CN116132258A - Method and device for detecting high-risk instruction - Google Patents
Method and device for detecting high-risk instruction Download PDFInfo
- Publication number
- CN116132258A CN116132258A CN202211631775.XA CN202211631775A CN116132258A CN 116132258 A CN116132258 A CN 116132258A CN 202211631775 A CN202211631775 A CN 202211631775A CN 116132258 A CN116132258 A CN 116132258A
- Authority
- CN
- China
- Prior art keywords
- instruction
- risk
- parameters
- authorized
- risk instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims description 44
- 230000006854 communication Effects 0.000 claims abstract description 96
- 238000004891 communication Methods 0.000 claims abstract description 95
- 238000001514 detection method Methods 0.000 claims abstract description 27
- 239000002071 nanotube Substances 0.000 claims description 51
- 230000015654 memory Effects 0.000 claims description 34
- 238000012545 processing Methods 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 2
- 230000006870 function Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 13
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 239000007787 solid Substances 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application discloses a detection method and device for high-risk instructions, relates to the technical field of computers, and solves the problem that when an operation instruction of digital equipment is detected to be the high-risk instruction, the operation instruction is directly forbidden, so that the misjudgment rate of the operation instruction of the digital equipment is too high. The detection method of the high-risk instruction comprises the following steps: acquiring an operation instruction of the digital communication equipment; the operation instruction comprises: instruction parameters; determining that the instruction parameters belong to high-risk instruction parameters; determining that the instruction parameters do not belong to authorized high-risk instruction parameters; generating early warning information; the early warning information is used for prompting that the operation instruction is an unauthorized high-risk instruction.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for detecting high-risk instructions.
Background
With the rapid development of the fifth generation communication technology (5th generation mobile communication technol ogy,5G), the number of operation instructions of the digital devices in the 5G mobile core network employing the service architecture (service-based architecture, SB a) increases exponentially. When the operation instruction is used for configuring the digital equipment, since high-risk instructions possibly exist in the operation instruction, if the high-risk instructions are directly executed, the operation of the digital equipment can be influenced, and meanwhile, huge network hidden danger can be brought to the whole core network, the network safety is threatened, and the irrecoverable economic loss is caused.
At present, the management mode of the operation instruction of the digital equipment is to detect the operation instruction before the operation instruction is executed, and when detecting that a certain operation instruction of the digital equipment is a high-risk instruction, the operation instruction is directly forbidden to avoid the execution of the digital equipment, or the operation instruction is submitted to a manual checking system, and whether the operation instruction can be authorized to be executed is checked manually.
Disclosure of Invention
The invention provides a method and a device for detecting high-risk instructions, which are used for solving the problem that when a nano tube system detects that an operation instruction of digital equipment is a high-risk instruction, the operation instruction is directly forbidden, so that the misjudgment rate of the operation instruction of the digital equipment is too high.
In order to achieve the above purpose, the invention adopts the following technical scheme:
in a first aspect, the present invention provides a method for detecting a high-risk instruction, applied to a nanotube system, in which a nanotube list is established, where the nanotube list is used to store device information of a data communication device, where the device information includes: an operating instruction of a digital communication device, the method comprising: acquiring an operation instruction of the digital communication equipment; the operation instruction comprises: instruction parameters. Determining that the instruction parameters belong to high-risk instruction parameters, determining that the instruction parameters do not belong to authorized high-risk instruction parameters, and generating early warning information; the early warning information is used for prompting that the operation instruction is an unauthorized high-risk instruction.
According to the detection method for the high-risk instruction, after the instruction management equipment acquires the operation instruction of the digital communication equipment, the operation instruction can be determined to be an unauthorized high-risk instruction by determining that the instruction parameter of the operation instruction belongs to the high-risk instruction parameter and the instruction parameter does not belong to the authorized high-risk instruction parameter, and the early warning information for prompting the operation instruction to be the unauthorized high-risk instruction is generated so as to prompt the operation instruction to be the unauthorized high-risk instruction affecting the operation of the digital communication equipment, so that the unauthorized high-risk instruction is early warned in advance, and accidents of the digital communication equipment are avoided.
In a possible implementation manner, a high-risk instruction library is also established in the nano tube system, high-risk instruction parameters are stored in the high-risk instruction library, and determining that the instruction parameters belong to the high-risk instruction parameters includes: acquiring high-risk instruction parameters in a high-risk instruction library, and judging whether the instruction parameters belong to the high-risk instruction parameters or not; determining that the instruction parameter does not belong to an authorized high-risk instruction parameter includes: acquiring a work order with an authorized state in a work order approval system; analyzing the worksheet, and determining authorized high-risk instruction parameters; the work order approval system is used for storing work orders; and judging whether the instruction parameters belong to the authorized high-risk instruction parameters by using the authorized high-risk instruction parameters.
In a possible implementation manner, the method for detecting the high-risk instruction provided by the application further includes: and determining that the instruction parameters do not belong to high-risk instruction parameters, and executing the operation instruction.
In a possible implementation manner, the method for detecting the high-risk instruction provided by the application further includes: determining that the instruction parameters belong to authorized high-risk instruction parameters, and executing the operation instruction.
In a possible implementation manner, the method for detecting the high-risk instruction provided by the application further includes: receiving equipment information reported by digital communication equipment; the device information also includes one or more of the following: and updating a nanotube list in the nanotube system according to the equipment information.
In a second aspect, the present invention provides a detection apparatus for high-risk instructions, applied to a nanotube system, in which a nanotube list is established, where the nanotube list is used to store device information of a data communication device, where the device information includes: an operation instruction of the digital communication device, the apparatus comprising: the device comprises an acquisition module, a processing module and a generation module.
The acquisition module is used for acquiring an operation instruction of the digital communication equipment; the operation instruction comprises: instruction parameters.
The processing module is used for determining that the instruction parameters belong to high-risk instruction parameters; determining that the instruction parameters do not belong to authorized high-risk instruction parameters.
The generation module generates early warning information; the early warning information is used for prompting that the operation instruction is an unauthorized high-risk instruction.
In a possible implementation manner, a high-risk instruction library is also established in the nano tube system, high-risk instruction parameters are stored in the high-risk instruction library, and the acquisition module is also used for acquiring a work order with an authorized state in the work order approval system; the processing module is specifically used for acquiring high-risk instruction parameters in the high-risk instruction library and judging whether the instruction parameters belong to the high-risk instruction parameters or not; after the acquisition module acquires the work order with the authorized state in the work order approval system as the authorized work order, analyzing the work order, and determining authorized high-risk instruction parameters; the work order approval system is used for storing authorized work orders; and judging whether the instruction parameters belong to the authorized high-risk instruction parameters by using the authorized high-risk instruction parameters.
In a possible implementation manner, the detection device for high-risk instructions provided by the application further includes: and the execution module is used for executing the operation instruction after the processing module determines that the instruction parameter does not belong to the high-risk instruction parameter.
In a possible implementation manner, the execution module is further configured to execute the operation instruction after the processing module determines that the instruction parameter belongs to the authorized high-risk instruction parameter.
In a possible implementation manner, the detection device for high-risk instructions provided by the application further includes: and the receiving module and the updating module.
The receiving module is used for receiving the equipment information reported by the digital communication equipment; the device information also includes one or more of the following: name of the digital device, address of the digital device, type of digital device.
And the updating module is used for updating the nano tube list in the nano tube system according to the equipment information.
In a third aspect, there is provided an instruction management apparatus having a function of implementing the method for detecting high-risk instructions described in the first aspect or any one of possible implementation manners. The functions can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.
In a fourth aspect, a computer readable storage medium is provided, in which instructions are stored which, when run on a computer, enable the computer to perform the method of detecting high risk instructions according to the first aspect or any one of the possible implementations described above.
In a fifth aspect, a computer program product is provided comprising instructions which, when run on a computer, enable the computer to perform the method of detecting high risk instructions of the first aspect or any one of the possible implementations described above.
The technical effects of any one of the design manners of the third aspect to the fifth aspect may be referred to technical effects of different possible implementation manners of the first aspect, which are not described herein.
For a detailed description of the second to fifth aspects and various implementations thereof in this application, reference may be made to the detailed description of the first aspect and various implementations thereof; moreover, the advantages of the second aspect and the various implementations thereof may be referred to as analyzing the advantages of the first aspect and the various implementations thereof, and will not be described herein.
These and other aspects of the present application will be more readily apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a high-risk instruction detection system according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of an instruction management apparatus according to an embodiment of the present application;
FIG. 3 is a system schematic diagram of a nanotube system according to an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of a nanotube list provided in an embodiment of the present application;
FIG. 5 is a schematic diagram of an instruction list provided in an embodiment of the present application;
FIG. 6 is a schematic diagram of a high-risk instruction library according to an embodiment of the present disclosure;
fig. 7 is a schematic flow chart of a method for detecting a high-risk instruction according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a work order approval system according to an embodiment of the present disclosure;
fig. 9 is another flow chart of a method for detecting a high-risk instruction according to an embodiment of the present application;
FIG. 10 is a specific example diagram of a method for detecting high-risk instructions according to an embodiment of the present disclosure;
fig. 11 is a schematic structural diagram of a high-risk instruction detection device according to an embodiment of the present application;
fig. 12 is another schematic structural diagram of a high-risk instruction detection device according to an embodiment of the present disclosure;
fig. 13 is a schematic structural diagram of an instruction management apparatus according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. In the description of the present invention, unless otherwise indicated, the meaning of "a plurality" is two or more.
In addition, the network architecture and the service scenario described in the embodiments of the present application are for more clearly describing the technical solution of the embodiments of the present application, and do not constitute a limitation on the technical solution provided in the embodiments of the present application, and as a person of ordinary skill in the art can know, with evolution of the network architecture and appearance of a new service scenario, the technical solution provided in the embodiments of the present application is also applicable to similar technical problems.
For ease of understanding, the terms devised in this application are explained first.
High-risk instructions refer to operational instructions that, when executed on a data communication device, may cause significant network risks. For example, the high-risk instructions may include: a reboot instruction to restart the system, a remove instruction to delete one or more files or directories, etc.
The data communication device is a generic name of a switching device, a transmission device and a terminal device in the data communication system, and may be, for example, a switch, a router, etc.
At present, when the instruction management device detects that the operation instruction of the digital communication device is a high-risk instruction, the operation instruction is directly forbidden, whether the operation instruction is an authorized operation instruction is not considered, so that the authorized operation instruction needs to be repeatedly checked, and the management efficiency is low. Based on the above, the application provides a method and a device for detecting a high-risk instruction, after an instruction management device obtains an operation instruction of a data communication device, by determining that an instruction parameter of the operation instruction belongs to a high-risk instruction parameter and that the instruction parameter does not belong to an authorized high-risk instruction parameter, the operation instruction can be determined to be an unauthorized high-risk instruction, and early warning information for prompting the operation instruction to be the unauthorized high-risk instruction is generated, so that the unauthorized high-risk instruction is early warned in advance, and accidents of the data communication device are avoided.
The implementation of the examples of the present application will be described in detail below with reference to the accompanying drawings.
The scheme provided by the application can be applied to the high-risk instruction detection system 100 shown in fig. 1. As shown in fig. 1, the high-risk instruction detection system includes an instruction management apparatus 101 and a plurality of data communication apparatuses 102.
The data communication device 102 is configured to carry an operation instruction of the data communication device, where the operation instruction may be configured by a user according to a service requirement. The digital device 102 may be a digital device such as a router or a switch, and the type and function of the digital device 102 are not limited in the embodiments of the present application.
The instruction management apparatus 101 may be a centralized control apparatus of the digital communication apparatus 102 in the detection system 100 for high-risk instructions, or may be a third party server or others.
It should be noted that, the number of the digital communication devices 102 included in the high-risk instruction detection system 100 may be configured according to actual needs, and fig. 1 is only schematic in this application, and is not a specific limitation on the scale of the high-risk instruction detection system 100.
The solution provided in the present application may be applied to the instruction management apparatus 101 illustrated in fig. 2, where the instruction management apparatus 101 may be disposed in the high-risk instruction detection system 100 illustrated in fig. 1, and the instruction management apparatus 101 may be a computer, a switch, a router, or other product forms, which is not specifically limited. The instruction management apparatus 101 includes: processor 201, memory 202.
The processor 201 may be a central processing unit (central processing unit, CPU), and the processor 201 may also be other general purpose processors, digital signal processors (digital signal pro cessor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), field-programmable gate arrays (field-programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or a combination thereof.
The memory 202 may be a volatile memory (RAM), such as a random-access memory (RAM); or a nonvolatile memory (non-volatile memory), such as a read-only memory (ROM), a flash memory (flash memory), a hard disk (HDD) or a Solid State Drive (SSD); or a combination of the above types of memories for storing application programs, configuration files, data information or other content that may implement the methods of the present application.
The processor 201 performs the following functions by running or executing software programs and/or modules stored in the memory 202 and invoking data stored in the memory 202:
acquiring an operation instruction of the data communication equipment, and generating early warning information for prompting that the operation instruction is an unauthorized high-risk instruction after determining that the instruction parameter of the operation instruction belongs to the high-risk instruction parameter and determining that the instruction parameter does not belong to the authorized high-risk instruction parameter.
The solution provided in the present application may be applied to a nanotube system 300 illustrated in fig. 3, where the nanotube system 300 may be deployed on the instruction management apparatus 101 illustrated in fig. 1. A nanotube list 301 and a high-risk instruction library 302 are established in the nanotube system 300. Wherein an instruction list 303 is built in the nanotube list.
Illustratively, a nanotube list 301 for storing device information of a data communication device is established in the nanotube system 300 as shown in fig. 4.
The device information may include information such as a name of the digital device, an address of the digital device, a type of the digital device, an operation user operating the digital device, an operation instruction of the digital device, and an operation state, which are not limited in this application.
Illustratively, the nanotube list 301 may include a plurality of lists, one list corresponding to device information of each of the plurality of data communication devices. One of the nanotube lists 301 may include the name of the aforementioned one of the several devices, the address of the several device, and the type of the several device.
The list in the nanotube list may include the name of the aforementioned one digital device, the address of the digital device, the type of the digital device, and may also include device information such as a management group to which the digital device belongs, and creation time of the digital device, which is not limited in this application.
Further, as shown in fig. 5, in the list included in the above-mentioned nanotube list 301, an instruction list 303 of the device is also built under the list. Each instruction list 303 includes the operation user who operates the digital device, the operation instruction of the digital device, and the operation state described above.
Each instruction list 303 may include the above-mentioned operation user for operating the digital communication device, the operation instruction and the operation state of the digital communication device, and may also include the device name of the digital communication device, the address of the digital communication device, the operation time, and other device information, which is not limited in this application.
Illustratively, a high-risk instruction library 302 for storing high-risk instructions of a data communication device is also established in the nanotube system 300, as shown in fig. 6.
The high-risk instruction of the data communication device can be a user-defined high-risk instruction. The high-risk instruction may include an operation instruction, an instruction parameter, an authorized state of the high-risk instruction, a creation time of the high-risk instruction, and the like, which are not limited in the present application.
The nanotube system illustrated in fig. 3, the nanotube list illustrated in fig. 4, the instruction list illustrated in fig. 5, and the high-risk instruction library illustrated in fig. 6 are merely exemplary of the application scenario of the present application, and are not limited to the application scenario of the present application scenario.
In one aspect, the present application discloses a method of detecting high-risk instructions that may be performed by an instruction management device, such as the instruction management device 101 illustrated in fig. 2. As shown in fig. 7, the method may include the steps of:
s701, the instruction management device acquires an operation instruction of the data communication device.
The operation instruction of the instruction management device comprises an instruction parameter.
Illustratively, the determining procedure of the operation instruction of the digital communication device may be: when the user needs to perform operation configuration on the digital equipment, the user can select a proper instruction according to the configuration requirement and is provided with specific instruction parameters, and an operation instruction of the digital equipment is generated in the digital equipment.
For example, when the user needs to restart the digital communication device, the user selects a restart (reboot) operation instruction on the digital communication device, and prepares a reboot instruction parameter, and finally generates a restart instruction in the digital communication device.
Further, after the data communication device determines the operation instruction of the data communication device, the instruction management device may receive the operation instruction of the data communication device sent by the data communication device through a communication connection with the data communication device.
The communication process of the command management device and the data communication device may be that the data communication device actively reports an operation command of the data communication device, or after the command management device requests the operation command of the data communication device, the data communication device responds to the request sent by the command management device and sends the operation command of the data communication device to the command management device, which is not limited in the embodiments of the present application.
S702, the instruction management device determines that the instruction parameters belong to high-risk instruction parameters.
The instruction management device, after acquiring the operation instruction of the data communication device, determines whether the instruction parameter of the data communication device belongs to the high-risk instruction parameter by extracting the instruction parameter in the operation instruction and comparing the instruction parameter with the instruction parameter in the high-risk instruction library illustrated in fig. 5.
S703, the instruction management apparatus determines that the instruction parameter does not belong to the authorized high-risk instruction parameter.
Specifically, after the instruction management device determines that the instruction parameter of the operation instruction of the data communication device belongs to the high-risk instruction parameter in S702, the instruction management device compares the instruction parameter with the instruction parameter in the work order approval system.
In one embodiment, as shown in fig. 8, a work order approval system 801 is shown, where the work order approval system 801 may include work order numbers of work orders, and each work order corresponds to all operation instructions in the work order and an authorization status of the instructions in the work order. Meanwhile, the work order approval system 801 stores all high-risk instructions of the work order and instruction parameters of the high-risk instructions under each work order.
The work order approval system 801 may include the work order number of the work order, the authorization status of the work order, the work order number, the work order title, the work order creation time, the feedback time limit, the affiliated dispatch function, the affiliated professional domain, the applicant, the affiliated department of the applicant, the urgency degree of the work order, whether the work order affects the business, and the like, which are not limited in this application.
The instruction management device, after determining that the instruction parameter of the operation instruction of the data communication device belongs to the high-risk instruction parameter, obtains the high-risk instruction parameter under the work order by analyzing the authorized state in the work order approval system as the authorized work order, and compares the instruction parameter of the operation instruction of the data communication device with the high-risk instruction parameter of the authorized work order to determine whether the instruction parameter of the operation instruction of the data communication device belongs to the authorized high-risk instruction parameter.
S704, the instruction management device generates early warning information.
The early warning information is used for prompting that the operation instruction of the digital communication equipment is an unauthorized high-risk instruction.
The instruction management device generates early warning information for prompting that the operation instruction of the data communication device is an unauthorized high-risk instruction after determining that the instruction parameter of the operation instruction of the data communication device belongs to the high-risk instruction parameter and the instruction parameter of the operation instruction of the data communication device does not belong to the authorized high-risk instruction parameter. And the instruction management device can send the early warning information to the user so as to remind the operation instruction of the data communication device to be an unauthorized high-risk instruction.
It should be noted that, the instruction management device may send the early warning information to the user through software or a short message, or may send a buzzer to remind the user after determining that the instruction parameter of the operation instruction of the data communication device belongs to the high-risk instruction parameter and the instruction parameter of the operation instruction of the data communication device does not belong to the authorized high-risk instruction parameter, which is not limited in the application.
According to the scheme, after the operation instruction of the digital communication equipment is obtained, the instruction parameters of the operation instruction are determined to belong to high-risk instruction parameters, and after the instruction parameters of the operation instruction do not belong to authorized high-risk instruction parameters, the operation instruction can be determined to be an unauthorized high-risk instruction, early warning information is generated, the operation instruction is prompted to be executed, the digital communication equipment can possibly be caused to have accidents in the operation process, early warning is carried out on the unauthorized high-risk instruction in advance, and the digital communication equipment is prevented from having accidents.
Further, the instruction management device may allow the digital communication device to execute the operation instruction in several cases:
the instruction management device determines that the instruction parameters do not belong to the high-risk instruction parameters in case 1, S702.
In case 2, the instruction management device determines that the instruction parameter belongs to the high-risk instruction parameter in S702, and the instruction management device determines that the instruction parameter belongs to the authorized high-risk instruction parameter in S703.
Further, in order to be able to obtain the operation instruction of the digital communication device in real time, the digital communication device needs to be managed in a nanotube system. Prior to S701, as shown in fig. 9, the method provided in the embodiment of the present application may further include: s705, S706.
S705, the command management device receives the device information reported by the digital communication device.
Wherein the device information further includes one or more of the following information: name of the digital device, address of the digital device, type of digital device.
Illustratively, the data communication device reports device information of the data communication device to the instruction management device through a communication connection with the instruction management device.
S706, the command management device updates a nanotube list in the nanotube system according to the device information.
The command management device, after receiving the device information of the data communication device reported by the data communication device, adds the name of the data communication device, the address of the data communication device, and the type of the data communication device to a nanotube list of the command management device, where the nanotube list may be specifically as shown in fig. 4.
The following describes the embodiments of the present application in detail by way of specific examples.
An exemplary scenario diagram of a high-risk instruction detection method provided in the present application is shown in fig. 10, where an instruction management device receives device information reported by all data communication devices, and updates a nanotube list of a nanotube system of the instruction management device by using the device information. When a user needs to execute a restarting operation on a certain digital device, a restarting (reboot) operation instruction is initiated on the digital device, and the instruction parameter of the operation instruction is reboot. At this time, the instruction management device obtains the instruction parameter reboot of the operation instruction on the nano tube system, compares the operation instruction with the high-risk instruction in the high-risk instruction library illustrated in fig. 6, and determines that the instruction parameter reboot of the operation instruction belongs to the high-risk instruction parameter recorded in the high-risk instruction library. Meanwhile, the instruction management equipment adopts an infinite loop mode, monitors and acquires the operation instruction of the data communication equipment connected with the instruction management equipment in real time, compares the operation instruction with the high-risk instruction in the high-risk instruction library, and judges whether the instruction parameter of the operation instruction belongs to the high-risk instruction parameter recorded in the high-risk instruction library.
Further, the instruction management device performs the next judgment on the instruction, and determines that the instruction parameter reboot of the operation instruction belongs to an unauthorized instruction parameter in the work order approval system by comparing the instruction parameter reboot with the instruction parameter of the work order approval system illustrated in fig. 8. The instruction management system generates early warning information, sends the early warning information to a user in real time, prompts the operation instruction to be an unauthorized high-risk instruction, and achieves early warning of the unauthorized high-risk instruction.
The above description has been presented mainly in terms of the working principle of the device, with respect to the solution provided in the embodiments of the present application. It is to be appreciated that the computing device, in order to implement the functionality described above, includes corresponding hardware structures and/or software modules that perform the various functions. Those of skill in the art will readily appreciate that the algorithm steps of the examples described in connection with the embodiments disclosed herein may be implemented as hardware or a combination of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The embodiment of the application may divide the functional modules of the computing device according to the above method examples, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated modules may be implemented in hardware or in software functional modules. It should be noted that, in the embodiment of the present application, the division of the modules is schematic, which is merely a logic function division, and other division manners may be implemented in actual implementation.
In the case of dividing each functional module by corresponding each function, fig. 11 shows a schematic diagram of one possible composition of the high-risk instruction detection apparatus as described above and in the embodiment, and as shown in fig. 11, the high-risk instruction detection apparatus 1100 may include: an acquisition module 1101, a processing module 1102, a generation module 1103.
The acquiring module 1101 is configured to execute S701 in the method for detecting the high-risk instruction shown in fig. 7 or 9 by the detecting device 1100 supporting the high-risk instruction.
The processing module 1102 is configured to execute S702 and S703 in the method for detecting a high-risk instruction shown in fig. 7 or 9 by the detection apparatus 1100 for supporting a high-risk instruction.
A generating module 1103 is configured to execute S704 in the method for detecting a high-risk instruction shown in fig. 7 or 9 by the detecting device 1100 supporting the high-risk instruction.
In an embodiment of the present application, further, as shown in fig. 12, the apparatus 1100 for detecting a high-risk instruction may further include: an execution module 1104, a receiving module 1105, an update module 1106.
The execution module 1104 is configured to execute an operation instruction of the digital communication device by the detection apparatus 1100 supporting the high-risk instruction.
The receiving module 1105 is configured to execute S705 in the method for detecting the high-risk instruction shown in fig. 9 by the detecting apparatus 1100 supporting the high-risk instruction.
The update module 1106 is configured to execute S706 in the method for detecting a high-risk instruction shown in fig. 9 by the detection apparatus 1100 supporting the high-risk instruction.
It should be noted that, all relevant contents of each step related to the above method embodiment may be cited to the functional description of the corresponding functional module, which is not described herein.
The detection device 1100 for high-risk instructions provided in the embodiments of the present application is configured to execute the detection method for high-risk instructions, so that the same effects as those of the detection method for high-risk instructions can be achieved.
The embodiment of the present application further provides an instruction management apparatus 1300, as shown in fig. 13, where the instruction management apparatus 1300 may include a memory 1301, a processor 1302, and a transceiver 1303, where the memory 1301 and the processor 1302 may be connected by a bus or a network or other manners, and in fig. 13, the connection is exemplified by a bus.
The processor 1302 may be a central processing unit (central processing unit, CPU). The processor 1302 may also be other general purpose processors, digital signal processors (digital signal proces sor, DSP), application specific integrated circuits (application specific integrated circuit, AS ICs), field-programmable gate arrays (field-programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or a combination thereof.
The memory 1301 may be a volatile memory (RAM) such as a random-access memory (RAM); or a nonvolatile memory (non-volatile memory), such as a read-only memory (ROM), a flash memory (flash memory), a hard disk (HDD) or a Solid State Drive (SSD); or a combination of the above types of memories for storing application code, configuration files, data information, or other content in which the methods of the present application may be implemented.
The transceiver 1303 is used to instruct the management apparatus 1300 to interact with information of other apparatuses.
The one or more modules are stored in the memory 1301, which when executed by the processor 1302, performs the method of detecting high risk instructions in the embodiments shown in fig. 7 or 9.
The embodiment of the application also provides a computer readable storage medium, wherein instructions are stored, and the instructions are executed to execute the detection method and related steps of the high-risk instructions in the method embodiment.
It will be apparent to those skilled in the art from this description that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another apparatus, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and the parts displayed as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application may be essentially or contributing part or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, where the software product includes several instructions for causing a device (may be a single-chip microcomputer, a chip or the like) or a processor (processor) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read Only Memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a specific embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (12)
1. The detection method of the high-risk instruction is characterized by being applied to a nano tube system, wherein a nano tube list is established in the nano tube system, the nano tube list is used for storing equipment information of digital communication equipment, and the equipment information comprises the following components: the method comprises the following steps of:
acquiring an operation instruction of the digital communication equipment; the operation instruction includes: instruction parameters;
determining that the instruction parameters belong to high-risk instruction parameters;
determining that the instruction parameters do not belong to authorized high-risk instruction parameters;
generating early warning information; the early warning information is used for prompting that the operation instruction is an unauthorized high-risk instruction.
2. The method of claim 1, wherein a high-risk instruction library is also established in the nanotube system, wherein high-risk instruction parameters are stored in the high-risk instruction library,
the determining that the instruction parameter belongs to a high-risk instruction parameter comprises:
acquiring high-risk instruction parameters in the high-risk instruction library, and judging whether the instruction parameters belong to the high-risk instruction parameters or not;
the determining that the instruction parameter does not belong to an authorized high-risk instruction parameter includes:
acquiring a work order with an authorized state in a work order approval system;
analyzing the work order and determining authorized high-risk instruction parameters; the work order approval system is used for storing work orders;
and judging whether the instruction parameters belong to authorized high-risk instruction parameters or not by utilizing the authorized high-risk instruction parameters.
3. The method according to claim 1, wherein the method further comprises:
and determining that the instruction parameters do not belong to the high-risk instruction parameters, and executing the operation instruction.
4. The method according to claim 2, wherein the method further comprises:
and determining that the instruction parameters belong to the authorized high-risk instruction parameters, and executing the operation instruction.
5. The method according to claim 1, wherein the method further comprises:
receiving equipment information reported by the digital communication equipment; the device information also includes one or more of the following: the name of the digital communication equipment, the address of the digital communication equipment and the type of the digital communication equipment;
and updating a nanotube list in the nanotube system according to the equipment information.
6. The utility model provides a detection device of high risk instruction, its characterized in that is applied to the nano tube system, the nano tube list has been established in the nano tube system, the nano tube list is used for storing the equipment information of several logical devices, the equipment information includes: the device comprises an operation instruction of the digital communication equipment, and the device comprises:
the acquisition module is used for acquiring an operation instruction of the digital communication equipment; the operation instruction includes: instruction parameters;
the processing module is used for determining that the instruction parameters belong to high-risk instruction parameters; determining that the instruction parameters do not belong to authorized high-risk instruction parameters;
the generation module generates early warning information; the early warning information is used for prompting that the operation instruction is an unauthorized high-risk instruction.
7. The apparatus of claim 6, wherein a high-risk instruction library is also established in the nanotube system, wherein high-risk instruction parameters are stored in the high-risk instruction library,
the acquisition module is also used for acquiring a work order with an authorized state in the work order approval system;
the processing module is specifically configured to obtain a high-risk instruction parameter in the high-risk instruction library, and determine whether the instruction parameter belongs to the high-risk instruction parameter; after the acquisition module acquires a work order with an authorized state in the work order approval system, analyzing the work order, and determining authorized high-risk instruction parameters; the work order approval system is used for storing authorized work orders; and judging whether the instruction parameters belong to authorized high-risk instruction parameters or not by utilizing the authorized high-risk instruction parameters.
8. The apparatus of claim 6, wherein the apparatus further comprises:
and the execution module is used for executing the operation instruction after the processing module determines that the instruction parameter does not belong to the high-risk instruction parameter.
9. The apparatus of claim 8, wherein the device comprises a plurality of sensors,
the execution module is further configured to execute the operation instruction after the processing module determines that the instruction parameter belongs to the authorized high-risk instruction parameter.
10. The apparatus of claim 6, wherein the apparatus further comprises:
the receiving module is used for receiving the equipment information reported by the digital communication equipment; the device information also includes one or more of the following: the name of the digital communication equipment, the address of the digital communication equipment and the type of the digital communication equipment;
and the updating module is used for updating the nanotube list in the nanotube system according to the equipment information.
11. An instruction management apparatus, characterized by comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the method of detecting high risk instructions according to any one of claims 1 to 5.
12. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the method of detecting high risk instructions according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211631775.XA CN116132258A (en) | 2022-12-19 | 2022-12-19 | Method and device for detecting high-risk instruction |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211631775.XA CN116132258A (en) | 2022-12-19 | 2022-12-19 | Method and device for detecting high-risk instruction |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116132258A true CN116132258A (en) | 2023-05-16 |
Family
ID=86298401
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211631775.XA Pending CN116132258A (en) | 2022-12-19 | 2022-12-19 | Method and device for detecting high-risk instruction |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116132258A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100004818A1 (en) * | 2008-07-02 | 2010-01-07 | Michael Phelan | Driver authentication system and method for monitoring and controlling vehicle usage |
| CN109129478A (en) * | 2018-08-22 | 2019-01-04 | 深圳威琳懋生物科技有限公司 | The control method and storage medium of intelligent Patrol Robot |
| CN110401621A (en) * | 2018-04-25 | 2019-11-01 | 中国移动通信集团有限公司 | A kind of means of defence of sensitive instructions, equipment and storage medium |
| CN112416713A (en) * | 2020-11-20 | 2021-02-26 | 泰康保险集团股份有限公司 | Operation auditing system and method, computer readable storage medium and electronic equipment |
| US20210200662A1 (en) * | 2019-12-31 | 2021-07-01 | Visa International Service Association | System and method to use past computer executable instructions to evaluate proposed computer executable instructions |
| CN114500039A (en) * | 2022-01-24 | 2022-05-13 | 北京新桥信通科技股份有限公司 | Instruction issuing method and system based on safety control |
| CN115001779A (en) * | 2022-05-26 | 2022-09-02 | 中国农业银行股份有限公司 | Verification method, device, equipment and medium of operation instruction |
-
2022
- 2022-12-19 CN CN202211631775.XA patent/CN116132258A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100004818A1 (en) * | 2008-07-02 | 2010-01-07 | Michael Phelan | Driver authentication system and method for monitoring and controlling vehicle usage |
| CN110401621A (en) * | 2018-04-25 | 2019-11-01 | 中国移动通信集团有限公司 | A kind of means of defence of sensitive instructions, equipment and storage medium |
| CN109129478A (en) * | 2018-08-22 | 2019-01-04 | 深圳威琳懋生物科技有限公司 | The control method and storage medium of intelligent Patrol Robot |
| US20210200662A1 (en) * | 2019-12-31 | 2021-07-01 | Visa International Service Association | System and method to use past computer executable instructions to evaluate proposed computer executable instructions |
| CN112416713A (en) * | 2020-11-20 | 2021-02-26 | 泰康保险集团股份有限公司 | Operation auditing system and method, computer readable storage medium and electronic equipment |
| CN114500039A (en) * | 2022-01-24 | 2022-05-13 | 北京新桥信通科技股份有限公司 | Instruction issuing method and system based on safety control |
| CN115001779A (en) * | 2022-05-26 | 2022-09-02 | 中国农业银行股份有限公司 | Verification method, device, equipment and medium of operation instruction |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1935106B1 (en) | Device management system and method for managing device management object | |
| CN106951335B (en) | Process daemon method and mobile terminal | |
| CN103299314A (en) | Cloud based real time APP privacy dashboard | |
| CN111045901A (en) | Container monitoring method and device, storage medium and electronic equipment | |
| CN111475369A (en) | Log monitoring adding method and device, computer equipment and storage medium | |
| CN112558946A (en) | Method, device and equipment for generating code and computer readable storage medium | |
| CN113157315A (en) | Method, device, equipment and medium for identifying difference information of different versions of software | |
| CN111343267B (en) | Configuration management method and system | |
| CN104123496A (en) | Rogue software interception method, device and terminal | |
| CN111130867B (en) | Intelligent household equipment alarm method and device based on Internet of things | |
| CN112800092A (en) | Data cache management method, device and equipment and readable storage medium | |
| CN111475468A (en) | Log access method, device, equipment and storage medium of newly added system | |
| CN116132258A (en) | Method and device for detecting high-risk instruction | |
| CN112632192A (en) | Node maintenance method and device, computer equipment and medium | |
| CN112527276A (en) | Data updating method and device in visual programming tool and terminal equipment | |
| CN112685474A (en) | Application management method, device, equipment and storage medium | |
| CN112000354A (en) | Version information updating method, version information updating device, version information updating equipment and storage medium | |
| CN111488232A (en) | System and method for out-of-box solution level configuration and diagnostic logging and reporting | |
| US11159358B2 (en) | Sentry for information technology system blueprints | |
| CN112733210B (en) | Equipment identifier obtaining method and device and computer readable storage medium | |
| CN111625239B (en) | Method and device for updating virtual page instance state in SPA | |
| CN109547290B (en) | Cloud platform garbage data detection processing method, device, equipment and storage medium | |
| CN117008890B (en) | Extended application development system and method | |
| CN112069545B (en) | Permission modification method and device, computer equipment and medium | |
| CN115080355B (en) | Method and device for generating monitoring log |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |