CN115473735A - Risk assessment method and device for data request - Google Patents

Risk assessment method and device for data request Download PDF

Info

Publication number
CN115473735A
CN115473735A CN202211108577.5A CN202211108577A CN115473735A CN 115473735 A CN115473735 A CN 115473735A CN 202211108577 A CN202211108577 A CN 202211108577A CN 115473735 A CN115473735 A CN 115473735A
Authority
CN
China
Prior art keywords
request
risk
data
data request
content information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211108577.5A
Other languages
Chinese (zh)
Inventor
朱正亮
吴帅帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qichacha Technology Co ltd
Original Assignee
Qichacha Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qichacha Technology Co ltd filed Critical Qichacha Technology Co ltd
Priority to CN202211108577.5A priority Critical patent/CN115473735A/en
Publication of CN115473735A publication Critical patent/CN115473735A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications

Abstract

The present disclosure relates to a method, an apparatus, a computer device, a storage medium and a computer program product for risk assessment of data requests. The method comprises the following steps: under the condition that a request type corresponding to a data request to be processed is a target request type, acquiring request content information and request attribute information of the data request; determining a risk category corresponding to the data request according to the request content information and the request attribute information; and processing the data request according to a request processing mode corresponding to the risk category. By adopting the method, the accuracy of data request risk judgment and evaluation can be improved, and the safety of a service system is ensured.

Description

Risk assessment method and device for data request
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to a method and an apparatus for risk assessment of a data request, a computer device, and a storage medium.
Background
In a service system, conditions such as content crawling, malicious registration, illegal login and the like may occur to threaten the security of the service system, and therefore, the traffic of the service system needs to be monitored, and risk traffic is prevented from entering the service system. In the prior art, the request type to be intercepted can be set through a custom rule, and the interception is performed when the request is detected to be the request type to be intercepted.
However, in this way, accurate judgment of data requests carrying risks cannot be achieved, and the security of the business system is affected.
Disclosure of Invention
In view of the above, it is necessary to provide a risk assessment method, apparatus, computer device, storage medium, and computer program product for accurately determining a data request with a risk that the data request promotes the security of a business system.
In a first aspect, an embodiment of the present disclosure provides a risk assessment method for a data request. The method comprises the following steps:
under the condition that a request type corresponding to a data request to be processed is a target request type, acquiring request content information and request attribute information of the data request;
determining a risk category corresponding to the data request according to the request content information and the request attribute information;
and processing the data request according to a request processing mode corresponding to the risk category.
In one embodiment, the determining the risk category corresponding to the data request according to the request content information and the request attribute information includes:
acquiring a preset risk category rule, wherein the risk category comprises a risk-free request, a risk request and a risk limiting request;
and classifying the request content information and the request attribute information according to the risk category rule, and determining the risk category corresponding to the data request.
In one embodiment, the risk category rule is determined by:
acquiring request content information, request attribute information and corresponding risk categories of historical data requests, wherein the request content information comprises request time;
determining the association relationship between the risk category and the request content information and the request attribute information according to the request content information, the request attribute information and the risk category;
and determining a risk category rule according to the incidence relation.
In one embodiment, the risk category includes a limit risk request; the processing the data request according to the request processing mode corresponding to the risk category includes:
acquiring a preset limiting rule under the condition that the data request is a risk limiting request;
and performing request limiting processing on the data request according to the limiting rule according to the request content information and the request attribute information.
In one embodiment, in the case that the request category corresponding to the data request to be processed is a target request category, obtaining request content information of the data request further includes:
acquiring a sending end address corresponding to the data request and a preset safe sending end address;
and determining the request type as a target request type under the condition that the sending end address does not belong to the preset safe sending end address.
In one embodiment, the request content information includes an address of a sender of the data request, and the request attribute information includes a request number; the determining the risk category corresponding to the data request according to the request content information and the request attribute information includes:
and determining the risk category corresponding to the data request as a risk request under the condition that the data request is sent by the same sending terminal address and the request times are greater than the preset times.
In a second aspect, the disclosed embodiment also provides a risk assessment device for data request. The device comprises:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring request content information and request attribute information of a data request under the condition that a request type corresponding to the data request to be processed is a target request type;
the determining module is used for determining the risk category corresponding to the data request according to the request content information and the request attribute information;
and the processing module is used for processing the data request according to the request processing mode corresponding to the risk category.
In one embodiment, the determining module includes:
the obtaining sub-module is used for obtaining preset risk category rules, wherein the risk categories comprise risk-free requests, risk requests and risk limiting requests;
and the determining submodule is used for classifying the request content information and the request attribute information according to the risk category rule and determining the risk category corresponding to the data request.
In one embodiment, the determining module of the risk category rule comprises:
the acquisition submodule is used for acquiring request content information, request attribute information and corresponding risk categories of historical data requests, wherein the request content information comprises request time;
the first determining submodule is used for determining the association relationship among the risk category, the request content information and the request attribute information according to the request content information, the request attribute information and the risk category;
and the second determining submodule is used for determining a risk category rule according to the incidence relation.
In one embodiment, the risk category includes a limit risk request; the processing module comprises:
the obtaining sub-module is used for obtaining a preset limiting rule under the condition that the data request is a risk limiting request;
and the determining submodule is used for performing request limiting processing on the data request according to the request content information and the request attribute information and the limiting rule.
In one embodiment, before the obtaining module, the method further includes:
the acquisition submodule is used for acquiring a sending end address corresponding to the data request and a preset safe sending end address;
and the determining submodule is used for determining the request type as a target request type under the condition that the sending end address does not belong to the preset safe sending end address.
In one embodiment, the request content information includes an address of a sender of the data request, and the request attribute information includes a request number; the determining module includes:
and the determining submodule is used for determining that the risk category corresponding to the data request is a risk request under the condition that the data request is sent by the same sending terminal address and the request times are greater than the preset times.
In a third aspect, an embodiment of the present disclosure further provides a computer device. The computer device comprises a memory storing a computer program and a processor implementing the steps of the method according to any of the embodiments of the present disclosure when executing the computer program.
In a fourth aspect, the disclosed embodiments also provide a computer-readable storage medium. The computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method of any of the embodiments of the present disclosure.
In a fifth aspect, the disclosed embodiments also provide a computer program product. The computer program product comprising a computer program which, when executed by a processor, carries out the steps of the method of any of the embodiments of the present disclosure.
According to the data request processing method and device, when the data request is processed and received, when the data request is judged to be the target request type, the request content information and the request attribute information of the data request are obtained, the risk type corresponding to the data request is determined according to the request content information and the request attribute information, the data request to be processed is processed according to the request mode corresponding to the risk type, the risk evaluation is carried out on the request of the target request type, the accurate judgment on the data request risk is achieved, the risk type and the processing mode corresponding to the data request are obtained according to the content information and the attribute information of the data request, the judgment and the processing of the data request risk with finer granularity are achieved, the accuracy of the data request risk judgment and evaluation is further improved, the safety of a service system is guaranteed, and the experience sense of a user is improved.
Drawings
FIG. 1 is a diagram of an embodiment of a risk assessment method for data requests;
FIG. 2 is a schematic flow chart diagram of a method for risk assessment of a data request in one embodiment;
FIG. 3 is a schematic flow chart diagram of a method for risk assessment of a data request in one embodiment;
FIG. 4 is a flow diagram that illustrates a method for determining a rule for a risk category, according to one embodiment;
FIG. 5 is a flowchart illustrating a method for risk assessment of a data request in one embodiment;
FIG. 6 is a schematic flow chart diagram illustrating a method for risk assessment of data requests in one embodiment;
FIG. 7 is a block diagram of a risk assessment device for data requests in one embodiment;
FIG. 8 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more clearly understood, the embodiments of the present disclosure are described in further detail below with reference to the accompanying drawings and the embodiments. It is to be understood that the specific embodiments described herein are merely illustrative of the embodiments of the disclosure and that no limitation to the embodiments of the disclosure is intended.
The risk assessment method for data requests provided by the embodiment of the disclosure can be applied to an application environment as shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be integrated on the server 104 or may be placed on the cloud or other network server. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices, and portable wearable devices, and the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart car-mounted devices, and the like. The portable wearable device can be a smart watch, a smart bracelet, a head-mounted device, and the like. The server 104 may be implemented as a stand-alone server or a server cluster comprised of multiple servers.
In one embodiment, as shown in fig. 2, a method for risk assessment of a data request is provided, which is described by taking the method as an example for being applied to the terminal in fig. 1, and includes the following steps:
step S210, under the condition that the request type corresponding to the data request to be processed is the target request type, acquiring request content information and request attribute information of the data request;
under normal conditions, in order to avoid the situation that the security of the system is threatened due to the fact that risk traffic enters the system, corresponding processing is performed after a data request is received, and the data request cannot directly pass through the request.
In the embodiment of the disclosure, after receiving the data request, it is determined whether the data request is of a target request category, where the target request category may be considered as a target request category that may be at risk. When the data request is in the target request category, further judgment on the data request is needed. Request content information and request attribute information of the data request are acquired. In one example, the request content information may include, but is not limited to, an access address of a data request, a request issuing end address, a request receiving end address, and the like, and the request attribute information may include, but is not limited to, a request type, a request frequency, and the like. In one example, when the request category to which the data request corresponds is not the target request category, the data request at this time may be considered as not risky and may be passed directly through the data request. In a possible implementation manner, whether the data request is of the target request category may be determined by analyzing and judging an IP address issued by the data request.
Step S220, determining the risk category corresponding to the data request according to the request content information and the request attribute information;
in the embodiment of the present disclosure, after the request content information and the request attribute information are obtained, the risk category corresponding to the data request is determined according to the request content information and the request attribute information. In an example, a risk category division rule may be set in advance, and different request content information and request attribute information correspond to different risk categories, where the number of risk categories is not limited in this embodiment, for example, the risk categories may be set as risky requests, risk-free requests, and risk-limited requests. In another example, the risk category may also be determined by machine learning, the risk categories of the historical data request are divided and judged, corresponding risk category labels are labeled, a risk category identification model is obtained by training according to the association relationship between the request content information and the request attribute information of the historical data request and the corresponding risk category labels, the request content information and the request attribute information of the data request to be processed are input to the risk category identification model, and the risk category corresponding to the data request is obtained by outputting through the risk category identification model.
Step S230, processing the data request according to the request processing manner corresponding to the risk category.
In the embodiment of the disclosure, after the risk request category corresponding to the data request is obtained, the request processing mode corresponding to the risk category is determined, and the data request to be processed is processed according to the corresponding request processing mode. In one example, the association relationship between the request processing manner and the risk category is determined in advance, wherein the association relationship between the request processing manner and the risk category may be determined by performing analysis processing on the historical data request information. In one example, the request processing may include, but is not limited to, passing the request, denying the request, delaying the response to the request, sending an authentication code, sending a prompt, and the like.
According to the data request processing method and device, when the data request is processed and received, when the data request is judged to be the target request type, the request content information and the request attribute information of the data request are obtained, the risk type corresponding to the data request is determined according to the request content information and the request attribute information, the data request to be processed is processed according to the request mode corresponding to the risk type, the risk evaluation is carried out on the request of the target request type, the accurate judgment on the data request risk is achieved, the risk type and the processing mode corresponding to the data request are obtained according to the content information and the attribute information of the data request, the judgment and the processing of the data request risk with finer granularity are achieved, the accuracy of the data request risk judgment and evaluation is further improved, the safety of a service system is guaranteed, and the experience sense of a user is improved. The method and the device can realize the non-inductive access of the multi-service system, and simultaneously support the differentiated and flexibly configured wind control strategy based on different service requirements.
In one embodiment, as shown in fig. 3, the determining a risk category corresponding to the data request according to the request content information and the request attribute information includes:
step S221, acquiring a preset risk category rule, wherein the risk category comprises a risk-free request, a risk request and a risk limiting request;
step S222, classifying the request content information and the request attribute information according to the risk category rule, and determining a risk category corresponding to the data request.
In the embodiment of the disclosure, when a risk category corresponding to a data request is determined according to request content information and request attribute information, a preset risk category rule is obtained, where the risk category rule is generally an association relationship between the request content information and the request attribute information and the risk category. Generally, the risk categories of the data requests can be divided according to the risk size of the data requests, and in this embodiment, the risk categories include no-risk requests, and limited risk requests. The risk-free request can be regarded that the corresponding data request has no risk, and the system safety is not threatened; the risk request can be regarded that the corresponding data request has risks and can threaten the system safety; limiting the risk request may consider that the corresponding data request may be at risk, may pose a threat to system security, and may require further limitation on the request. And classifying the request content information and the request attribute information according to a risk category rule, and determining a risk category corresponding to the data request.
According to the method and the device, the risk categories comprise risk-free requests, risk requests and risk limiting requests, the data requests are classified according to the request content information and the request attribute information of the data requests and the risk categories corresponding to the data requests are obtained, and the risk categories can be determined according to the request content information and the request attribute information of the data requests, so that the data request risks are divided in a finer granularity, the accuracy of risk judgment of the data requests is improved, and the safety of a service system is further ensured.
In one embodiment, as shown in fig. 4, the determining manner of the risk category rule includes:
step S410, acquiring request content information, request attribute information and corresponding risk categories of historical data requests, wherein the request content information comprises request time;
step S420, determining the association relationship among the risk category, the request content information and the request attribute information according to the request content information, the request attribute information and the risk category;
and step S430, determining a risk category rule according to the association relation.
In the embodiment of the disclosure, when the risk category rule is determined, request content information, request attribute information and a corresponding risk category of a historical data request are obtained, where the request content information includes a request time, and the historical data request may be a partial or full data request within a preset historical time period. And determining the association relationship among the request content information, the request attribute information and the risk category according to the acquired information. In one example, the association relationship may be determined through machine learning, that is, training a risk category identification model according to the request content information, the request attribute information and the risk category label, inputting the request content information and the request attribute information to the risk category identification model, and outputting the risk category through the model, so as to determine the association relationship between the risk category and the request information, where the risk category identification model may be one or more according to the difference between the request content information and the request attribute information. In this embodiment, it is considered that risk evaluation criteria for a data request at different times are different, and therefore, the request content information further includes a request time, and when setting the risk category rule, a dynamic baseline policy may be set in consideration of the request time, and a periodic risk category rule is set based on an actual application scenario. And after the incidence relation is determined, obtaining a risk category rule according to the incidence relation.
According to the method and the device, the risk category rule is obtained by analyzing and processing the historical data request information, and meanwhile, the incidence relation between different request time and risks is considered, so that the obtained risk category rule is more accurate and reliable, the accuracy of subsequent risk category determination is improved, and the safety of a service system is guaranteed.
In one embodiment, the risk category includes a limit risk request; the processing the data request according to the request processing mode corresponding to the risk category includes:
acquiring a preset limiting rule under the condition that the data request is a risk limiting request;
and performing request limiting processing on the data request according to the limiting rule according to the request content information and the request attribute information.
In the embodiment of the present disclosure, the risk category includes a limited risk request, where the limited risk category request may be considered as a data request with a risk, and therefore, the data request needs to be further limited. When the data request is a risk limiting request, a preset limiting rule is obtained, wherein the preset limiting rule is usually determined in advance according to an actual application scenario. Typically, the restriction rule includes an association between the request content information, the request attribute information, and the restriction category. In one example, the restriction rule may be set directly by the historical data, or may be obtained by the historical data using a machine learning algorithm. And performing request limit processing on the data request according to the request content information and the request attribute information and the limit rule. In one example, the restricted processing may include, but is not limited to, a human machine identification verification code, return of error information, force login, log out to log in, delayed response, prompt information, data obfuscation, and the like.
According to the method and the device for processing the data request, when the risk category is the risk limiting request, the request content information and the request attribute information of the data request are further analyzed and subdivided, the corresponding limiting category is determined according to the request content information and the request attribute information, and the corresponding request limiting processing is performed on the data request, so that the data request can be further processed, under the condition that the risk possibly exists in the data request, the situation that the safety request is directly rejected is avoided, the safety of a service system is guaranteed, and the experience of a user is improved.
In an embodiment, as shown in fig. 5, in the case that the request category corresponding to the data request to be processed is the target request category, obtaining request content information of the data request further includes:
step S202, a sending end address corresponding to the data request and a preset safe sending end address are obtained;
step S204, under the condition that the sending end address does not belong to the preset safe sending end address, determining the request type as a target request type.
In the embodiment of the disclosure, after a data request is received, a sending end address corresponding to the data request is obtained, and a preset safe sending end address is obtained, where the preset safe sending end address is usually determined in advance according to an actual application scenario. In one example, the preset secure sender address may be determined according to the sender address of the risk-free request in the history request, or may be obtained through direct evaluation. In one example, a preset security sending end address may be stored in a white list, and after the sending end address of the data request is obtained, it is directly determined whether the sending end address matches with the security sending end address in the white list. When the sender address does not belong to the preset safe sender address, it may be considered that the corresponding data request has a risk or may have a risk, and the request type is determined as the target request type, which requires further judgment of the risk type. In another example, a preset risk sending address may be further determined in advance, and when the sending address of the data request is the preset risk sending address, the data request at this time may be considered as a risk data request, and the data request is directly rejected without further judgment of the risk category.
According to the method and the device, the data request is judged firstly through the sending terminal address of the data request, so that the data request with risk or possible risk is obtained and further analyzed and processed, the workload of subsequent risk category judgment is reduced, the efficiency of data request risk evaluation is improved, meanwhile, the accuracy of risk judgment of the data request is ensured, and the safety of a service system is improved.
In one embodiment, the request content information includes an address of a sender of the data request, and the request attribute information includes a request number; the determining the risk category corresponding to the data request according to the request content information and the request attribute information includes:
and under the condition that the data request is sent by the same sending terminal address and the request times are greater than the preset times, determining the risk category corresponding to the data request as a risk request.
In the embodiment of the present disclosure, the request content information includes a sending end address of the data request, and the request attribute information includes a request number. After request content information and request attribute information of a data request are obtained, whether the data request is the same data request sent by the same sending end address for multiple times or not is determined according to the sending end address and the request times of the data request, if the request times of the data request sent by the same sending end address are larger than the preset times, the data request frequency is generally considered to be too high at the moment, risks exist, the risk category corresponding to the data request is determined to be the risk request at the moment, the data request does not pass through the request, and the threat to the system safety is avoided. In one example, the preset number is generally determined according to an actual application scenario, and when the number of data requests is greater than the preset number, it may be considered that the data requests are frequently too high, and a risk exists.
According to the method and the device, the data requests with high request frequency are judged as the risk requests through judging the addresses of the sending ends and the request times, so that the efficiency of data request risk assessment is improved, meanwhile, the accuracy of risk judgment of the data requests is guaranteed, and the safety of a service system is improved.
Fig. 6 is a flowchart illustrating a risk assessment method for a data request according to an exemplary embodiment, and referring to fig. 6, after a request is started and a data request is received, a request type is first determined by a traffic analysis and risk assessment system. The identification manner of the request category may include, but is not limited to: through the IP asset library, the city-level request distinction is realized, the requests sent by different cities in different regions are classified, and the request types are identified; request distinction of user categories is realized according to historical service information or a user list set by evaluation by connecting a service information base; the collection of the information base of the white spiders is completed through the white list IP disclosed by the search engine and the spider IP verified by the rDNS mode of the search engine, and the collection condition of each search engine can be evaluated based on the spider base, so that the subsequent spider release of each engine based on the ROI of each search engine is facilitated; and comprehensively evaluating through other risk libraries. In one example, request categories may include, but are not limited to, search engine spiders, malicious crawlers, normal traffic, attack traffic, and the like. After the request type is identified as the safety request, marking the data request, skipping the subsequent judgment logic, and passing the request; after the request type is identified as other type requests, subsequent further identification determination is carried out. And if the requests are preset search engine spider requests, marking the data requests, skipping subsequent logic, executing peak clipping and flow stabilization processing according to the requests, and performing quota based on ROI (region of interest) to ensure the stability of a service system. When the other category request is not a spider request, identifying the risk category of the data request, wherein the identification manner of the risk category may include but is not limited to: the rules support the configuration of real-time rules and offline rules, such as request frequency, request source and the like; the strategy is more comprehensive analysis based on behavior characteristics, such as frequent single requests, request behaviors which are obviously deviated from normal users and the like; and the data introduction of a three-party source supports the access of more risk asset libraries, such as direct entry based on malicious IP collected by honeypots. And when the risk type is detected as a malicious risk, rejecting the request, and when the risk type is detected as a risk of other types, executing a corresponding risk coping means, namely corresponding limitation processing according to the specific information of the data request. In one example, the present embodiment supports transparent transmission of the risk label to a subsequent business system, and notifies the business system to execute the risk handling means on its own based on the risk label. In this embodiment, when the request category and the risk category of the data request are identified, the identification result is labeled in the corresponding data request in the form of a tag for back-end processing. In an example, in this embodiment, when processing a data request, the security of the service system may be further ensured by performing a refined analysis on the traffic of the service system, that is, the data request, and continuously refining the wind control rule. In another example, the request category and the risk category of the data request can be identified through the log delivery module, the background configuration and the external data source.
By the embodiment, while service decoupling, an appointed cooperation mechanism can be kept, and cooperation with a back-end service node is realized through a specific label; the risk information is transmitted to a subsequent service system, and the service system designs a wind control page, so that the problem that the design style of the wind control page of the service wind control node is inconsistent with that of a service site is solved; the differentiated wind control strategies refined to the city level can be realized, different wind control strategies of different cities are supported, if the cities with dense agent IP need to be logged in, the business operation can be completed, and the accuracy of risk identification is improved; in addition, the embodiment supports a dynamic baseline strategy, and can realize more flexible and effective wind control rules based on the service periodicity; the embodiment also supports user-level wind control strategies such as user-level request models, request delay, request redirection and the like, so that the accuracy of risk identification is improved, the user experience is improved, and the reliability and the safety of a service system are ensured; and the embodiment can be linked with an internal system based on an appointed completion cooperation level strategy, and can introduce a third-party data source to complete linkage with a back end and actual business.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in the figures may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or at least partially in sequence with other steps or other steps.
Based on the same inventive concept, the embodiment of the present disclosure further provides a risk assessment apparatus for data request, which is used for implementing the risk assessment method for data request. The implementation scheme for solving the problem provided by the device is similar to the implementation scheme described in the method, so that specific limitations in the embodiment of the risk assessment device for one or more data requests provided below can be referred to the limitations of the risk assessment method for the data request, and details are not described herein again.
In one embodiment, as shown in fig. 7, there is provided a risk assessment apparatus for data request, including:
an obtaining module 710, configured to obtain request content information and request attribute information of a data request when a request category corresponding to the data request to be processed is a target request category;
a determining module 720, configured to determine a risk category corresponding to the data request according to the request content information and the request attribute information;
a processing module 730, configured to process the data request according to a request processing manner corresponding to the risk category.
In one embodiment, the determining module includes:
the obtaining submodule is used for obtaining a preset risk category rule, wherein the risk category comprises a risk-free request, a risk request and a risk limiting request;
and the determining submodule is used for classifying the request content information and the request attribute information according to the risk category rule and determining the risk category corresponding to the data request.
In one embodiment, the determining module of the risk category rule comprises:
the acquisition submodule is used for acquiring request content information, request attribute information and corresponding risk categories of historical data requests, wherein the request content information comprises request time;
the first determining submodule is used for determining the incidence relation among the risk category, the request content information and the request attribute information according to the request content information, the request attribute information and the risk category;
and the second determining submodule is used for determining a risk category rule according to the association relation.
In one embodiment, the risk category includes a limit risk request; the processing module comprises:
the obtaining sub-module is used for obtaining a preset limiting rule under the condition that the data request is a risk limiting request;
and the determining submodule is used for performing request limiting processing on the data request according to the request content information and the request attribute information and the limiting rule.
In one embodiment, before the obtaining module, the method further includes:
the acquisition submodule is used for acquiring a sending end address corresponding to the data request and a preset safe sending end address;
and the determining submodule is used for determining the request type as a target request type under the condition that the sending end address does not belong to the preset safe sending end address.
In one embodiment, the request content information includes an address of a sender of the data request, and the request attribute information includes a request number; the determining module includes:
and the determining submodule is used for determining that the risk category corresponding to the data request is a risk request under the condition that the data request is sent by the same sending terminal address and the request times are greater than the preset times.
The various modules in the risk assessment device for data request described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent of a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure thereof may be as shown in fig. 8. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing data such as data request data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of risk assessment of a data request.
Those skilled in the art will appreciate that the configuration shown in fig. 8 is a block diagram of only a portion of the configuration associated with embodiments of the present disclosure, and does not constitute a limitation on the computing devices to which embodiments of the present disclosure may be applied, and that a particular computing device may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In an embodiment, a computer device is further provided, which includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the above method embodiments when executing the computer program.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
In an embodiment, a computer program product is provided, comprising a computer program which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
It should be noted that, the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) related to the embodiments of the present disclosure are information and data authorized by the user or sufficiently authorized by each party.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, databases, or other media used in the embodiments provided in the disclosure may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high-density embedded nonvolatile Memory, resistive Random Access Memory (ReRAM), magnetic Random Access Memory (MRAM), ferroelectric Random Access Memory (FRAM), phase Change Memory (PCM), graphene Memory, and the like. Volatile Memory can include Random Access Memory (RAM), external cache Memory, and the like. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others. The databases involved in the various embodiments provided by the embodiments of the present disclosure may include at least one of relational and non-relational databases. The non-relational database may include, but is not limited to, a block chain based distributed database, and the like. The processors referred to in the embodiments provided in the disclosure may be general processors, central processing units, graphics processors, digital signal processors, programmable logic devices, data processing logic devices based on quantum computing, etc., without being limited thereto.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express a few implementations of the embodiments of the present disclosure, and the descriptions thereof are specific and detailed, but not construed as limiting the scope of the claims of the embodiments of the present disclosure. It should be noted that, for those skilled in the art, variations and modifications can be made without departing from the concept of the embodiments of the present disclosure, and these are all within the scope of the embodiments of the present disclosure. Therefore, the protection scope of the embodiments of the present disclosure should be subject to the appended claims.

Claims (10)

1. A method for risk assessment of a data request, the method comprising:
under the condition that a request type corresponding to a data request to be processed is a target request type, acquiring request content information and request attribute information of the data request;
determining a risk category corresponding to the data request according to the request content information and the request attribute information;
and processing the data request according to a request processing mode corresponding to the risk category.
2. The method according to claim 1, wherein the determining the risk category corresponding to the data request according to the request content information and the request attribute information comprises:
acquiring preset risk category rules, wherein the risk categories comprise risk-free requests, risk requests and risk limiting requests;
and classifying the request content information and the request attribute information according to the risk category rule, and determining the risk category corresponding to the data request.
3. The method of claim 2, wherein the risk category rule is determined by:
acquiring request content information, request attribute information and corresponding risk categories of historical data requests, wherein the request content information comprises request time;
determining the incidence relation among the risk type, the request content information and the request attribute information according to the request content information, the request attribute information and the risk type;
and determining a risk category rule according to the incidence relation.
4. The method of claim 1, wherein the risk category comprises a limit risk request; the processing the data request according to the request processing mode corresponding to the risk category comprises the following steps:
acquiring a preset limiting rule under the condition that the data request is a risk limiting request;
and performing request limiting processing on the data request according to the limiting rule according to the request content information and the request attribute information.
5. The method according to claim 1, wherein when the request category corresponding to the data request to be processed is a target request category, obtaining request content information of the data request, before further comprising:
acquiring a sending end address corresponding to the data request and a preset safe sending end address;
and determining the request type as a target request type under the condition that the sending end address does not belong to the preset safe sending end address.
6. The method of claim 1, wherein the request content information includes a sender address of the data request, and the request attribute information includes a request number; the determining the risk category corresponding to the data request according to the request content information and the request attribute information includes:
and under the condition that the data request is sent by the same sending terminal address and the request times are greater than the preset times, determining the risk category corresponding to the data request as a risk request.
7. A risk assessment apparatus for data requests, said apparatus comprising:
the acquisition module is used for acquiring request content information and request attribute information of the data request under the condition that a request type corresponding to the data request to be processed is a target request type;
the determining module is used for determining the risk category corresponding to the data request according to the request content information and the request attribute information;
and the processing module is used for processing the data request according to the request processing mode corresponding to the risk category.
8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor when executing the computer program realizes the steps of the method for risk assessment of data requests according to any of claims 1 to 6.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method for risk assessment of a data request according to any one of claims 1 to 6.
10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, carries out the steps of a method for risk assessment of a data request according to any one of claims 1 to 6.
CN202211108577.5A 2022-09-13 2022-09-13 Risk assessment method and device for data request Pending CN115473735A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211108577.5A CN115473735A (en) 2022-09-13 2022-09-13 Risk assessment method and device for data request

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211108577.5A CN115473735A (en) 2022-09-13 2022-09-13 Risk assessment method and device for data request

Publications (1)

Publication Number Publication Date
CN115473735A true CN115473735A (en) 2022-12-13

Family

ID=84333851

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211108577.5A Pending CN115473735A (en) 2022-09-13 2022-09-13 Risk assessment method and device for data request

Country Status (1)

Country Link
CN (1) CN115473735A (en)

Similar Documents

Publication Publication Date Title
US11848760B2 (en) Malware data clustering
AU2022204197B2 (en) Security weakness and infiltration detection and repair in obfuscated website content
US11271966B2 (en) Real-time detection and redirecton from counterfeit websites
US9727723B1 (en) Recommendation system based approach in reducing false positives in anomaly detection
US11671448B2 (en) Phishing detection using uniform resource locators
US20210092160A1 (en) Data set creation with crowd-based reinforcement
US11381598B2 (en) Phishing detection using certificates associated with uniform resource locators
US11792178B2 (en) Techniques for mitigating leakage of user credentials
US20210105302A1 (en) Systems And Methods For Determining User Intent At A Website And Responding To The User Intent
CN112131507A (en) Website content processing method, device, server and computer-readable storage medium
JP7170689B2 (en) Output device, output method and output program
US9904662B2 (en) Real-time agreement analysis
CN114363002B (en) Method and device for generating network attack relation diagram
CN115473735A (en) Risk assessment method and device for data request
CN113794731A (en) Method, device, equipment and medium for identifying disguised attack based on CDN flow
Bo et al. Tom: A threat operating model for early warning of cyber security threats
CN116471131B (en) Processing method and processing device for logical link information asset
US20240070319A1 (en) Dynamically updating classifier priority of a classifier model in digital data discovery
CN112667730B (en) External data verification method, system, equipment and storage medium
CN114065211A (en) Outsourcer data detection method and device, computer equipment and storage medium
CN117879926A (en) Webpage login security verification method and device and computer equipment
CN115293273A (en) User portrait generation method, user portrait model training method and device
CN115758359A (en) API abnormal call detection method, device, equipment and storage medium
CN116049010A (en) Interface testing method and device, electronic equipment and storage medium
CN113946295A (en) Authority control method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination