CN116186785A - Log desensitization method, device, equipment, medium and program product - Google Patents

Log desensitization method, device, equipment, medium and program product Download PDF

Info

Publication number
CN116186785A
CN116186785A CN202310477344.0A CN202310477344A CN116186785A CN 116186785 A CN116186785 A CN 116186785A CN 202310477344 A CN202310477344 A CN 202310477344A CN 116186785 A CN116186785 A CN 116186785A
Authority
CN
China
Prior art keywords
sensitive information
data
log data
log
desensitization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310477344.0A
Other languages
Chinese (zh)
Other versions
CN116186785B (en
Inventor
黄剑铭
周虎城
俄泽琳
吴君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202310477344.0A priority Critical patent/CN116186785B/en
Publication of CN116186785A publication Critical patent/CN116186785A/en
Application granted granted Critical
Publication of CN116186785B publication Critical patent/CN116186785B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/1805Append-only file systems, e.g. using logs or journals to store data
    • G06F16/1815Journaling file systems
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Medical Informatics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Alarm Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention provides a log desensitizing method, a device, equipment, a medium and a program product, which can be applied to the technical fields of data processing and finance. The log desensitizing method comprises the following steps: responding to an alarm prompt instruction of equipment, and acquiring log data of the equipment; constructing a sensitive information tag library based on a plurality of sensitive information identifiers; wherein the identification of the plurality of sensitive information is used to characterize the type of sensitive information in the log data; and carrying out batch desensitization processing on the log data according to the sensitive information tag library.

Description

Log desensitization method, device, equipment, medium and program product
Technical Field
The present invention relates to the field of data processing and finance, and more particularly, to a log desensitizing method, apparatus, device, medium and program product.
Background
The confirmation and positioning of the alarm problem of the data center equipment requires the equipment manufacturer to obtain an analysis conclusion according to the equipment log. Manufacturers typically only pay attention to basic hardware state information in the recovered device log, and do not need assistance of partial redundant sensitive information, for example, log data derivation of sensitive information such as local area network addresses (Media Access Control Address, MAC addresses), internet protocol addresses (Internet Protocol Address, IP addresses), device ports and the like of the device is not needed for fault determination.
Currently, a data center device log data management method mainly depends on a device data storage file format which is independently developed by a limiting log data copying tool and a manufacturer. However, the loss of the log data storage medium also causes sensitive data leakage, and the format of the device data storage file researched by manufacturers is mainly used for protecting key fault log data related to research and development contents of manufacturers, and other log data related to sensitive information is not paid attention.
Disclosure of Invention
In view of the above problems, embodiments of the present invention provide a log desensitizing method, apparatus, device, medium, and program product for reducing hidden danger of leakage of sensitive information in log data of a device, which are used to at least partially solve the above technical problems.
According to a first aspect of an embodiment of the present invention, there is provided a log desensitizing method, including: responding to an alarm prompt instruction of the equipment to acquire log data of the equipment; constructing a sensitive information tag library based on a plurality of sensitive information identifiers; wherein the identification of the plurality of sensitive information is used to characterize the type of sensitive information in the log data; and carrying out batch desensitization processing on the log data according to the sensitive information tag library.
According to an embodiment of the invention, the log data of the device comprises log data of a plurality of vendors.
According to an embodiment of the present invention, constructing a sensitive information tag library based on a plurality of sensitive information identifiers includes: acquiring a plurality of sensitive information in log data; determining a regular expression corresponding to each sensitive information based on the plurality of sensitive information identifications; and constructing a mapping relation between the sensitive information and the corresponding regular expression by adopting the key value pairs to obtain a sensitive information tag library.
According to the embodiment of the invention, the method for constructing the mapping relation between the sensitive information and the corresponding regular expression by using the key value pairs, and obtaining the sensitive information tag library comprises the following steps: performing de-duplication on the total set of mapping relations according to the de-duplication rule to obtain a de-duplication result; the deduplication rule is used for representing the mapping relation between the sensitive information and the corresponding regular expression; determining a basic sensitive information tag set based on the deduplication result; the basic sensitive information label set is used for representing a set formed by the same mapping relation; determining a candidate sensitive information label set according to the mapping relation and the basic sensitive information label set; the candidate sensitive information label set is used for representing a set formed by different mapping relations; and determining a sensitive information tag library according to the basic sensitive information tag set and the candidate sensitive information tag set.
According to an embodiment of the present invention, the desensitizing the log data according to the sensitive information tag library includes: according to the basic sensitive information label set, performing primary desensitization processing on the log data to obtain first data; based on the candidate sensitive information label set, performing second desensitization processing on the first data to obtain second data; determining the emergency degree of the equipment alarm prompt; and outputting a log data desensitization processing result according to the emergency degree of the equipment alarm prompt and the second data.
According to an embodiment of the present invention, performing a second desensitization process on the first data based on the candidate sensitive information tag set, to obtain second data includes: classifying the candidate sensitive information tag sets based on different manufacturer types to obtain a plurality of classified sensitive information tag sets; determining at least one sorting sensitive information tag set according to log data of the equipment; and performing a second desensitization treatment on the first data based on at least one sorting sensitive information label set to obtain second data.
According to the embodiment of the invention, the emergency degree of the device alarm prompt comprises the following steps: both emergency and non-emergency conditions.
According to the embodiment of the invention, according to the emergency degree of the equipment alarm prompt and the second data, outputting the log data desensitization processing result comprises the following steps: and outputting second data as a log data desensitization processing result under the condition that the emergency degree of the equipment alarm prompt is non-emergency.
According to the embodiment of the invention, when the emergency degree of the equipment alarm prompt is emergency, the log data is subjected to the first desensitization processing according to the basic sensitive information tag set, and the method further comprises the following steps of: acquiring sensitive information to be relieved in a basic sensitive information tag set; and replacing the information corresponding to the sensitive information to be relieved in the first data with the log data corresponding to the sensitive information to be relieved based on the log data of the equipment.
According to an embodiment of the present invention, in a case that an emergency degree of an equipment alarm prompt is emergency, performing a second desensitization process on the first data based on at least one sorting sensitive information tag set, to obtain second data includes: determining a target sensitive information tag set based on the at least one sorting sensitive information tag set; the target sensitive information tag set is used for representing part of sensitive information of equipment research and judgment; performing second desensitization processing on the first data according to the target sensitive information label set to obtain second data; the first data comprises log data corresponding to the sensitive information to be relieved.
A second aspect of an embodiment of the present invention provides a log desensitizing apparatus, including: the acquisition module is used for responding to the alarm prompt instruction of the equipment and acquiring log data of the equipment; the processing module is used for constructing a sensitive information tag library based on a plurality of sensitive information identifiers; wherein the identification of the plurality of sensitive information is used to characterize the type of sensitive information in the log data; and the desensitization module is used for carrying out batch desensitization processing on the log data according to the sensitive information tag library.
A third aspect of an embodiment of the present invention provides an electronic device, including: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the log desensitization method described above.
A fourth aspect of an embodiment of the present invention also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described log desensitization method.
A fifth aspect of an embodiment of the present invention also provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described log desensitization method.
Drawings
The foregoing and other objects, features and advantages of the invention will be apparent from the following description of embodiments of the invention with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of a log desensitization method, apparatus, device, medium and program product according to an embodiment of the invention;
FIG. 2 schematically illustrates a flow chart of a log desensitization method according to an embodiment of the invention;
FIG. 3 schematically illustrates a flow chart of a method of constructing a library of sensitive information tags, in accordance with an embodiment of the present invention;
FIG. 4 schematically illustrates a flow chart of a method of building a library of sensitive information tags from key-value pairs according to an embodiment of the present invention;
FIG. 5 schematically illustrates a flow chart of desensitizing log data according to a sensitive information tag library according to an embodiment of the present invention;
FIG. 6 schematically illustrates a flow chart of a second desensitization process for first data according to a candidate set of sensitive information tags according to an embodiment of the present invention;
FIG. 7 schematically illustrates a flow chart of a first data process in case the urgency of the device alert prompt is urgent in accordance with an embodiment of the present invention;
FIG. 8 schematically illustrates a flow chart of a second desensitization process in the event that the urgency of the device alert prompt is urgent in accordance with an embodiment of the present invention;
FIG. 9 schematically illustrates a schematic diagram of a log desensitization method according to an embodiment of the invention;
FIG. 10 schematically shows a block diagram of a log desensitizing apparatus according to an embodiment of the invention; and
fig. 11 schematically shows a block diagram of an electronic device adapted to implement a log desensitization method according to an embodiment of the invention.
Detailed Description
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. It should be understood that the description is only illustrative and is not intended to limit the scope of the invention. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the invention. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the present invention.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
In the technical scheme of the invention, the related processes of collecting, storing, using, processing, transmitting, providing, disclosing, applying and the like of the personal information of the user all accord with the regulations of related laws and regulations, necessary security measures are adopted, and the public order harmony is not violated.
In the technical scheme of the invention, the authorization or the consent of the user is obtained before the personal information of the user is obtained or acquired.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
It should be noted that the method and the device for log desensitization of the present invention can be used for diagnosing and repairing faults of server equipment in a data center in the financial field, and can also be used for diagnosing and repairing faults of server equipment in any field except the financial field, and the application field of the method and the device for log desensitization of the present invention is not limited.
In the technical scheme of the invention, the related processes of collecting, storing, using, processing, transmitting, providing, disclosing, applying and the like of the personal information of the user all accord with the regulations of related laws and regulations, necessary security measures are adopted, and the public order harmony is not violated.
In the technical scheme of the invention, the authorization or the consent of the user is obtained before the personal information of the user is obtained or acquired.
At present, confirmation and positioning of the alarm problem of the new part of equipment in the data center requires equipment manufacturers to obtain analysis conclusion according to the equipment log. But some of the sensitive information in the device log data is redundant for diagnosis and repair of device faults. In computer equipment, abnormal alarms of components such as hard disk, memory, battery, power supply module, tape drive and the like do not need to conduct log data export of information such as MAC address, IP address, equipment port and the like of the equipment for fault judgment. In addition, vendors need to regularly recycle device log data for health checks, and usually only look at the basic hardware state information in the log data, and do not need the assistance of partial redundant sensitive information.
The log data management method of the data center equipment mainly comprises the following steps: the log data copying tool or manufacturer is limited to use the specific log data code to generate the log file with the specific file suffix, and the probability of sensitive information leakage in the log data can be reduced to a certain extent through the measures. However, in the event of loss of the log data storage medium, sensitive data contained in the log data is simultaneously leaked, such as an IP address and a MAC address, which may provide advantageous information to a network service attacker, resulting in serious loss. The device data storage file format which is self-developed by manufacturers is mostly characterized in that key fault log data related to research and development contents of the manufacturers are protected, and other log data related to sensitive information is not paid attention.
The embodiment of the invention provides a log desensitizing method, which comprises the steps of responding to an alarm prompt instruction of equipment and acquiring log data of the equipment; constructing a sensitive information tag library based on a plurality of sensitive information identifiers; wherein the identification of the plurality of sensitive information is used to characterize the type of sensitive information in the log data; and carrying out batch desensitization processing on the log data according to the sensitive information tag library.
FIG. 1 schematically illustrates an application scenario diagram for log desensitization according to an embodiment of the invention.
As shown in fig. 1, an application scenario 100 according to this embodiment may include a first terminal device 101, a second terminal device 102, a third terminal device 103, a network 104, and a server 105. The network 104 is a medium used to provide a communication link between the first terminal device 101, the second terminal device 102, the third terminal device 103, and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the first terminal device 101, the second terminal device 102, the third terminal device 103, to receive or send messages etc. Various communication client applications, such as a shopping class application, a web browser application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only) may be installed on the first terminal device 101, the second terminal device 102, and the third terminal device 103.
The first terminal device 101, the second terminal device 102, the third terminal device 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by the user using the first terminal device 101, the second terminal device 102, and the third terminal device 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the credit adjustment method provided in the embodiment of the present invention may be generally executed by the server 105. Accordingly, the credit adjustment device provided in the embodiment of the present invention may be generally disposed in the server 105. The credit adjustment method provided by the embodiment of the present invention may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103 and/or the server 105. Accordingly, the credit adjustment device provided in the embodiment of the present invention may be disposed in a server or a server cluster different from the server 105 and capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103 and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The log desensitizing method of the disclosed embodiment will be described in detail below by fig. 2 to 9 based on the scenario described in fig. 1.
Fig. 2 schematically shows a flow chart of a log desensitization method according to an embodiment of the invention.
As shown in FIG. 2, the log desensitizing method of the embodiment includes operations S210-S230.
In operation S210, log data of the device is acquired in response to an alarm prompt instruction of the device.
Wherein the log data of the device includes log data of a plurality of vendors.
Specifically, the log is information recorded by a computer system, a device, software, and the like under certain conditions, including a system log, an application log, a security log, and the like. In a complete information system, the stored log information is very important, and when a problem occurs in the system, the log is equivalent to the work record of the day of the system; the operation and maintenance manager can analyze the whole system through the logs, find the root cause of the problem, find traces left by an attacker and the like. The overall operation condition and the safety condition of the system can be known through the log.
It is difficult for a certain security manufacturer in the device to cover all security products, so that the current situation that multiple types of security sub-devices are deployed in the same network environment is formed. I.e. sub-devices with different security vendors in each device. Thus one device has log data for multiple vendors.
The alert prompt for the device is a state when the server device of the data center fails or is checked for health. The staff of the data center will perform the desensitization process of the following operation steps on the original log data in the equipment to be checked or failed.
In operation S220, a sensitive information tag library is constructed based on the plurality of sensitive information identifiers; wherein the identification of the plurality of sensitive information is used to characterize the type of sensitive information in the log data.
In some embodiments, the sensitive information in the log data of the data center device may include device IP address, MAC address, port, gateway address, link address, and the like. For example, sensitive information: the identification of the equipment IP address is the equipment IP address and sensitive information: the identification of the MAC address is a MAC address, and each sensitive information identification represents one type of sensitive information data. And integrating various types of sensitive information data to construct a sensitive information tag library. It should be noted that, although the types of the sensitive information in the embodiments of the present invention are described above by way of specific examples, the types of the sensitive information in the embodiments of the present invention are not limited thereto.
In operation S230, batch desensitization processing is performed on the log data according to the sensitive information tag library.
Specifically, desensitization refers to deleting or blurring private and sensitive information in data, so that the private information is prevented from being exposed. And writing a replacement execution sample, carrying out batch matching on sensitive information in log data of the equipment according to sensitive information identification in a sensitive information tag library, masking the matched sensitive information by using special symbols (such as 'x'), and finally outputting the desensitized log data.
And transferring the log data of the equipment after the desensitization treatment to a manufacturer for maintenance or health check work. The log data desensitization processing method of the embodiment of the invention is a processing method performed before log data of equipment leaves a data center.
It can be understood that the method of the embodiment of the invention is aimed at desensitizing the log data of the equipment, so that when the log data leaves the data center to a manufacturer, the log data of the equipment is desensitized, and the hidden danger of log data leakage of the equipment is reduced. Meanwhile, by establishing a tag library, batch desensitization operation can be carried out on different types of log data in the equipment at the same time, and the log data desensitization efficiency of the equipment is improved. The applicability of the method is improved.
Fig. 3 schematically shows a flow chart of a method of constructing a library of sensitive information tags according to an embodiment of the present invention.
As shown in fig. 3, the construction of the sensitive information tag library based on the multiple sensitive information identifiers in this embodiment includes operations S310 to S330.
In operation S310, a plurality of sensitive information in log data is acquired.
In some embodiments, since the device contains log data of multiple vendors, the corresponding sensitive information in each vendor log data is not the same. Sensitive information in log data of each manufacturer is obtained, and the log data can be subjected to desensitization treatment more widely and strictly.
In operation S320, a regular expression corresponding to each sensitive information is determined based on the plurality of sensitive information identifications.
Illustratively, as shown in Table 1, for sensitive information that is involved in log data for each vendor, a corresponding regular expression design is performed. Wherein multiple vendors may contain the same sensitive information identification, and thus the sensitive information and corresponding regular expressions in multiple vendors may be the same.
TABLE 1 regular expression examples corresponding to different vendor sensitive information
Figure SMS_1
In operation S330, a mapping relationship between the sensitive information and the corresponding regular expression is constructed by using the key value pairs, so as to obtain a sensitive information tag library.
In some embodiments, the sensitive information and corresponding policy expressions in table 1 are taken as an example. For example, S a1 Sensitive information representing equipment IP address in manufacturer A, and regular expression corresponding to equipment IP address is R a1 S is then a1 and Ra1 Other mapping relationships between the sensitive information and the corresponding regular expressions are as above, and are not described herein. The following key value pairs are adopted for representing according to the sensitive information and the corresponding regular expression: {<S a1 ,R a1 >,<S b1 ,R b1 >,<S c1 ,R c1 >……}。
It can be understood that key value pairs are constructed aiming at a plurality of sensitive information and corresponding regular expressions to form a one-to-one correspondence, so that the corresponding regular expressions can be obtained according to the sensitive information in the subsequent desensitization, and the desensitization processing efficiency is improved.
FIG. 4 schematically illustrates a flow chart of a method of building a library of sensitive information tags from key-value pairs according to an embodiment of the present invention.
As shown in fig. 4, in the embodiment, the mapping relationship between the sensitive information and the corresponding regular expression is constructed by using the key value pairs, and the obtaining of the sensitive information tag library includes operations S410 to S440.
In operation S410, the total set of mapping relationships is de-duplicated according to the de-duplication rule, so as to obtain a de-duplication result; the deduplication rule is used for representing the mapping relation that the sensitive information and the corresponding regular expression are the same.
In some embodiments, multiple vendors may have the same sensitive information identification, i.e., sensitive information S of the IP address of the device in vendor A a1 And corresponding regular expression R a1 Sensitive information S of IP address of equipment in manufacturer C c1 And corresponding regular expression R c1 Key value pair<S a1 ,R a1> and <Sc1 ,R c1 >the mapping relation of (3) is the same. Thus, the mapping relationship of sensitive information and corresponding regular expressions in multiple vendors is the same. And removing the key value pairs with the same mapping relation.
Determining a basic sensitive information tag set based on the deduplication result in operation S420; the basic sensitive information label set is used for representing the set formed by the same mapping relation.
In some embodiments, the unique mapping relationship of the plurality of key-value pairs contained in the deduplication rule is used as the basic set of sensitive information labels. Since the sensitive information and the corresponding regular expression are the same, one type of sensitive information identification and one type of corresponding regular expression can be confirmed. The repeated mapping relation is reserved only for one operation, so that the storage space of data is saved.
In operation S430, a candidate sensitive information tag set is determined according to the mapping relationship and the basic sensitive information tag set; the candidate sensitive information label set is used for representing a set formed by different mapping relations.
In some embodiments, the sensitive information tag library obtained according to the mapping relation contains a total amount of sensitive information and a corresponding regular expression, the sensitive information tag library is used as a whole set, the basic sensitive information tag set is used as a subset, the subset is located at the whole set, and the candidate sensitive information tag set is used as a complement. The candidate sensitive information tag set contains all mappings of a plurality of vendors except for a common mapping. The mapping relation is divided into a basic sensitive information label set and a candidate sensitive information label set, so that the corresponding label set can be selected for desensitization in a targeted manner later, and the desensitization efficiency is quickened.
In operation S440, a sensitive information tag library is determined from the basic sensitive information tag set and the candidate sensitive information tag set.
In some embodiments, the basic set of sensitive information tags and the candidate set of sensitive information tags are combined to form a library of sensitive information tags.
Fig. 5 schematically shows a flow chart of a method of constructing a library of sensitive information tags according to an embodiment of the present invention.
As shown in fig. 5, according to the sensitive information tag library, the desensitizing processing of the log data includes operations S510 to S540.
In operation S510, the log data is subjected to a first desensitization process according to the basic sensitive information tag set, to obtain first data.
It will be appreciated that the desensitization of the basic sensitive information is performed on the log data of the device according to the basic sensitive information tag set, and the desensitization operation is facilitated on log data which are difficult to audit in different forms.
In operation S520, a second desensitization process is performed on the first data based on the candidate sensitive information tag set, to obtain second data.
It can be understood that the second desensitization is performed according to the candidate sensitive information tag set, so that the desensitization can be performed on the non-common sensitive information of different manufacturers, the repeated desensitization is prevented, and the accuracy and the universality of the desensitization of the log data are improved.
In operation S530, the degree of urgency of the device alert prompt is determined.
The emergency degree of the equipment alarm prompt comprises the following steps: both emergency and non-emergency conditions.
In some embodiments, in the event of a failure of the device, data center personnel are dependent on the condition of the device usage. For example, if the device needs to be used on the day or the next day, an alarm is prompted to be in an emergency state; the equipment does not need to be used the next day and can return after being maintained for a period of time, and the alarm prompt is in a non-emergency state. A preset threshold value of the equipment use time can be set, and if the actual threshold value of the equipment use time is smaller than or equal to the preset threshold value, the emergency state is judged; and if the actual threshold value of the equipment using time is larger than the preset threshold value, judging that the equipment is in a non-emergency state.
It should be noted that, the preset threshold may be adjusted and set according to the type of the data center device, and the embodiment of the present invention does not specifically limit the size of the specific preset threshold.
In operation S540, a log data desensitization processing result is output according to the urgency of the device alert cue and the second data.
Under the condition that the emergency degree of the equipment alarm prompt is non-emergency, outputting second data as a log data desensitization processing result; when the equipment alarm prompt is urgent, refer to the following processing operations S950 to S980.
FIG. 6 schematically illustrates a flow chart of a second desensitization process for first data according to a candidate set of sensitive information tags, according to an embodiment of the invention.
As shown in fig. 6, in the embodiment, based on the candidate sensitive information tag set, the second desensitization process is performed on the first data, so as to obtain second data, which includes operations S610 to S630.
In operation S610, the candidate sensitive information tag sets are classified based on different vendor types, resulting in a plurality of sorted sensitive information tag sets.
For example, categorizing different vendors in a candidate sensitive information tag set:
vendor A {<S a2 ,R a2 >……};
Vendor B- {<S b1 ,R b1 >……};
Vendor C {<S c2 ,R c2 >……};
Wherein the duplicate mapping relationship is removed from the candidate sensitive information tag set as in operation S410 above <S a1 ,R a1> and <Sc1 ,R c1 >therefore, vendor A does not include<S a1 ,R a1 >Manufacturer C does not include<S c1 ,R c1 >. For multiple vendors, no other duplicate mappings are placed in the candidate sensitive information tag set.
In operation S620, at least one sorting sensitive information tag set is determined from log data of the device.
In some embodiments, since a data center contains multiple devices, different vendors of sorting sensitive information tag sets are stored in each device, and the number of sorting sensitive information tag sets needed in each desensitized device log data is less than the total sorting sensitive information tag set storage. In general, a type of equipment can be provided by a plurality of manufacturers, after the basic sensitive information is desensitized, other sensitive information in the log data can also comprise sensitive information of the plurality of manufacturers (besides the sensitive information shared by the plurality of manufacturers is required to be desensitized in the log data of one manufacturer, the specific sensitive information of the manufacturer to which the equipment belongs is also required to be desensitized), so that a sorting sensitive information tag set of the corresponding manufacturer needs to be selected according to other sensitive information except the basic sensitive information in the log data. The manufacturer type in one device is clear, and after the manufacturer type of the device is acquired, a sorting sensitive information label set of the corresponding manufacturer can be selected according to the acquired information.
It can be understood that the corresponding sorting sensitive information label set is selected according to the manufacturer type of the desensitization equipment, redundant sorting sensitive information label sets are removed, and the desensitization processing efficiency is accelerated.
In operation S630, a second desensitization process is performed on the first data based on the at least one sorted sensitive information label set, resulting in second data.
Fig. 7 schematically shows a flowchart of a first data process in case the urgency of the device alert cue is urgent, according to an embodiment of the present invention.
As shown in fig. 7, in the case that the emergency degree of the device alarm prompt is emergency, according to the basic sensitive information tag set, the first desensitization processing is performed on the log data, and operations S710 to S720 are further included after the first data is obtained.
In operation S710, information to be desensitized in a basic sensitive information tag set is acquired.
In some embodiments, in an emergency, a manufacturer needs to have a large range for log data maintained by the device, so that time waste caused by copying the log data back and forth is avoided, and the manufacturer is ensured to be able to check the device as soon as possible according to the desensitized log data. The staff of the data center can select and remove the sensitive information of the relevant part in the log data according to the manufacturer's requirements, so that the relevant data required by the maintenance of the manufacturer are ensured to be in the second data.
In operation S720, based on the log data of the device, the log data corresponding to the information to be desensitized is replaced with the information corresponding to the information to be desensitized in the first data.
In some embodiments, the information about to be desensitized in the first data is masked as already desensitized. Therefore, the part of the sensitive information to be relieved corresponding to the original content of the log data is replaced with the shielded content, so that the first data information is updated, and the first data containing the sensitive information to be relieved is obtained.
Fig. 8 schematically shows a flow chart of a second desensitization process in case the urgency of the device alert cues is urgent according to an embodiment of the invention.
As shown in fig. 8, in the case that the emergency degree of the device alarm prompt is emergency, the second desensitization processing is performed on the first data based on at least one sorting sensitive information tag set, and the obtaining of the second data includes operations S810 to S820.
In operation S810, determining a target sensitive information tag set based on at least one sort sensitive information tag set; the target sensitive information tag set is used for representing part of sensitive information of equipment research judgment.
In some embodiments, if the sensitive information to be released by the manufacturer exists in the sorting sensitive information tag set, the mapping relation of the sensitive information to be recovered corresponding to the sorting sensitive information tag set can be directly removed during the second desensitization processing, and the mapping relation of the unwanted sensitive information is reserved for desensitization shielding. Can directly not desensitize the needed sensitive information, and does not need to be relieved after desensitization.
In operation S820, a second desensitization process is performed on the first data according to the target sensitive information tag set, to obtain second data.
The first data comprises log data corresponding to the sensitive information to be relieved. The target sensitive information label set does not contain the mapping relation corresponding to sensitive information which needs to be relieved by manufacturers.
It should be noted that, in an emergency situation, if the manufacturer has a requirement on the mapping relationship between the basic sensitive information tag set and the sorting sensitive information tag set, operations S710 to S720 and operations S810 to S820 need to be performed. If the manufacturer only needs to recover the relevant sensitive information for the mapping relation in the basic sensitive information label set, operations S710-S720 are executed. If the manufacturer only has a need to select the mapping relationship in the sensitive information tag set, operations S810 to S820 are required to be performed. The execution operation may be selected according to the specific case.
Fig. 9 schematically shows a schematic diagram of a log desensitization method according to an embodiment of the invention.
For a better understanding of the present invention, embodying continuity between operations, two desensitizations of log data in an emergency are described in connection with fig. 9. As shown in fig. 9, in an emergency, the two desensitizations of the log data of this embodiment include operations S910 to S970.
In operation S910, the log data is first desensitized based on the basic sensitive information tag set to obtain first data.
In operation S920, an urgency level of the device alert prompt is determined.
In case the degree of urgency of the device alert cue is non-urgent, operation S930 is performed.
In operation S930, a second desensitization process is performed on the first data based on the at least one sorted sensitive information label set to obtain second data.
The selection and confirmation of the sorting sensitive information tag set is as described in operation S610 to operation S630.
And if the emergency degree of the equipment alarm prompt is emergency, executing operations S940-S970.
In operation S940, information to be desensitized in the basic sensitive information tag set is acquired.
In operation S950, based on the log data of the device, the log data corresponding to the information to be desensitized is replaced with the information corresponding to the information to be desensitized in the first data.
Operation S940 corresponds to operation S710, operation S950 corresponds to operation S720, and the operation numbers are changed to show the continuity of the operation.
In operation S960, determining a target sensitive information tag set based on the at least one sort sensitive information tag set; the target sensitive information tag set is used for representing part of sensitive information of equipment research judgment.
In operation S970, the first data is subjected to a second desensitization process according to the target sensitive information tag set, resulting in second data.
The first data comprises log data corresponding to the sensitive information to be relieved. Operation S960 corresponds to the operation of operation S810 described above, operation S970 corresponds to the operation of operation S820 described above, and the operation numbers are changed to embody the continuity of the operation.
Based on the log desensitizing method, the invention also provides a log desensitizing device. The device will be described in detail below in connection with fig. 10.
Fig. 10 schematically shows a block diagram of the structure of the log desensitizing apparatus according to the embodiment of the present invention.
As shown in fig. 10, the log desensitizing apparatus 800 of this embodiment includes an acquisition module 810, a processing module 820, and a desensitizing module 830.
The obtaining module 810 is configured to obtain log data of the device in response to an alarm prompt instruction of the device. In an embodiment, the obtaining module 810 may be configured to perform the operation S210 described above, which is not described herein.
The processing module 820 is configured to construct a sensitive information tag library based on the plurality of sensitive information identifiers; wherein the identification of the plurality of sensitive information is used to characterize the type of sensitive information in the log data. In an embodiment, the processing module 820 may be configured to perform the operation S220 described above, which is not described herein.
The desensitizing module 830 is configured to perform batch desensitizing processing on the log data according to the sensitive information tag library. In an embodiment, the desensitizing module 830 may be used to perform the operation S230 described above, which is not described herein.
Any of the acquisition module 810, the processing module 820, and the desensitizing module 830 may be combined in one module to be implemented, or any of them may be split into a plurality of modules, according to an embodiment of the present invention. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the invention, at least one of the acquisition module 810, the processing module 820 and the desensitizing module 830 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or in hardware or firmware in any other reasonable way of integrating or packaging the circuitry, or in any one of or a suitable combination of three of software, hardware and firmware. Alternatively, at least one of the acquisition module 810, the processing module 820 and the desensitization module 830 may be at least partially implemented as computer program modules which, when executed, perform the respective functions.
Fig. 11 schematically shows a block diagram of an electronic device adapted to implement a log desensitization method according to an embodiment of the invention.
As shown in fig. 11, an electronic device 900 according to an embodiment of the present invention includes a processor 901 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 902 or a program loaded from a storage section 908 into a Random Access Memory (RAM) 903. The processor 901 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Processor 901 may also include on-board memory for caching purposes. Processor 901 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the invention.
In the RAM 903 of the present invention, various programs and data required for the operation of the electronic device 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other by a bus 904. The processor 901 performs various operations of the method flow according to an embodiment of the present invention by executing programs in the ROM 902 and/or the RAM 903. Note that the program may be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flow according to embodiments of the present invention by executing programs stored in one or more memories.
According to an embodiment of the invention, the electronic device 900 may also include an input/output (I/O) interface 905, the input/output (I/O) interface 905 also being connected to the bus 904. The electronic device 900 may also include one or more of the following components connected to the I/O interface 905: an input section 906 including a keyboard, a mouse, and the like; an output portion 907 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage portion 908 including a hard disk or the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as needed. Removable media 911 such as magnetic disks, optical disks, magneto-optical disks, semiconductor memory, etc., is mounted on the drive 910 as needed, so that the computer program read out therefrom is installed into the storage section 908 as needed.
The present invention also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present invention.
According to embodiments of the present invention, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the invention, the computer-readable storage medium may include ROM 902 and/or RAM 903 and/or one or more memories other than ROM 902 and RAM 903 described above.
Embodiments of the present invention also include a computer program product comprising a computer program containing program code for performing the method shown in the flowcharts. The program code means for causing a computer system to carry out the method for recommending items provided by the embodiment of the invention when the computer program product is run in the computer system.
The above-described functions defined in the system/apparatus of the embodiment of the present invention are performed when the computer program is executed by the processor 901. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the invention.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed, and downloaded and installed in the form of a signal on a network medium, via communication portion 909, and/or installed from removable medium 911. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from the network via the communication portion 909 and/or installed from the removable medium 911. The above-described functions defined in the system of the embodiment of the present invention are performed when the computer program is executed by the processor 901. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the invention.
According to embodiments of the present invention, program code for carrying out computer programs provided by embodiments of the present invention may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or in assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, the modules, segments, or portions of code described above contain one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the invention can be combined in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the present invention. In particular, the features recited in the various embodiments of the invention can be combined and/or combined in various ways without departing from the spirit and teachings of the invention. All of these combinations and/or combinations all falling within the scope of the invention.
The above is directed to the present invention the embodiments are described. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present invention. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the invention, and such alternatives and modifications are intended to fall within the scope of the invention.

Claims (14)

1. A log desensitization method, comprising:
responding to an alarm prompt instruction of equipment, and acquiring log data of the equipment;
constructing a sensitive information tag library based on a plurality of sensitive information identifiers; wherein the identification of the plurality of sensitive information is used to characterize the type of sensitive information in the log data; and
And carrying out batch desensitization processing on the log data according to the sensitive information tag library.
2. The method of claim 1, wherein the log data of the device comprises log data of a plurality of vendors.
3. The method of claim 1, wherein the constructing a sensitive information tag library based on the plurality of sensitive information identifications comprises:
acquiring a plurality of sensitive information in the log data;
determining a regular expression corresponding to each sensitive information based on a plurality of sensitive information identifiers; and
and constructing a mapping relation between the sensitive information and the corresponding regular expression by adopting key value pairs to obtain the sensitive information tag library.
4. The method of claim 3, wherein constructing a mapping relationship between the sensitive information and the corresponding regular expression using key-value pairs to obtain the sensitive information tag library comprises:
performing de-duplication on the mapping relation total set according to a de-duplication rule to obtain a de-duplication result; the de-duplication rule is used for representing the mapping relation between the sensitive information and the corresponding regular expression;
determining a basic sensitive information tag set based on the deduplication result; wherein, the basic sensitive information label set is used for representing a set formed by the same mapping relation;
Determining a candidate sensitive information label set according to the mapping relation and the basic sensitive information label set; the candidate sensitive information label set is used for representing a set formed by different mapping relations; and
and determining the sensitive information tag library according to the basic sensitive information tag set and the candidate sensitive information tag set.
5. The method of claim 4, wherein desensitizing the log data according to the sensitive information tag library comprises:
according to the basic sensitive information label set, performing primary desensitization processing on the log data to obtain first data;
based on the candidate sensitive information label set, performing second desensitization processing on the first data to obtain second data;
determining the emergency degree of the equipment alarm prompt;
and outputting a log data desensitization processing result according to the emergency degree of the equipment alarm prompt and the second data.
6. The method of claim 5, wherein said performing a second desensitization process on said first data based on said candidate set of sensitive information tags to obtain second data comprises:
classifying the candidate sensitive information tag sets based on different manufacturer types to obtain a plurality of classified sensitive information tag sets;
Determining at least one sorting sensitive information tag set according to log data of the equipment;
and performing a second desensitization treatment on the first data based on the at least one sorting sensitive information label set to obtain second data.
7. The method of claim 6, wherein the urgency of the device alert prompt comprises: both emergency and non-emergency conditions.
8. The method of claim 7, wherein the outputting log data desensitization processing results according to the urgency of the device alert cue and the second data comprises:
and outputting the second data as a desensitization processing result of the log data under the condition that the emergency degree of the equipment alarm prompt is non-emergency.
9. The method according to claim 7, wherein, in the case that the emergency degree of the device alarm prompt is emergency, the performing, according to the basic sensitive information tag set, the first desensitization processing on the log data, to obtain first data, further includes:
acquiring the information to be relieved in the basic sensitive information tag set;
and replacing the information corresponding to the sensitive information to be relieved in the first data with the log data corresponding to the sensitive information to be relieved based on the log data of the equipment.
10. The method of claim 9, wherein, in the case where the urgency of the device alert prompt is urgent, the performing a second desensitization process on the first data based on the at least one set of the sorting sensitive information tags, to obtain second data includes:
determining a target sensitive information tag set based on the at least one sorting sensitive information tag set; the target sensitive information tag set is used for representing part of sensitive information of equipment research and judgment;
performing a second desensitization treatment on the first data according to the target sensitive information label set to obtain second data;
the first data comprises log data corresponding to the information to be relieved.
11. A log desensitizing apparatus, comprising:
the acquisition module is used for responding to an alarm prompt instruction of the equipment and acquiring log data of the equipment;
the processing module is used for constructing a sensitive information tag library based on a plurality of sensitive information identifiers; wherein the identification of the plurality of sensitive information is used to characterize the type of sensitive information in the log data; and
and the desensitization module is used for carrying out batch desensitization processing on the log data according to the sensitive information tag library.
12. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-10.
13. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-10.
14. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1-10.
CN202310477344.0A 2023-04-28 2023-04-28 Log desensitization method, device, equipment, medium and program product Active CN116186785B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310477344.0A CN116186785B (en) 2023-04-28 2023-04-28 Log desensitization method, device, equipment, medium and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310477344.0A CN116186785B (en) 2023-04-28 2023-04-28 Log desensitization method, device, equipment, medium and program product

Publications (2)

Publication Number Publication Date
CN116186785A true CN116186785A (en) 2023-05-30
CN116186785B CN116186785B (en) 2023-07-25

Family

ID=86434922

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310477344.0A Active CN116186785B (en) 2023-04-28 2023-04-28 Log desensitization method, device, equipment, medium and program product

Country Status (1)

Country Link
CN (1) CN116186785B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111339559A (en) * 2020-02-25 2020-06-26 北京同邦卓益科技有限公司 Data processing method and device for desensitizing log
WO2020233013A1 (en) * 2019-05-20 2020-11-26 平安普惠企业管理有限公司 Data processing method and device, and storage medium
CN112307512A (en) * 2020-11-11 2021-02-02 银清科技有限公司 Log desensitization method, device and storage medium
CN113722758A (en) * 2021-08-31 2021-11-30 平安科技(深圳)有限公司 Log desensitization method and device, computer equipment and storage medium
WO2023015670A1 (en) * 2021-08-12 2023-02-16 广东艾檬电子科技有限公司 Method and apparatus for desensitizing log content, device and medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020233013A1 (en) * 2019-05-20 2020-11-26 平安普惠企业管理有限公司 Data processing method and device, and storage medium
CN111339559A (en) * 2020-02-25 2020-06-26 北京同邦卓益科技有限公司 Data processing method and device for desensitizing log
CN112307512A (en) * 2020-11-11 2021-02-02 银清科技有限公司 Log desensitization method, device and storage medium
WO2023015670A1 (en) * 2021-08-12 2023-02-16 广东艾檬电子科技有限公司 Method and apparatus for desensitizing log content, device and medium
CN113722758A (en) * 2021-08-31 2021-11-30 平安科技(深圳)有限公司 Log desensitization method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN116186785B (en) 2023-07-25

Similar Documents

Publication Publication Date Title
US11449379B2 (en) Root cause and predictive analyses for technical issues of a computing environment
US11036867B2 (en) Advanced rule analyzer to identify similarities in security rules, deduplicate rules, and generate new rules
US9659175B2 (en) Methods and apparatus for identifying and removing malicious applications
CN109361711B (en) Firewall configuration method and device, electronic equipment and computer readable medium
US20170124502A1 (en) Selecting key performance indicators for anomaly detection analytics
US20080168531A1 (en) Method, system and program product for alerting an information technology support organization of a security event
US12015648B2 (en) Information security compliance platform
WO2007022363A2 (en) Conformance authority reconciliation
CN114358147B (en) Training method, recognition method, device and equipment for abnormal account recognition model
US10264011B2 (en) Persistent cross-site scripting vulnerability detection
WO2023104791A1 (en) Combining policy compliance and vulnerability management for risk assessment
WO2022265803A1 (en) Likelihood assessment for security incident alerts
CN109067587B (en) Method and device for determining key information infrastructure
US11775654B2 (en) Anomaly detection with impact assessment
CN113282458A (en) Anti-flash-back method and device for application program, electronic equipment and storage medium
CN116186785B (en) Log desensitization method, device, equipment, medium and program product
US10970415B2 (en) Sensitive data redaction in memory dump
CN110070383B (en) Abnormal user identification method and device based on big data analysis
CN108197041B (en) Method, device and storage medium for determining parent process of child process
CN115758359A (en) API abnormal call detection method, device, equipment and storage medium
CN114637689A (en) Application evaluation method, device, equipment and storage medium
US11763014B2 (en) Production protection correlation engine
CN114443721A (en) Data processing method and device, electronic equipment and storage medium
CN113590425B (en) Data processing method, apparatus, device, medium, and program product
US11853173B1 (en) Log file manipulation detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant