CN115063214A - Method, apparatus, device, medium and program product for monitoring high risk service - Google Patents
Method, apparatus, device, medium and program product for monitoring high risk service Download PDFInfo
- Publication number
- CN115063214A CN115063214A CN202210690717.8A CN202210690717A CN115063214A CN 115063214 A CN115063214 A CN 115063214A CN 202210690717 A CN202210690717 A CN 202210690717A CN 115063214 A CN115063214 A CN 115063214A
- Authority
- CN
- China
- Prior art keywords
- risk
- service
- transaction link
- link
- frequency
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Finance (AREA)
- Accounting & Taxation (AREA)
- Marketing (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The disclosure provides a monitoring method of high-risk business, relates to the technical field of testing, and can be applied to the financial field or other fields. The monitoring method of the high-risk service comprises the following steps: obtaining a first calling frequency of at least one transaction link; extracting a transaction link with a first calling frequency meeting a first preset condition to obtain a high-frequency transaction link; extracting a transaction link associated with the key data of the key data table to obtain a sensitive transaction link; determining risk level weights of the high-risk service and the high-risk service at least according to the high-frequency transaction link and the sensitive transaction link; and generating a high-risk service monitoring list according to the high-risk service and the risk grade weight of the high-risk service. The disclosure also provides a monitoring device, equipment, medium and program product for high-risk service.
Description
Technical Field
The present disclosure relates to the field of testing technology, and may be applied in the field of finance and other fields. And more particularly, to a method, apparatus, electronic device, storage medium, and program product for monitoring high-risk traffic.
Background
Currently, in the financial field, the business originally running on the host computer is gradually shifted to the self-research platform. In order to ensure that the system can stably operate, the system needs to be tested when being updated, however, the scale and complexity of the 'host + platform' dual-core system at the present stage are beyond imagination, the testing difficulty is greatly improved, the testing gravity center is difficult to accurately control in the testing process of testers, the problem of missing test of key test objects is easy to occur, and the consequence is worried.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a method, an apparatus, an electronic device, a storage medium, and a program product for monitoring high-risk traffic.
According to a first aspect of the present disclosure, a method for monitoring high-risk service is provided, where the method includes:
obtaining a first calling frequency of at least one transaction link;
extracting the transaction link of which the first calling frequency meets a first preset condition to obtain a high-frequency transaction link;
extracting a transaction link associated with the key data of the key data table to obtain a sensitive transaction link;
determining a high-risk service and a risk level weight of the high-risk service at least according to the high-frequency transaction link and the sensitive transaction link;
and generating a high-risk service monitoring list according to the high-risk service and the risk grade weight of the high-risk service.
According to an embodiment of the present disclosure, the monitoring method further comprises;
obtaining a second calling frequency of at least one service;
extracting services with the second calling frequency meeting a second preset condition to obtain high-frequency services;
determining risk level weights for high-risk traffic and the high-risk traffic based at least on the high-frequency traffic link and the sensitive traffic link, comprising:
and determining high-risk business and the risk grade weight of the high-risk business according to the high-frequency service, the high-frequency transaction link and the sensitive transaction link.
According to an embodiment of the present disclosure, the determining risk level weights of high-risk traffic and the high-risk traffic according to the high-frequency service, the high-frequency transaction link, and the sensitive transaction link includes:
extracting traffic relating to at least one of the high frequency service, the high frequency transaction link, and the high risk transaction link to obtain the high risk traffic;
determining a risk level weight of the high-risk business to be a first risk level weight when the high-risk business relates to at least two of the high-frequency service, the high-frequency trading link, and the high-risk trading link;
determining a risk level weight of the high-risk business to be a second risk level weight when the high-risk business relates to one of the high-frequency service, the high-frequency trading link, and the high-risk trading link;
the first risk level weight is higher than the second risk level weight.
According to an embodiment of the present disclosure, the extracting transaction links associated with key data of a key data table to obtain sensitive transaction links includes:
acquiring a preset target service;
extracting the service called by the target service to obtain a first service;
determining the key data table according to the data table related to the key change of the first service, wherein the key data in the key data table comprises data related to the key change of the target service;
extracting SQL statements related to the key data;
determining the sensitive transaction link according to the logic in the extracted SQL statement;
according to an embodiment of the present disclosure, the extracting transaction links associated with key data of a key data table to obtain sensitive transaction links includes:
acquiring a preset target data table;
determining the key data table according to the target data table, wherein the key data in the key data table comprise changed preset data in the target data table;
extracting a service calling the key data to obtain a second service;
and determining the sensitive transaction link according to the extracted second service.
According to an embodiment of the present disclosure, the critical data includes at least one of account-related data and secret-related data.
According to an embodiment of the present disclosure, the monitoring method further includes:
acquiring supplementary monitoring information of all transaction links;
and when the supplementary monitoring information of at least one transaction link meets a third preset condition, updating the high-risk service monitoring list according to the service related to the transaction link.
According to an embodiment of the present disclosure, when the supplementary monitoring information of at least one transaction link satisfies a third preset condition, updating the high-risk service monitoring list according to a service related to the transaction link includes:
and when the supplementary monitoring information of the transaction link in the high-risk service meets a third preset condition, the risk level weight of the high-risk service is improved.
According to the embodiment of the disclosure, the supplementary monitoring information includes length information and complexity information of the transaction link, and timeout information of services at each level in the transaction link.
According to an embodiment of the present disclosure, the monitoring method further includes:
when the version is updated, acquiring the changed content;
determining whether a newly added access large table exists according to the changed content;
and when the newly added access large table exists, updating the high-risk service monitoring list according to the service related to the newly added access large table.
According to an embodiment of the present disclosure, the monitoring method further includes:
and establishing search association between the high-risk business and the high-frequency transaction link and/or the sensitive transaction link related to the high-risk business, and performing visual display.
According to an embodiment of the present disclosure, the monitoring method further includes:
comparing the currently determined high-risk service with the high-risk service monitoring list generated last time according to a similarity algorithm;
and determining the risk grade weight for the currently determined high-risk service according to the comparison result.
A second aspect of the present disclosure provides a monitoring apparatus for high-risk business, including:
the acquisition module is used for acquiring a first calling frequency of at least one transaction link;
the first extraction module is used for extracting the transaction link of which the first calling frequency meets a first preset condition so as to obtain a high-frequency transaction link;
the second extraction module is used for extracting the transaction link associated with the key data of the key data table to obtain a sensitive transaction link;
the first processing module is used for determining high-risk business and risk grade weight of the high-risk business at least according to the high-frequency trading link and the sensitive trading link;
and the second processing module is used for generating a high-risk service monitoring list according to the high-risk service and the risk grade weight of the high-risk service. .
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method for monitoring high risk traffic as described above.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions, which when executed by a processor, cause the processor to perform the above-mentioned method for monitoring high-risk traffic.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the method for monitoring high-risk traffic described above.
One or more of the above-described embodiments may provide the following advantages or benefits:
by adopting the monitoring method of the high-risk service of the embodiment of the disclosure, the high-risk service can be determined based on the high-frequency transaction link and the sensitive transaction link, so that the automatic identification of the high-risk service is realized, and the identification effect is accurate and efficient. After the high-risk service is determined, monitoring of the corresponding degree can be performed on the transaction link called by the high-risk service and the service called by the transaction link according to the risk level weight of the high-risk service, so that when testing is performed, a tester can pay key attention to the test content related to the high-risk service according to a monitored object, the work gravity center can be tested in the testing process, and the problems that the test is not in place and the risk control is inaccurate in the traditional testing scheme are solved.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario diagram of a monitoring method, apparatus, electronic device, storage medium and program product of high risk traffic according to an embodiment of the present disclosure;
FIG. 2 schematically shows one of the flow charts of a method of monitoring high risk traffic according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a second flow chart of a method of monitoring high risk traffic according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow chart for determining a sensitive transaction link through a forward recognition algorithm according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow chart for determining a sensitive transaction link through a reverse direction identification algorithm according to an embodiment of the disclosure;
fig. 6 schematically shows a third flowchart of a monitoring method of high risk traffic according to an embodiment of the present disclosure;
FIG. 7 schematically shows a fourth flowchart of a method of monitoring high risk traffic according to an embodiment of the present disclosure;
fig. 8 schematically shows a block diagram of a monitoring apparatus of high risk traffic according to an embodiment of the present disclosure;
fig. 9 schematically shows a block diagram of an electronic device adapted to implement a monitoring method of high risk traffic according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
It should be noted that the monitoring method, apparatus, electronic device, storage medium and program product for high risk service provided by the present disclosure relate to the field of testing technology. The monitoring method, the monitoring device, the electronic device, the storage medium and the program product for the high-risk business provided by the embodiments of the disclosure can be applied to the financial field or any field except the financial field, for example, the monitoring method, the monitoring device, the electronic device, the storage medium and the program product for the high-risk business provided by the embodiments of the disclosure can be applied to the test business in the financial field. The present disclosure does not limit the application fields of the monitoring method, apparatus, electronic device, storage medium, and program product for high risk service.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure, application and other processing of the personal information of the related user are all in accordance with the regulations of related laws and regulations, necessary confidentiality measures are taken, and the customs of the public order is not violated.
Currently, a service calls multiple services to realize a service function, and the multiple services called by a service can become a transaction link of the service. Because different services can be called by different services, the same service can be called by a plurality of services, the whole transaction link is complicated, the occupancy rates of all transaction links and even all services are not uniform, and in addition, the uncertain factors such as bugs, table structures, data volumes and the like in the process of program transformation are added, the condition of overtime or error reporting of the service transaction often occurs, and the risk is strictly controlled, the embodiment of the disclosure provides a monitoring method of high-risk services, which can identify and monitor the high-risk services, wherein the monitoring method of the high-risk services of the embodiment of the disclosure comprises the following steps: obtaining a first calling frequency of at least one transaction link; extracting a transaction link with a first calling frequency meeting a first preset condition to obtain a high-frequency transaction link; extracting a transaction link associated with the key data of the key data table to obtain a sensitive transaction link; determining risk grade weights of the high-risk service and the high-risk service at least according to the high-frequency transaction link and the sensitive transaction link; and generating a high-risk service monitoring list according to the high-risk service and the risk grade weight of the high-risk service.
By adopting the monitoring method of the high-risk service of the embodiment of the disclosure, the high-risk service can be determined based on the high-frequency transaction link and the sensitive transaction link, so that the automatic identification of the high-risk service is realized, and the identification effect is accurate and efficient. After the high-risk service is determined, the transaction link called by the high-risk service and the service called by the transaction link can be monitored to a corresponding degree according to the risk grade weight of the high-risk service, so that a tester can pay attention to test contents related to the high-risk service according to a monitored object during testing, the working gravity center can be tested in the testing process, and the problems that the testing is not in place and the risk control is inaccurate in the traditional testing scheme are solved.
Fig. 1 schematically shows an application scenario diagram of a monitoring method, an apparatus, an electronic device, a storage medium, and a program product for high risk traffic according to an embodiment of the present disclosure. As shown in fig. 1, the application scenario 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping applications, web browser applications, search applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the monitoring method for high-risk service provided by the embodiment of the present disclosure may be generally performed by the server 105. Accordingly, the monitoring device for high-risk service provided by the embodiment of the present disclosure may be generally disposed in the server 105. The monitoring method for high-risk service provided by the embodiment of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the monitoring apparatus for high-risk service provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The monitoring method for high risk service of the disclosed embodiment will be described in detail with fig. 2 to 7 based on the scenario described in fig. 1.
Fig. 2 schematically shows one of the flowcharts of the monitoring method for high risk business according to the embodiment of the present disclosure, and as shown in fig. 2, the monitoring method for high risk business of this embodiment includes steps S210 to S250.
It should be noted that, although the steps in fig. 2 are shown in sequence as indicated by arrows, the steps are not necessarily executed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless otherwise indicated herein. Moreover, at least some of the steps in the figures may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, in different orders, and may be performed in turn or in alternation with other steps or at least some of the sub-steps or stages of other steps.
In step S210, a first calling frequency of at least one transaction link is obtained.
In the embodiment of the present disclosure, the transaction link may refer to a link formed by services required to be invoked to implement one service, for example, for a transfer service, the transaction link may include a withdrawal service and a deposit service, etc. The first call frequency may refer to a call amount of the transaction link within a preset time period.
In step S220, the transaction link with the first calling frequency satisfying the first preset condition is extracted to obtain a high-frequency transaction link.
In the embodiment of the present disclosure, the transaction links may be sorted from high to low according to the call amount, and the top N transaction links are selected from the sorted transaction links to obtain the high-frequency transaction link. Where N is a positive integer, for example, N may be set to 100.
In step S230, the transaction links associated with the key data of the key data table are extracted to obtain sensitive transaction links.
In the embodiment of the present disclosure, the key table data may include a preset data table called by the target service, and may also include a preset target data table. The target service may include a more sensitive service, such as an account-related service and a secret-related service. The target data table may include data tables relating to more sensitive data, such as, for example, accounting data and confidential data. The key data may include data that changes in the data table, for example, for an account-related transaction, the key data may include a roll-out amount, a roll-in amount, and the like.
In step S240, risk level weights of the high-risk service and the high-risk service are determined according to at least the high-frequency transaction link and the sensitive transaction link.
In the disclosed embodiments, high-risk traffic may include high-frequency traffic and sensitive traffic.
Illustratively, the high frequency traffic may be determined from the high frequency traffic link, e.g., when a certain traffic invokes the high frequency traffic link, the traffic may be considered as the high frequency traffic.
Illustratively, sensitive traffic may be determined from sensitive transaction links, e.g., when a traffic invokes a sensitive transaction link, the traffic may be considered sensitive traffic.
In step S250, a high-risk service monitoring list is generated according to the high-risk service and the risk level weight of the high-risk service.
In the embodiment of the present disclosure, the risk level weight of the high risk service may be determined according to the transaction link invoked by the high risk service, for example, when the transaction link invoked by the high risk service is a high frequency transaction link, the risk level weight of the high risk service may be determined to be a lower level, and when the transaction link invoked by the high risk service is a high frequency transaction link and a sensitive transaction link, the risk level weight of the high risk service may be determined to be a higher level.
By adopting the monitoring method of the high-risk service of the embodiment of the disclosure, the high-risk service can be determined based on the high-frequency transaction link and the sensitive transaction link, so that the automatic identification of the high-risk service is realized, and the identification effect is accurate and efficient. After the high-risk service is determined, monitoring of the corresponding degree can be performed on the transaction link called by the high-risk service and the service called by the transaction link according to the risk level weight of the high-risk service, so that when testing is performed, a tester can pay key attention to the test content related to the high-risk service according to a monitored object, the work gravity center can be tested in the testing process, and the problems that the test is not in place and the risk control is inaccurate in the traditional testing scheme are solved.
The monitoring method for high risk service according to the embodiment of the present disclosure is further described below with reference to fig. 2 to fig. 7.
The overall system architecture of the monitoring method for the high-risk service of the embodiment of the disclosure is as follows, and is divided into four levels: the system comprises a service scene A, a service layer B, a technology support layer C and a data base layer D. The service scene comprises specific services, including payment, deposit, remittance and the like. The service layer includes the main functions of the embodiment of the present disclosure: 1. automatic identification of high-risk business; 2. full link intelligent analysis and monitoring; 3. the transaction link interfaces with the business asset. The technology support layer comprises specific technologies, algorithms and an IT framework for supporting three functional boards of the service layer. The data base layer includes the final storage place of all services, businesses and data, including Mysql, mainframe and Oracel, etc.
The following first describes the automated identification of high-risk businesses according to the embodiment of the present disclosure.
Fig. 3 schematically illustrates a second flowchart of a monitoring method for high risk business according to an embodiment of the present disclosure, and as shown in fig. 3, in some specific embodiments, the monitoring method further includes step S310 and step S320.
In step S310, a second calling frequency of the at least one service is acquired.
In the embodiment of the present disclosure, the second call frequency may refer to a call amount of the service in a preset time period.
In step S320, a service with a second calling frequency satisfying a second preset condition is extracted to obtain a high frequency service.
In the embodiment of the present disclosure, the services may be sorted from high to low according to the call amount, and the top M services may be selected from the sorted services to obtain the high-frequency service. Where M is a positive integer, for example, M may be set to 100.
In some embodiments, step S240 includes step S241.
In step S241, the risk level weights of the high-risk service and the high-risk service are determined according to the high-frequency service, the high-frequency transaction link, and the sensitive transaction link.
For example, for a service, when the transaction link called by the service is a high-frequency transaction link, the service may be determined to be a high-risk service; for another example, when one of the services in the transaction link that it invokes is a high frequency service, it may also be determined that the service is a high risk service, and so on, and they are not listed here.
In some embodiments, step S241 includes step S241.
In step S2411, the traffic related to at least one of the high frequency service, the high frequency transaction link and the high risk transaction link is extracted to obtain the high risk traffic.
In an embodiment of the present disclosure, the risk level weight of the high-risk business is determined to be a first risk level weight when the high-risk business relates to at least two of the high-frequency service, the high-frequency trading link, and the high-risk trading link. Determining the risk level weight of the high-risk traffic as a second risk level weight when the high-risk traffic relates to one of a high-frequency service, a high-frequency trading link, and a high-risk trading link. Wherein the first risk level weight is higher than the second risk level weight.
In the embodiment of the present disclosure, the risk level weight may include a risk level weight of the high risk service itself, a risk level weight of the transaction link in the high risk service, and a risk level weight of each service in the transaction link.
For example, when the risk level weight is the first risk level weight, the risk level weight of the high risk business itself, the transaction link in the high risk business, and each service in the transaction link are all the first risk level weights.
Optionally, in this embodiment of the present disclosure, a service called in a sensitive transaction link may also be determined as a sensitive service, so that, for a service, when one service in the transaction link called by the service is a sensitive service, the service may also be determined as a high-risk service.
For example, for a transfer transaction, the called deposit service (withdrawal service) is a high-frequency service, and the deposit service (withdrawal service) is involved in the account, so that the deposit service (withdrawal service) is also a sensitive service, and at this time, the risk level weight of the transfer transaction may be determined as a first risk level weight, and the risk level weight of the deposit service (withdrawal service) may also be a first risk level weight.
In some embodiments, the sensitive transaction link may be identified by a forward identification algorithm and a reverse identification algorithm in step S230, wherein the forward identification algorithm may excavate a potential sensitive transaction link through a known sensitive service (i.e., a target service mentioned immediately below), and the reverse identification algorithm may excavate a potential sensitive transaction link through a known more important data table (i.e., a target data table mentioned immediately below).
In the following, the forward identification algorithm is first described, and fig. 4 schematically shows a flowchart of determining a sensitive transaction link by the forward identification algorithm according to an embodiment of the present disclosure, as shown in fig. 4, in some specific embodiments, step S230 includes steps S231 to S235.
In step S231, a preset target service is acquired.
In the embodiment of the present disclosure, the preset target service may include an account-related service, a secret-related service, and the like.
In step S232, the service called by the target service is extracted to obtain the first service.
In the embodiment of the present disclosure, all services called by the target service may be obtained to obtain the first service.
In step S233, a key data table is determined according to the data table related to the key change of the first service, wherein the key data in the key data table includes data related to the key change of the first service.
In embodiments of the present disclosure, the critical change may include, for example, an accounting change or a security change, and in some embodiments, the critical data includes at least one of accounting data and security data.
For example, the key data includes ledger data, and the key changes may include addition, modification, and deletion of ledger data, and the like.
In step S234, SQL statements relating to the key data are extracted.
In step S235, according to the extracted logic in the SQL statement, a sensitive transaction link is determined.
In the embodiment of the disclosure, by referring to the key data SQL statement, the logic of the change of the key data can be obtained, so that all services related to the change of the key data can be found, and a complete transaction link is obtained. For example, when a modification of the accounting data to the withdrawal service is found, whether a corresponding deposit service exists can be analyzed through an SQL statement, when the deposit service exists, the transaction link associated with the key data may be described as a transfer transaction link, and when the deposit service does not exist, the transaction link associated with the key data may be described as a deposit transaction link.
Turning to the reverse direction identification algorithm, fig. 5 schematically illustrates a flow chart of determining a sensitive transaction link through the reverse direction identification algorithm according to an embodiment of the disclosure, and as shown in fig. 5, in some specific embodiments, step S230 includes steps S236 to S239.
In step S236, a preset target data table is acquired.
In the disclosed embodiment, the target data table may include known more important data tables, such as a reconciliation data table and a security data table.
In step S237, a key data table is determined according to the target data table, wherein the key data in the key data table includes the preset data that is changed in the target data table.
In the embodiment of the present disclosure, the target data table may be used as a key data table, the preset data may include the aforementioned accounting data and confidential data, and the key data may include the preset data that is changed by adding, modifying, deleting, and the like.
In step S238, the service calling the key data is extracted to obtain the second service.
In step S239, a sensitive transaction link is determined according to the extracted second service.
In an embodiment of the disclosure, a transaction link invoking the second service may be obtained, resulting in a sensitive transaction link.
The following describes the full link intelligent analysis and monitoring of the embodiments of the present disclosure.
Fig. 6 schematically shows a third flowchart of a monitoring method for high risk traffic according to an embodiment of the present disclosure, and as shown in fig. 6, in some specific embodiments, the monitoring method further includes step S410 and step S420.
In step S410, supplementary monitoring information of all transaction links is obtained.
In some embodiments, the supplemental monitoring information includes length information and complexity information of the transaction link, and timeout information of services at various levels in the transaction link.
In step S420, when the supplementary monitoring information of at least one transaction link satisfies a third preset condition, the high-risk service monitoring list is updated according to the service related to the transaction link. Otherwise, the step S420 is ended.
In the embodiment of the present disclosure, the third preset condition may be determined according to actual needs, for example, the number of nodes, the number of services, and the number of queries in the transaction link may be monitored, and when the above parameters exceed a certain threshold (which may be user-defined), it may be determined that the third preset condition is met, so that a longer transaction link and/or a transaction link with higher complexity may be obtained by screening.
For another example, for services on the transaction link, a service timeout time decrement principle should be followed, that is, the timeout time of the next-level service should be smaller than the timeout time of the previous-level service, and the transaction link violating this principle can be screened out through the third preset condition.
In the embodiment of the disclosure, the full amount of transaction links can be monitored, and when any one transaction link meets the third preset condition, the transaction link can be supplemented into the high risk service monitoring list as a new high risk service for monitoring, so that the comprehensiveness of high risk service identification is improved.
In some embodiments, step S420 includes step S421.
In step S421, when the supplementary monitoring information of the transaction link in the high risk service satisfies the third preset condition, the risk level weight of the high risk service is increased, so as to modify the risk level weight of the high risk service. Otherwise, step S421 is ended.
Fig. 7 schematically shows a fourth flowchart of a monitoring method for high risk traffic according to an embodiment of the present disclosure, as shown in fig. 7, in some specific embodiments, the monitoring method further includes step S510 and step S530.
In step S510, when the version is updated, the change content is acquired.
In step S520, it is determined whether there is a new access table according to the changed content.
In the embodiment of the present disclosure, the large table may refer to a data table in which the access amount satisfies a preset value. When the version is updated, the changed operation is listed through the comparison between the new version and the old version, the data table related to the operation pair is marked, and when the access frequency of a single transaction link with the modified content to the table reaches a preset frequency, for example, reaches more than million levels, the table is determined to be a newly increased access large table.
In step S530, when there is a newly added access large table, the high risk service monitoring list is updated according to the service related to the newly added access large table.
In the embodiment of the present disclosure, a service, a transaction link, and the like for invoking a newly added access netlist can be obtained, and then, a service for invoking the service and the transaction link is obtained and supplemented as a new high-risk service to a high-risk service monitoring list.
Optionally, when a new access table is added to the access of the transaction link in the existing high-risk service, the risk level weight of the high-risk service can be increased, so that the risk level weight of the high-risk service is corrected.
The following describes the interfacing of transaction links with business assets in embodiments of the present disclosure.
In some embodiments, the monitoring method further includes step S610.
In step S610, a search relationship is established between the high-risk business and the high-frequency transaction link and/or the sensitive transaction link involved in the high-risk business, and is visually displayed.
In the embodiment of the disclosure, the high-risk service may be managed with the transaction link as a granularity, so as to perform addition, deletion, modification, check, and the like. Alternatively, a maintenance application product line, a responsible person, may be configured for each transaction link or high-risk business. Optionally, the applications, the business functions, the service sources, the service calling relations, the version transformation, the maintainable product line and the test responsible persons can be registered and accumulated to form a front-end visual interface for subsequent test of asset precipitation, improve the IT architecture and the business scene registration quality and improve the asset quality.
For example, for the account-related business, by using the forward/reverse recognition algorithm, the key data, modification time, version modification content, application, call service, transaction link and the like in the key data table of the account-related business can be retrieved, and then the information is integrated and registered with the account-related business, the test responsible person and the business responsible person for front-end display and asset accumulation.
Through the asset integration, the high-risk service retrieved by the system can be subjected to front-end display and asset accumulation, and the butt joint of a transaction link and the service is realized. Relevant service testing or technical personnel can search relevant information such as corresponding application, testing/service responsible persons, transaction time, version transformation time, corresponding table names and the like by searching transaction links or high-risk services, so that the risk condition of production transformation is predicted, and testing key points are determined in advance.
In some embodiments, the monitoring method further includes step S710 and step S720.
In step S710, the currently determined high-risk service is compared with the high-risk service monitoring list generated last time according to the similarity algorithm.
In step S720, according to the comparison result, a risk level weight is determined for the currently determined high-risk service.
In the embodiment of the present disclosure, the currently determined high-risk service may be compared with one high-risk service in the high-risk service monitoring list generated last time by using the transaction link through the following similarity algorithm.
For example, when the number of nodes of the transaction links of the two services is the same, the service names in the transaction links are different (the number of service names that are not matched supports customization), and the SQL information is the same, the two transaction links are considered to be similar, and the high-risk service monitoring list generated by the currently determined high-risk service at the last time already exists.
For another example, when the number of nodes of the transaction links of the two services is the same, the service name is the same, and the sql in the service is different, the two transaction links may also be considered to be similar, and the high-risk service monitoring list generated by the currently determined high-risk service at the last time already exists.
By adopting the monitoring method of the high-risk service of the embodiment of the disclosure, not only can the automatic identification of the high-risk service be realized, but also the intelligent analysis and prevention control of the whole transaction link, the accurate butt joint of the transaction link and the service and the like can be realized, thereby being beneficial to the improvement of the accuracy and efficiency of the test, improving the comprehensiveness of the test coverage, avoiding the condition of missing test, monitoring the performance problems (such as overtime and the like) of all transaction links, positioning the transaction error information and the illegal transaction link, improving the test efficiency, and making up the problems and the defects of the existing test method.
Based on the monitoring method of the high-risk service, the disclosure also provides a monitoring device of the high-risk service. The apparatus will be described in detail below with reference to fig. 8.
Fig. 8 schematically shows a block diagram of a monitoring apparatus for high risk traffic according to an embodiment of the present disclosure.
As shown in fig. 8, the monitoring apparatus 800 for high risk traffic of this embodiment includes an obtaining module 810, a first extracting module 820, a second extracting module 830, a first processing module 840, and a second processing module 850.
The obtaining module 810 is configured to obtain a first invocation frequency of at least one transaction link. In an embodiment, the obtaining module 810 may be configured to perform the step S210 described above, which is not described herein again.
The first extraction module 820 is configured to extract a transaction link with a first calling frequency satisfying a first preset condition to obtain a high-frequency transaction link. In an embodiment, the first extracting module 820 may be configured to perform the step S220 described above, which is not described herein again.
The second extraction module 830 is used to extract the transaction links associated with the key data of the key data table to obtain the sensitive transaction links. In an embodiment, the second extracting module 830 may be configured to perform the step S230 described above, and is not described herein again.
The first processing module 840 is configured to determine a risk level weight for the high-risk service and the high-risk service according to at least the high-frequency transaction link and the sensitive transaction link. In an embodiment, the first processing module 840 may be configured to perform the step S240 described above, which is not described herein again.
The second processing module 850 is configured to generate a high-risk service monitoring list according to the high-risk service and the risk level weight of the high-risk service. In an embodiment, the second processing module 850 may be configured to perform the step S250 described above, which is not described herein again.
By adopting the monitoring method of the high-risk service of the embodiment of the disclosure, the high-risk service can be determined based on the high-frequency transaction link and the sensitive transaction link, so that the automatic identification of the high-risk service is realized, and the identification effect is accurate and efficient. After the high-risk service is determined, monitoring of the corresponding degree can be performed on the transaction link called by the high-risk service and the service called by the transaction link according to the risk level weight of the high-risk service, so that when testing is performed, a tester can pay key attention to the test content related to the high-risk service according to a monitored object, the work gravity center can be tested in the testing process, and the problems that the test is not in place and the risk control is inaccurate in the traditional testing scheme are solved.
According to the embodiment of the present disclosure, any plurality of the obtaining module 810, the first extraction module 820, the second extraction module 830, and the first processing module 840 and the second processing module 850 may be combined in one module to be implemented, or any one of the modules may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the disclosure, at least one of the obtaining module 810, the first extracting module 820, the second extracting module 830, and the first processing module 840 and the second processing module 850 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or implemented by a suitable combination of any several of them. Alternatively, at least one of the obtaining module 810, the first extracting module 820, the second extracting module 830 and the first and second processing modules 840 and 850 may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
In some embodiments, the monitoring device further includes a third processing module, configured to perform the following steps:
obtaining a second calling frequency of at least one service;
extracting services with second calling frequency meeting second preset conditions to obtain high-frequency services;
determining risk level weights for the high-risk business and the high-risk business according to at least the high-frequency transaction link and the sensitive transaction link, wherein the risk level weights comprise:
and determining the risk level weight of the high-risk service and the high-risk service according to the high-frequency service, the high-frequency transaction link and the sensitive transaction link.
In some embodiments, the second extraction module 830 is specifically configured to perform the following steps:
acquiring a preset target service;
extracting a service called by a target service to obtain a first service;
determining a key data table according to the data table related to the key change of the first service, wherein the key data in the key data table comprises data related to the key change of the target service;
extracting SQL sentences related to key data;
determining a sensitive transaction link according to the extracted logic in the SQL statement;
in some embodiments, the second extraction module 830 is further configured to:
acquiring a preset target data table;
determining a key data table according to the target data table, wherein the key data in the key data table comprises changed preset data in the target data table;
extracting a service for calling key data to obtain a second service;
and determining the sensitive transaction link according to the extracted second service.
In some embodiments, the critical data includes at least one of ledger data and secret-related data.
In some embodiments, the first processing module 840 is specifically configured to perform the following steps:
extracting traffic relating to at least one of a high frequency service, a high frequency transaction link, and a high risk transaction link to obtain high risk traffic;
determining a risk level weight of the high-risk business to be a first risk level weight when the high-risk business relates to at least two of the high-frequency service, the high-frequency trading link and the high-risk trading link;
determining the risk level weight of the high-risk service as a second risk level weight when the high-risk service relates to one of a high-frequency service, a high-frequency transaction link and a high-risk transaction link;
the first risk level weight is higher than the second risk level weight.
In some embodiments, the monitoring device further includes a fourth processing module, configured to perform the following steps:
acquiring supplementary monitoring information of all transaction links;
and when the supplementary monitoring information of at least one transaction link meets a third preset condition, updating the high-risk service monitoring list according to the service related to the transaction link.
In some embodiments, the fourth processing module is specifically configured to perform the following steps:
and when the supplementary monitoring information of the transaction link in the high-risk service meets a second preset condition, the risk level weight of the high-risk service is improved.
In some embodiments, the supplemental monitoring information includes length information and complexity information of the transaction link, and timeout information of services at various levels in the transaction link.
In some embodiments, the monitoring apparatus further includes a fifth processing module, configured to perform the following steps:
the monitoring method further comprises the following steps:
when the version is updated, acquiring the changed content;
determining whether a newly added access large table exists according to the changed content;
and when the newly added access large table exists, updating the high-risk service monitoring list according to the service related to the newly added access large table.
In some embodiments, the monitoring device further includes a sixth processing module, configured to perform the following steps:
and establishing search association between the high-risk business and the high-frequency transaction link and/or the sensitive transaction link related to the high-risk business, and performing visual display.
In some specific embodiments, the monitoring apparatus further includes a seventh processing module, configured to perform the following steps:
comparing the currently determined high-risk service with the high-risk service monitoring list generated last time according to a similarity algorithm;
and determining the risk grade weight for the currently determined high-risk service according to the comparison result.
By adopting the monitoring method of the high-risk service of the embodiment of the disclosure, not only can the automatic identification of the high-risk service be realized, but also the intelligent analysis and prevention control of the whole transaction link, the accurate butt joint of the transaction link and the service and the like can be realized, thereby being beneficial to the improvement of the accuracy and efficiency of the test, improving the comprehensiveness of the test coverage, avoiding the condition of missing test, monitoring the performance problems (such as overtime and the like) of all transaction links, positioning the transaction error information and the illegal transaction link, improving the test efficiency, and making up the problems and the defects of the existing test method.
Fig. 9 schematically shows a block diagram of an electronic device adapted to implement a monitoring method of high risk traffic according to an embodiment of the present disclosure.
As shown in fig. 9, an electronic apparatus 900 according to an embodiment of the present disclosure includes a processor 901 which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. Processor 901 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 901 may also include on-board memory for caching purposes. The processor 901 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 903, various programs and data necessary for the operation of the electronic apparatus 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other through a bus 904. The processor 901 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the programs may also be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 902 and/or the RAM 903 described above and/or one or more memories other than the ROM 902 and the RAM 903.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated in the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the monitoring method of the high risk service provided by the embodiment of the disclosure.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 901. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of a signal on a network medium, and downloaded and installed through the communication section 909 and/or installed from the removable medium 911. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The computer program, when executed by the processor 901, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In situations involving remote computing devices, the remote computing devices may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to external computing devices (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.
Claims (16)
1. A method for monitoring high risk service, comprising:
obtaining a first calling frequency of at least one transaction link;
extracting the transaction link of which the first calling frequency meets a first preset condition to obtain a high-frequency transaction link;
extracting a transaction link associated with the key data of the key data table to obtain a sensitive transaction link;
determining a high-risk service and a risk level weight of the high-risk service at least according to the high-frequency transaction link and the sensitive transaction link;
and generating a high-risk service monitoring list according to the high-risk service and the risk grade weight of the high-risk service.
2. The monitoring method according to claim 1, further comprising;
obtaining a second calling frequency of at least one service;
extracting the service with the second calling frequency meeting a second preset condition to obtain a high-frequency service;
determining risk level weights for high-risk traffic and the high-risk traffic based at least on the high-frequency traffic link and the sensitive traffic link, comprising:
and determining high-risk business and the risk grade weight of the high-risk business according to the high-frequency service, the high-frequency transaction link and the sensitive transaction link.
3. The method of monitoring as claimed in claim 2, wherein said determining risk level weights for high risk traffic and said high risk traffic based on said high frequency service, said high frequency transaction link and said sensitive transaction link comprises:
extracting traffic relating to at least one of the high frequency service, the high frequency transaction link, and the high risk transaction link to obtain the high risk traffic;
determining a risk level weight of the high-risk business to be a first risk level weight when the high-risk business relates to at least two of the high-frequency service, the high-frequency trading link, and the high-risk trading link;
determining a risk level weight of the high-risk business to be a second risk level weight when the high-risk business relates to one of the high-frequency service, the high-frequency trading link, and the high-risk trading link;
the first risk level weight is higher than the second risk level weight.
4. The monitoring method of claim 1, wherein the extracting the transaction links associated with the key data of the key data table to obtain the sensitive transaction links comprises:
acquiring a preset target service;
extracting the service called by the target service to obtain a first service;
determining a key data table according to the data table related to the key change of the first service, wherein the key data in the key data table comprises data related to the key change of the target service;
extracting SQL statements related to the key data;
and determining the sensitive transaction link according to the extracted logic in the SQL statement.
5. The monitoring method of claim 1, wherein the extracting the transaction links associated with the key data of the key data table to obtain the sensitive transaction links comprises:
acquiring a preset target data table;
determining the key data table according to the target data table, wherein the key data in the key data table comprise changed preset data in the target data table;
extracting a service for calling the key data to obtain a second service;
and determining the sensitive transaction link according to the extracted second service.
6. The monitoring method of claim 1, wherein the critical data comprises at least one of account-related data and secret-related data.
7. The monitoring method of claim 1, further comprising:
acquiring supplementary monitoring information of all transaction links;
and when the supplementary monitoring information of at least one transaction link meets a third preset condition, updating the high-risk service monitoring list according to the service related to the transaction link.
8. The monitoring method according to claim 7, wherein when the supplementary monitoring information of at least one transaction link satisfies a third preset condition, updating the high-risk service monitoring list according to the service related to the transaction link includes:
and when the supplementary monitoring information of the transaction link in the high-risk service meets a third preset condition, the risk level weight of the high-risk service is improved.
9. The monitoring method according to claim 7, wherein the supplementary monitoring information includes length information and complexity information of the transaction link, and timeout information of services at each level in the transaction link.
10. The monitoring method of claim 1, further comprising:
when the version is updated, acquiring the changed content;
determining whether a newly added access large table exists according to the changed content;
and when the newly added access large table exists, updating the high-risk service monitoring list according to the service related to the newly added access large table.
11. The monitoring method of claim 1, further comprising:
and establishing search association between the high-risk business and the high-frequency transaction link and/or the sensitive transaction link related to the high-risk business, and performing visual display.
12. The monitoring method of claim 1, further comprising:
comparing the currently determined high-risk service with the high-risk service monitoring list generated last time according to a similarity algorithm;
and determining the risk grade weight for the currently determined high-risk service according to the comparison result.
13. A device for monitoring high risk traffic, comprising:
the acquisition module is used for acquiring a first calling frequency of at least one transaction link;
the first extraction module is used for extracting the transaction link of which the first calling frequency meets a first preset condition so as to obtain a high-frequency transaction link;
the second extraction module is used for extracting the transaction link associated with the key data of the key data table to obtain a sensitive transaction link;
the first processing module is used for determining high-risk business and risk grade weight of the high-risk business at least according to the high-frequency trading link and the sensitive trading link;
and the second processing module is used for generating a high-risk service monitoring list according to the high-risk service and the risk level weight of the high-risk service.
14. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform a method of monitoring high risk traffic according to any of claims 1-12.
15. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform a method of monitoring high risk traffic according to any of claims 1 to 12.
16. A computer program product comprising a computer program which, when executed by a processor, carries out a method of monitoring high risk traffic according to any of claims 1-12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210690717.8A CN115063214A (en) | 2022-06-17 | 2022-06-17 | Method, apparatus, device, medium and program product for monitoring high risk service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210690717.8A CN115063214A (en) | 2022-06-17 | 2022-06-17 | Method, apparatus, device, medium and program product for monitoring high risk service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115063214A true CN115063214A (en) | 2022-09-16 |
Family
ID=83203136
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210690717.8A Pending CN115063214A (en) | 2022-06-17 | 2022-06-17 | Method, apparatus, device, medium and program product for monitoring high risk service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115063214A (en) |
-
2022
- 2022-06-17 CN CN202210690717.8A patent/CN115063214A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111080178A (en) | Risk monitoring method and device | |
| CN113159934A (en) | Method and system for predicting passenger flow of network, electronic equipment and storage medium | |
| CN116594683A (en) | Code annotation information generation method, device, equipment and storage medium | |
| CN114238993A (en) | Risk detection method, apparatus, device and medium | |
| CN113595886A (en) | Instant messaging message processing method and device, electronic equipment and storage medium | |
| CN117557104A (en) | Data analysis method, device, equipment and medium | |
| CN115760013A (en) | Operation and maintenance model construction method and device, electronic equipment and storage medium | |
| CN116932214A (en) | Instruction sending method and device, electronic equipment and computer storage medium | |
| CN115904527A (en) | Data processing method, device, equipment and medium | |
| CN115795345A (en) | Information processing method, device, equipment and storage medium | |
| CN115063214A (en) | Method, apparatus, device, medium and program product for monitoring high risk service | |
| CN114281586A (en) | Fault determination method and device, electronic equipment and computer readable storage medium | |
| CN114443663A (en) | Data table processing method, device, equipment and medium | |
| CN113961441A (en) | Alarm event processing method, auditing method, device, equipment, medium and product | |
| CN114219601A (en) | Information processing method, device, equipment and storage medium | |
| CN113487224A (en) | Content processing method, apparatus, device, medium, and program product | |
| CN113449886A (en) | Data processing method, processing device, equipment and storage medium | |
| CN115689263A (en) | Information generation method, device, equipment and storage medium | |
| CN118519813A (en) | Service resource detection method and device, electronic equipment, storage medium and computer program product | |
| CN114862552A (en) | Credit investigation data sending method, device, system, equipment and medium | |
| CN115687284A (en) | Information processing method, device, equipment and storage medium | |
| CN116401176A (en) | Database statement detection method and device, electronic equipment and storage medium | |
| CN115098398A (en) | Test case processing method, device, equipment and medium | |
| CN115525365A (en) | Method, device and equipment for determining target data entity and storage medium | |
| CN116757430A (en) | Human resource determination method, device and equipment based on project research and development requirements |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |