the server according to the received application page data and the received application operation data by acquiring the application page data and the application operation data of the current page output by the application running on the terminal and reporting the acquired result to the server corresponding to the application.
In this embodiment, by responding to an application service request, currently acquired application page data and application operation data of the application are acquired, and then, according to the application page data and the application operation data, a risk condition of the service request is determined, so that the service request can be executed or intercepted according to the risk condition of the service request, and whether a reasonable operation behavior exists in the service request is identified by acquiring the application page data and the application operation data of the application to judge the risk condition, so that the service request of the application simulated by a non-real person can be effectively identified, the application is prevented from being maliciously attacked, and the safety and reliability of the application are improved.
In addition, by adopting the technical scheme provided by the disclosure, the service request and the operation behavior of the real user are bound together, and then whether the reasonable operation behavior exists in the service request or not is identified to judge the risk condition, so that the service request of the application simulated by the non-real person can be further effectively identified, and the application is prevented from being maliciously attacked.
In addition, by adopting the technical scheme provided by the disclosure, the user experience can be effectively improved.
It should be noted that for simplicity of description, the above-mentioned method embodiments are described as a series of acts, but those skilled in the art should understand that the present disclosure is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present disclosure. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required for the disclosure.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
Fig. 2 is a schematic diagram according to a second embodiment of the present disclosure, as shown in fig. 2. The risk identifying device 200 of the present embodiment may include an acquiring unit 201, a determining unit 202, and an executing unit 203. The acquiring unit 201 is configured to respond to an application service request, and acquire currently acquired application page data and application operation data of the application; a determining unit 202, configured to determine a risk condition of the service request according to the application page data and the application operation data; an executing unit 203, configured to execute the service request or intercept the service request according to the risk condition of the service request.
It should be noted that, part or all of the risk identification apparatus of this embodiment may be an application located at the local terminal, or may also be a functional unit such as a plug-in or Software Development Kit (SDK) set in the application located at the local terminal, or may also be a processing engine located in a server on the network side, or may also be a distributed system located on the network side, for example, a processing engine or a distributed system in a processing platform for risk identification on the network side, and this embodiment is not particularly limited in this respect.
It is to be understood that the application may be a native application (native app) installed on the local terminal, or may also be a web page program (webApp) of a browser on the local terminal, which is not limited in this embodiment.
Optionally, in a possible implementation manner of this embodiment, the obtaining unit 201 may be specifically configured to, in response to a received service request of the application triggered by the terminal, obtain, from the service request, application page data and application operation data of the application currently acquired by the terminal; or responding to the received service request of the application triggered by the terminal, and acquiring currently acquired application page data and application operation data of the application reported by the terminal.
Optionally, in a possible implementation manner of this embodiment, the obtaining unit 201 may be further configured to trigger real-time acquisition of application page data and application operation data of the application in response to the start of the application; or responding to the specified page of the application, and triggering and acquiring application page data and application operation data of the application.
Optionally, in a possible implementation manner of this embodiment, the determining unit 202 may be specifically configured to obtain, according to the service request, operation behavior data corresponding to the service request; and determining the risk condition of the service request according to the application page data, the application operation data and the operation behavior data.
In a specific implementation process, the determining unit 202 may be specifically configured to determine that the risk condition of the service request is an abnormal request if the application page data and the application operation data do not satisfy the operation behavior data.
It should be noted that the method in the embodiment corresponding to fig. 1 may be implemented by the risk identification apparatus provided in this embodiment. For a detailed description, reference may be made to relevant contents in the embodiment corresponding to fig. 1, and details are not described here.
In this embodiment, an obtaining unit responds to an application service request to obtain currently acquired application page data and application operation data of the application, and a determining unit determines a risk condition of the service request according to the application page data and the application operation data, so that an executing unit can execute the service request or intercept the service request according to the risk condition of the service request, and judge the risk condition by acquiring the application page data and the application operation data of the application and further identifying whether the service request has a reasonable operation behavior, so that the service request of the application simulated by a non-real person can be effectively identified, the application is prevented from being maliciously attacked, and the safety and reliability of the application are improved.
In addition, by adopting the technical scheme provided by the disclosure, the service request and the operation behavior of the real user are bound together, and then whether the reasonable operation behavior exists in the service request or not is identified to judge the risk condition, so that the service request of the application simulated by the non-real person can be further effectively identified, and the application is prevented from being maliciously attacked.
In addition, by adopting the technical scheme provided by the disclosure, the user experience can be effectively improved.
FIG. 3 illustrates a schematic block diagram of an example electronic device 300 that can be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular telephones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 3, the electronic device 300 includes a computing unit 301 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM)302 or a computer program loaded from a storage unit 308 into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data necessary for the operation of the electronic apparatus 300 can also be stored. The calculation unit 301, the ROM 302, and the RAM 303 are connected to each other via a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
A number of components in the electronic device 300 are connected to the I/O interface 305, including: an input unit 306 such as a keyboard, a mouse, or the like; an output unit 307 such as various types of displays, speakers, and the like; a storage unit 308 such as a magnetic disk, optical disk, or the like; and a communication unit 309 such as a network card, modem, wireless communication transceiver, etc. The communication unit 309 allows the electronic device 300 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The computing unit 301 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of the computing unit 301 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The computing unit 301 performs the various methods and processes described above, such as the risk identification method. For example, in some embodiments, the risk identification method may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 308. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 300 via the ROM 302 and/or the communication unit 309. When the computer program is loaded into RAM 303 and executed by the computing unit 301, one or more steps of the risk identification method described above may be performed. Alternatively, in other embodiments, the computing unit 301 may be configured to perform the risk identification method in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program code, when executed by the processor or controller, causes the functions/acts specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), the internet, and blockchain networks.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The Server can be a cloud Server, also called a cloud computing Server or a cloud host, and is a host product in a cloud computing service system, so as to solve the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service ("Virtual Private Server", or simply "VPS"). The server may also be a server of a distributed system, or a server incorporating a blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.
Claims (12)
1. A method for risk identification, comprising:
responding to a service request of an application, and acquiring currently acquired application page data and application operation data of the application;
determining the risk condition of the service request according to the application page data and the application operation data;
and executing the service request or intercepting the service request according to the risk condition of the service request.
2. The method according to claim 1, wherein the obtaining currently collected application page data and application operation data of the application in response to a service request of the application comprises:
responding to a received service request of the application triggered by a terminal, and acquiring application page data and application operation data of the application currently acquired by the terminal from the service request; or
And responding to the received service request of the application triggered by the terminal, and acquiring currently acquired application page data and application operation data of the application reported by the terminal.
3. The method of claim 1, further comprising:
responding to the starting of the application, and triggering to acquire application page data and application operation data of the application in real time; or
And responding to the specified page of the application, and triggering and acquiring application page data and application operation data of the application.
4. The method according to any one of claims 1-3, wherein the determining a risk profile of the service request based on the application page data and the application operation data comprises:
obtaining operation behavior data corresponding to the service request according to the service request;
and determining the risk condition of the service request according to the application page data, the application operation data and the operation behavior data.
5. The method of claim 4, wherein determining the risk profile of the business request according to the application page data, the application operation data, and the operation behavior data comprises:
and if the application page data and the application operation data do not meet the operation behavior data, determining that the risk condition of the service request is an abnormal request.
6. A risk identification device, comprising:
the acquisition unit is used for responding to a service request of an application and acquiring currently acquired application page data and application operation data of the application;
the determining unit is used for determining the risk condition of the service request according to the application page data and the application operation data;
and the execution unit is used for executing the service request or intercepting the service request according to the risk condition of the service request.
7. Device according to claim 6, characterized in that the acquisition unit is specifically configured to
Responding to a received service request of the application triggered by a terminal, and acquiring application page data and application operation data of the application currently acquired by the terminal from the service request; or
And responding to the received service request of the application triggered by the terminal, and acquiring currently acquired application page data and application operation data of the application reported by the terminal.
8. The apparatus of claim 6, wherein the obtaining unit is further configured to obtain the data from the database system
Responding to the starting of the application, and triggering to acquire application page data and application operation data of the application in real time; or
And responding to the specified page of the application, and triggering and acquiring application page data and application operation data of the application.
9. Device according to any of claims 6-8, wherein the determination unit is specifically adapted to
Obtaining operation behavior data corresponding to the service request according to the service request; and
and determining the risk condition of the service request according to the application page data, the application operation data and the operation behavior data.
10. Device according to claim 9, characterized in that the determination unit is specifically configured to
And if the application page data and the application operation data do not meet the operation behavior data, determining that the risk condition of the service request is an abnormal request.
11. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-5.
12. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210706134.XA CN115062304A (en) | 2022-06-21 | 2022-06-21 | Risk identification method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210706134.XA CN115062304A (en) | 2022-06-21 | 2022-06-21 | Risk identification method and device, electronic equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115062304A true CN115062304A (en) | 2022-09-16 |
Family
ID=83201949
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210706134.XA Pending CN115062304A (en) | 2022-06-21 | 2022-06-21 | Risk identification method and device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115062304A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024078069A1 (en) * | 2022-10-13 | 2024-04-18 | 中兴通讯股份有限公司 | Terminal protection method, terminal, and computer-readable medium |
-
2022
- 2022-06-21 CN CN202210706134.XA patent/CN115062304A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024078069A1 (en) * | 2022-10-13 | 2024-04-18 | 中兴通讯股份有限公司 | Terminal protection method, terminal, and computer-readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109327439B (en) | Risk identification method and device for service request data, storage medium and equipment | |
| CN109547426B (en) | Service response method and server | |
| CN108491304B (en) | electronic device, business system risk control method and storage medium | |
| CN112911013A (en) | Cloud application processing method and device, computer equipment and storage medium | |
| CN113360918A (en) | Vulnerability rapid scanning method, device, equipment and storage medium | |
| CN115062304A (en) | Risk identification method and device, electronic equipment and readable storage medium | |
| CN114036501A (en) | APP detection method, system, device, equipment and storage medium | |
| CN114401121A (en) | Application program login method and device, electronic equipment and readable storage medium | |
| CN114157480A (en) | Method, device, equipment and storage medium for determining network attack scheme | |
| CN112380094A (en) | RPA service flow processing method and device | |
| CN116450176A (en) | Version updating method and device, electronic equipment and storage medium | |
| CN113839944B (en) | Method, device, electronic equipment and medium for coping with network attack | |
| CN115510508A (en) | Page information protection method and device and electronic equipment | |
| CN112817816B (en) | Embedded point processing method and device, computer equipment and storage medium | |
| CN114329149A (en) | Detection method and device for automatically capturing page information, electronic equipment and readable storage medium | |
| CN114091909A (en) | Collaborative development method, system, device and electronic equipment | |
| CN113450149A (en) | Information processing method and device, electronic equipment and computer readable medium | |
| CN113344064A (en) | Event processing method and device | |
| CN113313125A (en) | Image processing method and device, electronic equipment and computer readable medium | |
| CN114791996B (en) | Information processing method, device, system, electronic equipment and storage medium | |
| CN115859349B (en) | Data desensitization method and device, electronic equipment and storage medium | |
| CN114697962A (en) | Data processing method and electronic equipment | |
| CN117454350A (en) | Service response method, device, electronic equipment and storage medium | |
| CN115297205A (en) | Processing method, processing device, electronic equipment and storage medium | |
| CN116302086A (en) | Application processing method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |