CN116126808A - Behavior log recording method, device, computer equipment and storage medium - Google Patents
Behavior log recording method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN116126808A CN116126808A CN202310165576.2A CN202310165576A CN116126808A CN 116126808 A CN116126808 A CN 116126808A CN 202310165576 A CN202310165576 A CN 202310165576A CN 116126808 A CN116126808 A CN 116126808A
- Authority
- CN
- China
- Prior art keywords
- behavior data
- behavior
- sensitive
- data
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/1734—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/546—Message passing systems or structures, e.g. queues
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention relates to a behavior log recording method, a behavior log recording device, computer equipment and a storage medium, wherein the behavior log recording method comprises the following steps: monitoring the execution of an application program to operate, and obtaining behavior data generated according to the operation behavior; inputting the behavior data into a preconfigured analysis model, and judging whether the behavior data is sensitive behavior data or not; if the behavior data are sensitive behavior data, storing the behavior data into a preset cache area, wherein a plurality of sensitive behaviors are stored in the preset storage area; sending an asynchronous request message to a behavior log manager, wherein the asynchronous request message is used for requesting to send the sensitive behavior data to the log manager; after receiving the response message of the log manager, sending the sensitive behavior data to a message queue; and taking out the sensitive behavior data from the message queue and writing the sensitive behavior data into the log manager. The method can better support the storage requirement of the security audit.
Description
Technical Field
The present invention relates to the field of testing, and in particular, to a behavior log recording method, apparatus, computer device, and storage medium.
Background
As a conventionally developed business application system, a series of operation interfaces are provided to users to accomplish specific functions. Under these primary functions, security or auditing may place additional demands such as the need to record each user's behavior, what actions are taken at what time, for later security auditing or optimization.
The conventional approach is to print these actions as a log into the current server as the user operates certain functions. The reverse can also fulfill the requirement, but the files of the printing mode are scattered in each server, which is unfavorable for collecting statistics. If the security proposes to record the behavior log into other storage systems, a series of transformation and development are inevitably performed, and the development is not facilitated.
Disclosure of Invention
Based on this, it is necessary to provide a behavior logging method, apparatus, computer device, and storage medium.
A behavioral logging method, comprising:
monitoring an application program to execute operation behaviors, and obtaining behavior data generated according to the operation behaviors, wherein the behavior data comprises one or a combination of user identification, operation behavior event, time stamp and operation time value;
inputting the behavior data into a preconfigured analysis model, and judging whether the behavior data is sensitive behavior data or not;
if the behavior data are sensitive behavior data, storing the behavior data into a preset cache area, wherein a plurality of sensitive behaviors are stored in the preset storage area;
sending an asynchronous request message to a behavior log manager, wherein the asynchronous request message is used for requesting to send the sensitive behavior data to the log manager;
after receiving the response message of the log manager, sending the sensitive behavior data to a message queue;
and taking out the sensitive behavior data from the message queue and writing the sensitive behavior data into the log manager.
In one embodiment, the acquiring behavior data generated according to the operation behavior includes:
acquiring behavior data of different embedded point objects reported in real time based on preset embedded point parameters;
wherein the different buried point objects include: at least one of an H5 page, an applet, an APP client and a PC client displayed by a browser; the preset buried point parameters comprise: at least one of the different attribute fields and the attribute screening conditions.
In one embodiment, the inputting the behavior data into a preconfigured analysis model, and determining whether the behavior data is sensitive behavior data includes:
extracting a time stamp, an operation time value and an operation behavior event of the behavior data;
extracting features of the timestamp, the operation time value and the operation behavior event to obtain a feature vector of the behavior data;
invoking an analysis model to conduct label prediction on the feature vector to obtain a label of the behavior data, wherein the analysis model is generated by conducting model training on the behavior data carrying the label;
judging whether the behavior data is sensitive behavior data according to the labels of the behavior data.
In one embodiment, the determining, according to the tag of the behavior data, whether the behavior data is sensitive behavior data includes:
judging whether the behavior data is sensitive behavior data or not according to the corresponding relation between preset labels and the frequency and/or the number of the behavior data in the preset time period.
In one embodiment, the message queues include different topic queues, the different topic queues corresponding to behavior data of different operational behavior events;
the sending the sensitive behavior data to a message queue includes:
and sending the sensitive behavior data to a theme queue corresponding to the operation behavior event type in the message queue.
In one embodiment, after the sensitive behavior data is fetched from the message queue and written to the log manager, the method further comprises:
determining a class group to which the behavior data belong according to an operation behavior event;
analyzing a user identifier from the sensitive behavior data stored in a preset time period, and determining behavior data corresponding to the same user identifier;
and determining the operation behavior sequence of the user according to the operation behavior event and the class group of the behavior data belonging to the same user.
In one embodiment, the determining the operation behavior sequence of the user according to the operation behavior event and the class group of the behavior data belonging to the same user includes:
determining an initial sequence according to the operation behavior events and the class groups recorded by the logs belonging to the same user based on the sequence of the time stamps;
and dividing the initial sequence into subsequences according to the operation time value, and determining at least one subsequence as the operation behavior sequence of the user.
A behavioral logging apparatus, the testing apparatus comprising:
the data acquisition unit is used for monitoring the execution operation behaviors of the application program and acquiring behavior data generated according to the operation behaviors, wherein the behavior data comprises one or a combination of user identification, operation behavior event, time stamp and operation time value;
the data analysis unit is used for inputting the behavior data into a preconfigured analysis model and judging whether the behavior data are sensitive behavior data or not;
the data caching unit is used for storing the behavior data in a preset caching area if the behavior data are sensitive behavior data, and a plurality of sensitive behaviors are stored in the preset storage area;
a transmission request unit, configured to send an asynchronous request message to a behavior log manager, where the asynchronous request message is used to request to send the sensitive behavior data to the log manager;
the data transmission unit is used for transmitting the sensitive behavior data to a message queue after receiving the response message of the log manager;
and the data caching unit is used for taking out the sensitive behavior data from the message queue and writing the sensitive behavior data into the log manager.
A computer device comprising a memory and a processor, the memory having stored therein computer readable instructions which, when executed by the processor, cause the processor to perform the steps of the behavioural logging method described above.
A storage medium storing computer readable instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of the behavioural logging method described above.
The behavior log recording method, the behavior log recording device, the computer equipment and the storage medium are used for acquiring behavior data generated according to the operation behaviors by monitoring the execution of the operation behaviors by an application program, wherein the behavior data comprise one or a combination of user identification, operation behavior event, time stamp and operation time value; inputting the behavior data into a preconfigured analysis model, and judging whether the behavior data is sensitive behavior data or not; if the behavior data are sensitive behavior data, storing the behavior data into a preset cache area, wherein a plurality of sensitive behaviors are stored in the preset storage area; sending an asynchronous request message to a behavior log manager, wherein the asynchronous request message is used for requesting to send the sensitive behavior data to the log manager; after receiving the response message of the log manager, sending the sensitive behavior data to a message queue; and taking out the sensitive behavior data from the message queue and writing the sensitive behavior data into the log manager. Therefore, the behavior collector does not need to worry about influencing the user operation, and the completely decoupled model design ensures that the behavior collector has the least influence on the user operation; the unified MQ pushes the collector, so that the phenomenon that the behavior logs are scattered in each business server in the original printing log mode is avoided, and the behavior logs are collected by the MQ in a unified way and pushed in a unified way; the storage interface layer at the back end supports more memories by supporting users in a configuration mode, and better supports the storage requirement of security audit.
Drawings
FIG. 1 is a schematic diagram of an application environment of a method for behavior logging according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for performing journaling according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a log recording device according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a computer device according to an embodiment of the present invention;
fig. 5 is a schematic diagram of another configuration of a computer device according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The behavior log recording method provided by the embodiment of the invention can be applied to an application environment as shown in fig. 1, wherein a client communicates with a server through a network. The method comprises the steps that a server side can monitor an application program through a client side to execute operation behaviors, and behavior data generated according to the operation behaviors are obtained, wherein the behavior data comprise one or a combination of user identification, operation behavior event, time stamp and operation time value; inputting the behavior data into a preconfigured analysis model, and judging whether the behavior data is sensitive behavior data or not; if the behavior data are sensitive behavior data, storing the behavior data into a preset cache area, wherein a plurality of sensitive behaviors are stored in the preset storage area; sending an asynchronous request message to a behavior log manager, wherein the asynchronous request message is used for requesting to send the sensitive behavior data to the log manager; after receiving the response message of the log manager, sending the sensitive behavior data to a message queue; in the invention, aiming at complex insurance entities such as insurance business, the scheme of optimizing a question-answer engine by entity alignment can be utilized, firstly, rough ordering is carried out by semantic matching degree, then ordering adjustment is carried out by entity alignment mode, and answers are obtained by selecting the corresponding matching questions in front for response, thus effectively avoiding the defect of generalization capability of the model, greatly improving the effect of entity matching and improving the effect of the question-answer engine. The clients may be, but are not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices. The server may be implemented by a stand-alone server or a server cluster formed by a plurality of servers. The present invention will be described in detail with reference to specific examples.
Referring to fig. 2, fig. 2 is a flowchart of a method for recording a behavior log according to an embodiment of the present invention, including the following steps:
s10, monitoring an application program to execute operation behaviors, and acquiring behavior data generated according to the operation behaviors, wherein the behavior data comprises one or a combination of user identification, operation behavior event, time stamp and operation time value;
wherein an application refers to an application that can make shopping, payment, transfer, loan, etc., activities involving the user's personal property, such as: payment treasures, weChat, mobile banking and the like, and a user can add an application program needing to be monitored in the terminal according to actual requirements. The terminal can monitor the executing operation behaviors of each application program in real time through the callback function, when a user performs shopping, payment, transfer, loan and other operations on the application program, the operation button is clicked to generate an operation instruction, the application program can execute the corresponding operation behaviors according to the operation instruction, and meanwhile, the callback function is called to transmit execution information to an operation system of the terminal.
When the operating system of the terminal receives the execution information transmitted by the application program, the application program identifier of the executing operation behavior can be obtained according to the execution information, and the acquisition instruction is transmitted to the target application program according to the application program identifier, so that behavior data generated by the application program according to the executing operation behavior is acquired, wherein the application program identifier can be an application program name, an application program number and the like. The behavior data may include related account information, operation content, operation time corresponding to the operation content, address information, etc. for performing the operation behavior, where the account information may include an account ID (identification), an account name, etc.
In some embodiments, S10 may include: acquiring behavior data of different embedded point objects reported in real time based on preset embedded point parameters;
wherein the different buried point objects include: at least one of an H5 page, an applet, an APP client and a PC client displayed by a browser; the preset buried point parameters comprise: at least one of the different attribute fields and the attribute screening conditions.
Specifically, embedding a point refers to setting a section of embedded point code somewhere so that the system obtains log records through the section of embedded point code. For example, to record the operation process of modifying certain system information by clicking the save button, a section of embedded point code needs to be added into the click operation implementation code of the save button, and the data needing to be captured is set, so that the system can automatically accept the data and save the data in the system, thereby realizing the inquiry.
The embedded point code is composed of program codes embedded into the browser end/application program client end and used for collecting user behavior data and program codes used by the back end for monitoring whether the user behavior data collecting result is abnormal or not. The embedded point code can be used for acquiring the data for analyzing the user behavior information, which is captured by the embedded point code. For example, a JavaScript script may be nested in a web page, when a user accesses the web page, a statistics script is triggered to obtain access data, and a backend Java program determines whether the data structure is abnormal.
When burying points on different buried point objects, corresponding buried point parameters are required to be preset, and the preset buried point parameters in the embodiment of the invention can comprise at least one of different attribute fields and attribute screening conditions. The different attribute fields may include a buried point name field, a user identification field, a device identification field, a timestamp field, a buried point page name, and the like. When user behaviors generated on different embedded point objects meet attribute screening conditions, the embedded point objects can be triggered to report corresponding user behavior logs, and the screening conditions can be used as dimensions for describing object features. The attribute screening conditions can be divided into common attributes and extended attributes by type, and the common attributes are mainly used for default embedded data acquisition and are usually integrated in a big data SDK (software development kit ). The extended attributes are mainly directed to custom buried data collection of specific behaviors.
S20, inputting the behavior data into a preconfigured analysis model, and judging whether the behavior data is sensitive behavior data or not;
the sensitive behavior set may be established in advance, and the operation content included in the sensitive behavior set may be set, for example, the operation content including payment, transfer, loan, repayment, and the like in the sensitive behavior set may be set. The terminal can detect whether the operation content in the behavior data belongs to a preset sensitive behavior set or not, so as to judge whether the operation behavior is a sensitive behavior, and if the operation content belongs to the preset sensitive behavior set, the operation behavior is judged to be the sensitive behavior.
In some embodiments, the inputting the behavior data into a preconfigured analysis model, determining whether the behavior data is sensitive behavior data, includes:
s201, extracting a time stamp, an operation time value and an operation behavior event of the behavior data;
s202, extracting features of the time stamp, the operation time value and the operation behavior event to obtain feature vectors of the behavior data;
s203, invoking an analysis model to conduct label prediction on the feature vector to obtain a label of the behavior data, wherein the analysis model is generated by conducting model training on the behavior data carrying the label;
s204, judging whether the behavior data is sensitive behavior data according to the labels of the behavior data.
Where a timestamp is used to indicate the time of the log record generation, such as timestamp 1 indicates that log record 1 was generated at timestamp 1, timestamp 2 indicates that log record 2 was generated at timestamp 2, and so on. The time stamp format (such as the format of year, month, day, time, minute, second, etc.) can be agreed, and the time stamp is recorded in the data structure by adopting the format, so that the time stamp format is not limited and can be configured according to actual needs.
The operation time value is used to represent an operation time value of an operation behavior event, for example, 3 seconds in the log 1, represents a login operation for the user information 1, and a total of 3 seconds is used. 6 seconds in log 2 represents a search operation for user information 1, a total of 6 seconds is used, and so on.
The model is generated by model training of a behavior log sample carrying the tag. Also is provided with
It can be understood that the analysis model is based on the input operation recorded in the massive behavior log sample, and a mapping relationship is established between the input operation and the corresponding label.
Thus, based on the model, the label prediction can be performed on the feature vector of the input operation according to the established mapping relation between the input operation and the label corresponding to the input operation, so that the label corresponding to the input operation can be obtained through prediction. For example, if the feature vector of the input operation is very similar to or even identical to a certain feature vector in the mapping relationship, the label having the mapping relationship with the certain feature vector may be regarded as the label corresponding to the input operation, thereby completing label prediction.
Further, the tags include legal tags for characterizing legal operations in the input operations and illegal tags for characterizing illegal operations in the input operations.
Still further, the tag is uniquely identified by a number, letter, a combination of both, or other string. For example, the legal tag is identified as 1 and the illegal tag is identified as 0.
In some embodiments, S204 may include:
judging whether the behavior data is sensitive behavior data or not according to the corresponding relation between preset labels and the frequency and/or the number of the behavior data in the preset time period.
S30, if the behavior data are sensitive behavior data, storing the behavior data in a preset cache area, wherein a plurality of sensitive behaviors are stored in the preset storage area;
the preset cache area may be a storage space in a local memory of the client. Before the log data is stored in the preset cache area, a part of storage space can be applied in the local memory of the client as the preset cache area.
S40, sending an asynchronous request message to a behavior log manager, wherein the asynchronous request message is used for requesting to send the sensitive behavior data to the log manager;
in the current application system, an asynchronous thread is started, the asynchronous thread monitors whether a behavior log record exists in a current memory in real time, if so, the current memory is pulled in time, after the behavior log is pulled, the current memory is pushed to a memory layer through an MQ client tool, and after pushing is completed, the behavior log record in the original memory is deleted.
S50, after receiving the response message of the log manager, sending the sensitive behavior data to a message queue;
the actions recorded by the user behavior log are completely decoupled from the actions of the user operation through the use of the asynchronous threads and the MQ, so that the actions for recording the user behavior do not influence the operation of the user.
In some embodiments, S50 may include: the sending the sensitive behavior data to a message queue includes:
and sending the sensitive behavior data to a theme queue corresponding to the operation behavior event type in the message queue.
S60, taking out the sensitive behavior data from the message queue and writing the sensitive behavior data into the log manager.
In some embodiments, after S60, it may further include:
s70, determining a class group to which the behavior data belong according to an operation behavior event;
s80, analyzing a user identifier from the sensitive behavior data stored in a preset time period, and determining behavior data corresponding to the same user identifier;
s90, determining the operation behavior sequence of the user according to the operation behavior event and the class group of the behavior data belonging to the same user.
In some embodiments, S90 may include: 7. the behavior logging method of claim 6, wherein the determining the sequence of the user's operational behavior based on the operational behavior event and class group of behavior data belonging to the same user comprises:
s91, determining an initial sequence according to operation behavior events and category groups recorded by logs belonging to the same user based on the sequence of the time stamps;
s92, dividing the initial sequence into subsequences according to the operation time value, and determining at least one subsequence as the operation behavior sequence of the user.
According to the scheme, when a user performs system operation, the interceptor intercepts the operation behaviors of the user, the behavior analyzer analyzes whether the current behaviors of the user need to be recorded, marks the current operation behaviors if the current behaviors need to be recorded, and assembles a complete record (main fields: user account number, operation action and operation time); the main function of the behavior statistics device to store the record in the transport layer of the transport layer in the current application memory is to push the user operation record in the current application system from the memory to the storage layer through the transport, which is completely asynchronous decoupling. In the current application system, an asynchronous thread is started, the asynchronous thread monitors whether a behavior log record exists in a current memory in real time, if so, the behavior log is pulled timely, after the behavior log is pulled, the behavior log is pushed to a memory layer through an MQ client tool, and after pushing is completed, the behavior log record in the original memory is deleted. Through the use of asynchronous threads and MQ, the actions recorded by the user behavior log are completely decoupled from the actions of the user operation, so that the actions for recording the user behavior do not influence the operation of the user. The storage layer mainly receives the pushed user behavior log and stores the pushed user behavior log. And providing a unified storage interface, and adapting the back end to various memories. After the asynchronous log pusher pushes the user behavior log to the MQ, the MQ pushes the user behavior log to a unified storage interface layer, and the storage interface layer stores the information into different memories according to the storage configuration type of the user. The memory may be of the local file system, ES storage engine, DB database, etc.
Therefore, in the scheme, the action collector does not need to influence the user operation, and the completely decoupled model design ensures that the action collector has the least influence on the user operation; the unified MQ pushes the collector, so that the phenomenon that the behavior logs are scattered in each business server in the original printing log mode is avoided, and the behavior logs are collected by the MQ in a unified way and pushed in a unified way; the storage interface layer at the back end supports more memories by supporting users in a configuration mode, and better supports the storage requirement of security audit.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present invention.
In one embodiment, a behavior logging device is provided, where the behavior logging device corresponds to the behavior logging method in the above embodiment one by one. As shown in fig. 3, the behavior log recording apparatus includes a data acquisition unit 101, a data analysis unit 102, a data buffer unit 103, a transmission request unit 104, a data transmission unit 105, and a data buffer unit 106. The functional modules are described in detail as follows:
a data obtaining unit 101, configured to monitor an application program to perform an operation action, and obtain action data generated according to the operation action, where the action data includes one or a combination of a user identifier, an operation action event, a timestamp, and an operation time value;
a data analysis unit 102, configured to input the behavior data into a preconfigured analysis model, and determine whether the behavior data is sensitive behavior data;
a data caching unit 103, configured to store the behavior data in a preset cache area if the behavior data is sensitive behavior data, where a plurality of sensitive behaviors are stored in the preset storage area;
a transmission request unit 104, configured to send an asynchronous request message to a behavior log manager, where the asynchronous request message is used to request to send the sensitive behavior data to the log manager;
a data transmission unit 105, configured to send the sensitive behavior data to a message queue after receiving the response message of the log manager;
and the data caching unit 106 is used for taking out the sensitive behavior data from the message queue and writing the sensitive behavior data into the log manager.
In some embodiments, the data acquisition unit 101 is specifically configured to:
acquiring behavior data of different embedded point objects reported in real time based on preset embedded point parameters;
wherein the different buried point objects include: at least one of an H5 page, an applet, an APP client and a PC client displayed by a browser; the preset buried point parameters comprise: at least one of the different attribute fields and the attribute screening conditions.
In some embodiments, the data analysis unit 102 is specifically configured to:
extracting a time stamp, an operation time value and an operation behavior event of the behavior data;
extracting features of the timestamp, the operation time value and the operation behavior event to obtain a feature vector of the behavior data;
invoking an analysis model to conduct label prediction on the feature vector to obtain a label of the behavior data, wherein the analysis model is generated by conducting model training on the behavior data carrying the label;
judging whether the behavior data is sensitive behavior data according to the labels of the behavior data.
In some embodiments, the transmission request unit 104 is specifically configured to: judging whether the behavior data is sensitive behavior data or not according to the corresponding relation between preset labels and the frequency and/or the number of the behavior data in the preset time period.
In some embodiments, the message queues include different topic queues that correspond to behavior data of different operational behavior events;
the data transmission unit 105 is specifically configured to: the sending the sensitive behavior data to a message queue includes:
and sending the sensitive behavior data to a theme queue corresponding to the operation behavior event type in the message queue.
In some embodiments, the data caching unit 106 is specifically configured to:
determining a class group to which the behavior data belong according to an operation behavior event;
analyzing a user identifier from the sensitive behavior data stored in a preset time period, and determining behavior data corresponding to the same user identifier;
and determining the operation behavior sequence of the user according to the operation behavior event and the class group of the behavior data belonging to the same user.
For specific limitations of the behavior log recording means, reference is made to the above limitation of the intelligent question-answering method, and no further description is given here. The various modules in the above described behavioral logging apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 4. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes non-volatile and/or volatile storage media and internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is for communicating with an external client via a network connection. The computer program, when executed by a processor, performs the functions or steps of a method for behavioural logging.
In one embodiment, a computer device is provided, which may be a client, the internal structure of which may be as shown in FIG. 5. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is for communicating with an external server via a network connection. The computer program, when executed by a processor, performs a function or steps on a client side of a behavioural logging method
In one embodiment, a computer device is provided comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of when executing the computer program:
monitoring an application program to execute operation behaviors, and obtaining behavior data generated according to the operation behaviors, wherein the behavior data comprises one or a combination of user identification, operation behavior event, time stamp and operation time value;
inputting the behavior data into a preconfigured analysis model, and judging whether the behavior data is sensitive behavior data or not;
if the behavior data are sensitive behavior data, storing the behavior data into a preset cache area, wherein a plurality of sensitive behaviors are stored in the preset storage area;
sending an asynchronous request message to a behavior log manager, wherein the asynchronous request message is used for requesting to send the sensitive behavior data to the log manager;
after receiving the response message of the log manager, sending the sensitive behavior data to a message queue;
and taking out the sensitive behavior data from the message queue and writing the sensitive behavior data into the log manager.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
monitoring an application program to execute operation behaviors, and obtaining behavior data generated according to the operation behaviors, wherein the behavior data comprises one or a combination of user identification, operation behavior event, time stamp and operation time value;
inputting the behavior data into a preconfigured analysis model, and judging whether the behavior data is sensitive behavior data or not;
if the behavior data are sensitive behavior data, storing the behavior data into a preset cache area, wherein a plurality of sensitive behaviors are stored in the preset storage area;
sending an asynchronous request message to a behavior log manager, wherein the asynchronous request message is used for requesting to send the sensitive behavior data to the log manager;
after receiving the response message of the log manager, sending the sensitive behavior data to a message queue;
and taking out the sensitive behavior data from the message queue and writing the sensitive behavior data into the log manager.
It should be noted that, the functions or steps implemented by the computer readable storage medium or the computer device may correspond to the relevant descriptions of the server side and the client side in the foregoing method embodiments, and are not described herein for avoiding repetition.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored in a computer-readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. The storage medium may be a nonvolatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a random access Memory (Random Access Memory, RAM).
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the invention and are described in detail herein without thereby limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.
Claims (10)
1. A method of behavioral logging comprising:
monitoring an application program to execute operation behaviors, and obtaining behavior data generated according to the operation behaviors, wherein the behavior data comprises one or a combination of user identification, operation behavior event, time stamp and operation time value;
inputting the behavior data into a preconfigured analysis model, and judging whether the behavior data is sensitive behavior data or not;
if the behavior data are sensitive behavior data, storing the behavior data into a preset cache area, wherein a plurality of sensitive behaviors are stored in the preset storage area;
sending an asynchronous request message to a behavior log manager, wherein the asynchronous request message is used for requesting to send the sensitive behavior data to the log manager;
after receiving the response message of the log manager, sending the sensitive behavior data to a message queue;
and taking out the sensitive behavior data from the message queue and writing the sensitive behavior data into the log manager.
2. The behavior logging method of claim 1, wherein the obtaining behavior data generated from the operational behavior comprises:
acquiring behavior data of different embedded point objects reported in real time based on preset embedded point parameters;
wherein the different buried point objects include: at least one of an H5 page, an applet, an APP client and a PC client displayed by a browser; the preset buried point parameters comprise: at least one of the different attribute fields and the attribute screening conditions.
3. The behavioral logging method of claim 1 wherein said inputting said behavioral data into a preconfigured analytical model to determine whether said behavioral data is sensitive behavioral data comprises:
extracting a time stamp, an operation time value and an operation behavior event of the behavior data;
extracting features of the timestamp, the operation time value and the operation behavior event to obtain a feature vector of the behavior data;
invoking an analysis model to conduct label prediction on the feature vector to obtain a label of the behavior data, wherein the analysis model is generated by conducting model training on the behavior data carrying the label;
judging whether the behavior data is sensitive behavior data according to the labels of the behavior data.
4. The behavior log recording method of claim 3, wherein the determining whether the behavior data is sensitive behavior data according to a tag of the behavior data comprises:
judging whether the behavior data is sensitive behavior data or not according to the corresponding relation between preset labels and the frequency and/or the number of the behavior data in the preset time period.
5. The behavioral logging method of claim 1 wherein the message queue comprises different topic queues, the different topic queues corresponding to behavioral data of different operational behavioral events;
the sending the sensitive behavior data to a message queue includes:
and sending the sensitive behavior data to a theme queue corresponding to the operation behavior event type in the message queue.
6. The behavioral logging method of claim 1 further comprising, after fetching the sensitive behavioral data from the message queue and writing to the log manager:
determining a class group to which the behavior data belong according to an operation behavior event;
analyzing a user identifier from the sensitive behavior data stored in a preset time period, and determining behavior data corresponding to the same user identifier;
and determining the operation behavior sequence of the user according to the operation behavior event and the class group of the behavior data belonging to the same user.
7. The behavior logging method of claim 6, wherein the determining the sequence of the user's operational behavior based on the operational behavior event and class group of behavior data belonging to the same user comprises:
determining an initial sequence according to the operation behavior events and the class groups recorded by the logs belonging to the same user based on the sequence of the time stamps;
and dividing the initial sequence into subsequences according to the operation time value, and determining at least one subsequence as the operation behavior sequence of the user.
8. A behavioral journal logger, wherein the tester comprises:
the data acquisition unit is used for monitoring the execution operation behaviors of the application program and acquiring behavior data generated according to the operation behaviors, wherein the behavior data comprises one or a combination of user identification, operation behavior event, time stamp and operation time value;
the data analysis unit is used for inputting the behavior data into a preconfigured analysis model and judging whether the behavior data are sensitive behavior data or not;
the data caching unit is used for storing the behavior data in a preset caching area if the behavior data are sensitive behavior data, and a plurality of sensitive behaviors are stored in the preset storage area;
a transmission request unit, configured to send an asynchronous request message to a behavior log manager, where the asynchronous request message is used to request to send the sensitive behavior data to the log manager;
the data transmission unit is used for transmitting the sensitive behavior data to a message queue after receiving the response message of the log manager;
and the data caching unit is used for taking out the sensitive behavior data from the message queue and writing the sensitive behavior data into the log manager.
9. A computer device comprising a memory and a processor, the memory having stored therein computer readable instructions which, when executed by the processor, cause the processor to perform the steps of the behavioural logging method as claimed in any one of claims 1 to 7.
10. A storage medium storing computer readable instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of the behavioural logging method as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310165576.2A CN116126808A (en) | 2023-02-16 | 2023-02-16 | Behavior log recording method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310165576.2A CN116126808A (en) | 2023-02-16 | 2023-02-16 | Behavior log recording method, device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116126808A true CN116126808A (en) | 2023-05-16 |
Family
ID=86306218
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310165576.2A Pending CN116126808A (en) | 2023-02-16 | 2023-02-16 | Behavior log recording method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116126808A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116560875A (en) * | 2023-05-19 | 2023-08-08 | 广州经传多赢投资咨询有限公司 | High-speed asynchronous buffer method, system, equipment and medium based on log |
-
2023
- 2023-02-16 CN CN202310165576.2A patent/CN116126808A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116560875A (en) * | 2023-05-19 | 2023-08-08 | 广州经传多赢投资咨询有限公司 | High-speed asynchronous buffer method, system, equipment and medium based on log |
| CN116560875B (en) * | 2023-05-19 | 2023-10-31 | 广州经传多赢投资咨询有限公司 | High-speed asynchronous buffer method, system, equipment and medium based on log |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210318866A1 (en) | Auto-generation of api documentation via implementation-neutral analysis of api traffic | |
| US11755387B1 (en) | Updating code of an app feature based on a value of a query feature | |
| US7587484B1 (en) | Method and system for tracking client software use | |
| US9141611B2 (en) | Aggregated web analytics request systems and methods | |
| US8756593B2 (en) | Map generator for representing interrelationships between app features forged by dynamic pointers | |
| US8589876B1 (en) | Detection of central-registry events influencing dynamic pointers and app feature dependencies | |
| US20080091775A1 (en) | Method and apparatus for parallel operations on a plurality of network servers | |
| US10528456B2 (en) | Determining idle testing periods | |
| US11436133B2 (en) | Comparable user interface object identifications | |
| US20130263156A1 (en) | Operation log collection method and device | |
| CN112650688A (en) | Automated regression testing method, associated device and computer program product | |
| CN111654495B (en) | Method, apparatus, device and storage medium for determining traffic generation source | |
| CN116126808A (en) | Behavior log recording method, device, computer equipment and storage medium | |
| CN111431767A (en) | Multi-browser resource synchronization method and device, computer equipment and storage medium | |
| CN114629929A (en) | Log recording method, device and system | |
| CN109542764B (en) | Webpage automatic testing method and device, computer equipment and storage medium | |
| CN112817817B (en) | Buried point information query method, buried point information query device, computer equipment and storage medium | |
| CN114153703A (en) | Micro-service exception positioning method and device, electronic equipment and program product | |
| US9104573B1 (en) | Providing relevant diagnostic information using ontology rules | |
| CN112162954B (en) | User operation log generation and path positioning method, device, equipment and medium | |
| CN115454400A (en) | Interface parameter processing method, device, equipment, medium and program product | |
| CN112347066B (en) | Log processing method and device, server and computer readable storage medium | |
| Wang et al. | Application Monitoring for bug reproduction in web-based applications | |
| CN113032647A (en) | Data analysis system | |
| CN113765731A (en) | Information processing method, device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |