CN116010467B - Risk discovery method, device, equipment and storage medium based on communication map - Google Patents

Risk discovery method, device, equipment and storage medium based on communication map Download PDF

Info

Publication number
CN116010467B
CN116010467B CN202310036455.8A CN202310036455A CN116010467B CN 116010467 B CN116010467 B CN 116010467B CN 202310036455 A CN202310036455 A CN 202310036455A CN 116010467 B CN116010467 B CN 116010467B
Authority
CN
China
Prior art keywords
risk
task
communication map
nodes
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310036455.8A
Other languages
Chinese (zh)
Other versions
CN116010467A (en
Inventor
王世峰
张彩霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202310036455.8A priority Critical patent/CN116010467B/en
Publication of CN116010467A publication Critical patent/CN116010467A/en
Application granted granted Critical
Publication of CN116010467B publication Critical patent/CN116010467B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The disclosure provides a risk discovery method, device, equipment and storage medium based on a communication map, wherein the method comprises the following steps: firstly, a communication map is established for a target communication map task, risk items corresponding to the task objects are inquired based on identification information of the task objects carried by nodes in the communication map, and a risk portrait corresponding to the target communication map task is generated based on the risk items corresponding to the task objects and network access relations between the task objects corresponding to the nodes in the communication map. Therefore, after determining the risk item corresponding to the task object carried by the node in the communication map, the embodiment of the disclosure determines the risk portrait corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication map, thereby realizing the acquisition of the risk information in the target communication map task based on the communication map.

Description

Risk discovery method, device, equipment and storage medium based on communication map
Technical Field
The disclosure relates to the field of data processing, and in particular relates to a risk discovery method, device, equipment and storage medium based on a communication map.
Background
At present, in the analysis process of the traditional communication spectrum, only the information of the task objects corresponding to the nodes in the communication spectrum and the network access relation among the task objects corresponding to the nodes can be displayed, and the risk information of the task objects corresponding to the nodes in the communication spectrum can not be acquired, so that the risk information in the target communication spectrum task corresponding to the communication spectrum can not be acquired based on the communication spectrum, and therefore, how to acquire the risk information in the target communication spectrum task based on the communication spectrum becomes a technical problem to be solved urgently.
Disclosure of Invention
In order to solve the technical problems, an embodiment of the present disclosure provides a risk discovery method based on a communication map.
In a first aspect, the present disclosure provides a risk discovery method based on a communication map, the method comprising:
creating a communication map for the target communication map task; the nodes in the communication map correspond to task objects in the target communication map task, the nodes carry identification information of the corresponding task objects, and edges in the communication map are used for representing network access relations among the task objects corresponding to the nodes on the edges;
Inquiring whether a risk item corresponding to the task object exists in a preset node risk relation table or not based on the identification information of the task object carried by the nodes in the communication map; the preset node risk relation table stores the corresponding relation between the identification information of the risk task object and the risk item;
if the risk item corresponding to the task object is queried from the preset node risk relation table, acquiring the risk item corresponding to the task object;
generating a risk portrait corresponding to the target communication map task based on the risk items corresponding to the task objects and the network access relations between the task objects corresponding to the nodes in the communication map; the risk portrait is used for reflecting risk information in the target communication map task.
In an optional implementation manner, the querying whether the risk item corresponding to the task object exists in the preset node risk relation table based on the identification information of the task object carried by the node in the communication map includes:
if the number of the nodes in the communication map is larger than a preset threshold, inquiring whether a risk item corresponding to the task object exists in a preset node risk relation table or not by adopting a multi-process mode based on the identification information of the task object carried by the nodes in the communication map.
In an optional implementation manner, if the number of the nodes in the communication map is greater than a preset threshold, a multiprocessing manner is adopted, and based on identification information of a task object carried by the nodes in the communication map, whether a risk item corresponding to the task object exists in a preset node risk relation table is queried, which includes:
if the number of the nodes in the communication map is larger than a preset threshold value, grouping the nodes in the communication map to obtain a plurality of node groups; wherein different node groups correspond to different processes;
and inquiring whether a risk item corresponding to the task object exists in a preset node risk relation table by using a first process based on the identification information of the task object carried by the nodes of the first node group in the plurality of node groups.
In an optional implementation manner, if the risk item corresponding to the task object is queried from the preset node risk relation table, after the risk item corresponding to the task object is obtained, the method further includes:
generating a risk portrait corresponding to the task object based on the risk item corresponding to the task object and the network access relation corresponding to the task object; the risk portrait is used for reflecting risk information in the task object.
In an optional implementation manner, the generating the risk portrait corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication map includes:
generating a risk portrait corresponding to the task object based on the risk item corresponding to the task object;
and generating the risk portraits corresponding to the target communication map tasks based on the risk portraits corresponding to the task objects and the network access relations between the task objects corresponding to the nodes in the communication map.
In an optional implementation manner, if the risk item corresponding to the task object is queried from the preset node risk relation table, after the risk item corresponding to the task object is obtained, the method further includes:
determining associated nodes of the nodes corresponding to the task objects from a preset database corresponding to the task objects; the preset database stores data representing that the associated node and the node corresponding to the task object have a network access relationship, and the associated node does not belong to the node in the communication map;
Adding the association node to the communication map;
determining whether a risk item corresponding to the association node exists in the preset node risk relation table;
if the risk items corresponding to the association nodes exist in the preset node risk relation table, acquiring the risk items corresponding to the association nodes;
correspondingly, the generating the risk portrait corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relation between the task objects corresponding to the nodes in the communication map includes:
and generating a risk portrait corresponding to the target communication map task based on the risk items corresponding to the task objects, the risk items corresponding to the associated nodes and the network access relation between the task objects corresponding to the nodes in the communication map.
In an optional implementation manner, the generating the risk portrait corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication map includes:
and inputting the risk items corresponding to the task objects and the network access relations among the task objects corresponding to the nodes in the communication map to a target detection model, and outputting the risk portraits corresponding to the target communication map tasks after the processing of the target detection model.
In a second aspect, the present disclosure provides a risk discovery apparatus based on a communication map, the apparatus comprising:
the creating module is used for creating a communication map for the target communication map task; the nodes in the communication map correspond to task objects in the target communication map task, the nodes carry identification information of the corresponding task objects, and edges in the communication map are used for representing network access relations among the task objects corresponding to the nodes on the edges;
the query module is used for querying whether a risk item corresponding to the task object exists in a preset node risk relation table or not based on the identification information of the task object carried by the node in the communication map; the preset node risk relation table stores the corresponding relation between the identification information of the risk task object and the risk item;
the acquisition module is used for acquiring the risk item corresponding to the task object if the risk item corresponding to the task object is queried from the preset node risk relation table;
the generation module is used for generating a risk portrait corresponding to the target communication map task based on the risk items corresponding to the task objects and the network access relation between the task objects corresponding to the nodes in the communication map; the risk portrait is used for reflecting risk information in the target communication map task.
In a third aspect, the present disclosure provides a computer readable storage medium having instructions stored therein, which when run on a terminal device, cause the terminal device to implement the above-described method.
In a fourth aspect, the present disclosure provides a risk discovery apparatus based on a communication map, including: the computer program comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the method when executing the computer program.
In a fifth aspect, the present disclosure provides a computer program product comprising computer programs/instructions which when executed by a processor implement the above-described method.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has at least the following advantages:
the embodiment of the disclosure provides a risk discovery method based on a communication map, which comprises the steps of firstly creating a communication map for a target communication map task; the method comprises the steps that nodes in a communication map correspond to task objects in a target communication map task, the nodes carry identification information of the corresponding task objects, edges in the communication map are used for representing network access relations among the task objects corresponding to the nodes on the edges, whether risk items corresponding to the task objects exist in a preset node risk relation table or not is inquired based on the identification information of the task objects carried by the nodes in the communication map, the corresponding relation between the identification information of the risk task objects and the risk items is stored in the preset node risk relation table, if the risk items corresponding to the task objects are inquired from the preset node risk relation table, the risk items corresponding to the task objects are obtained, and a risk portrait corresponding to the target communication map task is generated based on the risk items corresponding to the task objects and the network access relation between the task objects corresponding to the nodes in the communication map, wherein the risk portrait is used for reflecting the risk information in the target communication map task. Therefore, after determining the risk item corresponding to the task object carried by the node in the communication map, the embodiment of the disclosure determines the risk portrait corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication map, thereby realizing the acquisition of the risk information in the target communication map task based on the communication map.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments of the present disclosure or the solutions in the prior art, the drawings that are required for the description of the embodiments or the prior art will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
Fig. 1 is a flowchart of a risk discovery method based on a communication map according to an embodiment of the disclosure;
FIG. 2 is a flow chart of risk item matching provided by an embodiment of the present disclosure;
FIG. 3 is a flowchart of another risk discovery method based on a communication map according to an embodiment of the disclosure;
fig. 4 is a schematic structural diagram of a risk discovery apparatus based on a communication map according to an embodiment of the disclosure;
fig. 5 is a schematic structural diagram of a risk discovery apparatus based on a communication map according to an embodiment of the disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, a further description of aspects of the present disclosure will be provided below. It should be noted that, without conflict, the embodiments of the present disclosure and features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced otherwise than as described herein; it will be apparent that the embodiments in the specification are only some, but not all, embodiments of the disclosure.
In order to achieve the purpose of acquiring risk information in a target communication map task based on a communication map, the embodiment of the disclosure provides a risk discovery method for the communication map.
Specifically, firstly, creating a communication map for a target communication map task; the method comprises the steps that nodes in a communication map correspond to task objects in a target communication map task, the nodes carry identification information of the corresponding task objects, edges in the communication map are used for representing network access relations among the task objects corresponding to the nodes on the edges, whether risk items corresponding to the task objects exist in a preset node risk relation table or not is inquired based on the identification information of the task objects carried by the nodes in the communication map, the corresponding relation between the identification information of the risk task objects and the risk items is stored in the preset node risk relation table, if the risk items corresponding to the task objects are inquired from the preset node risk relation table, the risk items corresponding to the task objects are obtained, and a risk portrait corresponding to the target communication map task is generated based on the risk items corresponding to the task objects and the network access relation between the task objects corresponding to the nodes in the communication map, wherein the risk portrait is used for reflecting the risk information in the target communication map task. Therefore, after determining the risk item corresponding to the task object carried by the node in the communication map, the embodiment of the disclosure determines the risk portrait corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication map, thereby realizing the acquisition of the risk information in the target communication map task based on the communication map.
Based on this, the embodiment of the disclosure provides a risk discovery method based on a communication map, referring to fig. 1, which is a flowchart of the risk discovery method based on the communication map, provided in the embodiment of the disclosure, the method includes:
s101: and creating a communication map for the target communication map task.
The nodes in the communication map correspond to task objects in the target communication map task, the nodes carry identification information of the corresponding task objects, and the edges in the communication map are used for representing network access relations among the task objects corresponding to the nodes on the edges.
Specifically, the target communication map task may be any communication map task constructed based on a core task object, where the core task object may include a unit, a service, an asset, and the like, for example, the target communication map task may be a task created based on an asset, and accordingly, a task object in the target communication map task may be an object having a network access relationship with the core task object.
In the embodiment of the present disclosure, the identification information of the task object carried by the node refers to information that uniquely identifies the node, for example, may be a node IP (Internet Protocol ), a domain name, a file hash value, etc. corresponding to when matching with a preset node risk relation table in a risk information library, and the embodiment of the present disclosure does not limit any limitation on the identification information of the task object carried by the node.
In the embodiment of the disclosure, the network access relationship between task objects corresponding to the nodes may include an attack relationship.
In the embodiment of the disclosure, basic information of the target communication map task can be set, such as time, application algorithm, communication map depth, data source information and the like of the target communication map task can be set.
In the embodiment of the disclosure, the communication spectrum may include a knowledge spectrum base, other associated relational databases and non-relational databases, and specifically, the communication spectrum may be constructed based on a database corresponding to a core task object, and the construction mode of the communication spectrum is not limited in any way.
S102: inquiring whether a risk item corresponding to the task object exists in a preset node risk relation table or not based on the identification information of the task object carried by the nodes in the communication map.
The preset node risk relation table stores the corresponding relation between the identification information of the risk task object and the risk item.
Specifically, the preset node risk relation table may be a node risk relation table in a risk information library, and the embodiment of the present disclosure does not limit the preset node risk relation table.
In the embodiment of the disclosure, after a communication map is created for a target communication map task, acquiring identification information of a task object carried by a node in the communication map, matching with a preset node risk relation table in a risk information library according to the identification information of the task object carried by the node in the communication map, and inquiring whether a risk item corresponding to the identification information of the task object carried by the node exists in the preset node risk relation table.
In order to ensure the basic requirements of high reliability and high performance of the server, in an optional implementation manner, before inquiring whether the risk items corresponding to the task objects exist in the preset node risk relation table, whether the number of the nodes in the communication map is larger than a preset threshold value or not can be further determined, if the number of the nodes in the communication map is larger than the preset threshold value, a multi-process mode is adopted, and whether the risk items corresponding to the task objects exist in the preset node risk relation table or not is inquired based on the identification information of the task objects carried by the nodes in the communication map.
The preset threshold may be set based on requirements, and the embodiments of the present disclosure are not limited in this regard.
In the embodiment of the disclosure, if the number of the nodes in the communication map is greater than the preset threshold, the number of the nodes in the communication map is indicated to be greater, and in order to ensure the basic requirements of high reliability and high performance of the server, a multi-process mode can be adopted to query whether a risk item corresponding to the task object exists in the preset node risk relation table based on the identification information of the task object carried by the nodes in the communication map.
In an optional implementation manner, if the number of the nodes in the communication map is greater than a preset threshold, grouping the nodes in the communication map to obtain a plurality of node groups, and querying whether a risk item corresponding to the task object exists in a preset node risk relation table by using the first process based on the identification information of the task object carried by the nodes of the first node group in the plurality of node groups.
Wherein different groups of nodes correspond to different processes.
The first node group may be any node group in the communication map, and accordingly, the first process is identification information of a task object carried by a node of the first node group, and whether a process corresponding to a risk item corresponding to the task object exists in a preset node risk relation table is queried.
In an optional implementation manner, identification information of task objects carried by each node in the first node group can be respectively matched with a preset node risk relation table in a serial manner by calling a risk item matching interface, and whether risk items corresponding to the task objects exist in the preset node risk relation table is queried.
In addition, when the identification information of the task object carried by each node in the first node group is respectively matched with the preset node risk relation table, in an optional implementation manner, whether a risk item corresponding to the task object exists in the preset node risk relation table may be queried based on the sequence of each node in the first node group.
For example, assuming that the first node group includes a node a, a node B, a node C, a node D, and a node E, if the node a is connected to the node B, the node B is connected to the node C, the node C is connected to the node D, and the node D is connected to the node E, whether a risk item corresponding to the task object exists in the preset node risk relation table may be queried according to the sequence of the node a, the node B, the node C, the node D, and the node E.
In another optional implementation manner, whether a risk item corresponding to the task object exists in the preset node risk relation table may be queried based on the logic relation of each node in the first node group.
Taking the first node group including the node a, the node B, the node C, the node D and the node E as an example, if the node a is connected with the node B and the node D, the node B is connected with the node C, and the node C is connected with the node E, if the risk item corresponding to the task object exists in the preset node risk relation table based on the identification information of the task object carried by the node B, the node C connected with the node B may be preferentially queried based on the logic relation of the node, and whether the risk item corresponding to the task object exists in the node C in the preset node risk relation table is queried.
In another optional implementation manner, task objects carried by each node in the first node group can be simultaneously matched with a preset node risk relation table in a parallel manner by calling a risk item matching interface, and whether a risk item corresponding to the task object exists in the preset node risk relation table is queried.
In particular, reference may be made to fig. 2, which is a flow chart of risk item matching provided for an embodiment of the present disclosure.
Firstly, determining whether task objects carried by all nodes in a first node group are matched with a preset node risk relation table in parallel or not based on a call risk item matching interface, if the task objects carried by all nodes in the first node group are determined to be matched with the preset node risk relation table in parallel, splitting the nodes in the first node group into 2 parts based on a bisection method, taking the first node group comprising the node A, the node B, the node C, the node D and the node E as an example, splitting the first node group into the node group a (the node A, the node B, the node C) and the node group B (the node D and the node E), namely, firstly matching the node group a and then matching the node group B; if the task objects carried by the nodes in the first node group are determined to be matched with the preset node risk relation table in a non-parallel mode, the query rate of the current server performance to the number of nodes per second is directly recorded.
Judging whether the number of the node matching supported by the performance of the current server is larger than the number of the parallel calling nodes of the risk item matching interface, if the number of the node matching supported by the performance of the current server is larger than the number of the parallel calling nodes of the risk item matching interface, continuously increasing the number of the parallel calling nodes of the risk item interface; if the number of node matching supported by the performance of the current server is not greater than the number of parallel calling nodes of the risk item matching interface, the number of parallel calling nodes of the risk item interface can be reduced.
Judging whether the performance of the current server reaches the balance state of the number of the nodes called in parallel with the risk item matching interface, if the performance of the current server reaches the balance state of the number of the nodes called in parallel with the risk item matching interface, namely the number of the nodes matched by the performance of the current server is equal to the number of the nodes called in parallel with the risk item matching interface, recording the query rate of the performance of the current server per second of the number of the nodes, and facilitating the subsequent query rate per second of the number of the nodes to match task objects carried by each node in the first node group with a preset node risk relation table.
S103: and if the risk item corresponding to the task object is queried from the preset node risk relation table, acquiring the risk item corresponding to the task object.
In the embodiment of the disclosure, if the risk item corresponding to the task object is queried from the preset node risk relation table, the risk of the node corresponding to the task object is indicated, and the risk item corresponding to the task object can be obtained, so that the risk information corresponding to the task object is determined based on the risk item corresponding to the task object.
In an optional implementation manner, after the risk item corresponding to the task object is obtained, a risk portrait corresponding to the task object may be generated based on the risk item corresponding to the task object and the network access relationship corresponding to the task object.
Wherein the risk portrayal is used for reflecting risk information in the task object.
In the embodiment of the disclosure, after the risk item corresponding to the task object is obtained, the risk item corresponding to the task object and the network access relation corresponding to the task object are analyzed, and the risk portrait corresponding to the task object is generated.
S104: and generating a risk portrait corresponding to the target communication map task based on the risk items corresponding to the task objects and the network access relation between the task objects corresponding to the nodes in the communication map.
The risk portrait is used for reflecting risk information in the target communication map task.
In an alternative embodiment, the risk items corresponding to the task objects and the network access relations between the task objects corresponding to the nodes in the communication map are input into the target detection model, and after the processing of the target detection model, the risk portraits corresponding to the target communication map tasks are output.
The target detection model can be obtained by training based on a risk portrait sample corresponding to the task object, a network access relation sample corresponding to the task object of the node in the communication map and the risk portrait sample, and a specific training process of the target training model is not described in detail in the disclosure.
In the embodiment of the disclosure, a risk item corresponding to a task object and a network access relation between task objects corresponding to nodes in a communication map are used as input conditions, input into a target detection model, and after the target detection model is processed, a risk portrait corresponding to a target communication map task is output.
In another alternative embodiment, the risk portraits corresponding to the task objects are generated based on the risk items corresponding to the task objects, and the risk portraits corresponding to the target communication map tasks are generated based on the network access relationships between the risk portraits corresponding to the task objects and the task objects corresponding to the nodes in the communication map.
In the embodiment of the present disclosure, the manner of generating the risk image corresponding to the target communication map task based on the risk image corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication map may be implemented by referring to the manner of generating the risk image corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication map, which is not described herein in detail.
In yet another alternative embodiment, the risk portraits corresponding to the task objects are generated based on the risk items corresponding to the task objects and the network access relationships corresponding to the task objects, and the risk portraits corresponding to the target communication map tasks are generated based on the risk portraits corresponding to the task objects.
In the embodiment of the present disclosure, the manner of generating the risk image corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication map may be implemented by referring to the manner of generating the risk image corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication map, which is not described herein in detail.
In addition, after the risk portraits corresponding to the target communication map tasks are generated, an analysis report can be generated based on the risk portraits corresponding to the target communication map tasks, suggestions can be provided for risks in the target communication map tasks in the report, and then risks of the target communication map tasks are reduced.
In the risk discovery method based on the communication spectrum provided by the embodiment of the disclosure, firstly, a communication spectrum is created for a target communication spectrum task; the method comprises the steps that nodes in a communication map correspond to task objects in a target communication map task, the nodes carry identification information of the corresponding task objects, edges in the communication map are used for representing network access relations among the task objects corresponding to the nodes on the edges, whether risk items corresponding to the task objects exist in a preset node risk relation table or not is inquired based on the identification information of the task objects carried by the nodes in the communication map, the corresponding relation between the identification information of the risk task objects and the risk items is stored in the preset node risk relation table, if the risk items corresponding to the task objects are inquired from the preset node risk relation table, the risk items corresponding to the task objects are obtained, and a risk portrait corresponding to the target communication map task is generated based on the risk items corresponding to the task objects and the network access relation between the task objects corresponding to the nodes in the communication map, wherein the risk portrait is used for reflecting the risk information in the target communication map task. Therefore, after determining the risk item corresponding to the task object carried by the node in the communication map, the embodiment of the disclosure determines the risk portrait corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication map, thereby realizing the acquisition of the risk information in the target communication map task based on the communication map.
Based on the above method embodiments, the present disclosure further provides a risk discovery method based on a communication map, and referring to fig. 3, a flowchart of another risk discovery method based on a communication map provided for the present disclosure embodiment is provided, where the method includes:
s301: and creating a communication map for the target communication map task.
Wherein, the nodes in the communication map correspond to the task objects in the target communication map task, the nodes carry the identification information of the corresponding task objects, and the edges in the communication map are used for representing the network access relationship between the task objects corresponding to the nodes on the edges
It should be noted that step S301 is the same as step S101, and specific reference is made to the description of step S101.
S302: inquiring whether a risk item corresponding to the task object exists in a preset node risk relation table or not based on the identification information of the task object carried by the nodes in the communication map.
The preset node risk relation table stores the corresponding relation between the identification information of the risk task object and the risk item.
It should be noted that, step S302 is the same as step S102, and specific reference is made to the description of step S102.
S303: and if the risk item corresponding to the task object is queried from the preset node risk relation table, acquiring the risk item corresponding to the task object.
The step S303 is the same as the step S103, and specific reference is made to the description of the step S103.
S304: and determining the associated node of the node corresponding to the task object from a preset database corresponding to the task object.
The preset database stores data representing network access relations between associated nodes and nodes corresponding to task objects, and the associated nodes do not belong to the nodes in the communication map.
In the embodiment of the present disclosure, if a risk item corresponding to a task object is queried from a preset node risk relation table, which indicates that the task object has a risk, whether a node corresponding to the task object and not belonging to a communication map exists may be determined continuously from a preset database corresponding to the task object, and if it is determined that a node corresponding to the task object and not belonging to the communication map exists, the node is taken as an associated node.
S305: and adding the association nodes into the communication map.
In the embodiment of the disclosure, after determining the associated node of the node corresponding to the task object, the associated node is added to the communication map based on the network access relationship between the associated node and the node corresponding to the task object.
S306: and determining whether a risk item corresponding to the association node exists in a preset node risk relation table.
In the embodiment of the disclosure, whether a risk item corresponding to the association node exists in a preset node risk relation table can be determined based on the identification information of the task object carried by the association node.
The identification information of the task object carried by the associated node refers to information for uniquely identifying the node, for example, may be an associated node IP (Internet Protocol ), a domain name, a file hash value, etc., and the embodiment of the present disclosure does not limit the identification information of the task object carried by the associated node.
S307: if the risk items corresponding to the association nodes exist in the preset node risk relation table, acquiring the risk items corresponding to the association nodes.
In the embodiment of the disclosure, if it is determined that a risk item corresponding to an associated node exists in a preset node risk relation table, it is indicated that the associated node is at risk, and the risk item corresponding to the associated node may be obtained, so that risk information of a task object corresponding to the associated node is determined based on the risk item corresponding to the associated node.
S308: and generating a risk portrait corresponding to the target communication map task based on the risk items corresponding to the task objects, the risk items corresponding to the associated nodes and the network access relation between the task objects corresponding to the nodes in the communication map.
It should be noted that, step S308 is similar to step S104, and specific reference is made to the description of step S104.
In the risk discovery method based on the communication spectrum provided by the embodiment of the disclosure, a communication spectrum is firstly created for a target communication spectrum task, wherein nodes in the communication spectrum correspond to task objects in the target communication spectrum task, the nodes carry identification information of the corresponding task objects, edges in the communication spectrum are used for representing network access relations between the task objects corresponding to the nodes on the edges, based on the identification information of the task objects carried by the nodes in the communication spectrum, whether a risk item corresponding to the task object exists in a preset node risk relation table or not is queried, the corresponding relation between the identification information of the risk task object and the risk item is stored in the preset node risk relation table, if the risk item corresponding to the task object is queried from the preset node risk relation table, the risk item corresponding to the task object is acquired, the associated node of the node corresponding to the task object is determined from a preset database corresponding to the task object, the associated node of the node corresponding to the task object is stored, the associated node of the node representing the network access relation between the associated node and the node corresponding to the task object is not included in the preset database, whether the associated node in the communication graph is added to the corresponding relation to the preset node, the corresponding relation between the corresponding nodes in the preset node risk table and the corresponding relation between the task object is determined, if the corresponding relation between the task object and the corresponding nodes in the preset node map is stored, and the corresponding relation between the corresponding nodes in the corresponding graph and the corresponding relation item in the task graph is determined if the corresponding to the corresponding relation is stored, and the corresponding to the risk item in the task object has the corresponding relation, and has the corresponding relation between the corresponding relation between the task object.
It can be seen that, after determining the risk item corresponding to the task object carried by the node in the communication map, the embodiment of the disclosure may further continuously determine the associated node of the node corresponding to the task object, so as to determine the risk portrait corresponding to the target communication map task based on the risk item corresponding to the task object, the risk item corresponding to the associated node, and the network access relationship between the task objects corresponding to the nodes in the communication map, thereby implementing the method of acquiring the risk information in the target communication map task based on the communication map.
For ease of understanding, examples are given of practical application scenarios:
assuming that the target communication map task is a task created based on the unit host 10.10.10.10, that is, a core task object corresponding to the target communication map task is the unit host 10.10.10.10, a communication map is created for the host 10.10.10.10.10, specifically, a communication map using the host 10.10.10.10 as a core task object can be constructed based on data stored by a big data platform, the communication map supports network traffic identification, identification and analysis of a tunneling protocol, an encryption protocol and a routing protocol in a complex scene, and various parameters such as time, an application algorithm, a communication map depth, data source information and the like of the target communication map task can be set for the communication map in the process of creating the communication map.
After the target communication map task is started, a communication map relation is constructed based on the target communication map task, specifically, whether a risk item of a task object corresponding to a node in a communication map relation exists in a preset node risk relation table in a risk information library or not can be queried based on a node IP, a domain name, a file hash value and the like in the communication map, if the risk item corresponding to the task object is queried from the preset node risk relation table, the risk item corresponding to the task object is acquired, and after the risk item corresponding to the task object is acquired, a risk image corresponding to the task object can be generated based on the risk item corresponding to the task object and a network access relation corresponding to the task object, so that risk information of the task object is displayed.
Further, determining the associated node of the node corresponding to the task object from the preset database corresponding to the task object, adding the associated node to the communication map, continuously determining whether a risk item corresponding to the associated node exists in the preset node risk relation table, if the risk item corresponding to the associated node exists in the preset node risk relation table, acquiring the risk item corresponding to the associated node, so that a risk portrait corresponding to the target communication map task is generated based on the risk item corresponding to the task object, the risk item corresponding to the associated node and the network access relation between the task objects corresponding to the nodes in the communication map, and meanwhile, analyzing the target communication map task based on the risk portrait corresponding to the target communication map task, such as comprehensive exposure surface combing, online risk assessment and the like, and man-machine collaborative participation, finally generating an analysis report of an attack method, an attack path and a risk list, wherein advice can be provided for risks in the target communication map task, and further reducing risks of the target communication map task.
Based on the above method embodiments, the present disclosure further provides a risk discovery apparatus based on a communication map, and referring to fig. 4, a schematic structural diagram of the risk discovery apparatus based on the communication map provided in the embodiments of the present disclosure is provided, where the apparatus includes:
a creation module 401, configured to create a communication map for a target communication map task; the nodes in the communication map correspond to task objects in the target communication map task, the nodes carry identification information of the corresponding task objects, and edges in the communication map are used for representing network access relations among the task objects corresponding to the nodes on the edges;
a query module 402, configured to query whether a risk item corresponding to the task object exists in a preset node risk relationship table based on identification information of the task object carried by a node in the communication map; the preset node risk relation table stores the corresponding relation between the identification information of the risk task object and the risk item;
an obtaining module 403, configured to obtain a risk item corresponding to the task object if a risk item corresponding to the task object is queried from the preset node risk relation table;
A generating module 404, configured to generate a risk portrait corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication map; the risk portrait is used for reflecting risk information in the target communication map task.
In an alternative embodiment, the query module 402 is specifically configured to:
if the number of the nodes in the communication map is larger than a preset threshold, inquiring whether a risk item corresponding to the task object exists in a preset node risk relation table or not by adopting a multi-process mode based on the identification information of the task object carried by the nodes in the communication map.
In an alternative embodiment, the query module 402 includes:
the grouping sub-module is used for grouping the nodes in the communication map to obtain a plurality of node groups when the number of the nodes in the communication map is larger than a preset threshold value; wherein different node groups correspond to different processes;
and the inquiring sub-module is used for inquiring whether a risk item corresponding to the task object exists in a preset node risk relation table by utilizing a first process based on the identification information of the task object carried by the nodes of the first node group in the plurality of node groups.
In an alternative embodiment, the apparatus further comprises:
the first determining module is used for generating a risk portrait corresponding to the task object based on the risk item corresponding to the task object and the network access relation corresponding to the task object; the risk portrait is used for reflecting risk information in the task object.
In an alternative embodiment, the generating module 404 includes:
the first generation sub-module is used for generating a risk portrait corresponding to the task object based on the risk item corresponding to the task object;
and the second generation sub-module is used for generating the risk portraits corresponding to the target communication map tasks based on the network access relations between the risk portraits corresponding to the task objects and the task objects corresponding to the nodes in the communication map.
In an alternative embodiment, the apparatus further comprises:
the second determining module is used for determining the associated node of the node corresponding to the task object from a preset database corresponding to the task object; the preset database stores data representing that the associated node and the node corresponding to the task object have a network access relationship, and the associated node does not belong to the node in the communication map;
The adding module is used for adding the association node into the communication map;
a third determining module, configured to determine whether a risk item corresponding to the association node exists in the preset node risk relation table;
a fourth determining module, configured to determine, when a risk item corresponding to the association node exists in the preset node risk relationship table, obtain a risk item corresponding to the association node;
accordingly, the generating module 404 is specifically configured to:
and generating a risk portrait corresponding to the target communication map task based on the risk items corresponding to the task objects, the risk items corresponding to the associated nodes and the network access relation between the task objects corresponding to the nodes in the communication map.
In an alternative embodiment, the generating module is specifically configured to:
and inputting the risk items corresponding to the task objects and the network access relations among the task objects corresponding to the nodes in the communication map to a target detection model, and outputting the risk portraits corresponding to the target communication map tasks after the processing of the target detection model.
In the risk discovery device based on the communication spectrum provided by the embodiment of the disclosure, firstly, a communication spectrum is created for a target communication spectrum task; the method comprises the steps that nodes in a communication map correspond to task objects in a target communication map task, the nodes carry identification information of the corresponding task objects, edges in the communication map are used for representing network access relations among the task objects corresponding to the nodes on the edges, whether risk items corresponding to the task objects exist in a preset node risk relation table or not is inquired based on the identification information of the task objects carried by the nodes in the communication map, the corresponding relation between the identification information of the risk task objects and the risk items is stored in the preset node risk relation table, if the risk items corresponding to the task objects are inquired from the preset node risk relation table, the risk items corresponding to the task objects are obtained, and a risk portrait corresponding to the target communication map task is generated based on the risk items corresponding to the task objects and the network access relation between the task objects corresponding to the nodes in the communication map, wherein the risk portrait is used for reflecting the risk information in the target communication map task. Therefore, after determining the risk item corresponding to the task object carried by the node in the communication map, the embodiment of the disclosure determines the risk portrait corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication map, thereby realizing the acquisition of the risk information in the target communication map task based on the communication map.
In addition to the above method and apparatus, the embodiments of the present disclosure further provide a computer readable storage medium, where instructions are stored, when the instructions are executed on a terminal device, cause the terminal device to implement the risk discovery method based on a communication map according to the embodiments of the present disclosure.
The disclosed embodiments also provide a computer program product comprising a computer program/instruction which, when executed by a processor, implements the communication graph-based risk discovery method of the disclosed embodiments.
In addition, the embodiment of the disclosure further provides a risk discovery device based on a communication map, which is shown in fig. 5, and may include:
a processor 501, a memory 502, an input device 503 and an output device 504. The number of processors 501 in the communication map-based risk discovery apparatus may be one or more, one processor being exemplified in fig. 5. In some embodiments of the present disclosure, the processor 501, memory 502, input device 503, and output device 504 may be connected by a bus or other means, with bus connections being exemplified in fig. 5.
The memory 502 may be used to store software programs and modules, and the processor 501 executes various functional applications and data processing of the communication map-based risk discovery apparatus by running the software programs and modules stored in the memory 502. The memory 502 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, application programs required for at least one function, and the like. In addition, memory 502 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. The input means 503 may be used to receive entered numerical or character information and to generate signal inputs related to user settings and function control of the communication map based risk discovery apparatus.
In particular, in this embodiment, the processor 501 loads executable files corresponding to the processes of one or more application programs into the memory 502 according to the following instructions, and the processor 501 executes the application programs stored in the memory 502, so as to implement the various functions of the risk discovery device based on the communication map.
It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing is merely a specific embodiment of the disclosure to enable one skilled in the art to understand or practice the disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown and described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A risk discovery method based on a communication map, the method comprising:
creating a communication map for the target communication map task; the nodes in the communication map correspond to task objects in the target communication map task, the nodes carry identification information of the corresponding task objects, edges in the communication map are used for representing network access relations among the task objects corresponding to the nodes on the edges, and the communication map is created based on core task objects in the target communication map task and task objects with network access relations with the core task objects;
inquiring whether a risk item corresponding to the task object exists in a preset node risk relation table or not based on the identification information of the task object carried by the nodes in the communication map; the risk relation table of the preset nodes stores the corresponding relation between the identification information of the risk task object and the risk item, wherein the risk item is used for representing that the node corresponding to the task object has risk;
if the risk item corresponding to the task object is queried from the preset node risk relation table, acquiring the risk item corresponding to the task object;
Determining associated nodes corresponding to task objects with risk items, and adding the associated nodes into the communication map;
generating a risk portrait corresponding to the target communication map task based on the risk items corresponding to the task objects and the network access relations between the task objects corresponding to the nodes in the communication map; the risk portrait is used for reflecting risk information in the target communication map task;
the generating the risk portrait corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relation between the task objects corresponding to the nodes in the communication map includes: and generating a risk portrait corresponding to the target communication map task based on the risk items corresponding to the task objects, the risk items corresponding to the associated nodes and the network access relation between the task objects corresponding to the nodes in the communication map.
2. The method of claim 1, wherein the querying whether the risk item corresponding to the task object exists in the preset node risk relation table based on the identification information of the task object carried by the node in the communication map includes:
If the number of the nodes in the communication map is larger than a preset threshold, inquiring whether a risk item corresponding to the task object exists in a preset node risk relation table or not by adopting a multi-process mode based on the identification information of the task object carried by the nodes in the communication map.
3. The method according to claim 2, wherein if the number of nodes in the communication map is greater than a preset threshold, querying, in a multi-process manner, whether a risk item corresponding to the task object exists in a preset node risk relation table based on identification information of the task object carried by the nodes in the communication map includes:
if the number of the nodes in the communication map is larger than a preset threshold value, grouping the nodes in the communication map to obtain a plurality of node groups; wherein different node groups correspond to different processes;
and inquiring whether a risk item corresponding to the task object exists in a preset node risk relation table by using a first process based on the identification information of the task object carried by the nodes of the first node group in the plurality of node groups.
4. The method according to claim 1, wherein if the risk item corresponding to the task object is queried from the preset node risk relation table, after obtaining the risk item corresponding to the task object, the method further comprises:
Generating a risk portrait corresponding to the task object based on the risk item corresponding to the task object and the network access relation corresponding to the task object; the risk portrait is used for reflecting risk information in the task object.
5. The method of claim 1, wherein the generating the risk representation corresponding to the target communication graph task based on the risk item corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication graph comprises:
generating a risk portrait corresponding to the task object based on the risk item corresponding to the task object;
and generating the risk portraits corresponding to the target communication map tasks based on the risk portraits corresponding to the task objects and the network access relations between the task objects corresponding to the nodes in the communication map.
6. The method according to claim 1, wherein if the risk item corresponding to the task object is queried from the preset node risk relation table, after obtaining the risk item corresponding to the task object, the method further comprises:
determining associated nodes of the nodes corresponding to the task objects from a preset database corresponding to the task objects; the preset database stores data representing that the associated node and the node corresponding to the task object have a network access relationship, and the associated node does not belong to the node in the communication map;
Adding the association node to the communication map;
determining whether a risk item corresponding to the association node exists in the preset node risk relation table;
if the risk items corresponding to the association nodes exist in the preset node risk relation table, acquiring the risk items corresponding to the association nodes;
correspondingly, the generating the risk portrait corresponding to the target communication map task based on the risk item corresponding to the task object and the network access relation between the task objects corresponding to the nodes in the communication map includes:
and generating a risk portrait corresponding to the target communication map task based on the risk items corresponding to the task objects, the risk items corresponding to the associated nodes and the network access relation between the task objects corresponding to the nodes in the communication map.
7. The method of claim 1, wherein the generating the risk representation corresponding to the target communication graph task based on the risk item corresponding to the task object and the network access relationship between the task objects corresponding to the nodes in the communication graph comprises:
and inputting the risk items corresponding to the task objects and the network access relations among the task objects corresponding to the nodes in the communication map to a target detection model, and outputting the risk portraits corresponding to the target communication map tasks after the processing of the target detection model.
8. A risk discovery apparatus based on a communication map, the apparatus comprising:
the creating module is used for creating a communication map for the target communication map task; the nodes in the communication map correspond to task objects in the target communication map task, the nodes carry identification information of the corresponding task objects, edges in the communication map are used for representing network access relations among the task objects corresponding to the nodes on the edges, and the communication map is created based on core task objects in the target communication map task and task objects with network access relations with the core task objects;
the query module is used for querying whether a risk item corresponding to the task object exists in a preset node risk relation table or not based on the identification information of the task object carried by the node in the communication map; the risk relation table of the preset nodes stores the corresponding relation between the identification information of the risk task object and the risk item, wherein the risk item is used for representing that the node corresponding to the task object has risk;
the acquisition module is used for acquiring the risk item corresponding to the task object if the risk item corresponding to the task object is queried from the preset node risk relation table;
The adding module is used for determining associated nodes corresponding to the task objects with risk items and adding the associated nodes into the communication map;
the generation module is used for generating a risk portrait corresponding to the target communication map task based on the risk items corresponding to the task objects and the network access relation between the task objects corresponding to the nodes in the communication map; the risk portrait is used for reflecting risk information in the target communication map task;
the generation module is specifically configured to generate a risk portrait corresponding to the target communication map task based on a risk item corresponding to the task object, a risk item corresponding to the associated node, and a network access relationship between task objects corresponding to nodes in the communication map.
9. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein instructions, which when run on a terminal device, cause the terminal device to implement the method of any of claims 1-7.
10. A risk discovery apparatus based on a communication map, comprising: a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 1-7 when the computer program is executed.
CN202310036455.8A 2023-01-10 2023-01-10 Risk discovery method, device, equipment and storage medium based on communication map Active CN116010467B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310036455.8A CN116010467B (en) 2023-01-10 2023-01-10 Risk discovery method, device, equipment and storage medium based on communication map

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310036455.8A CN116010467B (en) 2023-01-10 2023-01-10 Risk discovery method, device, equipment and storage medium based on communication map

Publications (2)

Publication Number Publication Date
CN116010467A CN116010467A (en) 2023-04-25
CN116010467B true CN116010467B (en) 2024-02-02

Family

ID=86019093

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310036455.8A Active CN116010467B (en) 2023-01-10 2023-01-10 Risk discovery method, device, equipment and storage medium based on communication map

Country Status (1)

Country Link
CN (1) CN116010467B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109977680A (en) * 2019-03-13 2019-07-05 北京国舜科技股份有限公司 A kind of business datum security risk recognition methods and system
CN110162976A (en) * 2019-02-20 2019-08-23 腾讯科技(深圳)有限公司 Methods of risk assessment, device and terminal
CN110503236A (en) * 2019-07-08 2019-11-26 中国平安人寿保险股份有限公司 Risk Forecast Method, device, equipment and the storage medium of knowledge based map
CN111445121A (en) * 2020-03-24 2020-07-24 上海明略人工智能(集团)有限公司 Risk assessment method and apparatus, storage medium, and electronic apparatus
CN113242236A (en) * 2021-05-08 2021-08-10 国家计算机网络与信息安全管理中心 Method for constructing network entity threat map
CN113364802A (en) * 2021-06-25 2021-09-07 中国电子科技集团公司第十五研究所 Method and device for studying and judging security alarm threat
CN113704577A (en) * 2021-09-09 2021-11-26 北京天融信网络安全技术有限公司 Data query method and device based on multithreading concurrent processing

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11438361B2 (en) * 2019-03-22 2022-09-06 Hitachi, Ltd. Method and system for predicting an attack path in a computer network

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110162976A (en) * 2019-02-20 2019-08-23 腾讯科技(深圳)有限公司 Methods of risk assessment, device and terminal
CN109977680A (en) * 2019-03-13 2019-07-05 北京国舜科技股份有限公司 A kind of business datum security risk recognition methods and system
CN110503236A (en) * 2019-07-08 2019-11-26 中国平安人寿保险股份有限公司 Risk Forecast Method, device, equipment and the storage medium of knowledge based map
CN111445121A (en) * 2020-03-24 2020-07-24 上海明略人工智能(集团)有限公司 Risk assessment method and apparatus, storage medium, and electronic apparatus
CN113242236A (en) * 2021-05-08 2021-08-10 国家计算机网络与信息安全管理中心 Method for constructing network entity threat map
CN113364802A (en) * 2021-06-25 2021-09-07 中国电子科技集团公司第十五研究所 Method and device for studying and judging security alarm threat
CN113704577A (en) * 2021-09-09 2021-11-26 北京天融信网络安全技术有限公司 Data query method and device based on multithreading concurrent processing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
内部网络测绘关键技术研究;孙伟;中国博士学位论文全文数据库信息科技辑;I139-13 *

Also Published As

Publication number Publication date
CN116010467A (en) 2023-04-25

Similar Documents

Publication Publication Date Title
CN112543176A (en) Abnormal network access detection method, device, storage medium and terminal
CN112667778A (en) Information input method, device, equipment and storage medium combining RPA and AI
CN111475694A (en) Data processing method, device, terminal and storage medium
CN113810408A (en) Network attack organization detection method, device, equipment and readable storage medium
CN111488594A (en) Authority checking method and device based on cloud server, storage medium and terminal
CN111435367A (en) Knowledge graph construction method, system, equipment and storage medium
CN115238062A (en) Technical property right matching method and system
CN111666101A (en) Software homologous analysis method and device
CN110929185A (en) Website directory detection method and device, computer equipment and computer storage medium
CN107633080B (en) User task processing method and device
CN116010467B (en) Risk discovery method, device, equipment and storage medium based on communication map
CN106126670B (en) Operation data sorting processing method and device
CN110909072B (en) Data table establishment method, device and equipment
CN116578984A (en) Risk management and control method, system, equipment and medium for business data
CN112507725B (en) Static publishing method, device, equipment and storage medium of financial information
CN111444392B (en) Vulnerability library access method, device and equipment
KR102136222B1 (en) System and method for clustering graph data and computer program for the same
CN114510486A (en) Dimension table data processing method and device, electronic equipment and storage medium
CN113495723A (en) Method and device for calling functional component and storage medium
CN109740344B (en) Threat information model building method and device, electronic equipment and storage medium
CN112540820A (en) User interface updating method and device and electronic equipment
CN114398294B (en) Test method, test device, electronic equipment and storage medium
CN117034210B (en) Event image generation method and device, storage medium and electronic equipment
CN117609175B (en) Configurable industrial control file acquisition and analysis method and system
CN112486815B (en) Analysis method and device of application program, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant