CN116015951B - Time object matching method and device, electronic equipment and storage medium - Google Patents
Time object matching method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116015951B CN116015951B CN202211741474.2A CN202211741474A CN116015951B CN 116015951 B CN116015951 B CN 116015951B CN 202211741474 A CN202211741474 A CN 202211741474A CN 116015951 B CN116015951 B CN 116015951B
- Authority
- CN
- China
- Prior art keywords
- time
- window
- offset
- time object
- security event
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The disclosure provides a time object matching method, a device, electronic equipment and a storage medium, and relates to the technical field of security services. The method comprises the following steps: initializing time objects set by each preset strategy to obtain a set of window intervals of each time object; and matching the occurrence time of the security event with the set of window intervals of each time object, and acquiring the time objects corresponding to all preset strategies hit by the security event. By adopting the method, the matching efficiency of the time object can be improved.
Description
Technical Field
The disclosure relates to the technical field of security services, and in particular relates to a time object matching method, a device, electronic equipment and a storage medium.
Background
In the 5W model (who, when, where, what, why), time is a key item, and is applied to scenes such as access control strategies of firewall products, audit alarms of security audit products, security detection and anomaly analysis of other products and the like. There are various kinds of classification of time, one case is to divide time into a cycle time and a single time; the greater the number of policies in the system, the greater the number of matches, and therefore, the efficiency of the matches needs to be considered in the matching process.
In the prior art, the matching method of the time objects is to match the time objects one by one, for example, the time objects with four strategies are respectively: t1: cycle time, 9:00-11:30 per day; t2: cycle time, one, three, five, 9:30-12:00 per week; t3: cycle time, 5 days per month 10:00-14:00; t4: the single time, 2022-11, 9:30-17:30, has a time t when an event occurs, and needs to determine whether the event meets the time objects of the four strategies, and the existing matching mode is determined piece by piece. However, as the number of strategies increases, the number of tests to be matched increases linearly, the number of times of matching is large, and the matching process is complex, so that the matching efficiency is directly affected. Therefore, how to improve the matching efficiency of the time object is a problem to be solved currently.
Disclosure of Invention
In order to solve the technical problems described above or at least partially solve the technical problems described above, the present disclosure provides a time object matching method, a device, an electronic apparatus, and a storage medium.
In order to achieve the above object, the embodiment of the present disclosure provides the following technical solutions:
in a first aspect, embodiments of the present disclosure provide a method for time object matching, the method comprising:
initializing time objects set by each preset strategy to obtain a set of window intervals of each time object;
and matching the occurrence time of the security event with the set of window intervals of each time object, and acquiring the time objects corresponding to all preset strategies hit by the security event.
As an alternative implementation of the embodiment of the present disclosure, the time object includes: a single time object and a cycle time object.
As an optional implementation manner of the embodiment of the present disclosure, initializing the time objects set by each preset policy to obtain a set of window intervals of each time object includes:
determining a window period and a window offset coefficient; the window period represents a number of times included per day; the offset coefficient of the window represents the number of days contained in the time object;
converting each time object into a time interval represented by the window period, the offset coefficient of the window, and a first time parameter and a second time parameter which are smaller than the window period;
and splitting and combining each time object according to the offset coefficient of the window to obtain a set of a plurality of time intervals.
As an optional implementation manner of the embodiment of the present disclosure, splitting and merging each time object according to the offset coefficient of the window to obtain a set of multiple time intervals includes:
merging the time of the date and week coincidence in each time object;
and/or;
splitting the time of crossing the date and the week in each time object;
a set of time intervals is obtained.
As an alternative implementation of the embodiments of the present disclosure, the method further includes:
and initializing the time object of the determined target date, and merging or splitting the time objects corresponding to all the strategies into a target time interval.
As an optional implementation manner of the embodiment of the present disclosure, the matching the time of occurrence of the security event with the set of window intervals of each time object, to obtain time objects corresponding to all preset policies of the security event hit includes:
performing format conversion on the time of occurrence of the security event to obtain window offset of the time of occurrence of the security event and offset time in a window;
determining a time interval set of a target time object according to the window offset of the occurrence time of the security event;
and determining time objects corresponding to all strategies hit by the security event according to the offset time in the window of the occurrence time of the security event.
As an alternative implementation of the embodiments of the present disclosure, the method further includes:
and when the error is generated between the equipment time and the standard time or the time window of the time object is expired, re-initializing the time object set by each preset strategy.
In a second aspect, an embodiment of the present disclosure provides a time object matching apparatus, including:
the initialization module is used for initializing time objects set by each preset strategy and acquiring a set of window intervals of each time object;
and the time object matching module is used for matching the occurrence time of the security event with the set of window intervals of each time object and obtaining the time objects corresponding to all preset strategies hit by the security event.
As an alternative implementation of the embodiment of the present disclosure, the time object includes: a single time object and a cycle time object.
As an optional implementation manner of the embodiment of the present disclosure, the initialization module includes:
a parameter determining unit for determining a window period and a window offset coefficient; the window period represents a number of times included per day; the offset coefficient of the window represents the number of days contained in the time object;
a conversion unit for converting each time object into a time interval represented by the window period, the offset coefficient of the window, and a first time parameter and a second time parameter smaller than the window period;
and the merging and splitting unit is used for splitting and merging each time object according to the offset coefficient of the window to obtain a set of a plurality of time intervals.
As an optional implementation manner of the embodiment of the present disclosure, the merging and splitting unit is specifically configured to:
merging the time of the date and week coincidence in each time object;
and/or;
splitting the time of crossing the date and the week in each time object;
a set of time intervals is obtained.
As an optional implementation manner of the embodiment of the present disclosure, the merging and splitting unit is further configured to:
and initializing the time object of the determined target date, and merging or splitting the time objects corresponding to all the strategies into a target time interval.
As an optional implementation manner of the embodiment of the present disclosure, the time object matching module is specifically configured to:
performing format conversion on the time of occurrence of the security event to obtain window offset of the time of occurrence of the security event and offset time in a window;
determining a time interval set of a target time object according to the window offset of the occurrence time of the security event;
and determining time objects corresponding to all strategies hit by the security event according to the offset time in the window of the occurrence time of the security event.
As an alternative implementation of the disclosed embodiment, the apparatus further includes:
and the reinitialization module is used for reinitializing the time objects set by each preset strategy when the error is generated between the equipment time and the standard time or the time window of the time object is out of date.
In a third aspect, an embodiment of the present disclosure provides an electronic device, including a memory and a processor, where the memory stores a computer program, and the processor implements the method for matching a time object according to the first aspect or any implementation manner of the first aspect when executing the computer program.
In a fourth aspect, an embodiment of the present disclosure provides a computer readable storage medium, on which a computer program is stored, the computer program implementing the time object matching method according to the first aspect or any implementation manner of the first aspect when the computer program is executed by a processor.
The time object matching method provided by the disclosure initializes the time objects set by each preset strategy, acquires a set of window intervals of each time object, matches the time of occurrence of the security event with the set of window intervals of each time object, and acquires time objects corresponding to all preset strategies hit by the security event. The time objects set by all strategies are initialized to form a grouping array required in the time matching process, the time of the security event is compared with the time of the grouping array, and the preset strategies hit in the time of the security event can be determined through one comparison, so that the matching efficiency of the time objects is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments of the present disclosure or the solutions in the prior art, the drawings that are required for the description of the embodiments or the prior art will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a flow chart of a method for matching time objects in one embodiment;
FIG. 2a is one of the interface diagrams for adding cycle time in the time object matching method according to one embodiment;
FIG. 2b is a second interface diagram of adding cycle time in a time object matching method according to one embodiment;
FIG. 2c is a schematic diagram of an interface for adding a single time in a time object matching method according to an embodiment;
FIG. 3 is a schematic diagram of a time object matching device in one embodiment;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, a further description of aspects of the present disclosure will be provided below. It should be noted that, without conflict, the embodiments of the present disclosure and features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced otherwise than as described herein; it will be apparent that the embodiments in the specification are only some, but not all, embodiments of the disclosure.
Relational terms such as first and second, and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions in the present disclosure and claims.
In the presently disclosed embodiments, the words "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g." in the examples of this disclosure should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion. Furthermore, in the description of the embodiments of the present disclosure, unless otherwise indicated, the meaning of "a plurality" means two or more.
The time object is applied in access control policies and security audit policies, for example, in firewall products, defining a typical scenario for a guarded control policy: the source Ip address accesses the destination service of the destination Ip address within a specified time range, and the protection wall allows or denies the access. In security audit products, a typical scenario for an audit policy is defined: the source IP address accesses the destination service of the destination IP address within a specified time range, executes specified operation, audits the operation behavior for security audit, and responds according to a strategy defined by a user. The matching times of time are closely related to the number of strategies and the access times of the security events, and the more the number of strategies is set in the system, the more the times of each security event needs to be matched; the greater the number of security event accesses, the greater the number of matches that the time object needs to be made. For example, 10 policies in the firewall have access time intervals, and the new speed of the traffic is 1 ten thousand times/second, and the matching times for the time object are: 10 x 1 ten thousand bars/second=10 ten thousand times/second. Therefore, the efficiency of matching needs to be considered in the matching process of the time objects.
In the prior art, the matching method of the time objects is to match the time objects one by one, for example, the time objects with four strategies are respectively: t1: cycle time, 9:00-11:30 per day; t2: cycle time, one, three, five, 9:30-12:00 per week; t3: cycle time, 5 days per month 10:00-14:00; t4: the single time, 2022-11, 9:30-17:30, has an event time t, and needs to determine whether the event meets the time object of the four policies, and the existing matching steps are: firstly, converting the time t of event occurrence into a time offset comprising the year, month, day and day, and assuming that the converted time format is t1; then, respectively matching T1 with T1, T2, T3 and T4 according to the characteristics of the cycle time and the single time, and obtaining a comparison result; and finally, determining whether the matching is successful or not according to the comparison result. However, this approach has the following drawbacks: first, as the number of policy settings increases, the number of tests matched increases linearly, and if the magnitude of the received traffic in the device is large, the number of matches increases in product level; secondly, as the matching times are increased, the matching process is also complicated, when single time objects are matched, the boundary values of the starting time and the ending time are required to be matched, the starting time is matched firstly, then the ending time is matched, the matching is equivalent to two times, and the matching is successful in the time interval range set by the strategy; according to the matching mode, the matching method is not friendly enough from the aspects of code implementation and code maintenance, and each matching period link and branch are more from the aspect of machine execution matching, so that the optimization of the pipeline level is difficult to achieve, and the matching efficiency is affected.
The present disclosure provides a time object matching method, in an initialization stage, a method of setting window offset and window size is adopted, a method of representing time objects set by each policy is converted, and each time object is combined and split, so that the time outside a specific time window is screened out, and the time in the window is split, combined and grouped to form a time interval group required in the time matching process; in the time matching stage, the time stamp of the security event is converted into a window offset and offset time in the window, a time interval set of the target time object is determined by using the window offset, and then the time objects corresponding to all strategies hit by the security event are searched according to the offset time in the window.
When the time of occurrence of a plurality of security events needs to be matched with time objects set by a plurality of strategies, each matching period is of fixed duration, namely, the time of occurrence of each security event is matched with a set of window intervals of each time object, and finally, the time objects corresponding to all strategies hit by each security event are obtained.
In one embodiment, as shown in fig. 1, there is provided a time object matching method, including the steps of:
s11, initializing time objects set by each preset strategy, and acquiring a set of window intervals of each time object.
The preset policy may be an access control policy, a security audit policy, a firewall policy, etc.
Optionally, the time object includes: a single time object and a cycle time object.
Wherein a single time object may be understood as a certain period of a certain day or a certain period of a certain month; a cycle time object can be understood as a period of time that is periodically cycled through by week, date, etc.
By way of example, the single time object may be 2022-11, 9:30-17:30; the cycle time object may be 9:30-11:30 per day; or every week, three, five, 9:30-12:00; it may also be 5 days per month 10:00-14:00, etc., and the single time object and the cycle time object are only exemplified herein without specific limitation.
Specifically, in the initialization phase, all time objects are initialized into a data structure that facilitates efficient matching. That is, all time objects are represented by window offset values, start times and end times within a window.
Illustratively, the cycle time object is 9:00-12:00 per day, which can be represented as interval 86400 x k+ [ 32400,43200 ]. Where k is a natural number and represents the number of days.
And S12, matching the occurrence time of the security event with the set of window intervals of each time object, and acquiring the time objects corresponding to all preset strategies hit by the security event.
Specifically, when a new access behavior occurs, converting the time of the occurrence of the access behavior into a window offset k1 and an offset time t in the window, if k1 is consistent with k, searching packet information by using t, and obtaining time objects corresponding to all preset strategies hit by the access behavior.
The time object matching method provided by the disclosure initializes the time objects set by each preset strategy, acquires a set of window intervals of each time object, matches the time of occurrence of the security event with the set of window intervals of each time object, and acquires time objects corresponding to all preset strategies hit by the security event. The time objects set by all strategies are initialized to form a grouping array required in the time matching process, the time of the security event is compared with the time of the grouping array, and the preset strategies hit in the time of the security event can be determined through one comparison, so that the matching efficiency of the time objects is improved.
In some embodiments, the implementation manner of step S11 (initializing the time objects set by each preset policy and obtaining the set of window intervals of each time object) may include:
a. a window period and a window offset coefficient are determined.
Wherein the window period represents the number of times included per day, and the offset coefficient of the window represents the number of days included in the time object.
Specifically, the window period may be set to T, and the offset coefficient of the window may be set to k. For example, if T is 24 hours, the offset coefficient k of the window is the number of days. Where k is a set of natural numbers.
For example, using seconds as the minimum time scale to represent T, t=24×60×60=86400.
b. Each time object is converted into a time interval represented by the window period, the offset coefficient of the window, and a first time parameter and a second time parameter smaller than the window period.
Wherein the first time parameter represents a start time within the window and the second time parameter represents an end time within the window.
Specifically, since there are a plurality of preset policies, there may be a plurality of time objects set by each policy, each time object is converted into a time interval represented by a window period T, a window offset coefficient k, and a first time parameter a and a second time parameter b smaller than the window period.
Illustratively, referring to FIG. 2a, one of the cycle time objects is shown: for example, 9:00-12:00 a day, can be expressed as intervals: when k is equal to t1+9 and k is equal to t1+12, where k is a set of natural numbers, and T is represented by using seconds as a minimum time scale, the interval may be represented by 86400 x k+ [ 32400,43200 ]. If a single time object is required to be represented, the coefficient k is some constant of natural number.
c. And splitting and combining each time object according to the offset coefficient of the window to obtain a set of a plurality of time intervals.
Specifically, according to the offset coefficient of the window, the first parameter a and the second parameter b of all the time objects conforming to the offset coefficient k are combined and split.
In some embodiments, splitting and merging each time object according to the offset coefficient of the window, and obtaining the set of multiple time intervals may be implemented as follows:
merging the time of the date and week coincidence in each time object;
and/or;
splitting the time of crossing the date and the week in each time object;
a set of time intervals is obtained.
Illustratively, referring to FIG. 2a, the time object T1 is time object T1 in one cycle: 9:00-12:00 a day as an example; referring to fig. 2b, the time object T2 is shown with one cycle: 9:00-12:00 per week as an example; referring to fig. 2c, shown with a single time object T3: 2022-10-15:00-2022-10-19:00:00 are examples. When the offset coefficient is determined to be k, the day is week but the time of day is not 2022-10-17 days, then the two time objects of T1 and T2 are combined into a group, assumed to be G1, and the two time objects are associated to G1. When the offset coefficient is determined to be k, the current day is not monday, but T1 and T3 have overlapping parts, and T1 and T3 are combined; t1 and T3 have intersecting portions that need to be split into two sets of time periods, e.g., G1 for [ 9:00, 12:00 ], and G2 for [ 12:00,18:00 ].
In some embodiments, the time object for determining the target date is initialized, and the time objects corresponding to all policies are merged or split into the target time interval.
Specifically, the time object of a certain day is determined to be initialized, and the time objects in all access control strategies are combined or split into a specified time window. Firstly, creating 86400-sized arrays A, wherein each array corresponds to a group ID, and the group is based on the ID of an access control strategy; then, a window offset coefficient is specified, a cycle time object or a single time object is judged, and according to the cycle conditions of the cycle time object, for example, monday, tuesday, friday and the like every week; or, 1 day, 15 days, 20 days, etc. of each month, it is determined whether the cycle time is merged or split into array a.
In some embodiments, the implementation manner of step S12 (matching the time of occurrence of the security event with the set of window intervals of the respective time objects, and obtaining the time objects corresponding to all preset policies hit by the security event) may include:
performing format conversion on the time of occurrence of the security event to obtain window offset of the time of occurrence of the security event and offset time in a window;
determining a time interval set of a target time object according to the window offset of the occurrence time of the security event;
and determining time objects corresponding to all strategies hit by the security event according to the offset time in the window of the occurrence time of the security event.
Specifically, when a new access behavior of a security event occurs, converting the time of the access behavior into a window offset k1 and an offset time t1 in the window, if k1 is consistent with k, searching grouping information by using t1, and obtaining time objects corresponding to all preset strategies hit by the access behavior.
In some embodiments, when the device time is in error with the standard time, or when the time window of the time object expires, the time object set by each preset policy is reinitialized.
Specifically, a situation is that after the device is operated for a period of time, for example, after the device is operated for one year, the device time is different from the standard time by 5 minutes, and in this case, the time objects set by each preset policy need to be initialized again according to the above method. Yet another case is that the time window expires, i.e. the time of day has passed, into the next time window, e.g. today is friday, the time object of the preset policy setting is: the time window from monday to friday is expired, and the time object is not matched when tomorrow is Saturday, and in this case, the time objects set by the preset strategies need to be initialized again according to the method.
The time object matching method provided by the disclosure initializes the time objects set by each preset strategy, acquires a set of window intervals of each time object, matches the time of occurrence of the security event with the set of window intervals of each time object, and acquires time objects corresponding to all preset strategies hit by the security event. The time objects set by all strategies are initialized to form a grouping array required in the time matching process, the time of the security event is compared with the time of the grouping array, and the preset strategies hit in the time of the security event can be determined through one comparison, so that the matching efficiency of the time objects is improved.
When the time of occurrence of a plurality of security events needs to be matched with time objects set by a plurality of strategies, each matching period is of fixed duration, namely, the time of occurrence of each security event is matched with a set of window intervals of each time object, and finally, the time objects corresponding to all strategies hit by each security event are obtained.
In one embodiment, as shown in FIG. 3, there is provided a time object matching apparatus 300 comprising:
an initialization module 310, configured to initialize time objects set by each preset policy, and obtain a set of window intervals of each time object;
the time object matching module 320 is configured to match the time of occurrence of the security event with the set of window intervals of each time object, and obtain time objects corresponding to all preset policies hit by the security event.
As an alternative implementation of the embodiment of the present disclosure, the time object includes: a single time object and a cycle time object.
As an alternative implementation manner of the embodiment of the present disclosure, the initialization module 310 includes:
a parameter determining unit for determining a window period and a window offset coefficient; the window period represents a number of times included per day; the offset coefficient of the window represents the number of days contained in the time object;
a conversion unit for converting each time object into a time interval represented by the window period, the offset coefficient of the window, and a first time parameter and a second time parameter smaller than the window period;
and the merging and splitting unit is used for splitting and merging each time object according to the offset coefficient of the window to obtain a set of a plurality of time intervals.
As an optional implementation manner of the embodiment of the present disclosure, the merging and splitting unit is specifically configured to:
merging the time of the date and week coincidence in each time object;
and/or;
splitting the time of crossing the date and the week in each time object;
a set of time intervals is obtained.
As an optional implementation manner of the embodiment of the present disclosure, the merging and splitting unit is further configured to:
and initializing the time object of the determined target date, and merging or splitting the time objects corresponding to all the strategies into a target time interval.
As an optional implementation manner of the embodiment of the present disclosure, the time object matching module 320 is specifically configured to:
performing format conversion on the time of occurrence of the security event to obtain window offset of the time of occurrence of the security event and offset time in a window;
determining a time interval set of a target time object according to the window offset of the occurrence time of the security event;
and determining time objects corresponding to all strategies hit by the security event according to the offset time in the window of the occurrence time of the security event.
As an alternative implementation of the disclosed embodiment, the apparatus further includes:
and the reinitialization module is used for reinitializing the time objects set by each preset strategy when the error is generated between the equipment time and the standard time or the time window of the time object is out of date.
By applying the time object matching device provided by the embodiment of the disclosure, the time objects set by each preset strategy are initialized, the set of window intervals of each time object is obtained, the time of occurrence of the security event is matched with the set of window intervals of each time object, and the time objects corresponding to all preset strategies hit by the security event are obtained. The time objects set by all strategies are initialized to form a grouping array required in the time matching process, the time of the security event is compared with the time of the grouping array, and the preset strategies hit in the time of the security event can be determined through one comparison, so that the matching efficiency of the time objects is improved.
For specific limitations of the time object matching device, reference may be made to the above limitation of the time object matching method, and no further description is given here. The respective modules in the above-described time object matching apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be stored in software in a processor of the electronic device, so that the processor may call and execute operations corresponding to the above modules.
The embodiment of the disclosure also provides an electronic device, and fig. 4 is a schematic structural diagram of the electronic device provided by the embodiment of the disclosure. As shown in fig. 4, the electronic device provided in this embodiment includes: a memory 41 and a processor 42, the memory 41 for storing a computer program; the processor 42 is configured to perform the steps performed by any of the embodiments of the time object matching methods provided by the method embodiments described above when the computer program is invoked. The electronic device comprises a processor, a memory, a communication interface, a display screen and an input device which are connected through a system bus. Wherein the processor of the electronic device is configured to provide computing and control capabilities. The memory of the electronic device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The computer program is executed by a processor to implement a time object matching method. The display screen of the electronic equipment can be a liquid crystal display screen or an electronic ink display screen, the input device of the electronic equipment can be a touch layer covered on the display screen, can also be a key, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 4 is merely a block diagram of a portion of the architecture associated with the disclosed aspects and is not limiting of the computer device to which the disclosed aspects apply, and that a particular electronic device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, the time object matching apparatus provided in the present disclosure may be implemented in the form of a computer, and the computer program may be executed on an electronic device as shown in fig. 4. The memory of the electronic device may store various program modules constituting the time object matching means of the electronic device, such as the initialization module 310 and the time object matching module 320 shown in fig. 3. The computer program constituted by the respective program modules causes the processor to execute the steps in the time object matching method of the electronic device of the respective embodiments of the present disclosure described in the present specification.
The embodiment of the present disclosure also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the time object matching method provided by the above method embodiment.
It will be appreciated by those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied therein.
The processor may be a central decision unit (CentralProcessingUnit, CPU), but may also be other general purpose processors, digital signal processors (DigitalSignalProcessor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash memory (flashRAM). Memory is an example of a computer-readable medium.
Computer readable media include both non-transitory and non-transitory, removable and non-removable storage media. Storage media may embody any method or technology for storage of information, which may be computer readable instructions, data structures, program modules, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transshipment) such as modulated data signals and carrier waves.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing is merely a specific embodiment of the disclosure to enable one skilled in the art to understand or practice the disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown and described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. A method of time object matching comprising:
determining a window period and a window offset coefficient; the window period represents a number of times included per day; the offset coefficient of the window represents the number of days contained in the time object;
converting each time object into a time interval represented by the window period, the offset coefficient of the window, and a first time parameter and a second time parameter which are smaller than the window period;
splitting and combining each time object according to the offset coefficient of the window to obtain a set of a plurality of time intervals;
performing format conversion on the time of occurrence of the security event to obtain window offset of the time of occurrence of the security event and offset time in a window;
determining a time interval set of a target time object according to the window offset of the occurrence time of the security event;
and determining time objects corresponding to all strategies hit by the security event according to the offset time in the window of the occurrence time of the security event.
2. The method of claim 1, wherein the time object comprises: a single time object and a cycle time object.
3. The method of claim 1, wherein splitting and merging each time object according to the offset coefficient of the window to obtain the set of multiple time intervals includes:
merging the time of the date and week coincidence in each time object;
and/or;
splitting the time of crossing the date and the week in each time object;
a set of time intervals is obtained.
4. A method according to claim 3, characterized in that the method further comprises:
and initializing the time object of the determined target date, and merging or splitting the time objects corresponding to all the strategies into a target time interval.
5. The method according to claim 1, wherein the method further comprises:
and when the error is generated between the equipment time and the standard time or the time window of the time object is expired, re-initializing the time object set by each preset strategy.
6. A time object matching device, the device comprising:
the initialization module is used for determining a window period and a window offset coefficient; the window period represents a number of times included per day; the offset coefficient of the window represents the number of days contained in the time object;
converting each time object into a time interval represented by the window period, the offset coefficient of the window, and a first time parameter and a second time parameter which are smaller than the window period;
splitting and combining each time object according to the offset coefficient of the window to obtain a set of a plurality of time intervals;
the time object matching module is used for carrying out format conversion on the time of occurrence of the security event and acquiring the window offset of the time of occurrence of the security event and the offset time in the window;
determining a time interval set of a target time object according to the window offset of the occurrence time of the security event;
and determining time objects corresponding to all strategies hit by the security event according to the offset time in the window of the occurrence time of the security event.
7. An electronic device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the time object matching method of any of claims 1 to 5 when executing the computer program.
8. A computer readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, implements the time object matching method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211741474.2A CN116015951B (en) | 2022-12-31 | 2022-12-31 | Time object matching method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211741474.2A CN116015951B (en) | 2022-12-31 | 2022-12-31 | Time object matching method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116015951A CN116015951A (en) | 2023-04-25 |
| CN116015951B true CN116015951B (en) | 2023-08-29 |
Family
ID=86035142
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211741474.2A Active CN116015951B (en) | 2022-12-31 | 2022-12-31 | Time object matching method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116015951B (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004096559A (en) * | 2002-09-02 | 2004-03-25 | Matsushita Electric Ind Co Ltd | Window decision method and radio base station equipment |
| CN101013436A (en) * | 2007-01-25 | 2007-08-08 | 无敌科技(西安)有限公司 | Method and system for converting text data of different formats to uniform format |
| CN103684814A (en) * | 2012-09-04 | 2014-03-26 | 中兴通讯股份有限公司 | Method and device for comparing data of communication system |
| CN106528880A (en) * | 2016-12-14 | 2017-03-22 | 云南电网有限责任公司电力科学研究院 | Normalizing method and system for data structure format of multi-source power service data |
| CN107888584A (en) * | 2017-11-07 | 2018-04-06 | 北京亿赛通网络安全技术有限公司 | A kind of network audit system and its data processing method |
| CN110188872A (en) * | 2019-06-05 | 2019-08-30 | 北京灵汐科技有限公司 | A kind of isomery cooperative system and its communication means |
| CN110298740A (en) * | 2019-06-24 | 2019-10-01 | 深圳乐信软件技术有限公司 | Data account checking method, device, equipment and storage medium |
| CN111345808A (en) * | 2018-12-24 | 2020-06-30 | Zoll医疗公司 | Method for processing electrocardiosignal, electrocardiosignal monitoring device and storage medium |
| AU2019201825A1 (en) * | 2019-03-15 | 2020-10-01 | Canon Kabushiki Kaisha | Multi-scale alignment pattern |
| CN112118261A (en) * | 2020-09-21 | 2020-12-22 | 杭州迪普科技股份有限公司 | Session violation access detection method and device |
| CN112434097A (en) * | 2020-11-30 | 2021-03-02 | 中国建设银行股份有限公司 | License time conversion method, device, electronic equipment and medium |
| EP3796333A1 (en) * | 2019-09-20 | 2021-03-24 | IQVIA Inc. | Unbiased etl system for timed medical event prediction |
| CN114710368A (en) * | 2022-06-06 | 2022-07-05 | 杭州安恒信息技术股份有限公司 | Security event detection method and device and computer readable storage medium |
| CN115168462A (en) * | 2022-05-17 | 2022-10-11 | 阿里巴巴(中国)有限公司 | Method for determining target object, data storage method and corresponding device |
| CN115209437A (en) * | 2021-04-08 | 2022-10-18 | 大唐移动通信设备有限公司 | DRX configuration method, device and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9336294B2 (en) * | 2013-09-04 | 2016-05-10 | International Business Machines Corporation | Autonomically defining hot storage and heavy workloads |
| US10643101B2 (en) * | 2015-07-09 | 2020-05-05 | Texas Instruments Incorporated | Window grouping and tracking for fast object detection |
| US11620298B2 (en) * | 2020-04-28 | 2023-04-04 | International Business Machines Corporation | Method for scalable mining of temporally correlated events |
| US20220076170A1 (en) * | 2020-09-08 | 2022-03-10 | Lyft, Inc. | Utilizing provider device efficiency metrics to select a provider device for a future time window |
-
2022
- 2022-12-31 CN CN202211741474.2A patent/CN116015951B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004096559A (en) * | 2002-09-02 | 2004-03-25 | Matsushita Electric Ind Co Ltd | Window decision method and radio base station equipment |
| CN101013436A (en) * | 2007-01-25 | 2007-08-08 | 无敌科技(西安)有限公司 | Method and system for converting text data of different formats to uniform format |
| CN103684814A (en) * | 2012-09-04 | 2014-03-26 | 中兴通讯股份有限公司 | Method and device for comparing data of communication system |
| CN106528880A (en) * | 2016-12-14 | 2017-03-22 | 云南电网有限责任公司电力科学研究院 | Normalizing method and system for data structure format of multi-source power service data |
| CN107888584A (en) * | 2017-11-07 | 2018-04-06 | 北京亿赛通网络安全技术有限公司 | A kind of network audit system and its data processing method |
| CN111345808A (en) * | 2018-12-24 | 2020-06-30 | Zoll医疗公司 | Method for processing electrocardiosignal, electrocardiosignal monitoring device and storage medium |
| AU2019201825A1 (en) * | 2019-03-15 | 2020-10-01 | Canon Kabushiki Kaisha | Multi-scale alignment pattern |
| CN110188872A (en) * | 2019-06-05 | 2019-08-30 | 北京灵汐科技有限公司 | A kind of isomery cooperative system and its communication means |
| CN110298740A (en) * | 2019-06-24 | 2019-10-01 | 深圳乐信软件技术有限公司 | Data account checking method, device, equipment and storage medium |
| EP3796333A1 (en) * | 2019-09-20 | 2021-03-24 | IQVIA Inc. | Unbiased etl system for timed medical event prediction |
| CN112118261A (en) * | 2020-09-21 | 2020-12-22 | 杭州迪普科技股份有限公司 | Session violation access detection method and device |
| CN112434097A (en) * | 2020-11-30 | 2021-03-02 | 中国建设银行股份有限公司 | License time conversion method, device, electronic equipment and medium |
| CN115209437A (en) * | 2021-04-08 | 2022-10-18 | 大唐移动通信设备有限公司 | DRX configuration method, device and storage medium |
| CN115168462A (en) * | 2022-05-17 | 2022-10-11 | 阿里巴巴(中国)有限公司 | Method for determining target object, data storage method and corresponding device |
| CN114710368A (en) * | 2022-06-06 | 2022-07-05 | 杭州安恒信息技术股份有限公司 | Security event detection method and device and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 一种基于JSON的防火墙策略标准化及优化方法;许珂;杨旭东;范玉强;;电力信息与通信技术(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116015951A (en) | 2023-04-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220004546A1 (en) | System for automatically discovering, enriching and remediating entities interacting in a computer network | |
| CN109639751B (en) | Block chain link point monitoring method, device and system and computer storage medium | |
| CN101853346A (en) | Virtual machine snapshot and damage suppress | |
| US10284660B1 (en) | Data flow tokens to trace execution of services in a service provider network | |
| US8656224B2 (en) | Network fault management in busy periods | |
| US9626328B1 (en) | Method and system for on-demand aggregated logging for distributed systems | |
| US11048803B2 (en) | Portable security testing device | |
| CN110795311A (en) | Event playback method and device | |
| CN111953648A (en) | Data processing method and device based on block chain prediction machine and electronic equipment | |
| CN113360947A (en) | Data desensitization method and device, computer readable storage medium and electronic equipment | |
| US20210160272A1 (en) | Methods and apparatus for defending against exploitation of vulnerable software | |
| CN116015951B (en) | Time object matching method and device, electronic equipment and storage medium | |
| US20100257010A1 (en) | Managing a service oriented architecture lifecycle | |
| Baiardi et al. | Twin based continuous patching to minimize cyber risk | |
| Bellavista et al. | GAMESH: a grid architecture for scalable monitoring and enhanced dependable job scheduling | |
| CN115297024B (en) | Performance test method and device of network security equipment and electronic equipment | |
| CN111131474A (en) | Method, device and medium for managing user protocol based on block chain | |
| US20220405871A1 (en) | Operation information management method and information processing apparatus | |
| CN113703996B (en) | Access control method, equipment and medium based on user and YANG model grouping | |
| Hartmanns et al. | Tweaking the odds in probabilistic timed automata | |
| US11347533B2 (en) | Enhanced virtual machine image management system | |
| US9256473B1 (en) | Provision a virtual environment based on topology of virtual nodes, node dependencies and base node configuration information | |
| Guha et al. | SARP: self aware runtime protection against integrity attacks of hardware trojans | |
| CN111008862A (en) | Survey questionnaire information acquisition method, device and medium based on block chain | |
| CN114024735B (en) | Multi-task parallel feature library testing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |