CN115859326A - Method, device, equipment and medium for protecting electronic resource database malicious agent - Google Patents

Method, device, equipment and medium for protecting electronic resource database malicious agent Download PDF

Info

Publication number
CN115859326A
CN115859326A CN202211579003.6A CN202211579003A CN115859326A CN 115859326 A CN115859326 A CN 115859326A CN 202211579003 A CN202211579003 A CN 202211579003A CN 115859326 A CN115859326 A CN 115859326A
Authority
CN
China
Prior art keywords
risk
malicious
behavior data
user account
user behavior
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211579003.6A
Other languages
Chinese (zh)
Inventor
高阳
刘雪松
丛群
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wangruida Science & Technology Co ltd
Original Assignee
Beijing Wangruida Science & Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wangruida Science & Technology Co ltd filed Critical Beijing Wangruida Science & Technology Co ltd
Priority to CN202211579003.6A priority Critical patent/CN115859326A/en
Publication of CN115859326A publication Critical patent/CN115859326A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The application discloses a method, a device, equipment and a medium for protecting electronic resource database malicious agents. The method for protecting the electronic resource database malicious agent comprises the following steps: acquiring user behavior data; processing the user behavior data by utilizing a preset risk evaluation model of the malicious agent to obtain a processing result; dividing the user account into multiple risk grades according to the processing result; and adopting a corresponding preset access control strategy for each user account according to the risk level. According to the protection method provided by the embodiment of the application, the user behavior data are obtained, the user behavior data are processed by using the preset risk evaluation model of the malicious agent, the processing result is obtained, the user account is divided into multiple risk levels according to the processing result, and the corresponding preset access control strategy is adopted for each user account according to the risk levels, so that the interception rate of the malicious agent is greatly improved, and a good agent protection effect is achieved.

Description

Method, device, equipment and medium for protecting electronic resource database malicious agent
Technical Field
The application relates to the technical field of databases, in particular to a method, a device, equipment and a medium for protecting malicious agents of an electronic resource database.
Background
With the development of database technology, the electronic resource database extranet access system has been increasingly applied to various fields. For example, in the current smart library construction, more and more colleges build an electronic resource database extranet access system based on a reverse proxy technology or a URL rewriting technology, and the construction of the electronic resource database extranet access system greatly facilitates the college users to access the electronic resource database through college accounts on the extranet to perform academic research. Meanwhile, account management of colleges and universities has defects, so that some black gray producers perform secondary proxy on the extranet access systems after acquiring the accounts and sell the accounts in illegal channels, and asset loss of colleges and universities is caused. The electronic resource database malicious agent protection scheme of the related art is basically to block based on IP, for example, by default, some cloud service vendors' IP, or by temporarily or permanently blocking a source IP requested to have an access rate too fast. These measures can be easily bypassed by some means of IP agent replacement and access frequency control, resulting in failure of the current protection scheme and poor protection effect of the malicious agent in the electronic resource database.
Disclosure of Invention
The present application aims to provide a method, an apparatus, a device and a medium for protecting an electronic resource database malicious agent, so as to solve the technical problem in the related art that the protection effect of the electronic resource database malicious agent is not good. The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. This summary is not an extensive overview and is intended to neither identify key/critical elements nor delineate the scope of such embodiments. Its sole purpose is to present some concepts in a simplified form as a prelude to the more detailed description that is presented later.
According to an aspect of the embodiments of the present application, there is provided a method for protecting an electronic resource database malicious agent, including:
acquiring user behavior data;
processing the user behavior data by utilizing a preset risk evaluation model of the malicious agent to obtain a processing result;
dividing the user account into multiple risk levels according to the processing result;
and adopting a corresponding preset access control strategy for each user account according to the risk level.
In some embodiments of the present application, the processing the user behavior data by using a preset risk assessment model of a malicious agent to obtain a processing result includes:
the user behavior data is normalized into an index vector;
and incorporating all the index vectors into a preset risk evaluation model of the malicious agent for calculation through a preset weight to obtain a calculation result.
In some embodiments of the present application, the plurality of risk levels includes a high risk level, a medium risk level, and a low risk level; the method for adopting the corresponding preset access control strategy for each user account according to the risk level comprises the following steps:
and if the risk level of the current user account is high risk, determining the current user account as a malicious proxy account, and executing a preset access control strategy corresponding to the malicious proxy account on the current user account.
In some embodiments of the present application, the preset access control policy corresponding to the malicious proxy account includes: and transmitting the account information and the login IP information of the current user account to a firewall or an access control system, and dynamically forbidding the malicious agent access of the current user account.
In some embodiments of the present application, the plurality of risk levels includes a high risk level, a medium risk level, and a low risk level; the method for adopting the corresponding preset access control strategy for each user account according to the risk level comprises the following steps:
and if the risk level of the current user account is low risk, allowing the current user account to access the electronic resource database.
In some embodiments of the present application, the user behavior data includes login time, active duration, login location, device used for login, operating system used for login, browser used for login, login success rate, and number of accesses, searches, and document downloads of the electronic resource database.
According to another aspect of the embodiments of the present application, there is provided a protection device for a malicious agent in an electronic resource database, including:
the user behavior data acquisition module is used for acquiring user behavior data;
the user behavior data processing module is used for processing the user behavior data by utilizing a risk evaluation model of a malicious agent to obtain a processing result;
the risk grade division module is used for dividing the user account into a plurality of risk grades according to the processing result;
and the access control module is used for adopting a corresponding preset access control strategy for each user account according to the risk level.
In some embodiments of the present application, the user behavior data processing module includes:
the regulating unit is used for regulating the user behavior data into index vectors;
and the risk evaluation unit is used for bringing all the index vectors into a preset risk evaluation model of the malicious agent through preset weight for calculation to obtain a calculation result.
According to another aspect of the embodiments of the present application, there is provided an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the method for protecting an electronic resource database malicious agent of any one of the foregoing embodiments.
According to another aspect of embodiments of the present application, there is provided a computer-readable storage medium having a computer program stored thereon, where the computer program is executed by a processor to implement the method for protecting an electronic resource database malicious agent of any one of the above.
The technical scheme provided by one aspect of the embodiment of the application can have the following beneficial effects:
according to the protection method for the malicious agent of the electronic resource database, the user behavior data are obtained, the user behavior data are processed through the preset risk evaluation model of the malicious agent, the processing result is obtained, the user account numbers are divided into multiple risk levels according to the processing result, and the corresponding preset access control strategy is adopted for each user account number according to the risk levels, so that the interception rate of the malicious agent is greatly improved, and a good agent protection effect is achieved.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the application, or may be learned by the practice of the embodiments.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 shows a flowchart of a method for protecting an electronic resource database malicious agent according to an embodiment of the present application.
Fig. 2 is a schematic diagram illustrating an application scenario of the method for protecting an electronic resource database malicious agent according to the embodiment of the present application.
Fig. 3 is a schematic diagram illustrating another application scenario of the method for protecting an electronic resource database malicious agent according to the embodiment of the present application.
Fig. 4 shows a block diagram of a protection device for an electronic resource database malicious agent according to an embodiment of the present application.
Fig. 5 shows a block diagram of an electronic device according to an embodiment of the present application.
FIG. 6 shows a computer-readable storage medium schematic of an embodiment of the present application.
The implementation, functional features and advantages of the objects of the present application will be further explained with reference to the accompanying drawings in conjunction with the embodiments.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clearly understood, the present application is further described below with reference to the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
It will be understood by those within the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
In order to solve the problem of poor protection effect of electronic resource malicious agents in the related art, the embodiment of the application provides a protection method of electronic resource malicious agents, which can collect user behaviors, analyze data, complete risk judgment and finally intercept access of the malicious agents aiming at access of an electronic resource database, so that the interception rate of the malicious agents is greatly improved, and a good agent protection effect is achieved.
In the embodiment of the application, user behaviors including login time, active time, login position, equipment used for login, an operating system used for login, a browser used for login, login success rate and the like are collected, data analysis is performed regularly after the behavior logs are recorded, source IP and account risk are judged according to set influence factor weight, secondary agents of black and gray producers can be judged more accurately, the agent accounts and the IP are sealed, the protection effect of malicious agents is enhanced, and the compliance of using an electronic resource database is guaranteed.
Referring to fig. 1, an embodiment of the present application provides a method for protecting an electronic resource database malicious agent, including steps S10 to S40:
and S10, acquiring user behavior data.
In particular, relevant user behavior data may be collected by an electronic resource broker or an electronic resource access control system. Such user behavior data may include, for example, login time, logout time, active duration, login location, devices used for login, operating system used for login, browser used for login, login success rate, and number of accesses to the electronic resource database, searches, and downloads of documents.
And S20, processing the user behavior data by utilizing a preset risk evaluation model of the malicious agent to obtain a processing result.
In one embodiment, the processing the user behavior data by using a preset risk assessment model of a malicious agent to obtain a processing result includes: the user behavior data is normalized into an index vector; and incorporating all the index vectors into a preset risk evaluation model of the malicious agent for calculation through a preset weight to obtain a calculation result.
Illustratively, normalizing the collected user behavior data into a metric vector that can be calculated includes:
a) The login time of the user account can be regulated to be the Boolean value (recorded as LT) whether the login time point is logged in the non-working time nw No 0, yes 1), whether the login time point is a boolean value (denoted LT) in a time period in which most users do not access nc No 0 and yes 1).
b) The active time of the user account can be regulated to be the time range of the active time, and can be divided into enumerated values (marked as AT, and 1, 2, 3, 4 and 5 in sequence) of less than 2 hours, 2-8 hours, 8-16 hours, 24-48 hours and more than 48 hours.
c) The user account login position can be normalized to a distance value of N continuous login positions, and can be divided into enumeration values (marked as LL, which are respectively 0, 1, 2 and 3 in sequence) of the same place, the same province and city, the same city but different provinces and different provinces.
d) The device, the operating system and the browser used for logging in the user account can be normalized to the difference degree of the device, the operating system and the browser used for logging in N times continuously (respectively marked as LD, LB and LO, the value of 0 means that all the devices used for logging in N times are the same, and the value of k means that all the devices used for logging in k times are different).
e) The success rate of user account login can be normalized to a range enumeration value, which can be divided into 100% success, a success rate greater than 75%, a success rate greater than 50% and less than 75%, and a success rate less than 50% (marked as LSR).
f) The user account access behavior comprises the access times, search times, document downloading times and the like of an electronic resource database, and the times in unit time are counted as frequency values, which can be typically according to the corresponding times (marked as F) in each hour i )。
And S30, dividing the user account into multiple risk levels according to the processing result.
The multiple risk levels may include, for example, a high risk level, a medium risk level, and a low risk level. For example, the weights of different data may be preset, and then the risk assessment model that the index vectors of all the influence factors are included in the malicious agent is calculated through the preset weights, and the user account risk value within a certain time range (where W is calculated according to the following formula) i Representing the preset weight of the corresponding parameter, T representing the time range of the selected behavior, N representing the number of consecutive logins, F iavg Mean number of acts per unit time representing all users of the system per hour):
Figure BDA0003986558090000061
according to the method, the accuracy of the protection of the malicious agent is enhanced by analyzing and calculating the weights of different influence factors on different behaviors.
And S40, adopting a corresponding preset access control strategy for each user account according to the risk level.
According to the calculation result of the risk assessment model, the user account can be divided into three risk grades according to the presetting: high risk, medium risk, and low risk.
In one embodiment, the method for adopting a corresponding preset access control policy for each user account according to a risk level includes:
and if the risk level of the current user account is high risk, determining the current user account as a malicious proxy account, and executing a preset access control strategy corresponding to the malicious proxy account on the current user account.
In one embodiment, the preset access control policy corresponding to the malicious proxy account includes: and transmitting the account information and the login IP information of the current user account to a firewall or an access control system, and dynamically forbidding the malicious agent access of the current user account.
In one embodiment, the plurality of risk levels includes a high risk level, a medium risk level, and a low risk level; the method for adopting the corresponding preset access control strategy for each user account according to the risk level comprises the following steps: and if the risk level of the current user account is low risk, allowing the current user account to access the electronic resource database.
For example, for a high-risk user, the user may consider the user as a malicious agent, and then take corresponding access control measures, for example, transfer account information and login IP information of the user to a firewall or an access control system, and dynamically block access of the corresponding malicious agent. According to the method, high-risk accounts and IP are forbidden automatically by distinguishing high, medium and low risks from data results, the operation and maintenance management efficiency of the user is improved, and the effectiveness of protection is enhanced.
Referring to fig. 2, in a specific application scenario, the method of this embodiment may be applied to an electronic resource access control system, and related information is transferred through an internal program interface. Referring to fig. 3, in another specific application scenario, the method of this embodiment may also perform data transmission through an inter-system interface by independently deploying a separate malicious agent detection system. When the system is used as a module and integrated in an electronic resource access control system, whether user access is legal can be directly controlled, and when the system is deployed as an independent system, the system can be matched with a firewall to block access of malicious agents. When a user passes through an electronic resource database agent program, if the user is not an illegal user, the user firstly accesses an actual electronic resource database, corresponding behavior data can be generated when the user accesses the electronic resource database, the behavior data can be transmitted to a malicious agent analysis system through a program interface or the inside of the program, and after the malicious agent analysis system analyzes the data, an analysis result is transmitted to a corresponding access control system to modify and update an access strategy.
According to the method, the technology for protecting the malicious agents of the library electronic resource database is adopted, the access records and the operation behaviors of the electronic resource database are analyzed through the technology, the protection of the malicious agents can be realized, and the illegal sale of the electronic resource database by a black and gray industrial person through purchasing account information such as college library accounts is prevented. Compared with the protection method in the related technology, the method has higher accuracy and better effectiveness, and achieves better protection effect of the malicious agent. According to the method, the behavior data of the user is analyzed, and the user is not only forbidden by default or the access frequency is limited, so that the protection effect of the malicious agent is improved.
Referring to fig. 4, another embodiment of the present application provides a protection device for a malicious agent in an electronic resource database, including:
the user behavior data acquisition module is used for acquiring user behavior data;
the user behavior data processing module is used for processing the user behavior data by utilizing a risk evaluation model of the malicious agent to obtain a processing result;
the risk grade division module is used for dividing the user account into a plurality of risk grades according to the processing result;
and the access control module is used for adopting a corresponding preset access control strategy for each user account according to the risk level.
In one embodiment, the user behavior data processing module comprises:
the regulating unit is used for regulating the user behavior data into index vectors;
and the risk evaluation unit is used for bringing all the index vectors into a preset risk evaluation model of the malicious agent through preset weight for calculation to obtain a calculation result.
In one embodiment, the plurality of risk levels includes a high risk level, a medium risk level, and a low risk level; the access control module is further specifically configured to: and if the risk level of the current user account is high risk, determining the current user account as a malicious proxy account, and executing a preset access control strategy corresponding to the malicious proxy account on the current user account.
In one embodiment, the preset access control policy corresponding to the malicious proxy account includes: and transmitting the account information and the login IP information of the current user account to a firewall or an access control system, and dynamically forbidding the malicious agent access of the current user account.
In one embodiment, the plurality of risk levels includes a high risk level, a medium risk level, and a low risk level; the method for adopting the corresponding preset access control strategy for each user account according to the risk level comprises the following steps: and if the risk level of the current user account is low risk, allowing the current user account to access the electronic resource database.
In one embodiment, the user behavior data includes login time, active duration, login location, device used for login, operating system used for login, browser used for login, login success rate, and number of accesses to the electronic resource database, number of searches, and number of documents downloaded.
According to the device, the access records and the operation behaviors of the electronic resource database are analyzed, protection of malicious agents can be achieved, and illegal sale of the electronic resource database by purchasing account information such as library accounts of colleges and universities is prevented; compared with the protection method in the related technology, the method has higher accuracy and better effectiveness, and achieves better protection effect of the malicious agent; by analyzing the behavior data of the user, rather than only defaulting to block the user or limiting the access frequency, the protection effect of the malicious agent is improved.
Another embodiment of the present application provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the program to implement the method for protecting an electronic resource database malicious agent according to any of the above embodiments.
Referring to fig. 5, the electronic device 10 may include: the system comprises a processor 100, a memory 101, a bus 102 and a communication interface 103, wherein the processor 100, the communication interface 103 and the memory 101 are connected through the bus 102; the memory 101 stores a computer program that can be executed on the processor 100, and the processor 100 executes the computer program to perform the method provided by any of the foregoing embodiments of the present application.
The Memory 101 may include a high-speed Random Access Memory (RAM), and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 103 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, and the like can be used.
The bus 102 may be an ISA bus, PCI bus, EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. The memory 101 is used for storing a program, and the processor 100 executes the program after receiving an execution instruction, where the method disclosed in any embodiment of the present application may be applied to the processor 100, or implemented by the processor 100.
Processor 100 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 100. The Processor 100 may be a general-purpose Processor, and may include a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in ram, flash, rom, prom, or eprom, registers, etc. as is well known in the art. The storage medium is located in the memory 101, and the processor 100 reads the information in the memory 101 and completes the steps of the method in combination with the hardware.
The electronic equipment provided by the embodiment of the application and the method provided by the embodiment of the application are based on the same inventive concept, have the same beneficial effects as the method adopted, operated or realized by the electronic equipment, greatly improve the interception rate of malicious agents and achieve good agent protection effect.
In another aspect of the embodiments of the present application, there is provided a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the method for protecting an electronic resource database malicious agent according to any of the above embodiments. Referring to fig. 6, a computer readable storage medium is shown as an optical disc 20, on which a computer program (i.e. a program product) is stored, which when executed by a processor, performs the method provided by any of the foregoing embodiments.
It should be noted that examples of the computer-readable storage medium may also include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory, or other optical and magnetic storage media, which are not described in detail herein.
The computer readable storage medium provided by the embodiment of the application and the method provided by the embodiment of the application are based on the same inventive concept, have the same beneficial effects as the method adopted, operated or realized by the application program stored in the computer readable storage medium, greatly improve the interception rate of malicious agents, and achieve good agent protection effect.
It should be noted that:
the term "module" is not intended to be limited to a particular physical form. Depending on the particular application, a module may be implemented as hardware, firmware, software, and/or combinations thereof. Furthermore, different modules may share common components or even be implemented by the same component. There may or may not be clear boundaries between the various modules.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose devices may also be used with examples based on this disclosure. The required structure for constructing such a device will be apparent from the description above. In addition, this application is not directed to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the present application as described herein, and any descriptions of specific languages are provided above to disclose the best modes of the present application.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The above examples only express embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.

Claims (10)

1. A method for protecting an electronic resource database malicious agent is characterized by comprising the following steps:
acquiring user behavior data;
processing the user behavior data by utilizing a preset risk evaluation model of the malicious agent to obtain a processing result;
dividing the user account into multiple risk levels according to the processing result;
and adopting a corresponding preset access control strategy for each user account according to the risk level.
2. The method of claim 1, wherein processing the user behavior data using a pre-defined risk assessment model of the malicious agent to obtain a processing result comprises:
the user behavior data is normalized into an index vector;
and incorporating all the index vectors into a preset risk evaluation model of the malicious agent through a preset weight for calculation to obtain a calculation result.
3. The method of claim 1, wherein the plurality of risk levels comprises a high risk level, a medium risk level, and a low risk level; the method for adopting the corresponding preset access control strategy for each user account according to the risk level comprises the following steps:
and if the risk level of the current user account is high risk, determining the current user account as a malicious proxy account, and executing a preset access control strategy corresponding to the malicious proxy account on the current user account.
4. The method of claim 3, wherein the preset access control policy corresponding to the malicious proxy account comprises: and transmitting the account information and the login IP information of the current user account to a firewall or an access control system, and dynamically forbidding the malicious agent access of the current user account.
5. The method of claim 1, wherein the plurality of risk levels comprises a high risk level, a medium risk level, and a low risk level; the method for adopting the corresponding preset access control strategy for each user account according to the risk level comprises the following steps:
and if the risk level of the current user account is low risk, allowing the current user account to access the electronic resource database.
6. The method of claim 1, wherein the user behavior data comprises login time, logout time, active duration, login location, device used for login, operating system used for login, browser used for login, login success rate, and number of accesses to electronic resource database, number of searches, and number of documents downloaded.
7. A protection device for malicious agents of an electronic resource database, comprising:
the user behavior data acquisition module is used for acquiring user behavior data;
the user behavior data processing module is used for processing the user behavior data by utilizing a risk evaluation model of the malicious agent to obtain a processing result;
the risk grade division module is used for dividing the user account into a plurality of risk grades according to the processing result;
and the access control module is used for adopting a corresponding preset access control strategy for each user account according to the risk level.
8. The apparatus of claim 7, wherein the user behavior data processing module comprises:
the regulating unit is used for regulating the user behavior data into index vectors;
and the risk evaluation unit is used for bringing all the index vectors into a preset risk evaluation model of the malicious agent through preset weight for calculation to obtain a calculation result.
9. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor executing the program to implement the method for protecting against an electronic resource database malicious agent as recited in any of claims 1-6.
10. A computer-readable storage medium on which a computer program is stored, the program being executable by a processor to implement the method of protecting an electronic resource database malicious agent as claimed in any one of claims 1 to 6.
CN202211579003.6A 2022-12-07 2022-12-07 Method, device, equipment and medium for protecting electronic resource database malicious agent Pending CN115859326A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211579003.6A CN115859326A (en) 2022-12-07 2022-12-07 Method, device, equipment and medium for protecting electronic resource database malicious agent

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211579003.6A CN115859326A (en) 2022-12-07 2022-12-07 Method, device, equipment and medium for protecting electronic resource database malicious agent

Publications (1)

Publication Number Publication Date
CN115859326A true CN115859326A (en) 2023-03-28

Family

ID=85671527

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211579003.6A Pending CN115859326A (en) 2022-12-07 2022-12-07 Method, device, equipment and medium for protecting electronic resource database malicious agent

Country Status (1)

Country Link
CN (1) CN115859326A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116433338A (en) * 2023-06-15 2023-07-14 青岛网信信息科技有限公司 Product marketing inventory protection method, medium and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116433338A (en) * 2023-06-15 2023-07-14 青岛网信信息科技有限公司 Product marketing inventory protection method, medium and system

Similar Documents

Publication Publication Date Title
CN109831465B (en) Website intrusion detection method based on big data log analysis
US20220210200A1 (en) Ai-driven defensive cybersecurity strategy analysis and recommendation system
US20170346846A1 (en) Security threat information gathering and incident reporting systems and methods
US20180336353A1 (en) Risk scores for entities
KR102247181B1 (en) Method and device for generating anomalous behavior detection model using learning data generated based on xai
US11429565B2 (en) Terms of service platform using blockchain
RU2017118317A (en) SYSTEM AND METHOD FOR AUTOMATIC CALCULATION OF CYBER RISK IN BUSINESS CRITICAL APPLICATIONS
US20230071264A1 (en) Security automation system
US20210136120A1 (en) Universal computing asset registry
US20200084235A1 (en) Method and device for identifying security threats, storage medium, processor and terminal
CN111953665B (en) Server attack access identification method and system, computer equipment and storage medium
US20230412620A1 (en) System and methods for cybersecurity analysis using ueba and network topology data and trigger - based network remediation
CN116821750A (en) Data security risk monitoring traceability system based on artificial intelligence
CN112385196A (en) System and method for reporting computer security incidents
CN115859326A (en) Method, device, equipment and medium for protecting electronic resource database malicious agent
CN116846619A (en) Automatic network security risk assessment method, system and readable storage medium
CN111316272A (en) Advanced cyber-security threat mitigation using behavioral and deep analytics
CN112165445A (en) Method, device, storage medium and computer equipment for detecting network attack
CA3188189A1 (en) Machine-learning techniques for detection of unauthorized access of interactive computing environment functions
Yucel et al. On the assessment of completeness and timeliness of actionable cyber threat intelligence artefacts
KR102165272B1 (en) Method and server for managing data stored in block chain
CN115051835A (en) Method, electronic device, storage medium and system for processing data
CN107566187B (en) SLA violation monitoring method, device and system
König et al. Random damage in interconnected networks
CN117932676A (en) Data desensitization method and system based on network interface access control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination