CN115204733A - Data auditing method and device, electronic equipment and storage medium - Google Patents
Data auditing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115204733A CN115204733A CN202210919889.8A CN202210919889A CN115204733A CN 115204733 A CN115204733 A CN 115204733A CN 202210919889 A CN202210919889 A CN 202210919889A CN 115204733 A CN115204733 A CN 115204733A
- Authority
- CN
- China
- Prior art keywords
- data
- audit
- early warning
- audited
- analysis model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000012550 audit Methods 0.000 claims abstract description 240
- 238000004458 analytical method Methods 0.000 claims abstract description 123
- 238000012545 processing Methods 0.000 claims abstract description 34
- 238000012549 training Methods 0.000 claims description 30
- 238000004590 computer program Methods 0.000 claims description 16
- 231100000279 safety data Toxicity 0.000 claims description 6
- 230000000007 visual effect Effects 0.000 claims description 5
- 238000012163 sequencing technique Methods 0.000 claims description 2
- 239000000126 substance Substances 0.000 claims description 2
- 238000013474 audit trail Methods 0.000 claims 1
- 238000001514 detection method Methods 0.000 abstract description 4
- 238000013136 deep learning model Methods 0.000 abstract 1
- 230000008569 process Effects 0.000 description 12
- 238000004891 communication Methods 0.000 description 10
- 230000002159 abnormal effect Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000006399 behavior Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 206010000117 Abnormal behaviour Diseases 0.000 description 3
- 230000003044 adaptive effect Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/067—Enterprise or organisation modelling
-
- G06Q50/40—
Abstract
The invention discloses a data auditing method, a data auditing device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring business data to be audited corresponding to at least one business system; the business data to be audited comprises the corresponding field to be audited and the corresponding data to be audited of each business system; processing the service data to be audited based on at least one audit early warning analysis model to obtain audit early warning data matched with each audit early warning analysis model; each audit early warning analysis model is trained and completed based on corresponding preset audit early warning rules and sample business data, and the audit early warning data comprises a target early warning field and corresponding target audit data; and generating and storing an audit analysis report based on the audit early warning data. According to the technical scheme of the embodiment of the invention, the abnormity detection is carried out on the audit service data based on the deep learning model, so that the abnormity early warning accuracy is improved.
Description
Technical Field
The invention relates to the technical field of big data processing, in particular to a data auditing method and device, electronic equipment and a storage medium.
Background
With the expansion of network scale and the increase of data service, the operation data has higher social value and business value. The development of related fields such as big data and cloud computing brings new opportunities to the communication industry and potential data safety hazards.
In order to strengthen the safety protection of user information and ensure the safety of enterprise information systems and data, safety audit needs to be carried out on operation data.
However, the existing auditing method is single, the auditing strategy is insufficient, and centralized auditing can not be performed on data from different sources and heterogeneous data, so that the auditing work efficiency is low.
Disclosure of Invention
The invention provides a data auditing method, a data auditing device, electronic equipment and a storage medium, which are used for realizing the effect of improving the accuracy of abnormal early warning, converting an early warning event from passive response into active response and realizing the effects of identifying and protecting an unknown early warning event.
According to an aspect of the invention, there is provided a data auditing method, the method comprising:
acquiring business data to be audited corresponding to at least one business system; the business data to be audited comprises the field to be audited corresponding to each business system and the corresponding data to be audited;
processing the service data to be audited based on at least one audit early warning analysis model to obtain audit early warning data matched with each audit early warning analysis model; each audit early warning analysis model is trained and completed based on corresponding preset audit early warning rules and sample service data, and the audit early warning data comprises a target early warning field and corresponding target audit data;
and generating an audit analysis report and storing the audit analysis report based on the audit early warning data.
According to another aspect of the present invention, there is provided a data auditing apparatus, the apparatus comprising:
the auditing service data acquisition module is used for acquiring auditing service data corresponding to at least one service system; the business data to be audited comprises the field to be audited corresponding to each business system and the corresponding data to be audited;
the data processing module is used for processing the service data to be audited based on at least one audit early warning analysis model to obtain audit early warning data matched with each audit early warning analysis model; each audit early warning analysis model is trained and completed based on corresponding preset audit early warning rules and sample business data, and the audit early warning data comprises a target early warning field and corresponding target audit data;
and the audit analysis report generation module is used for generating and storing an audit analysis report based on the audit early warning data.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform a data auditing method according to any embodiment of the present invention.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to implement a data auditing method according to any one of the embodiments of the present invention when executed.
According to the technical scheme of the embodiment of the invention, the auditing and early warning data corresponding to at least one service system are obtained, the auditing and early warning data adaptive to each auditing and early warning analysis model are obtained by processing the auditing and early warning data based on at least one auditing and early warning analysis model, and finally, an auditing and analysis report is generated and stored based on the auditing and early warning data, so that the problems that the auditing method is single, the auditing strategy is insufficient, the centralized auditing cannot be carried out on data from different sources and heterogeneous data, and the auditing and early warning efficiency is low in the prior art are solved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present invention, nor do they necessarily limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flow chart of a data auditing method according to an embodiment of the invention;
FIG. 2 is a schematic diagram of a data auditing platform provided according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a data auditing apparatus according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device implementing the data auditing method of the embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It can be understood that, before the technical solutions disclosed in the embodiments of the present disclosure are used, the type, the use range, the use scenario, etc. of the personal information related to the present disclosure should be informed to the user and authorized by the user in a proper manner according to relevant laws and regulations.
Example one
Fig. 1 is a flowchart of a data auditing method according to an embodiment of the present invention, where the present embodiment is applicable to an instance where service data of each service system is audited and analyzed, and the method may be executed by a data auditing apparatus, where the data auditing apparatus may be implemented in a form of hardware and/or software, and the data auditing apparatus may be configured in a terminal and/or a server. As shown in fig. 1, the method includes:
and S110, acquiring the business data to be audited corresponding to at least one business system.
The business data to be audited comprises the fields to be audited corresponding to each business system and the corresponding data to be audited.
In this embodiment, the business system may be a basic platform for business processing informatization management of a communication enterprise, and may be used to support foreground sales, customer service, and internal support full flow and analysis management. Alternatively, the business system may include, but is not limited to, a billing and settlement system, an accounting system, a customer service system, a decision support system, and the like. The service data to be audited can be data which needs to be audited in each service system. Correspondingly, the pending fields may be all fields representing the identity of the user, may also be fields representing all services associated with the user, may also be fields representing the system login situation of the user, and the like.
In practical application, because the formats of the service data of different service systems or devices are not consistent, the correlation audit analysis cannot be carried out, and therefore, before the service data to be audited is obtained, the initial service data of each service system can be processed to obtain the corresponding service data to be audited.
It should be noted that, when the initial service data is obtained, since the devices associated with each service system include the network device, the host, the database, the security device, the virtual private network, and the like, when the service system is in a working state, each device associated with the service system also generates corresponding service data, and therefore, the service process corresponding to each device may also be collected as the initial service data.
Based on this, on the basis of above-mentioned technical scheme, still include: acquiring initial service data corresponding to at least one service system, and carrying out standardization processing on the initial service data to obtain standard service data; and sequencing the standard service data according to the data acquisition time, and adding a preset label to the sequenced standard service data to obtain the service data to be audited.
The initial service data may be raw log data that has not undergone data processing. Optionally, the initial service data may include, but is not limited to, system sensitive information operation data and audit data, audit data generated by network devices and hosts, site page network traffic data, database fine-grained audit data, login record data of a virtual private network, and the like. For example, the initial service data may include logs of 35 application systems, logs of 24 sets of databases, logs of 500 hosts, logs of 20 network devices, logs of 10 security devices, and the like. The normalization process may be to unify the data content formats of the initial service data, that is, unify the data formats of the initial service data into the same data format. Optionally, the data format may include a Key-Value format, a JSON format, an XML format, or the like. The data acquisition time may be the time to upload the initial service data to the current data processing system. The preset tabs may include priorities and corresponding administrator information, etc. The priority may be divided according to whether the standard service data includes sensitive data, and if the standard service data includes sensitive data, the priority is the highest.
Specifically, after the initial service data are obtained, the initial service data can be standardized according to a predetermined data format, so as to obtain standard service data in the same data format, and further, the standard service data are sequenced according to the data obtaining time of the initial service data, and the priority level and the related administrator information on the label, so as to finally obtain the service data to be audited.
And S120, processing the service data to be audited based on at least one audit early warning analysis model to obtain audit early warning data matched with each audit early warning analysis model.
And each audit early warning analysis model is trained and completed based on corresponding preset audit early warning rules and sample business data. The audit early warning data comprises a target early warning field and corresponding target audit data.
In this embodiment, the audit early warning analysis model may be a deep learning neural network model trained in advance and used for performing anomaly detection on data. The preset audit early warning rule can be a standard which is made in advance and used for carrying out abnormal data screening on the audit data. Each preset audit early warning rule corresponds to an audit early warning analysis model. The audit early warning data can be data which does not conform to corresponding preset audit early warning rules, namely abnormal data.
It should be noted that the preset audit early warning rules can be divided into account audit early warning rules, user information audit early warning rules, user login condition audit early warning rules, and the like. Illustratively, the account audit early warning rules may include account security rules, account length rules, account strength rules, and the like; the user information audit early warning rules can comprise user information abnormal registration rules, password validity period rules (such as whether the password is modified within 90 days), account validity period rules (such as whether the account is logged in within 90 days), and the like; the audit early warning rules of the user login condition can comprise a password login strategy of short-time and multiple attempts, a dynamic verification code login strategy of short-time and multiple attempts, an abnormal time login strategy, a high-frequency operation rule of the same account number, a high-frequency operation rule of the same service and the like.
It should be noted that, before the technical solution of the embodiment of the present invention is used, the user is informed of the acquired information and the usage by law, and is authorized by the user.
Illustratively, when the preset audit early warning rule is an account length rule, the corresponding audit early warning data is audit data including a business system name field, a field corresponding to an account which does not meet the requirement of account safety length and a corresponding account length field; when the preset audit early warning rule is an account number strength rule, the corresponding audit early warning data is audit data which comprises a business system name field, a field corresponding to an account number which does not meet the account number safety strength requirement and a field corresponding to a reason for not meeting the account number safety strength requirement; when the preset audit early warning rule is a password validity rule, the corresponding audit early warning data is audit data comprising a business system name field, an account number field and a number of days field of unmodified passwords; when the preset audit early warning rule is a short-time multi-trial password login rule, the corresponding audit early warning data is audit data comprising a business system name field, an account number field, a login time field and a trial login frequency field; when the preset audit early warning data is the same service high-frequency operation rule, the corresponding audit early warning data is the audit data comprising a service system name field, an account number field, a service name field and an operation frequency field.
It should be noted that, before the application of the audit early warning analysis model to process the service data to be audited, the audit early warning analysis model to be trained needs to be trained first, and for different audit early warning analysis models to be trained, the corresponding model training processes are the same, so that one of the audit early warning analysis models to be trained can be taken as an example to describe: constructing at least one training sample corresponding to each audit early warning analysis model to be trained; aiming at each audit early warning analysis model to be trained, acquiring a training sample corresponding to the current audit early warning analysis model to be trained as the input of the current audit early warning analysis model to be trained to obtain actual audit early warning data; and determining a loss value based on the actual early warning data and the early warning feature tag data in the current training sample, and correcting model parameters of the current audit early warning analysis model to be trained based on the loss value to obtain the audit early warning analysis model.
The training samples comprise sample business data and early warning feature label data corresponding to preset audit early warning rules.
It should be noted that before the audit early warning analysis model to be trained is trained, training samples need to be constructed first, so as to train the model based on the training samples, and in order to improve the accuracy of the model, the training samples can be constructed as many and as abundant as possible.
In practical application, sample business data corresponding to at least one business system is obtained, the sample business data are marked according to early warning features corresponding to preset early warning auditing rules to obtain early warning feature tag data, and then the sample business data and the early warning feature tag data are used as training samples to train an audit early warning analysis model to be trained.
In this embodiment, the audit and early warning analysis model to be trained may be a model with model parameters in the model as initial parameters or a model with default parameters. The actual audit early warning data can be audit data output after the sample business data is input into the audit early warning analysis model to be trained.
It should be noted that, the loss function convergence corresponding to the loss value may be used as a training target to perform model training, specifically, a training error of the loss function corresponding to the loss value, that is, a loss parameter, may be used as a condition for detecting whether the current loss function reaches convergence, for example, whether the training error is smaller than a preset error or whether an error change trend tends to be stable, or whether the current model iteration number is equal to a preset number, and the like, and if the detection reaches the convergence condition, it indicates that the current to-be-trained audit early warning analysis model training is completed, at this time, the iterative training may be stopped; if the current condition of convergence is not reached, training samples can be further obtained to train the audit early warning analysis model to be trained until the training error of the loss function is within a preset range, and when the training error of the loss function reaches convergence, the audit early warning analysis model to be trained obtained through current training can be used as the audit early warning analysis model.
In practical application, for each to-be-trained audit early warning analysis model, sample business data in a training sample is input into the current to-be-trained audit early warning analysis model, characteristic extraction is carried out on the sample business data based on a model structure in the to-be-trained audit early warning analysis model, so that actual audit early warning data is output, further, the actual audit early warning data is compared with early warning characteristic label data, model loss is determined, model parameters of the current to-be-trained audit early warning analysis model are corrected based on loss values, and the audit early warning analysis model is obtained.
In specific implementation, after at least one trained audit early warning analysis model is obtained, abnormal data detection can be performed on the service data to be audited based on each audit early warning analysis model, so that audit early warning data corresponding to each audit early warning analysis model is obtained.
And S130, generating an audit analysis report and storing the audit analysis report based on the audit early warning data.
The audit analysis report can be a data report which is obtained by arranging the audit early warning data according to a preset rule.
In practical application, after the audit early warning data is obtained, the audit early warning data can be further processed in order to improve the accuracy and the usability of the audit analysis report, so that the audit analysis report is generated and stored based on the processed audit early warning data.
Optionally, generating and storing an audit analysis report based on the audit early warning data, including: determining a user to be audited corresponding to the audit early warning data, and sending an identity authentication request to the user to be audited; receiving identity authentication information of a user to be checked, and determining a checking result based on the identity authentication information; and when the audit result is that the audit is not passed, processing the audit early warning data to generate and store an audit analysis report.
And the auditing result comprises that the auditing is passed or not passed.
In this embodiment, the user to be checked may be a user that needs to perform user identity information checking, or may also be a user that gives an abnormal alarm to corresponding service data. The identity authentication request may be a pre-programmed program code, and the program code is used to implement sending identity authentication feedback information to the user terminal of the user to be checked. The authentication information may be various pieces of information for proving the identity of the user.
In practical application, the user identity is checked based on the identity authentication information, and then the currently received identity authentication information can be compared with the pre-stored user information, and whether the check is passed or not is determined according to the comparison result.
Optionally, determining an audit result based on the identity authentication information includes: and comparing the identity authentication information with pre-stored authentication information, and determining an auditing result according to a comparison result.
The pre-stored authentication information may be uploaded by the user in the registration phase, and is used to represent the user identity, or may prove various items of information of the user identity.
It should be noted that, before the technical solution of the embodiment of the present invention is used, the user is informed of the acquired information, the usage, and the like by law, and is authorized by the user.
In practical application, after obtaining the audit early warning data, in order to audit and recheck the audit early warning data, users to be audited corresponding to the audit early warning data can be determined, and identity authentication requests are sent to the users to be audited, further, after obtaining the identity authentication information of the users to be audited, the currently received identity authentication information can be compared with the pre-stored user information, if the authentication is successful, the result of the audit is that the audit is passed, and if the authentication is unsuccessful, the audit is not passed. And when the audit result is that the audit is not passed, marking dangerous data on the corresponding audit early warning data, setting a penalty flow according to the importance degree of the information accessed by the user to be audited, and sorting the penalty execution condition and the corresponding audit early warning data so as to generate and store an audit analysis report, so that the audit early warning data can be called and analyzed later. The penalty process may include prohibiting the user from logging in, denying the user access to the important database, and the like.
It should be noted that, if the identity authentication information is not fed back by the user to be audited, the corresponding audit early warning data is directly determined as dangerous data, a penalty process is initiated, and the penalty execution condition and the corresponding audit early warning data are collated to obtain an audit analysis report.
On the basis of the technical scheme, the method further comprises the following steps: and if the audit result is that the audit is passed, marking the corresponding audit early warning data as the safety data and deleting the safety data.
In practical application, when the identity authentication information fed back by the user to be audited is matched with the pre-stored user information, the audit result can be determined as audit passing, and the corresponding audit early warning data is deleted after being marked as the safety data.
It should be noted that, in order to display the audit analysis result in a manner that is easy to understand and understand, the audit analysis report can be converted into a form of pictures and texts, so that the relevant auditors can determine rules contained in a large amount of service data to be audited more intuitively.
Based on this, on the basis of above-mentioned technical scheme, still include: and carrying out visual processing on the audit analysis report to generate and display an audit analysis chart.
In this embodiment, the audit analysis graph may include a line graph, a bar graph, a pie graph, or the like.
Illustratively, the audit analysis chart can be divided into four sub-analysis charts of early warning monitoring, system security analysis, user behavior analysis and important business system security. The early warning monitoring can be displayed according to early warning level and early warning time, and the display content can include but is not limited to early warning name, early warning level, early warning event, early warning information and the like; the system security analysis can display the system attack situation according to the geographical position or administrative region, and the display content of the system attack situation can include but is not limited to the name of the system attack, the type of the system attack, the level of the system attack and the like; the user behavior analysis can show the abnormal behavior of the user according to a business system and an organization, and the showing content of the user behavior analysis can include but is not limited to an operation user, the name of the abnormal behavior, the type of the abnormal behavior and the like; the important business system security can be demonstrated in terms of system security, user behavior, and time dimension.
It should be noted that the technical solution provided in this embodiment may be implemented based on a big data analysis system, and for example, as shown in fig. 2, the big data analysis system may include a data acquisition layer, a data integration layer, a storage calculation layer, an analysis application layer, and a presentation interaction layer. The data acquisition layer is used for acquiring initial service data and sending the acquired data to a message queue, and the message queue caches the data and supports access by a mechanism of publishing subscription; the data integration layer is based on a data warehouse technology, and after data stored in the message queue are extracted, converted and loaded (ETL) to obtain business data to be checked and centralize the business data to be checked to the storage calculation layer; the storage part in the storage computing layer comprises an online storage platform, a data warehouse and a distributed system infrastructure platform (Hadoop), and the flow computing module in the storage computing layer is used for analyzing the large-scale flow data in real time in a constantly changing motion process, capturing possibly useful information and storing the result; the analysis application layer can call each pre-trained audit early warning analysis model from the knowledge base to process the service data to be audited based on each audit early warning analysis model, obtain audit early warning data and generate an audit analysis report; the display interaction layer can perform visual processing on the audit analysis report to obtain and display a plurality of audit analysis graphs.
According to the technical scheme of the embodiment of the invention, the auditing and early warning data corresponding to at least one service system are obtained, the auditing and early warning data adaptive to each auditing and early warning analysis model are obtained by processing the auditing and early warning data based on at least one auditing and early warning analysis model, and finally, an auditing and analysis report is generated and stored based on the auditing and early warning data, so that the problems that the auditing method is single, the auditing strategy is insufficient, the centralized auditing cannot be carried out on data from different sources and heterogeneous data, and the auditing and early warning efficiency is low in the prior art are solved.
Example two
Fig. 3 is a schematic structural diagram of a data auditing apparatus according to a second embodiment of the present invention. As shown in fig. 3, the apparatus includes: a to-be-audited business data acquisition module 210, a data processing module 220 and an audit analysis report generation module 230.
The pending business data acquiring module 210 is configured to acquire pending business data corresponding to at least one business system; the business data to be audited comprises the field to be audited corresponding to each business system and the corresponding data to be audited;
the data processing module 220 is configured to process the service data to be audited based on at least one audit early warning analysis model, so as to obtain audit early warning data adapted to each audit early warning analysis model; each audit early warning analysis model is trained and completed based on corresponding preset audit early warning rules and sample service data, and the audit early warning data comprises a target early warning field and corresponding target audit data;
and the audit analysis report generation module 230 is configured to generate and store an audit analysis report based on the audit early warning data.
According to the technical scheme of the embodiment of the invention, the auditing and early warning data corresponding to at least one service system are obtained, the auditing and early warning data adaptive to each auditing and early warning analysis model are obtained by processing the auditing and early warning data based on at least one auditing and early warning analysis model, and finally, an auditing and analysis report is generated and stored based on the auditing and early warning data, so that the problems that the auditing method is single, the auditing strategy is insufficient, the centralized auditing cannot be carried out on data from different sources and heterogeneous data, and the auditing and early warning efficiency is low in the prior art are solved.
Optionally, the apparatus further comprises: the device comprises a data standardization processing module and a data sorting module.
The data standardization module is used for acquiring initial service data corresponding to at least one service system and standardizing the initial service data to obtain standard service data;
and the data sorting module is used for sorting the standard business data according to the data acquisition time and adding a preset label to the sorted standard business data to obtain the business data to be audited.
Optionally, the apparatus further comprises: the system comprises a training sample construction module, an actual audit early warning data determination module and an audit early warning analysis model determination module.
The training sample construction module is used for constructing at least one training sample corresponding to each audit early warning analysis model to be trained; the training sample comprises sample business data and early warning feature tag data corresponding to a preset audit early warning rule;
the actual audit early warning data determining module is used for acquiring a training sample corresponding to the current audit early warning analysis model to be trained as the input of the current audit early warning analysis model to be trained aiming at each audit early warning analysis model to be trained so as to obtain actual audit early warning data;
and the audit early warning analysis model determining module is used for determining a loss value based on the actual early warning data and the early warning feature tag data in the current training sample, and correcting the model parameters of the current to-be-trained audit early warning analysis model based on the loss value to obtain the audit early warning analysis model.
Optionally, the audit analysis report generation module 330 includes a pending user determination unit, an identity authentication information receiving unit, and an audit early warning data processing unit.
The auditing early warning data acquisition unit is used for acquiring auditing early warning data of the user to be audited;
the identity authentication information receiving unit is used for receiving the identity authentication information of the user to be audited and determining an audit result based on the identity authentication information; wherein the audit result comprises that the audit is passed or not passed;
and the audit early warning data processing unit is used for processing the audit early warning data when the audit result is that the audit is not passed, so as to generate and store the audit analysis report.
Optionally, the identity authentication information receiving unit is further configured to compare the identity authentication information with pre-stored authentication information, and determine an audit result according to the comparison result.
Optionally, the apparatus further comprises: and an audit early warning data deleting module.
And the audit early warning data deleting module is used for marking the corresponding audit early warning data as the safety data and deleting the data if the audit result is that the audit is passed.
Optionally, the apparatus further comprises: and an audit analysis graph generation module.
And the audit analysis chart generation module is used for performing visual processing on the audit analysis report so as to generate and display an audit analysis chart.
The data auditing device provided by the embodiment of the invention can execute the data auditing method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE III
FIG. 4 shows a schematic block diagram of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 10 includes at least one processor 11, and a memory communicatively connected to the at least one processor 11, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, and the like, wherein the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data necessary for the operation of the electronic apparatus 10 can also be stored. The processor 11, the ROM 12, and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
A number of components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, or the like; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, or the like. Processor 11 performs the various methods and processes described above, such as a data auditing method.
In some embodiments, the data auditing method may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the data auditing method described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the data auditing method by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on a machine, as a stand-alone software package partly on a machine and partly on a remote machine or entirely on a remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user may provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method of data auditing, comprising:
acquiring business data to be audited corresponding to at least one business system; the business data to be audited comprises the field to be audited corresponding to each business system and the corresponding data to be audited;
processing the service data to be audited based on at least one audit early warning analysis model to obtain audit early warning data matched with each audit early warning analysis model; each audit early warning analysis model is trained and completed based on corresponding preset audit early warning rules and sample business data, and the audit early warning data comprises a target early warning field and corresponding target audit data;
and generating and storing an audit analysis report based on the audit early warning data.
2. The method of claim 1, further comprising:
acquiring initial service data corresponding to at least one service system, and carrying out standardization processing on the initial service data to obtain standard service data;
and sequencing the standard service data according to the data acquisition time, and adding a preset label to the sequenced standard service data to obtain the service data to be audited.
3. The method of claim 1, further comprising:
constructing at least one training sample corresponding to each audit early warning analysis model to be trained; the training samples comprise sample business data and early warning feature tag data corresponding to a preset audit early warning rule;
aiming at each audit early warning analysis model to be trained, acquiring a training sample corresponding to the current audit early warning analysis model to be trained as the input of the current audit early warning analysis model to be trained to obtain actual audit early warning data;
and determining a loss value based on the actual early warning data and early warning feature tag data in the current training sample, and correcting model parameters of the current to-be-trained audit early warning analysis model based on the loss value to obtain the audit early warning analysis model.
4. The method of claim 1, wherein generating and storing an audit analysis statement based on the audit trail data comprises:
determining a user to be audited corresponding to the audit early warning data, and sending an identity authentication request to the user to be audited;
receiving identity authentication information of the user to be audited, and determining an auditing result based on the identity authentication information; wherein the audit result comprises that the audit is passed or not passed;
and when the audit result is that the audit is not approved, processing the audit early warning data to generate and store the audit analysis report.
5. The method of claim 4, wherein determining the audit result based on the identity authentication information comprises:
and comparing the identity authentication information with pre-stored authentication information, and determining an auditing result according to a comparison result.
6. The method of claim 4, further comprising:
and if the audit result is that the audit is passed, marking the corresponding audit early warning data as the safety data and deleting the safety data.
7. The method of claim 1, further comprising:
and carrying out visual processing on the audit analysis report to generate and display an audit analysis chart.
8. A data auditing apparatus, comprising:
the audit-waiting service data acquisition module is used for acquiring audit-waiting service data corresponding to at least one service system; the business data to be audited comprises the field to be audited corresponding to each business system and the corresponding data to be audited;
the data processing module is used for processing the service data to be audited based on at least one audit early warning analysis model to obtain audit early warning data matched with each audit early warning analysis model; each audit early warning analysis model is trained and completed based on corresponding preset audit early warning rules and sample business data, and the audit early warning data comprises a target early warning field and corresponding target audit data;
and the audit analysis report generation module is used for generating and storing an audit analysis report based on the audit early warning data.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the data auditing method of any one of claims 1-7.
10. A computer-readable storage medium having stored thereon computer instructions for causing a processor, when executed, to implement the data auditing method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210919889.8A CN115204733A (en) | 2022-08-01 | 2022-08-01 | Data auditing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210919889.8A CN115204733A (en) | 2022-08-01 | 2022-08-01 | Data auditing method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115204733A true CN115204733A (en) | 2022-10-18 |
Family
ID=83586708
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210919889.8A Pending CN115204733A (en) | 2022-08-01 | 2022-08-01 | Data auditing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115204733A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116562823A (en) * | 2023-05-22 | 2023-08-08 | 上海铭垚信息科技有限公司 | Internal control intelligent auditing method and system based on data processing |
-
2022
- 2022-08-01 CN CN202210919889.8A patent/CN115204733A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116562823A (en) * | 2023-05-22 | 2023-08-08 | 上海铭垚信息科技有限公司 | Internal control intelligent auditing method and system based on data processing |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106992994B (en) | Automatic monitoring method and system for cloud service | |
| CN110399925B (en) | Account risk identification method, device and storage medium | |
| KR101752251B1 (en) | Method and device for identificating a file | |
| CN105590055B (en) | Method and device for identifying user credible behaviors in network interaction system | |
| US20180196875A1 (en) | Determining repeat website users via browser uniqueness tracking | |
| CN110266510B (en) | Network control strategy generation method and device, network control method and storage medium | |
| CN110869962A (en) | Data collation based on computer analysis of data | |
| CN104202339B (en) | A kind of across cloud authentication service method based on user behavior | |
| EP3549050B1 (en) | Method and computer product and methods for generation and selection of access rules | |
| CN113157545A (en) | Method, device and equipment for processing service log and storage medium | |
| US11720825B2 (en) | Framework for multi-tenant data science experiments at-scale | |
| CN111435393A (en) | Object vulnerability detection method, device, medium and electronic equipment | |
| CN111581258B (en) | Security data analysis method, device, system, equipment and storage medium | |
| CN115204733A (en) | Data auditing method and device, electronic equipment and storage medium | |
| CN108804501B (en) | Method and device for detecting effective information | |
| CN113791897B (en) | Method and system for displaying server baseline detection report of rural telecommunication system | |
| CN115688133A (en) | Data processing method, device, equipment and storage medium | |
| CN113052509A (en) | Model evaluation method, model evaluation apparatus, electronic device, and storage medium | |
| CN115174205A (en) | Network space safety real-time monitoring method, system and computer storage medium | |
| CN112346938B (en) | Operation auditing method and device, server and computer readable storage medium | |
| CN116915463B (en) | Call chain data security analysis method, device, equipment and storage medium | |
| CN116069997A (en) | Metadata analysis writing method, device, electronic equipment and storage medium | |
| CN117455684A (en) | Data processing method, device, electronic equipment, storage medium and product | |
| CN117093627A (en) | Information mining method, device, electronic equipment and storage medium | |
| CN114444087A (en) | Unauthorized vulnerability detection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |