CN116561059A - Data file operation method, system, equipment and storage medium of network shooting range - Google Patents
Data file operation method, system, equipment and storage medium of network shooting range Download PDFInfo
- Publication number
- CN116561059A CN116561059A CN202310465204.1A CN202310465204A CN116561059A CN 116561059 A CN116561059 A CN 116561059A CN 202310465204 A CN202310465204 A CN 202310465204A CN 116561059 A CN116561059 A CN 116561059A
- Authority
- CN
- China
- Prior art keywords
- data file
- classified
- subsystem
- target
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 93
- 238000012795 verification Methods 0.000 claims abstract description 69
- 238000000605 extraction Methods 0.000 claims abstract description 30
- 230000000694 effects Effects 0.000 claims description 70
- 238000012790 confirmation Methods 0.000 claims description 19
- 230000008569 process Effects 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 12
- 238000013500 data storage Methods 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 7
- 238000012986 modification Methods 0.000 claims description 6
- 230000004048 modification Effects 0.000 claims description 6
- 238000005516 engineering process Methods 0.000 description 13
- 238000004891 communication Methods 0.000 description 11
- 238000012360 testing method Methods 0.000 description 9
- 238000010801 machine learning Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 7
- 238000013473 artificial intelligence Methods 0.000 description 6
- 230000007123 defense Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 239000000523 sample Substances 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000011017 operating method Methods 0.000 description 3
- 230000008685 targeting Effects 0.000 description 3
- 238000012549 training Methods 0.000 description 3
- 102100026278 Cysteine sulfinic acid decarboxylase Human genes 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 108010064775 protein C activator peptide Proteins 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000013145 classification model Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000008260 defense mechanism Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/11—File system administration, e.g. details of archiving or snapshots
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/172—Caching, prefetching or hoarding of files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Artificial Intelligence (AREA)
- Databases & Information Systems (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Computation (AREA)
- Software Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Evolutionary Biology (AREA)
- Medical Informatics (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the application provides a data file operation method, a system, equipment and a storage medium for a network shooting range, and belongs to the technical field of data file classification. The method comprises the following steps: acquiring a data file to be classified of a network target range; carrying out data file feature extraction operation on the data files to be classified to obtain feature query information; verifying the characteristic query information according to a pre-stored matching rule in a rule database, if verification is successful, determining a target subsystem of the data file to be classified, acquiring authority information of the data file to be classified in the target subsystem, and performing authority setting; if verification fails, acquiring the requirement subsystem, sending the data file to be classified to the requirement subsystem, acquiring a real-time matching rule generated by the requirement subsystem aiming at the data file to be classified, and storing the real-time matching rule into a rule database. According to the method and the device, the accuracy and the efficiency of classification of the network target range data files can be improved, and meanwhile misoperation of the data files is prevented.
Description
Technical Field
The present disclosure relates to the field of data file operation technologies, and in particular, to a method, a system, an apparatus, and a storage medium for operating a data file in a network target range.
Background
The network Range (Cyber Range) is a technology or product for simulating and reproducing the running states and running environments of network architecture, system equipment and business processes in real network space based on a virtualization technology, so as to more effectively realize the actions of learning, researching, checking, competition, exercise and the like related to network safety, thereby improving the network safety countermeasure level of personnel and institutions.
Currently, in each network target range, a large number of data files exist, and the data files are various in variety, different in type characteristics and different in correlation degree with activities. In general, the requirements of the various heterogeneous platforms in the network shooting range for the data files in the network shooting range are quite different, however, the large number of data files causes the difficulty of file management to be increased, and the problem of data file authority among parties is also involved, such as some importance files do not want to be changed by other party at will.
In the related art, data files are generally classified by using the inherent characteristics of the files (such as file extensions), and such classification modes generally cannot accurately classify the data files according to requirements, so that the accuracy and the efficiency of data file classification are low.
Disclosure of Invention
The embodiment of the application mainly aims to provide a data file operation method, a system, equipment and a storage medium of a network shooting range, which can improve the accuracy and efficiency of classification of the data files of the network shooting range and prevent misoperation of the data files.
To achieve the above object, a first aspect of an embodiment of the present application provides a method for operating a data file of a network target, where the method includes: acquiring a data file to be classified of a network target range, wherein the network target range comprises at least one subsystem, and the operation authority of each subsystem on the data file to be classified is different; performing data file feature extraction operation on the data files to be classified to obtain feature query information; verifying the characteristic query information according to a pre-stored matching rule in a rule database, if verification is successful, determining a target subsystem of the data file to be classified, acquiring authority information of the data file to be classified in the target subsystem, and performing authority setting, wherein the matching rule is a pre-acquired matching rule of at least one subsystem, and the target subsystem comprises one or more subsystems; if verification fails, acquiring a requirement subsystem, sending the data file to be classified to the requirement subsystem, acquiring a real-time matching rule generated by the requirement subsystem aiming at the data file to be classified, and storing the real-time matching rule into the rule database.
In some embodiments, the performing a data file feature extraction operation on the data file to be classified to obtain feature query information includes: acquiring a storage path of the data file to be classified; analyzing the storage path to obtain a target field, a target extension and a target activity number; and generating the characteristic query information according to the target field, the target extension and the target activity number.
In some embodiments, the matching rule includes a home tag, where the home tag is used to characterize the subsystem corresponding to the matching rule, and the verifying the feature query information according to the matching rule stored in the rule database in advance, and if verification is successful, determining the target subsystem of the data file to be classified includes: selecting the matching rules one by one in the rule database to match, and judging whether the matching rules contain the characteristic query information or not; if the matching rule contains the characteristic query information, the verification is successful, the matching rule is used as a target rule, and the subsystem of the target rule is determined to be the target subsystem according to the attribution label of the target rule.
In some embodiments, if the verification fails, acquiring a requirement subsystem and sending the data file to be classified to the requirement subsystem, and acquiring a real-time matching rule generated by the requirement subsystem for the data file to be classified includes: if each matching rule in the rule database does not contain the characteristic query information, the verification fails; sending a file attribution confirmation request to each subsystem, receiving a confirmation result generated by the subsystem in response to the file attribution confirmation request, and determining the demand subsystem according to the confirmation result; and acquiring a real-time matching rule generated by the requirement subsystem aiming at the data file to be classified.
In some embodiments, the process of generating the matching rules by the subsystem includes the steps of: acquiring an activity number and an extension of a data file; acquiring name features of the data file, wherein the name features comprise: folder information and/or file name information; acquiring a file category of the data file, and acquiring a specific field of the data file based on the file category and the name characteristic; and generating the matching rule for the data file according to the activity number, the specific field and the extension.
In some embodiments, the acquiring the activity number of the data file includes: acquiring a subsystem number corresponding to the data file, an activity type number corresponding to the data file and an execution number corresponding to the data file; generating an activity number according to a subsystem number corresponding to the data file, an activity type number corresponding to the data file and an execution number corresponding to the data file, wherein the activity number is used for representing activity information corresponding to the data file, and the activity number is a unique value.
In some embodiments, if the matching rule includes the feature query information, the verification is successful, including: inquiring the target field, the target extension and the target activity number in the matching rule to obtain an inquiry result; and if the query result represents that at least two of the target field, the target extension and the target activity number exist in the matching rule, the feature query information is contained in the matching rule, and the feature query information is successfully verified.
In some embodiments, the obtaining the authority information of the data file to be classified in the target subsystem and performing authority setting include: sending a permission generation request to the target subsystem, and receiving permission information of the data file to be classified, which is sent by the target subsystem in response to the permission generation request; and performing authority setting on the data files to be classified according to the authority information, wherein the authority information comprises one of complete control, write permission, read permission and modification permission.
In some embodiments, the process of generating real-time matching rules for the data files to be classified by the demand subsystem includes: acquiring an activity number to be classified and an extension name to be classified of the data file to be classified; obtaining the name feature to be classified of the data file to be classified, wherein the name feature to be classified comprises: folder information to be classified and/or file name information to be classified; acquiring a to-be-classified file category of the to-be-classified data file, and extracting a to-be-classified specific field of the to-be-classified data file based on the to-be-classified file category and the to-be-classified name feature; and generating the real-time matching rule for the data file to be classified according to the activity number to be classified, the specific field to be classified and the extension name to be classified.
In some embodiments, before the storing the real-time matching rules in the rules database, the method further comprises: acquiring an update data file, wherein the update data file meets the real-time matching rule; performing data file feature extraction operation on the updated data file to obtain updated feature query information; verifying the updated characteristic query information to obtain a verification result, and determining a verification subsystem of the updated data file; and if the verification subsystem is consistent with the demand subsystem, the verification of the real-time matching rule is successful, and the real-time matching rule which is successful in verification is used for being stored in the rule database.
In some embodiments, the method further comprises: acquiring file types and data storage information of the data files to be classified; determining the number of files and the size of file memory of the data files to be classified according to the file types and the data storage information; and according to the number of the files and the size of the file memory, classifying and counting the data files to be classified to obtain classifying and counting results under each file category.
In some embodiments, before the data file feature extraction operation is performed on the data file to be classified to obtain feature query information, the method further includes: acquiring a matching rule of at least one subsystem and an attribution label of the matching rule, wherein the attribution label is used for representing the subsystem corresponding to the matching rule; and storing the obtained matching rule and the corresponding attribution label in the rule database.
To achieve the above object, a second aspect of the embodiments of the present application proposes a data file operating system of a network target, the system including: the data file module is used for acquiring data files to be classified of a network shooting range, the network shooting range comprises at least one subsystem, and the operation authority of each subsystem on the data files to be classified is different; the feature extraction module is used for carrying out data file feature extraction operation on the data files to be classified to obtain feature query information, and the matching rule is a matching rule of at least one subsystem obtained in advance; the verification module is used for verifying the characteristic query information according to a pre-stored matching rule in a rule database, if verification is successful, determining a target subsystem of the data file to be classified, acquiring authority information of the data file to be classified in the target subsystem, and performing authority setting, wherein the target subsystem comprises one or more subsystems; if verification fails, acquiring a requirement subsystem, sending the data file to be classified to the requirement subsystem, acquiring a real-time matching rule generated by the requirement subsystem aiming at the data file to be classified, and storing the real-time matching rule into the rule database.
To achieve the above object, a third aspect of the embodiments of the present application provides an electronic device, where the electronic device includes a memory and a processor, where the memory stores a computer program, and the processor executes the computer program to implement a method for operating a data file of a network target according to the embodiment of the first aspect.
To achieve the above object, a fourth aspect of the embodiments of the present application proposes a storage medium, which is a computer-readable storage medium, storing a computer program, where the computer program is executed by a processor to implement the method for operating a data file of a network target according to the embodiment of the first aspect.
The data file operation method, system, equipment and storage medium for the network shooting range provided by the embodiment of the application can be applied to the data file operation system of the network shooting range. According to the method, the device and the system, the data files to be classified in the network target range are classified according to the matching rules stored in the rule database in advance, the feature query information is obtained, the feature query information is verified, when verification is successful, authority setting is carried out according to the target subsystem of the data files, when verification fails, the real-time matching rules are generated according to the real-time requirements of the requirement subsystem, and the real-time matching rules are stored in the rule database.
According to the method and the device, the characteristic query information is obtained through characteristic extraction operation on the data files, verification is conducted on the data files one by one according to the characteristic query information and the matching rules, the data files to be classified are classified according to the matching rules which are successful in verification, wherein the preset matching rules can be obtained through setting by an operator according to specific conditions, and after verification fails, the newly added matching rules can be added to the rule database according to real-time requirements, so that the classification accuracy and the classification efficiency of the data files are improved, and meanwhile, due to the fact that authority setting can be conducted on the data files according to the target subsystem after the verification is successful, misoperation of the data files by the subsystem without corresponding authorities can be prevented.
Drawings
Fig. 1 is an application scenario schematic diagram of a data file operating system of a network target range provided in an embodiment of the present application;
FIG. 2 is an alternative flow chart of a method of operating a data file of a network target according to an embodiment of the present application;
FIG. 3 is a flow chart of one implementation of step S102 in FIG. 2;
FIG. 4 is a flow chart of one implementation of step S103 in FIG. 2;
FIG. 5 is a flow chart of one implementation of step S104 in FIG. 2;
FIG. 6 is a flowchart of a method for operating a data file of a network target according to an embodiment of the present application to generate a matching rule;
FIG. 7 is a flow chart of one implementation of step S501 in FIG. 6;
FIG. 8 is a flow chart of one implementation of step S302 in FIG. 4;
FIG. 9 is another implementation flowchart of step S103 in FIG. 2;
FIG. 10 is a flowchart of a method for operating a data file of a network target field to generate real-time matching rules according to an embodiment of the present application;
FIG. 11 is a flow chart of one implementation prior to step S105 in FIG. 2;
FIG. 12 is a flowchart of a method of classifying statistics for a data file manipulation method of a network target according to an embodiment of the present application;
FIG. 13 is a flow chart of one implementation prior to step S102 in FIG. 2;
FIG. 14 is a functional block diagram of a data file operation of a network target according to an embodiment of the present application;
fig. 15 is a schematic hardware structure of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
It should be noted that although functional block division is performed in a device diagram and a logic sequence is shown in a flowchart, in some cases, the steps shown or described may be performed in a different order than the block division in the device, or in the flowchart. The terms first, second and the like in the description and in the claims and in the above-described figures, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the present application only and is not intended to be limiting of the present application.
First, several nouns referred to in this application are parsed:
the network target Range (Cyber Range) is a network system simulation platform for cooperative use of multiple roles and is used for supporting network security talent cultivation, network attack and defense training, security product evaluation and network new technology verification, wherein roles can also be called subsystems, and functions, tasks, visual interfaces, designs and authority information of different roles related in the network target Range are different from each other.
In the network shooting range, a large number of data files of all the character parties exist, the data files are various in variety, different in type characteristics and different in degree of correlation with activities, and in all the activities of the network shooting range, the requirements of all the involved co-cooperation parties on the data files are different, so that the file management difficulty is improved due to the large number of data files, and especially, the file authority among all the parties becomes a troublesome problem, for example, some important files do not want to be changed by other party personnel at will. In order to enable each party to better identify and classify core files, know the file state of each party or other parties, avoid misoperation of other party on my files, and special classification is needed on a large number of data files in a network target range.
In the related art, classification of data files is generally performed based on three methods, namely, extension of a file, content characteristics of the file, and machine learning. Firstly, taking an extension name as a classification characteristic based on the extension name of a file, classifying all files with the same extension name into one class according to the extension name of the file to be classified, wherein the classification method is simple and quick, but the method cannot be used for correctly classifying the file without the extension name, and is a coarse classification, and more fine classification is usually required in practical application, namely the classification distinguished by the method cannot meet the requirement of practical application in most cases; secondly, analyzing and analyzing the files based on the content characteristics of the files, wherein the method has higher accuracy and higher performance requirements, however, a large number of files exist in a network target range, and if each file is analyzed, the method is time-consuming and has low efficiency; finally, machine learning-based classification of documents requires training a classification model by learning known documents and then classifying the documents, but such classification requires a large amount of data samples and computational resources and accuracy cannot be guaranteed.
Based on this, the embodiment of the application provides a data file operation method, a system, equipment and a storage medium of a network shooting range, which can obtain a classification result by carrying out data file classification operation on a data file through a preset matching rule, wherein the preset matching rule can be obtained through setting according to specific conditions by an operator, and after verification failure, the newly added matching rule can be added to a rule database according to real-time requirements, so that the classification accuracy and efficiency of the data file are improved, and meanwhile, as the authority setting can be carried out on the data file according to a target subsystem after the verification is successful, misoperation of the data file by a subsystem without corresponding authority can be prevented.
The method, system, device and storage medium for operating a data file of a network target range provided in the embodiments of the present application are specifically described through the following embodiments, and the data file operating system of the network target range in the embodiments of the present application is described first.
As shown in fig. 1, fig. 1 is a schematic application scenario of a data file operating system of a network target field provided in the embodiment of the present application, where the data file operating system of the network target field includes a first subsystem 11, a second subsystem 12, a third subsystem 13, and a terminal server 10 for controlling each subsystem, where the terminal server 10 includes a large number of data files, operators with different roles may respectively operate the first subsystem 11, the second subsystem 12, and the third subsystem 13, and the terminal server 10 performs a classification operation on the data files in the terminal server 10 according to a matching rule of the first subsystem 11, the second subsystem 12, and the third subsystem 13, and performs verification and authority setting according to a classification result after classification, so that the first subsystem 11, the second subsystem 12, and the third subsystem 13 can obtain different authority information and perform different function control on the data files. It should be noted that the terminal server 10 includes at least one subsystem, that is, the terminal server 10 may be connected to only the first subsystem 11, or may be connected to a fourth subsystem, a fifth subsystem, or more, which is not particularly limited in this embodiment of the present application.
Based on this, the method for operating the data file of the network target in the embodiment of the present application may be described by the following embodiment.
In some embodiments, the embodiments of the present application may acquire and process relevant data based on artificial intelligence techniques. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Artificial intelligence infrastructure technologies generally include technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and other directions.
The embodiment of the application provides a data file operation method of a network shooting range, and relates to the technical field of artificial intelligence. The data file operation method of the network shooting range can be applied to a terminal, a server side and software running in the terminal or the server side. In some embodiments, the terminal may be a smart phone, tablet, notebook, desktop, etc.; the server side can be configured as an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, and a cloud server for providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, basic cloud computing services such as big data and artificial intelligent platforms and the like; the software may be an application or the like that implements a machine learning cluster computing power resource operation and maintenance method, but is not limited to the above form.
The subject application is operational with numerous general purpose or special purpose computer system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like. The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
It should be noted that, in each specific embodiment of the present application, when related processing needs to be performed according to data related to a user identity or a characteristic, such as user information, user behavior data, user history data, user location information, etc., permission or consent of the user is obtained first, for example, when data stored by the user and a request for accessing cached data of the user are obtained first; when acquiring the data of the resource, the embodiment of the application can firstly acquire the permission or consent of the user. Moreover, the collection, use, processing, etc. of such data would comply with relevant laws and regulations. In addition, when the embodiment of the application needs to acquire the sensitive personal information of the user, the independent permission or independent consent of the user is acquired through a popup window or a jump to a confirmation page or the like, and after the independent permission or independent consent of the user is explicitly acquired, necessary user related data for enabling the embodiment of the application to normally operate is acquired.
As shown in fig. 2, fig. 2 is an optional flowchart of a method for operating a data file of a network target according to an embodiment of the present application, where the method in fig. 2 may include, but is not limited to, steps S101 to S104.
Step S101, acquiring a data file to be classified of a network target range, wherein the network target range comprises at least one subsystem, and the operation authorities of the data file to be classified of the subsystems are different;
in some embodiments, the network range includes at least one subsystem, which may also be referred to as a character, and illustratively, the network range generally includes five characters of yellow, white, red, blue, and green, wherein the characters function as follows:
(1) Yellow side, responsible for control, specifically: (1) designing a test; (2) control test: starting, stopping, recovering and stopping; (3) viewing test: and checking the progress, state and detailed process of the test.
(2) White party, responsible for management, specifically: (1) constructing a target network, simulating a network environment and the like before trial; (2) the test is responsible for system operation and maintenance and the like; (3) and recovering and releasing resources after the test.
(3) The red party is responsible for the attack, and specifically, the attack is initiated to the blue party in attack and defense exercise of the network target range, opposite to the blue party.
(4) The blue party is responsible for defending, and particularly, the red party is resisted in attack and defense exercise of the network target range, opposite to the red party.
(5) The green party is responsible for detecting, in particular, monitoring the behavior of both red and blue parties in exercise, including: (1) monitoring the specific behavior of the current red and blue party; (2) when the attack defense of the red and blue parties is successful, judging and restoring the successful process, attack technique and defense method; (3) monitoring red party violation operation; (4) the test or test fragment is evaluated quantitatively and qualitatively; (5) the attack and defense mechanisms of the test are analyzed (such as analyzing the operation and propagation mechanisms of the novel worm).
In some embodiments, there are a large number of different types of data files to be classified in the network targeting, illustratively, divided by different data file formats to be classified, including JSON files and PCAP files including JSON extensions and PCAP extensions, respectively; the data files to be classified comprise a security device alarm data file, a virtual machine log data file, a web vulnerability detection data file and a flow data file. The data files to be classified can be acquired by different subsystems, and the different subsystems have different operation authorities for different data files to be classified, or the different subsystems have different operation authorities for the same data file to be classified, so that the subsystems without authorities can be well prevented from misoperation of the data files to be classified of other subsystems.
In some embodiments, the network shooting range further includes a central control module and a data file storage module, the central control end has a rule database for storing matching rules, the data file storage module contains a large number of data files, illustratively, each subsystem can preset matching rules of the subsystem, the matching rules are used for representing rules of the data files required by the subsystem, the matching rules can be transmitted to the central control module, and the central control module can acquire the matching rules of each subsystem and store the matching rules in the rule database.
In some embodiments, the central control module can verify the classification result to determine whether the classified data file is required by the subsystem for setting the matching rule, that is, the correctness of classification, if the verification is successful, determine the target subsystem of the data file, and perform authority setting on the data file according to the target subsystem.
For example, different data files can be acquired by different subsystems, and the operation authority of each subsystem on different data files is different, for example, a red party can perform writing operation on a classified a file, and other parties can only perform reading operation on the a file and do not allow writing operation; the blue party can perform writing operation on the classified B file, and then other parties can only perform reading operation on the B file, and write operation is not allowed, so that misoperation of the other parties on the B file is prevented.
The same data file can be acquired by a plurality of different subsystems, and the operating rights of the data file are different, for example, the red party can perform writing operation on the classified C file, the blue party can perform complete control operation on the classified C file, wherein the complete control includes permission control of writing, permission of reading, permission of modification, permission of deletion and the like, that is, the red party and the blue party can both obtain the operating rights of the classified C file, but the operating rights of the red party and the blue party on the classified C file are different.
It should be noted that, the authority setting of the data file may be specifically set according to the actual needs of different subsystems, and the embodiment of the present application is only described with a preferred embodiment, and is not specifically limited.
Step S102, carrying out data file feature extraction operation on data files to be classified to obtain feature query information;
in some embodiments, each data file to be classified has a unique storage path, and a unique storage path value can be obtained by querying the storage path, and it is understood that the storage path value contains specific information of the data file to be classified, for example, the storage path value of the D file is E \sample \sample_red_attack_01. Doc, the extension of the D file is doc, and the file name is sample_red_attack_01, and since the storage path value contains characteristic information representing the data file to be classified, when the data file to be classified is named, it may be specified that the file characteristic name representing the data file to be classified must be contained in the data file to be classified, so that the characteristic extraction is performed through the file characteristic name.
Step S103, verifying feature query information according to a pre-stored matching rule in a rule database, if verification is successful, determining a target subsystem of the data file to be classified, acquiring authority information of the data file to be classified in the target subsystem, and performing authority setting, wherein the matching rule is a pre-acquired matching rule of at least one subsystem, and the target subsystem comprises one or more subsystems;
in some embodiments, the data file feature extraction operation is performed on the data file to be classified, so that feature query information can be obtained, for example, feature extraction operation may be performed on the D file, for example, an extension name of the D file may be extracted to be doc, or an attack type file must be provided with an attack field, a file type field of the D file may be extracted to be an attack, which indicates that the D file is an attack type data file.
In some embodiments, a plurality of matching rules are stored in the rule database, the matching rules include a plurality of feature fields, feature query matching is performed in the rule database according to feature query information extracted from the data file to be classified, if a plurality of features extracted from the data file to be classified are matched with a certain matching rule in the rule database, verification is successful, classification can be performed according to a specific rule in the matching rules, the classified data file is obtained, a corresponding target subsystem is determined, and authority setting is performed.
In some embodiments, each subsystem may set one or more matching rules, or may not set matching rules, and when a subsystem does not set matching rules, the subsystem may be set to only have the read authority of the data file to be classified in the network range.
Step S104, if verification fails, the requirement subsystem is obtained, the data file to be classified is sent to the requirement subsystem, the real-time matching rule generated by the requirement subsystem aiming at the data file to be classified is obtained, and the real-time matching rule is stored in the rule database.
In some embodiments, if none of the matching rules in the rule database can be matched among several features extracted from the data file to be classified, a verification failure is indicated. The real-time requirement request of the requirement subsystem for the data files to be classified which are not successfully verified can be further obtained, and the real-time matching rules of the requirement subsystem are stored in the rule database so as to further classify the data files to be classified according to the real-time matching rules.
As shown in fig. 3, fig. 3 is a flowchart of one implementation of step S102 in fig. 2, and in some embodiments, step S102 may include steps S201 to S203:
Step S201, a storage path of a data file to be classified is obtained;
in some embodiments, as described above, each data file to be classified has a unique storage path, and the storage path is acquired, so that the authority information of the data file to be classified is determined according to the matching rule after the feature extraction is performed on the storage path.
Step S202, analyzing a storage path to obtain a target field, a target extension and a target activity number;
in some embodiments, it may be specified that the storage path of the data file to be classified in the network targeting field must include a target field, a target extension, and a target activity number, where the target field is a special field capable of characterizing information of the data file to be classified, for example, a defensive field is included in the defensive file; the target extension is a file suffix of the data file to be classified and is used for representing which type of data file the data file to be classified belongs to, such as doc, pdf, txt and the like; the target activity number is used for representing activity information of the files to be classified.
In some embodiments, the target field, the target extension and the target activity number may be acquired through a specific location in a storage path of the data file to be classified, where the storage location of the F file is illustratively F \sample 0101002 \sample_red_test_02. Txt, a numeric symbol string before the second slash "\is determined as the target activity number, a character string between the first underline" _and the second underline "_is determined as the target field, and a character string after the last character"."is determined as the target extension.
In some embodiments, the target field, the target extension and the target activity number may also be pre-trained to obtain a feature extraction model by a machine learning manner, the feature extraction model may be trained by sample data, and the feature extraction model after training may perform feature extraction on features of the data file to be classified to obtain feature query information.
It will be appreciated that the feature extraction model herein is trained to extract file features from file names or file storage addresses of data files, and that the application increases the flexibility of classification operations and the speed of operations on data files, as file storage addresses including file features are not as time consuming as traversing file content, and that the application also enables data file classification operations in a network target at low cost, as there is no need for a large number of data samples and content in data samples to be analyzed.
It should be noted that, the feature extraction modes of the data files to be classified may be various, and the feature extraction modes may be set according to specific situations.
Step S203, generating characteristic query information according to the target field, the target extension and the target activity number.
In some embodiments, the destination field, destination extension, and destination activity number obtained may be concatenated to generate feature query information.
It can be understood that by acquiring the features in the data files to be classified, the feature query information is obtained so as to be matched with the matching rules in the rule database according to the feature query information, and the data file operation method can enable operators to match the data files to be classified according to actual needs, so that flexible, rapid, accurate and low-cost data file classification of the data files to be classified in the network target range is realized.
As shown in fig. 4, fig. 4 is a flowchart of one implementation of step S103 in fig. 2, and in some embodiments, step S103 may include steps S301 to S203:
step S301, matching rules are selected one by one in a rule database to be matched, and whether the matching rules contain feature query information is judged;
in some embodiments, matching rules are selected one by one in the rule database according to the obtained feature query information to match, and illustratively, for the feature query information extracted from the F file: the match, txt (target extension), 0101002 (target activity number) are compared with the matching rules in the rule database one by one to determine the classification condition of the data file to be classified according to the matching rules.
Step S302, if the matching rule contains feature query information, verification is successful, the matching rule is used as a target rule, and a subsystem of the target rule is determined to be a target subsystem according to the attribution label of the target rule.
In some embodiments, the matching rule includes a home tag that is used to characterize the subsystem to which the matching rule corresponds, illustratively, the red party matching rule 01 is 0101+attock+pdf, an attack class (attock) portable document (pdf) representing the first rule (01) of the red party (01), the blue party matching rule 01 is 0201+attock+txt, an attack class (attock) text document (txt) representing the first rule (01) of the blue party (02), that is, the first matching field in the matching rule may be set as the home tag, and each character party is characterized with a number.
Illustratively, according to the features extracted from the F file, the F file is determined to satisfy the blue party matching rule 01, and the target subsystem may be determined to be the blue party according to the home tag in the blue party matching rule 01, so as to perform the subsequent permission setting according to the target subsystem.
As shown in fig. 5, fig. 5 is a flowchart of one implementation of step S104 in fig. 2, and in some embodiments, step S104 may include steps S401 to S403:
Step S401, if each matching rule in the rule database does not contain characteristic query information, verification fails;
in some embodiments, when each matching rule in the rule database does not include the feature query information of the data file to be classified, the matching rule indicates that the classification of the data file to be classified fails; for example, the rule database includes a red party matching rule 01 and a blue party matching rule 01, and the feature query information of the data file G to be classified is a security (target field), doc (target extension), 0101003 (target activity number), and the feature query information cannot correspond to all the matching rules in the rule database, so that verification of the data file G to be classified fails, i.e. matching of the data file G to be classified fails.
Step S402, a file attribution confirmation request is sent to each subsystem, a confirmation result generated by the subsystem in response to the file attribution confirmation request is received, and a demand subsystem is determined according to the confirmation result;
in some embodiments, the matching of the data file G to be classified that fails in matching may be further performed in real time, and the central control module of the network target range may send an attribution request to all the subsystems, where each subsystem determines, according to the attribution request, whether the data file G to be classified is a requirement of the subsystem, and generates a confirmation result, where the confirmation result includes a confirmation requirement and a confirmation unnecessary, and determines that the subsystem whose confirmation result is the confirmation requirement is the requirement subsystem.
It can be understood that the data files to be classified after the verification failure are further classified, a solution is provided for inaccuracy of the classification result of the data files to be classified, so that an operator can customize a matching rule and classify the data files according to the matching rule, and further process the data files to be classified in real time according to the result after the verification classification, so that the flexibility, accuracy and rapidity of the operation of the data files to be classified in the network target range are improved, and in addition, the cost of the classification operation of the data files in the network target range is further reduced as a large amount of or high-precision software and hardware are not needed to be used as support.
Step S403, acquiring a real-time matching rule generated by the demand subsystem for the data file to be classified.
In some embodiments, after the requirement subsystem is confirmed, a real-time matching rule of the requirement subsystem for the data file to be classified can be further obtained, wherein the real-time matching rule can be input and confirmed through an operation terminal of the subsystem.
As shown in fig. 6, fig. 6 is a flowchart of one method for generating a matching rule according to the data file operation method of the network target according to the embodiment of the present application, and the method in fig. 6 may include, but is not limited to, steps S501 to S504.
Step S501, acquiring an activity number and an extension of a data file;
in some embodiments, the activity number and the extension of the data file may be obtained through a storage path of the data file, where the method of obtaining the activity number and the extension of the data file through the storage path of the data file is similar to the method of obtaining the characteristic information such as the target field, the target extension, and the target activity number of the data file to be classified through the storage path of the data file to be classified, which is not described herein in detail, and similar to the method described above, the activity number and the extension of the data file may be obtained according to a specific location or a pre-machine learning model specified when the data file is named.
Step S502, acquiring name features of the data file, where the name features include: folder information and/or file name information;
in some embodiments, name features of the data file may be obtained according to a specific location or a pre-machine learning model specified at the time of naming the data file, for subsequent further validation of the fine classification type in the matching rules.
Step S503, obtaining the file type of the data file, and obtaining the specific field of the data file based on the file type and the name feature;
In some embodiments, the file categories of the data files may also be obtained according to specific locations specified at the time of naming the data files or a pre-machine learning model to determine the coarse classification type of the matching rules. And determining a specific field of the data file according to the file category and the name characteristics acquired previously, and determining a further subdivision rule in the matching rule according to the specific field.
In some embodiments, file types of the data files to be classified in the network targeting may include four file types including security event alert, virtual machine log, web vulnerability detection and traffic, and classification feature fields under the four file types may be further determined according to the obtained name features.
In some embodiments, when the data file to be classified is stored, the security device alarm data, the virtual machine log data and the web vulnerability detection data respectively contain the feature fields of vm_ log, log, web _vuln_probe, so that the feature fields can be acquired.
Step S504, generating a matching rule for the data file according to the activity number, the specific field and the extension.
In some embodiments, the matching rule may be a combination mode of an active number and a specific field, or a combination mode of an active number and an extension, or a specific field and an extension, where each role may be set according to a specific requirement, and a setting party of the matching rule may be able to perform identification of a home party of the matching rule according to a home tag.
It should be noted that, the matching rule may be set as other file features of the data file, and the specific combination mode of the matching rule may also be various, and the embodiment of the present application is only described by a preferred embodiment, and is not limited specifically.
As shown in fig. 7, fig. 7 is a flowchart of one implementation of step S501 in fig. 6, and in some embodiments, step S501 may include steps S601 to S602:
step S601, obtaining a subsystem number corresponding to a data file, an activity type number corresponding to the data file and an execution number corresponding to the data file;
for example, the target activity number of the H file is 0101005, the first two digits represent red Fang Bianhao, the middle two digits represent the activity type number of attack class file 01, and the last three digits represent the execution number of 005, which can be understood that although the H file is a red attack class file, the H file can also be acquired by other role parties other than red, and the target subsystem is determined according to the attribution label in the matching rule corresponding to the specific role party, and the corresponding authority information is set.
Step S602, according to the subsystem number corresponding to the data file, the activity type number corresponding to the data file and the execution number corresponding to the data file, an activity number is generated, wherein the activity number is used for representing activity information corresponding to the data file, and the activity number is a unique value.
In some embodiments, the activity number is used to characterize activity information of the data file, the activity number includes a subsystem number corresponding to the data file, an activity type number corresponding to the data file, and an execution number corresponding to the data file, and a combination of the subsystem number, the activity type number, and the execution number is capable of determining a unique activity number value.
In some embodiments, since the universally unique identifier is a unique code generated in one computer, the execution code may also be represented by a universally unique identifier (Universal Unique identificati on Code, UUID).
As shown in fig. 8, fig. 8 is a flowchart of one implementation of step S302 in fig. 4, and in some embodiments, step S302 may include steps S701 to S702:
step S701, inquiring a target field, a target extension and a target activity number in a matching rule to obtain an inquiring result;
in some embodiments, whether the target field, the target extension and/or the target activity number feature containing the data file to be classified exist or not is queried one by one in all the matching rules stored in the rule database, and a query result is obtained, wherein the query result characterizes the queried matching rules.
Step S702, if at least two of the target field, the target extension and the target activity number exist in the query result representation matching rule, the feature query information is contained in the matching rule, and verification of the feature query information is successful.
In some embodiments, if at least two of the target field, the target extension and the target activity number feature exist in the matching rule, the feature query is successful, a corresponding matching rule is found, and the classification operation is performed on the data file to be classified according to the matching method of the matching rule.
As shown in fig. 9, fig. 9 is another implementation flowchart of step S103 in fig. 2, and in some embodiments, step S103 may include steps S801 to S802:
step S801, sending a permission generation request to a target subsystem, and receiving permission information of a data file to be classified, which is sent by the target subsystem in response to the permission generation request;
in some embodiments, since the matching rule includes a home tag, the home tag is used to characterize a subsystem corresponding to the matching rule, thereby determining a target subsystem of the data file to be classified, and determining the target subsystem is performed for performing the authority setting operation on the classified data file.
In some embodiments, the central control module may generate a rights generation request to each subsystem, where the rights generation request may include file information of the data file to be classified, and a rights setting option, where the rights setting option may include a plurality of rights to operate the data file to be classified. The target subsystem responds according to the authority of the central control module, and the response is used for confirming the authority information of the file information to be classified.
Step S802, performing authority setting on the data files to be classified according to authority information, wherein the authority information comprises one of complete control, write permission, read permission and modification permission.
In some embodiments, a target subsystem may set only one right for a data file to be classified, wherein the right information includes one of full control, write enable, read enable, and modify enable.
It should be noted that, the operator may specifically set the authority information according to the actual situation, and the embodiment of the present application is only described with a preferred embodiment, and is not limited specifically.
As shown in fig. 10, fig. 10 is a flowchart of one method for operating a data file of a network target range to generate a real-time matching rule according to an embodiment of the present application, and the method in fig. 10 may include, but is not limited to, steps S901 to S904.
Step S901, obtaining an activity number to be classified and an extension name to be classified of a data file to be classified;
step S902, obtaining a name feature to be classified of the data file to be classified, where the name feature to be classified includes: folder information to be classified and/or file name information to be classified;
step S903, obtaining the class of the data file to be classified, and extracting the specific field to be classified of the data file to be classified based on the class of the data file to be classified and the name feature of the data file to be classified;
step S904, generating a real-time matching rule for the data file to be classified according to the activity number to be classified, the specific field to be classified and the extension name to be classified.
In some embodiments, the process of generating the real-time matching rule for the data file to be classified by the requirement subsystem is similar to the process of generating the matching rule by the subsystem described above, and will not be described herein.
It can be appreciated that the real-time matching rule generated by the requirement subsystem for the data file to be classified is used for further classifying the data file to be classified which fails to be verified.
As shown in fig. 11, fig. 11 is a flowchart of one implementation before step S105 in fig. 2, and in some embodiments, step S105 may include steps S1001 to S702:
Step S1001, an update data file is obtained, wherein the update data file meets a real-time matching rule;
in some embodiments, to verify whether the real-time matching rule can correctly match the file to be classified, an update data file satisfying the real-time matching rule may be obtained to verify the correctness of the real-time matching rule.
Step S1002, performing data file feature extraction operation on an update data file to obtain update feature query information;
in some embodiments, a data file feature extraction operation may be performed on the updated data file to obtain updated feature query information, which is used to perform a comparison verification with features in the real-time matching rules.
Step S1003, verifying the updated characteristic query information to obtain a verification result, and determining a verification subsystem for updating the data file;
in some embodiments, if at least two matching features in the real-time matching rule exist in the updated feature query information, the verification is successful, otherwise, the verification fails, and a verification subsystem to which the updated data file after the verification is successful belongs is determined to verify the correctness of the real-time matching rule.
Step S1004, if the verification subsystem is consistent with the demand subsystem, the verification of the real-time matching rule is successful, and the real-time matching rule with successful verification is used for being stored in the rule database.
In some embodiments, if the verification subsystem to which the updated data file after verification is attributed is consistent with the requirement subsystem of the real-time matching rule, the real-time matching rule is verified successfully, that is, the real-time matching rule can correctly classify the data file to be classified, the real-time matching rule is stored in the rule database.
It can be understood that the verified real-time matching rule can be directly applied to the next classification operation of the data files to be classified without re-verification, so that the accuracy and efficiency of the classification operation of the data files to be classified are greatly improved, the aim of expanding the matching rule is fulfilled by the newly added real-time matching rule, and an operator can conveniently formulate the matching rule according to customization requirements.
As shown in fig. 12, fig. 12 is a flowchart of a classification statistics method of a data file operation method of a network target according to an embodiment of the present application, and the method in fig. 12 may include, but is not limited to, steps S1101 to S1103.
Step S1101, file category and data storage information of the data files to be classified are obtained;
in some embodiments, the data file to be classified further includes data storage information, where the data storage information can represent file attribute information of the data file to be classified, and the file attribute information includes file memory size, creation time, modification time, and the like.
Step S1102, determining the number of files and the size of the file memory of the data files to be classified according to the file types and the data storage information;
in some embodiments, the file class of the data file to be classified characterizes the event type of the data file, and file classification statistics can be performed according to different file classes.
Step S1103, according to the number of files and the size of the file memory, classifying and counting the data files to be classified, and obtaining classifying and counting results under each file category.
In some embodiments, according to the number of files and the size of the file memory under different file categories, a classification statistical result can be obtained, and the classification statistical result can facilitate each subsystem to accurately know the overall situation of the data file of the method or the file statistical situation under different file categories.
As shown in fig. 13, fig. 13 is a flowchart of one implementation before step S102 in fig. 2, and in some embodiments, step S102 may be preceded by steps S1201 to S1202:
step S1201, a matching rule of at least one subsystem and an attribution label of the matching rule are obtained, wherein the attribution label is used for representing the subsystem corresponding to the matching rule;
in some embodiments, the matching rules include a home tag, and the matching rules of the at least one subsystem are obtained to ensure that a central control module in the network target can have the at least one matching rule to perform a classification operation on the data file to be classified.
Step S1202, the obtained matching rule and the corresponding home label are stored in a rule database.
In some embodiments, the home tag is stored in a rule database with the corresponding matching rule to characterize the subsystem to which the matching rule corresponds, wherein the home tag may be attached in the form of a string in the matching rule.
As shown in fig. 14, fig. 14 is a schematic diagram of a functional module of a data file operation of a network target according to an embodiment of the present application, and the embodiment of the present application further provides a data file operation system of a network target, which may implement the data file operation method of a network target, where the data file operation system of a network target includes:
the data file module 1301 is configured to obtain a data file to be classified in a network target range, where the network target range includes at least one subsystem, and each subsystem has different operation rights to the data file to be classified;
the feature extraction module 1302 is configured to perform a data file feature extraction operation on a data file to be classified to obtain feature query information, where a matching rule is a matching rule of at least one subsystem obtained in advance;
the verification module 1303 is configured to verify the feature query information according to a matching rule stored in the rule database in advance, and if the verification is successful, determine a target subsystem of the data file to be classified, obtain authority information of the data file to be classified in the target subsystem, and perform authority setting, where the target subsystem includes one or more subsystems; if verification fails, acquiring the requirement subsystem, sending the data file to be classified to the requirement subsystem, acquiring a real-time matching rule generated by the requirement subsystem aiming at the data file to be classified, and storing the real-time matching rule into a rule database.
The specific implementation of the data file operating system of the network target is basically the same as the specific embodiment of the data file operating method of the network target, and will not be described herein. On the premise of meeting the requirements of the embodiment of the application, the data file operating system of the network shooting range can be further provided with other functional modules so as to realize the data file operating method of the network shooting range in the embodiment.
The embodiment of the application also provides electronic equipment, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the data file operation method of the network shooting range when executing the computer program. The electronic equipment can be any intelligent terminal including a tablet personal computer, a vehicle-mounted computer and the like.
As shown in fig. 15, fig. 15 is a schematic hardware structure of an electronic device provided in an embodiment of the present application, where the electronic device includes:
the processor 1401 may be implemented by a general purpose CPU (central processing unit), a microprocessor, an application specific integrated circuit (ApplicationSpecificIntegratedCircuit, ASIC), or one or more integrated circuits, etc. for executing related programs to implement the technical solutions provided by the embodiments of the present application;
Memory 1402 may be implemented in the form of read-only memory (ReadOnlyMemory, ROM), static storage, dynamic storage, or random access memory (RandomAccessMemory, RAM), among others. Memory 1402 may store an operating system and other application programs, and when the technical solutions provided in the embodiments of the present disclosure are implemented in software or firmware, relevant program codes are stored in memory 1402, and the data file operating method for executing the network target of the embodiments of the present disclosure is called by processor 1401;
an input/output interface 1403 for implementing information input and output;
the communication interface 1204 is configured to implement communication interaction between the device and other devices, and may implement communication in a wired manner (e.g., USB, network cable, etc.), or may implement communication in a wireless manner (e.g., mobile network, WIFI, bluetooth, etc.);
a bus 1205 for transporting information between the various components of the device (e.g., processor 1401, memory 1402, input/output interface 1403, and communication interface 1204);
wherein the processor 1401, memory 1402, input/output interface 1403 and communication interface 1204 enable communication connections among each other within the device via a bus 1205.
The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, and the computer program realizes the data file operation method of the network shooting range when being executed by a processor.
The memory, as a non-transitory computer readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer executable programs. In addition, the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory remotely located relative to the processor, the remote memory being connectable to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The embodiments described in the embodiments of the present application are for more clearly describing the technical solutions of the embodiments of the present application, and do not constitute a limitation on the technical solutions provided by the embodiments of the present application, and as those skilled in the art can know that, with the evolution of technology and the appearance of new application scenarios, the technical solutions provided by the embodiments of the present application are equally applicable to similar technical problems.
It will be appreciated by those skilled in the art that the technical solutions shown in the figures do not constitute limitations of the embodiments of the present application, and may include more or fewer steps than shown, or may combine certain steps, or different steps.
The above described apparatus embodiments are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Those of ordinary skill in the art will appreciate that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof.
The terms "first," "second," "third," "fourth," and the like in the description of the present application and in the above-described figures, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that in this application, "at least one" means one or more, and "a plurality" means two or more. "and/or" for describing the association relationship of the association object, the representation may have three relationships, for example, "a and/or B" may represent: only a, only B and both a and B are present, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b or c may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the above-described division of units is merely a logical function division, and there may be another division manner in actual implementation, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including multiple instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods of the various embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing a program.
Preferred embodiments of the present application are described above with reference to the accompanying drawings, and thus do not limit the scope of the claims of the embodiments of the present application. Any modifications, equivalent substitutions and improvements made by those skilled in the art without departing from the scope and spirit of the embodiments of the present application shall fall within the scope of the claims of the embodiments of the present application.
Claims (15)
1. A method of operating a data file for a network target, the method comprising:
acquiring a data file to be classified of a network target range, wherein the network target range comprises at least one subsystem, and the operation authority of each subsystem on the data file to be classified is different;
performing data file feature extraction operation on the data files to be classified to obtain feature query information;
verifying the characteristic query information according to a pre-stored matching rule in a rule database, if verification is successful, determining a target subsystem of the data file to be classified, acquiring authority information of the data file to be classified in the target subsystem, and performing authority setting, wherein the matching rule is a pre-acquired matching rule of at least one subsystem, and the target subsystem comprises one or more subsystems;
If verification fails, acquiring a requirement subsystem, sending the data file to be classified to the requirement subsystem, acquiring a real-time matching rule generated by the requirement subsystem aiming at the data file to be classified, and storing the real-time matching rule into the rule database.
2. The method for operating a data file of a network shooting range according to claim 1, wherein the performing a data file feature extraction operation on the data file to be classified to obtain feature query information includes:
acquiring a storage path of the data file to be classified;
analyzing the storage path to obtain a target field, a target extension and a target activity number;
and generating the characteristic query information according to the target field, the target extension and the target activity number.
3. The method for operating a data file in a network target range according to claim 1, wherein the matching rule includes a home tag, the home tag is used for characterizing the subsystem corresponding to the matching rule, the feature query information is verified according to a matching rule stored in a rule database in advance, and if verification is successful, determining the target subsystem of the data file to be classified includes:
Selecting the matching rules one by one in the rule database to match, and judging whether the matching rules contain the characteristic query information or not;
if the matching rule contains the characteristic query information, the verification is successful, the matching rule is used as a target rule, and the subsystem of the target rule is determined to be the target subsystem according to the attribution label of the target rule.
4. The method for operating a data file of a network target range according to claim 1, wherein if the verification fails, acquiring a requirement subsystem and sending the data file to be classified to the requirement subsystem, and acquiring a real-time matching rule generated by the requirement subsystem for the data file to be classified, includes:
if each matching rule in the rule database does not contain the characteristic query information, the verification fails;
sending a file attribution confirmation request to each subsystem, receiving a confirmation result generated by the subsystem in response to the file attribution confirmation request, and determining the demand subsystem according to the confirmation result;
and acquiring a real-time matching rule generated by the requirement subsystem aiming at the data file to be classified.
5. A method of operating a data file of a network range according to any one of claims 1 to 4, wherein the process of generating matching rules by the subsystem comprises the steps of:
acquiring an activity number and an extension of a data file;
acquiring name features of the data file, wherein the name features comprise: folder information and/or file name information;
acquiring a file category of the data file, and acquiring a specific field of the data file based on the file category and the name characteristic;
and generating the matching rule for the data file according to the activity number, the specific field and the extension.
6. The method for operating a data file in a network driving range according to claim 5, wherein the acquiring an activity number of the data file comprises:
acquiring a subsystem number corresponding to the data file, an activity type number corresponding to the data file and an execution number corresponding to the data file;
generating an activity number according to a subsystem number corresponding to the data file, an activity type number corresponding to the data file and an execution number corresponding to the data file, wherein the activity number is used for representing activity information corresponding to the data file, and the activity number is a unique value.
7. A method of operating a data file of a network target according to claim 2 or 3, wherein if the matching rule includes the feature query information, the verification is successful, including:
inquiring the target field, the target extension and the target activity number in the matching rule to obtain an inquiry result;
and if the query result represents that at least two of the target field, the target extension and the target activity number exist in the matching rule, the feature query information is contained in the matching rule, and the feature query information is successfully verified.
8. The method for operating a data file of a network target according to any one of claims 2 or 4, wherein the obtaining the authority information of the data file to be classified in the target subsystem and performing authority setting include:
sending a permission generation request to the target subsystem, and receiving permission information of the data file to be classified, which is sent by the target subsystem in response to the permission generation request;
and performing authority setting on the data files to be classified according to the authority information, wherein the authority information comprises one of complete control, write permission, read permission and modification permission.
9. The method of claim 1, wherein the process of generating real-time matching rules for the data files to be categorized by the demand subsystem comprises:
acquiring an activity number to be classified and an extension name to be classified of the data file to be classified;
obtaining the name feature to be classified of the data file to be classified, wherein the name feature to be classified comprises: folder information to be classified and/or file name information to be classified;
acquiring a to-be-classified file category of the to-be-classified data file, and extracting a to-be-classified specific field of the to-be-classified data file based on the to-be-classified file category and the to-be-classified name feature;
and generating the real-time matching rule for the data file to be classified according to the activity number to be classified, the specific field to be classified and the extension name to be classified.
10. The method of claim 1, wherein prior to storing the real-time matching rules in the rules database, the method further comprises:
acquiring an update data file, wherein the update data file meets the real-time matching rule;
Performing data file feature extraction operation on the updated data file to obtain updated feature query information;
verifying the updated characteristic query information to obtain a verification result, and determining a verification subsystem of the updated data file;
and if the verification subsystem is consistent with the demand subsystem, the verification of the real-time matching rule is successful, and the real-time matching rule after the verification is successful is used for being stored in the rule database.
11. The method of claim 1, further comprising:
acquiring file types and data storage information of the data files to be classified;
determining the number of files and the size of file memory of the data files to be classified according to the file types and the data storage information;
and according to the number of the files and the size of the file memory, classifying and counting the data files to be classified to obtain classifying and counting results under each file category.
12. The method for operating a data file of a network target range according to claim 1, wherein before the data file feature extraction operation is performed on the data file to be classified to obtain feature query information, the method further comprises:
Acquiring a matching rule of at least one subsystem and an attribution label of the matching rule, wherein the attribution label is used for representing the subsystem corresponding to the matching rule;
and storing the obtained matching rule and the corresponding attribution label in the rule database.
13. A data file operating system for a network target, the system comprising:
the data file module is used for acquiring data files to be classified of a network shooting range, the network shooting range comprises at least one subsystem, and the operation authority of each subsystem on the data files to be classified is different;
the feature extraction module is used for carrying out data file feature extraction operation on the data files to be classified to obtain feature query information, and the matching rule is a matching rule of at least one subsystem obtained in advance;
the verification module is used for verifying the characteristic query information according to a pre-stored matching rule in a rule database, if verification is successful, determining a target subsystem of the data file to be classified, acquiring authority information of the data file to be classified in the target subsystem, and performing authority setting, wherein the target subsystem comprises one or more subsystems; if verification fails, acquiring a requirement subsystem, sending the data file to be classified to the requirement subsystem, acquiring a real-time matching rule generated by the requirement subsystem aiming at the data file to be classified, and storing the real-time matching rule into the rule database.
14. An electronic device comprising a memory storing a computer program and a processor implementing the method of data file manipulation of a network range of any one of claims 1 to 12 when the computer program is executed by the processor.
15. A computer-readable storage medium storing a computer program, characterized in that the computer program, when executed by a processor, implements the method of operating a data file of a network range according to any one of claims 1 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310465204.1A CN116561059A (en) | 2023-04-20 | 2023-04-20 | Data file operation method, system, equipment and storage medium of network shooting range |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310465204.1A CN116561059A (en) | 2023-04-20 | 2023-04-20 | Data file operation method, system, equipment and storage medium of network shooting range |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116561059A true CN116561059A (en) | 2023-08-08 |
Family
ID=87495773
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310465204.1A Pending CN116561059A (en) | 2023-04-20 | 2023-04-20 | Data file operation method, system, equipment and storage medium of network shooting range |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116561059A (en) |
-
2023
- 2023-04-20 CN CN202310465204.1A patent/CN116561059A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112131882A (en) | Multi-source heterogeneous network security knowledge graph construction method and device | |
| US11888855B2 (en) | Website verification platform | |
| KR101337874B1 (en) | System and method for detecting malwares in a file based on genetic map of the file | |
| CN108090351B (en) | Method and apparatus for processing request message | |
| CN112491602B (en) | Behavior data monitoring method and device, computer equipment and medium | |
| CN109831459B (en) | Method, device, storage medium and terminal equipment for secure access | |
| CN104246785A (en) | System and method for crowdsourcing of mobile application reputations | |
| CN110855648B (en) | Early warning control method and device for network attack | |
| CN105431859A (en) | Signal tokens indicative of malware | |
| CN111586695B (en) | Short message identification method and related equipment | |
| CN112016138A (en) | Method and device for automatic safe modeling of Internet of vehicles and electronic equipment | |
| CN115150261B (en) | Alarm analysis method, device, electronic equipment and storage medium | |
| CN115033876A (en) | Log processing method, log processing device, computer device and storage medium | |
| CN112364022B (en) | Information deduction management method, device, computer equipment and readable storage medium | |
| CN109657472B (en) | SQL injection vulnerability detection method, device, equipment and readable storage medium | |
| EP4102772B1 (en) | Method and apparatus of processing security information, device and storage medium | |
| CN116561059A (en) | Data file operation method, system, equipment and storage medium of network shooting range | |
| CN113032836B (en) | Data desensitization method and apparatus | |
| CN114003737A (en) | Double-record examination assisting method, device, equipment and medium based on artificial intelligence | |
| CN116070191A (en) | Information processing method and device, storage medium, and program product | |
| CN113315790B (en) | Intrusion flow detection method, electronic device and storage medium | |
| CN110768980B (en) | Network man-machine verification method, device, equipment and storage medium | |
| CN114205094B (en) | Network attack alarm processing method, device, equipment and storage medium | |
| CN111598159B (en) | Training method, device, equipment and storage medium of machine learning model | |
| US20230139807A1 (en) | Input/output interface security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |