CN116781432B - Information data updating method and device, computer equipment and storage medium - Google Patents

Information data updating method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN116781432B
CN116781432B CN202311075419.9A CN202311075419A CN116781432B CN 116781432 B CN116781432 B CN 116781432B CN 202311075419 A CN202311075419 A CN 202311075419A CN 116781432 B CN116781432 B CN 116781432B
Authority
CN
China
Prior art keywords
information
platform
threat
target
upstream
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311075419.9A
Other languages
Chinese (zh)
Other versions
CN116781432A (en
Inventor
王云赫
徐彬
樊兴华
童兆丰
薛锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing ThreatBook Technology Co Ltd
Original Assignee
Beijing ThreatBook Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing ThreatBook Technology Co Ltd filed Critical Beijing ThreatBook Technology Co Ltd
Priority to CN202311075419.9A priority Critical patent/CN116781432B/en
Publication of CN116781432A publication Critical patent/CN116781432A/en
Application granted granted Critical
Publication of CN116781432B publication Critical patent/CN116781432B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/302Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information gathering intelligence information for situation awareness or reconnaissance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Evolutionary Computation (AREA)
  • Technology Law (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure provides a method, a device, a computer device and a storage medium for updating information data, wherein the method comprises the following steps: under the condition that the target threat information platform is detected to meet the preset information data updating condition, an information source verification information acquisition request is sent to an upstream threat information platform which has a cascade relation with the target threat information platform; receiving information source verification information sent by an upstream threat information platform; verifying the information source verification information, and sending an information source file acquisition request to an upstream threat information platform when the verification result is passed; updating the information data stored in the target threat information platform according to the received target information source file sent by the upstream threat information platform; and updating the information data stored in the downstream threat information platform with cascade relation with the target threat information platform based on the information data stored in the updated target threat information platform.

Description

Information data updating method and device, computer equipment and storage medium
Technical Field
The disclosure relates to the technical field of network security, and in particular relates to a method, a device, computer equipment and a storage medium for updating information data.
Background
With the rapid development of internet technology, network security problems are increasingly highlighted, and in order to cope with various attack means in the network, network security companies gradually master methods for identifying different network attacks based on information and experience of historical attacks, known vulnerabilities, attack methods and the like. This method for identifying network attacks is known as security intelligence (also known as threat intelligence).
Therefore, how to safely and efficiently transfer threat information, and to perform network security maintenance through information data in the transferred threat information, is a problem to be solved.
Disclosure of Invention
The embodiment of the disclosure at least provides a method, a device, computer equipment and a storage medium for updating information data.
In a first aspect, an embodiment of the present disclosure provides a method for updating intelligence data, including:
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, an information source verification information acquisition request is sent to an upstream threat information platform which has a cascade relation with the target threat information platform;
Receiving information source verification information sent by the upstream threat information platform;
Verifying the information source verification information, and sending an information source file acquisition request to the upstream threat information platform when the verification result is passed;
Updating the information data stored in the target threat information platform according to the received target information source file sent by the upstream threat information platform;
And updating the information data stored in the downstream threat information platform with cascade relation with the target threat information platform based on the updated information data stored in the target threat information platform.
In a possible implementation manner, a plurality of information source files containing information data are stored in the target threat information platform;
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, sending an information source verification information acquisition request to an upstream threat information platform having a cascade relation with the target threat information platform, wherein the information source verification information acquisition request comprises:
and when any information source file is detected to meet the preset information source file updating condition, sending the information source file to an upstream threat information platform which has a cascade relation with the target threat information platform, and verifying an information acquisition request of the information source corresponding to the information source file.
In a possible implementation manner, the receiving the information source verification information sent by the upstream threat information platform includes:
receiving information source verification information sent by the upstream threat information platform after the safety verification is passed; wherein the security verification includes whitelist verification and/or token authentication.
In a possible implementation manner, the receiving the information source verification information sent by the upstream threat information platform includes:
receiving information source verification information which is sent by the upstream threat information platform and comprises hash values of information source files matched with the information source verification information acquisition request; the hash value of the information source file is obtained by carrying out hash processing on the information source file matched with the information source verification information acquisition request.
In a possible implementation manner, the verifying the information source verification information includes:
Determining a hash value to be matched of an information source file corresponding to the information source verification information acquisition request stored in the target threat information platform;
And under the condition that the hash value to be matched is detected to be different from the hash value in the information source verification information, determining that the verification result is passed.
In a possible implementation manner, the cascade relationship comprises a ring cascade relationship or a serial cascade relationship, and the information source verification information comprises transmission link information for recording the transmission condition of the information source file;
The receiving the information source verification information sent by the upstream threat information platform comprises the following steps:
receiving information source verification information comprising the transfer link information sent by the upstream threat information platform; the transfer link information comprises network address information corresponding to the upstream threat information platform.
In one possible implementation, the number of upstream threat intelligence platforms having a cascade relationship with the target threat intelligence platform is a plurality;
the sending an information source verification information acquisition request to an upstream threat information platform having a cascade relationship with the target threat information platform includes:
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, sequentially sending information source verification information acquisition requests to a plurality of upstream threat information platforms which have cascade relations with the target threat information platform according to a polling sequence corresponding to the polling requests; or alternatively
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, determining a target upstream threat information platform from a plurality of upstream threat information platforms having cascade relations with the target threat information platform, and sending an information source verification information acquisition request to the target upstream threat information platform.
In a second aspect, an embodiment of the present disclosure further provides an apparatus for updating intelligence data, including:
the sending module is used for sending an information source verification information acquisition request to an upstream threat information platform having a cascade relation with the target threat information platform under the condition that the target threat information platform is detected to meet a preset information data updating condition;
The receiving module is used for receiving information source verification information sent by the upstream threat information platform;
the verification module is used for verifying the information source verification information and sending an information source file acquisition request to the upstream threat information platform when the verification result is passed;
the first updating module is used for updating the information data stored in the target threat information platform according to the received target information source file sent by the upstream threat information platform;
And the second updating module is used for updating the information data stored in the downstream threat information platform with cascade relation with the target threat information platform based on the updated information data stored in the target threat information platform.
In a possible implementation manner, a plurality of information source files containing information data are stored in the target threat information platform;
the sending module is used for sending an information source verification information acquisition request to an upstream threat information platform having a cascade relation with the target threat information platform under the condition that the target threat information platform is detected to meet a preset information data updating condition, wherein the sending module is used for:
and when any information source file is detected to meet the preset information source file updating condition, sending the information source file to an upstream threat information platform which has a cascade relation with the target threat information platform, and verifying an information acquisition request of the information source corresponding to the information source file.
In a possible implementation manner, the receiving module is configured to, when receiving the information source verification information sent by the upstream threat information platform:
receiving information source verification information sent by the upstream threat information platform after the safety verification is passed; wherein the security verification includes whitelist verification and/or token authentication.
In a possible implementation manner, the receiving module is configured to, when receiving the information source verification information sent by the upstream threat information platform:
receiving information source verification information which is sent by the upstream threat information platform and comprises hash values of information source files matched with the information source verification information acquisition request; the hash value of the information source file is obtained by carrying out hash processing on the information source file matched with the information source verification information acquisition request.
In a possible implementation manner, the verification module is configured to, when verifying the information source verification information:
Determining a hash value to be matched of an information source file corresponding to the information source verification information acquisition request stored in the target threat information platform;
And under the condition that the hash value to be matched is detected to be different from the hash value in the information source verification information, determining that the verification result is passed.
In a possible implementation manner, the cascade relationship comprises a ring cascade relationship or a serial cascade relationship, and the information source verification information comprises transmission link information for recording the transmission condition of the information source file;
The receiving module is used for receiving the information source verification information sent by the upstream threat information platform, and is used for:
receiving information source verification information comprising the transfer link information sent by the upstream threat information platform; the transfer link information comprises network address information corresponding to the upstream threat information platform.
In one possible implementation, the number of upstream threat intelligence platforms having a cascade relationship with the target threat intelligence platform is a plurality;
the sending module is used for sending an information source verification information acquisition request to an upstream threat information platform having a cascade relation with the target threat information platform, wherein the sending module is used for:
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, sequentially sending information source verification information acquisition requests to a plurality of upstream threat information platforms which have cascade relations with the target threat information platform according to a polling sequence corresponding to the polling requests; or alternatively
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, determining a target upstream threat information platform from a plurality of upstream threat information platforms having cascade relations with the target threat information platform, and sending an information source verification information acquisition request to the target upstream threat information platform.
In a third aspect, embodiments of the present disclosure further provide a computer device, comprising: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory in communication via the bus when the computer device is running, the machine-readable instructions when executed by the processor performing the steps of the first aspect, or any of the possible implementations of the first aspect.
In a fourth aspect, the presently disclosed embodiments also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the first aspect, or any of the possible implementations of the first aspect.
The method, the device, the computer equipment and the storage medium for updating the information data are applied to the target threat information platform with cascade relation with other threat information platforms, can send an information source verification information acquisition request to the upstream threat information platform with cascade relation with the target threat information platform under the condition that the information data updating condition is met, and can update the stored information data by using the target information source file sent from the upstream threat information platform under the condition that the information source verification information sent from the upstream threat information platform passes. In this way, the cascade relation among the threat information platforms is used for realizing the direct transfer of the information data among the threat information platforms, and the information data in the information source file can be transferred efficiently without other transfer equipment; on the other hand, by setting the verification process in the information data transmission process, the safety of the information data in the transmission process can be improved, so that threat information can be safely and efficiently transmitted.
The foregoing objects, features and advantages of the disclosure will be more readily apparent from the following detailed description of the preferred embodiments taken in conjunction with the accompanying drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings required for the embodiments are briefly described below, which are incorporated in and constitute a part of the specification, these drawings showing embodiments consistent with the present disclosure and together with the description serve to illustrate the technical solutions of the present disclosure. It is to be understood that the following drawings illustrate only certain embodiments of the present disclosure and are therefore not to be considered limiting of its scope, for the person of ordinary skill in the art may admit to other equally relevant drawings without inventive effort.
Fig. 1 is a flowchart illustrating a method for updating intelligence data according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram showing a cascade relationship between threat intelligence platforms in a method for updating intelligence data provided by an embodiment of the present disclosure;
fig. 3 is a schematic architecture diagram of an information data updating device according to an embodiment of the disclosure;
fig. 4 shows a schematic structural diagram of a computer device according to an embodiment of the disclosure.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments of the present disclosure, but not all embodiments. The components of the embodiments of the present disclosure, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present disclosure provided in the accompanying drawings is not intended to limit the scope of the disclosure, as claimed, but is merely representative of selected embodiments of the disclosure. All other embodiments, which can be made by those skilled in the art based on the embodiments of this disclosure without making any inventive effort, are intended to be within the scope of this disclosure.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
The term "and/or" is used herein to describe only one relationship, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist together, and B exists alone. In addition, the term "at least one" herein means any one of a plurality or any combination of at least two of a plurality, for example, including at least one of A, B, C, may mean including any one or more elements selected from the group consisting of A, B and C.
It will be appreciated that prior to using the technical solutions disclosed in the embodiments of the present disclosure, the user should be informed and authorized of the type, usage range, usage scenario, etc. of the personal information related to the present disclosure in an appropriate manner according to the relevant legal regulations.
For example, in response to receiving an active request from a user, a prompt is sent to the user to explicitly prompt the user that the operation it is requesting to perform will require personal information to be obtained and used with the user. Thus, the user can autonomously select whether to provide personal information to software or hardware such as an electronic device, an application program, a server or a storage medium for executing the operation of the technical scheme of the present disclosure according to the prompt information.
As an alternative but non-limiting implementation, in response to receiving an active request from a user, the manner in which the prompt information is sent to the user may be, for example, a popup, in which the prompt information may be presented in a text manner. In addition, a selection control for the user to select to provide personal information to the electronic device in a 'consent' or 'disagreement' manner can be carried in the popup window.
It will be appreciated that the above-described notification and user authorization process is merely illustrative and not limiting of the implementations of the present disclosure, and that other ways of satisfying relevant legal regulations may be applied to the implementations of the present disclosure.
Through researches, how to safely and efficiently transfer threat information, and network security maintenance through information data in the transferred threat information becomes a problem to be solved urgently.
Based on the above study, the disclosure provides a method, a device, a computer device and a storage medium for updating information data, which are applied to a target threat information platform having a cascade relationship with other threat information platforms, and can send an information source verification information acquisition request to an upstream threat information platform having a cascade relationship with the target threat information platform under the condition that the information data updating condition is satisfied, and update stored information data by using a target information source file sent from the upstream threat information platform under the condition that the information source verification information sent from the upstream threat information platform passes. In this way, the cascade relation among the threat information platforms is used for realizing the direct transfer of the information data among the threat information platforms, and the information data in the information source file can be transferred efficiently without other transfer equipment; on the other hand, by setting the verification process in the information data transmission process, the safety of the information data in the transmission process can be improved, so that threat information can be safely and efficiently transmitted.
For the understanding of the present embodiment, first, a detailed description will be given of an information data update method disclosed in the present embodiment, an execution body of the information data update method provided in the present embodiment is a threat information Platform of an information data sharing Platform, a threat information Platform (THREAT INTELLIGENCE Platform, TIP) may implement functions of threat detection, network attack defense, and outputting threat information according to stored threat information data (hereinafter referred to as information data), where the threat information Platform may be deployed on a computer device with a certain computing capability, and the computer device includes: the terminal device may be a User Equipment (UE), a mobile device, a User terminal, a Personal digital assistant (Personal DIGITAL ASSISTANT, PDA), a handheld device, a computing device, a vehicle-mounted device, a wearable device, or the like, and multiple threat intelligence platforms having a cascade relationship may be deployed on different computer devices in the same network environment, so that communication may be performed through a network connection. In some possible implementations, the method of updating the intelligence data may be implemented by way of a processor invoking computer readable instructions stored in a memory.
Referring to fig. 1, a flowchart of a method for updating information data according to an embodiment of the disclosure is shown, where the method includes S101 to S104, where:
s101: and under the condition that the target threat information platform is detected to meet the preset information data updating condition, sending an information source verification information acquisition request to an upstream threat information platform which has a cascade relation with the target threat information platform.
S102: and receiving information source verification information sent by an upstream threat information platform.
S103: and verifying the information source verification information, and sending an information source file acquisition request to an upstream threat information platform under the condition that the verification result is passed.
S104: and updating the information data stored in the target threat information platform according to the received target information source file sent by the upstream threat information platform.
S105: and updating the information data stored in the downstream threat information platform with cascade relation with the target threat information platform based on the information data stored in the updated target threat information platform.
The following is a detailed description of the above steps.
Aiming at S101,
A plurality of information source files containing information data can be stored in the target threat information platform; the number of the upstream threat information platforms having a cascade relation with the target threat information platform can be multiple, so that the target threat information platform can acquire information data from the multiple upstream threat information platforms; the cascade relation between threat information platforms can be configured by an upstream threat information platform and/or a downstream threat information platform, and sharing of the threat information data among threat information platforms can be realized by configuring the cascade relation between threat information platforms of all levels; the information source verification information acquisition request can comprise request parameters such as an IP address of a requester, timestamp information of the request, token of the request, name of an information source file needing to be updated, request type and the like.
The source of the information source file can be any one of the following sources:
information data cloud service transmission provided by source 1 and network security service provider
Here, the network security facilitator may upload the informative data into the informative data cloud server and transmit the informative source file to a threat informative platform connected to the informative data cloud service through the cloud server.
Source 2, manual input in threat intelligence platform
Here, the user can upload the information source file through corresponding triggering operation in the threat information platform, and after receiving the information data uploaded by the user, the threat information platform can perform validity verification on the uploaded information data according to a preset information source file verification mode, filter invalid data therein, and store the valid data therein as the information source file.
Source 3, other threat intelligence platform with cascading relationship
Here, the other threat information platforms having the cascade relationship may be upstream threat information platforms located upstream in the cascade relationship, and a specific process of how to obtain the threat information data through the upstream threat information platforms will be described below, which will not be further described herein.
Exemplary, a schematic diagram of a cascade relationship between threat intelligence platforms may be shown in fig. 2, where in fig. 2, TIP1 is an upstream threat intelligence platform of TIP2, TIP2 is an upstream threat intelligence platform of TIP3, and intelligence data of TIP1 may be transferred to TIP3 through TIP2, and through such a serial cascade relationship, intelligence data may be shared from one TIP to multiple TIPs; TIP4 is an upstream threat information platform of TIP6, TIP4 is a downstream threat information platform of TIP5, TIP5 is an upstream threat information platform of TIP4, TIP5 is a downstream threat information platform of TIP6, TIP6 is an upstream threat information platform of TIP5, and TIP6 is a downstream threat information platform of TIP4, and through the annular cascade relationship, sharing of information data in each TIP can be realized; TIP8, TIP9 and TIP10 are all upstream threat information platforms of TIP7, and TIP7 can acquire information data from the upstream threat information platforms in a polling mode and the like.
In a possible implementation manner, when it is detected that the target threat information platform meets a preset information data update condition, an information source verification information acquisition request is sent to an upstream threat information platform having a cascade relationship with the target threat information platform, and when it is detected that any information source file meets the preset information source file update condition, the information source verification information acquisition request corresponding to the information source file is sent to the upstream threat information platform having the cascade relationship with the target threat information platform.
The information source file updating condition may be that an information source corresponding to the information source file is updated, for example, an information data cloud server corresponding to the information source file 1 is updated, and it may be determined that the information source file 1 meets the information source file updating condition; or the update condition of the information source file may be that the current time reaches the update time corresponding to the information source file, the update time may be determined by a preset update time interval and the last update time, for example, the current time reaches the update time corresponding to the information source file 2, and it may be determined that the information source file 2 satisfies the update condition of the information source file.
In a possible implementation manner, when the information source verification information obtaining request is sent to the upstream threat information platform having a cascade relationship with the target threat information platform, any one of the following cases may be adopted:
Under the condition 1 that the target threat information platform is detected to meet the preset information data updating condition, sequentially sending information source verification information acquisition requests to a plurality of upstream threat information platforms which have cascade relations with the target threat information platform according to the polling sequence corresponding to the polling requests.
Here, by sequentially sending information source verification information acquisition requests to a plurality of upstream threat information platforms having a cascade relationship with the target threat information platform according to a polling sequence corresponding to the polling requests, orderly updating of information data in the target threat information platform can be realized; on the other hand, the same information data can be stored in a plurality of upstream threat information platforms so as to realize the backup of the information data, thereby avoiding the problem of lack of backup of the information data caused by storing the information data in a single upstream threat information platform.
And 2, under the condition that the target threat information platform is detected to meet the preset information data updating condition, determining the target upstream threat information platform from a plurality of upstream threat information platforms having cascade relations with the target threat information platform, and sending an information source verification information acquisition request to the target upstream threat information platform.
Here, when the target upstream threat information platform is determined from among a plurality of upstream threat information platforms having a cascade relationship with the target threat information platform, the upstream threat information platform corresponding to the information source file to be updated may be regarded as the target upstream threat information platform.
By way of example, taking an upstream threat information platform corresponding to the target threat information platform as an upstream threat information platform 1-3, the upstream threat information platform 1 stores an information source file 1, the upstream threat information platform 2 stores an information source file 2, and the upstream threat information platform 3 stores the information source file 3 as an example, if it is detected that the information source file 1 in the target threat information platform meets the information data update condition, the upstream threat information platform 1 corresponding to the information source file 1 can be used as the target upstream threat information platform, and an information source verification information acquisition request can be sent to the upstream threat information platform 1.
Aiming at S102,
Here, the information source verification information may include a hash value of the information source file matched with the information source verification information acquisition request, and transfer link information for recording a transfer condition of the information source file; by receiving the information source verification information sent by the upstream threat information platform, it is possible to verify whether the information source file at this time corresponds to updatable information data.
In a possible implementation manner, when receiving the information source verification information sent by the upstream threat information platform, the information source verification information sent by the upstream threat information platform after the security verification is passed can be received;
the security verification may include any of the following verification methods:
1. White list verification
Here, for any upstream threat information platform, when configuring the relevant parameters of the cascade relationship for the upstream threat information platform, a downstream threat information platform capable of being connected to the upstream threat information platform may be configured, and the downstream threat information platform capable of being connected to the upstream threat information platform forms a white list of the upstream threat information platform, and only the information source verification information acquisition request sent by the downstream threat information platform in the white list can pass through the white list verification.
Specifically, when the upstream threat information platform performs white list verification, the upstream threat information platform can perform verification based on the IP address of the requester in the information source verification information acquisition request, and if the IP address of the requester is in the white list, the white list verification is passed; and if the IP address of the requester is not in the white list, the white list verification is not passed. In addition, a communication log may be established, and a request or the like that fails the white list verification may be recorded in the communication log.
Therefore, through the white list setting mode, the transmission of the information data among threat information platforms can be effectively monitored, and the data safety of the information data during sharing is improved.
2. Token authentication
Here, the token for token authentication may be included in the information source verification information acquisition request received by the upstream threat information platform, and the token in the information source verification information acquisition request is verified by a preset token authentication method, so as to obtain a token authentication result.
In one possible implementation manner, when receiving the information source verification information sent by the upstream threat information platform, the information source verification information sent by the upstream threat information platform can be received;
the hash value in the information source verification information is obtained by carrying out hash processing on the information source file matched with the information source verification information acquisition request.
Specifically, when determining the hash value corresponding to the information source file, hash processing may be performed on the information source file based on a Message-Digest Algorithm (MD 5) to obtain the MD5 value corresponding to the information source file.
In one possible implementation manner, when receiving the information source verification information sent by the upstream threat information platform, the information source verification information sent by the upstream threat information platform can be received;
The information source verification information can comprise network address information corresponding to an upstream threat information platform.
Here, the network address information may be a local MAC address of the upstream threat information platform, and by recording the MAC address, a transfer link of the information source file during cascade update may be recorded, so that repeated update using the information source file is avoided.
Specifically, when the local MAC address in the information source verification information is used to record the transfer link during cascade update, the method can be used when the cascade relationship between threat information platforms is a ring cascade relationship, that is, when the cascade update is possible, the MAC address is used to record the transfer link during cascade update; alternatively, when calculating the hash value corresponding to the information source file, the hash value may be calculated using the information data corresponding to the source file and the local MAC address (transfer link information), so that the generated hash value includes a part of the content corresponding to the transfer link information, and the effect of avoiding repeated updating using the information source file may be achieved.
For S103,
In a possible implementation manner, when verifying the information source verification information, the following steps A1-A2 are adopted:
A1: and determining a hash value to be matched of an information source file corresponding to the information source verification information acquisition request stored in the target threat information platform.
Here, when determining the hash value to be matched of the information source file corresponding to the information source verification information acquisition request stored in the target threat information platform, the same processing manner as the hash value in the information source verification information may be adopted to generate the hash value to be matched, which is the same as the hash value type in the information source verification information, for example, the hash value in the information source verification information and the type of the hash value to be matched are both MD5 values.
A2: and under the condition that the hash value to be matched is detected to be different from the hash value in the information source verification information, determining that the verification result is passed.
If the hash value to be matched is different from the hash value in the information source verification information, the version of the information source file stored by the target threat information platform at the moment is indicated to be different from the version of the information source text of the upstream threat information platform, and the information source file of the upstream threat information platform has an update value at the moment, and the verification result is passed; if the hash value to be matched is the same as the hash value in the information source verification information, the version of the information source file stored by the target threat information platform at the moment is indicated to be the same as the version of the information source text of the upstream threat information platform, at the moment, the information source file of the upstream threat information platform does not have an updating value, and the verification result is failed.
Therefore, by verifying the information source verification information and sending the information source file acquisition request to the upstream threat information platform when the verification result is passed, whether the information source file has an update value or not can be verified before the information source file with larger data quantity is transmitted, and the information source file is retransmitted under the condition of having the update value, so that the data transmission cost spent in updating the information data is saved.
Aiming at S104,
In a possible implementation manner, when updating the information data stored in the target threat information platform according to the received target information source file sent by the upstream threat information platform, the information source file to be updated, which is matched with the target information source file in the target threat information platform, may be updated according to a preset data updating mode and the target information source file.
The preset data updating mode comprises full updating or incremental updating.
Specifically, under the condition that the preset data updating mode is full-volume updating, the full-volume updating can be performed on the information source file corresponding to the target information source file stored in the target threat information platform according to the received target information source file so as to replace the original information source file; under the condition that the preset data updating mode is incremental updating, the incremental updating can be carried out on the information source file corresponding to the target information source file stored in the target threat information platform according to the data comparison condition between the received target information source file and the information source file corresponding to the target information source file stored in the target threat information platform.
For S105,
After the information data in the target threat information platform is updated, the target threat information platform can be used as an upstream threat information platform, and the information data stored in a downstream threat information platform having a cascade relation with the target threat information platform is updated.
Specifically, regarding how to use the target threat information platform, a specific description of updating the information data stored in the downstream threat information platform having a cascade relationship with the target threat information platform may refer to the description of updating the information data stored in the target threat information platform using the upstream threat information platform, which is not described herein.
The method for updating the information data is applied to the target threat information platform with cascade relation with other threat information platforms, can send an information source verification information acquisition request to the upstream threat information platform with cascade relation with the target threat information platform under the condition that the information data updating condition is met, and can update the stored information data by using the target information source file sent from the upstream threat information platform under the condition that the information source verification information sent from the upstream threat information platform passes. In this way, the cascade relation among the threat information platforms is used for realizing the direct transfer of the information data among the threat information platforms, and the information data in the information source file can be transferred efficiently without other transfer equipment; on the other hand, by setting the verification process in the information data transmission process, the safety of the information data in the transmission process can be improved, so that threat information can be safely and efficiently transmitted.
It will be appreciated by those skilled in the art that in the above-described method of the specific embodiments, the written order of steps is not meant to imply a strict order of execution but rather should be construed according to the function and possibly inherent logic of the steps.
Based on the same inventive concept, the embodiment of the disclosure further provides an apparatus for updating the information data corresponding to the method for updating the information data, and since the principle of solving the problem by the apparatus in the embodiment of the disclosure is similar to that of the method for updating the information data in the embodiment of the disclosure, the implementation of the apparatus may refer to the implementation of the method, and the repetition is omitted.
Referring to fig. 3, which is a schematic architecture diagram of an information data updating device according to an embodiment of the present disclosure, the information data updating device is applied to a target threat information platform, where the target threat information platform has a cascade relationship with other threat information platforms, and the device includes: a transmitting module 301, a receiving module 302, a verifying module 303, a first updating module 304, a second updating module 305; wherein,
The sending module 301 is configured to send an information source verification information obtaining request to an upstream threat information platform having a cascade relationship with the target threat information platform when it is detected that the target threat information platform meets a preset information data update condition;
The receiving module 302 is configured to receive information source verification information sent by the upstream threat information platform;
the verification module 303 is configured to verify the information source verification information, and send an information source file acquisition request to the upstream threat information platform if the verification result is passed;
A first updating module 304, configured to update, according to a received target information source file sent by the upstream threat information platform, information data stored in the target threat information platform;
and a second updating module 305, configured to update the information data stored in the downstream threat information platform having a cascade relationship with the target threat information platform based on the updated information data stored in the target threat information platform.
In a possible implementation manner, a plurality of information source files containing information data are stored in the target threat information platform;
the sending module 301 is configured to, when detecting that the target threat information platform meets a preset information data update condition, send an information source verification information acquisition request to an upstream threat information platform having a cascade relationship with the target threat information platform:
and when any information source file is detected to meet the preset information source file updating condition, sending the information source file to an upstream threat information platform which has a cascade relation with the target threat information platform, and verifying an information acquisition request of the information source corresponding to the information source file.
In a possible implementation manner, the receiving module 302 is configured to, when receiving the information source verification information sent by the upstream threat information platform:
receiving information source verification information sent by the upstream threat information platform after the safety verification is passed; wherein the security verification includes whitelist verification and/or token authentication.
In a possible implementation manner, the receiving module 302 is configured to, when receiving the information source verification information sent by the upstream threat information platform:
receiving information source verification information which is sent by the upstream threat information platform and comprises hash values of information source files matched with the information source verification information acquisition request; the hash value of the information source file is obtained by carrying out hash processing on the information source file matched with the information source verification information acquisition request.
In a possible implementation manner, the verification module 303 is configured to, when verifying the information source verification information:
Determining a hash value to be matched of an information source file corresponding to the information source verification information acquisition request stored in the target threat information platform;
And under the condition that the hash value to be matched is detected to be different from the hash value in the information source verification information, determining that the verification result is passed.
In a possible implementation manner, the cascade relationship comprises a ring cascade relationship or a serial cascade relationship, and the information source verification information comprises transmission link information for recording the transmission condition of the information source file;
The receiving module 302 is configured to, when receiving the information source verification information sent by the upstream threat information platform:
receiving information source verification information comprising the transfer link information sent by the upstream threat information platform; the transfer link information comprises network address information corresponding to the upstream threat information platform.
In one possible implementation, the number of upstream threat intelligence platforms having a cascade relationship with the target threat intelligence platform is a plurality;
the sending module 301 is configured to, when sending an information source verification information obtaining request to an upstream threat information platform having a cascade relationship with a target threat information platform:
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, sequentially sending information source verification information acquisition requests to a plurality of upstream threat information platforms which have cascade relations with the target threat information platform according to a polling sequence corresponding to the polling requests; or alternatively
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, determining a target upstream threat information platform from a plurality of upstream threat information platforms having cascade relations with the target threat information platform, and sending an information source verification information acquisition request to the target upstream threat information platform.
The updating device of the information data is applied to the target threat information platform with cascade relation with other threat information platforms, can send an information source verification information acquisition request to the upstream threat information platform with cascade relation with the target threat information platform under the condition that the information data updating condition is met, and can update stored information data by using the target information source file sent from the upstream threat information platform under the condition that the information source verification information sent from the upstream threat information platform passes. In this way, the cascade relation among the threat information platforms is used for realizing the direct transfer of the information data among the threat information platforms, and the information data in the information source file can be transferred efficiently without other transfer equipment; on the other hand, by setting the verification process in the information data transmission process, the safety of the information data in the transmission process can be improved, so that threat information can be safely and efficiently transmitted.
The process flow of each module in the apparatus and the interaction flow between the modules may be described with reference to the related descriptions in the above method embodiments, which are not described in detail herein.
Based on the same technical concept, the embodiment of the disclosure also provides computer equipment. Referring to fig. 4, a schematic structural diagram of a computer device 400 according to an embodiment of the disclosure includes a processor 401, a memory 402, and a bus 403. The memory 402 is configured to store execution instructions, including a memory 4021 and an external memory 4022; the memory 4021 is also referred to as an internal memory, and is used for temporarily storing operation data in the processor 401 and data exchanged with the external memory 4022 such as a hard disk, the processor 401 exchanges data with the external memory 4022 through the memory 4021, and when the computer device 400 operates, the processor 401 and the memory 402 communicate with each other through the bus 403, so that the processor 401 executes the following instructions:
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, an information source verification information acquisition request is sent to an upstream threat information platform which has a cascade relation with the target threat information platform;
Receiving information source verification information sent by an upstream threat information platform;
Verifying the information source verification information, and sending an information source file acquisition request to an upstream threat information platform when the verification result is passed;
Updating the information data stored in the target threat information platform according to the received target information source file sent by the upstream threat information platform;
And updating the information data stored in the downstream threat information platform with cascade relation with the target threat information platform based on the information data stored in the updated target threat information platform.
In a possible implementation, in the instructions of the processor 401, the target threat intelligence platform stores a plurality of intelligence source files containing intelligence data;
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, sending an information source verification information acquisition request to an upstream threat information platform having a cascade relation with the target threat information platform, wherein the information source verification information acquisition request comprises:
And when any information source file is detected to meet the preset information source file updating condition, sending the information source file to an upstream threat information platform with cascade relation with the target threat information platform, and verifying information acquisition requests of information sources corresponding to the information source file.
In a possible implementation manner, in an instruction of the processor 401, the receiving, by the upstream threat intelligence platform, the intelligence source verification information includes:
Receiving information source verification information sent by an upstream threat information platform after the safety verification is passed; wherein the security verification includes whitelist verification and/or token authentication.
In a possible implementation manner, in an instruction of the processor 401, the receiving, by the upstream threat intelligence platform, the intelligence source verification information includes:
Receiving information source verification information which is sent by an upstream threat information platform and comprises hash values of information source files matched with information source verification information acquisition requests; the hash value of the information source file is obtained by carrying out hash processing on the information source file matched with the information source verification information acquisition request.
In a possible implementation manner, the instructions of the processor 401 verify the information source verification information, including:
Determining a hash value to be matched of an information source file corresponding to an information source verification information acquisition request stored in a target threat information platform;
And under the condition that the hash value to be matched is detected to be different from the hash value in the information source verification information, determining that the verification result is passed.
In a possible implementation manner, in the instruction of the processor 401, the cascade relationship includes a ring cascade relationship or a serial cascade relationship, and the information source verification information includes transfer link information for recording a transfer condition of the information source file;
Receiving information source verification information sent by an upstream threat information platform, comprising:
Receiving information source verification information comprising transfer link information sent by an upstream threat information platform; the transfer link information comprises network address information corresponding to an upstream threat information platform.
In a possible implementation manner, in the instructions of the processor 401, the number of the upstream threat information platforms having the cascade relationship with the target threat information platform is a plurality;
Sending an information source verification information acquisition request to an upstream threat information platform having a cascade relationship with a target threat information platform, comprising:
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, sequentially sending information source verification information acquisition requests to a plurality of upstream threat information platforms which have cascade relations with the target threat information platform according to the polling sequence corresponding to the polling requests; or alternatively
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, determining the target upstream threat information platform from a plurality of upstream threat information platforms having cascade relations with the target threat information platform, and sending an information source verification information acquisition request to the target upstream threat information platform.
The disclosed embodiments also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of updating intelligence data in the method embodiments described above. Wherein the storage medium may be a volatile or nonvolatile computer readable storage medium.
The embodiments of the present disclosure further provide a computer program product, where the computer program product carries program code, and instructions included in the program code may be used to perform the steps of the method for updating intelligence data in the above method embodiments, and specifically reference may be made to the above method embodiments, which are not described herein.
Wherein the above-mentioned computer program product may be realized in particular by means of hardware, software or a combination thereof. In an alternative embodiment, the computer program product is embodied as a computer storage medium, and in another alternative embodiment, the computer program product is embodied as a software product, such as a software development kit (Software Development Kit, SDK), or the like.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described system and apparatus may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again. In the several embodiments provided in the present disclosure, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present disclosure may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer readable storage medium executable by a processor. Based on such understanding, the technical solution of the present disclosure may be embodied in essence or a part contributing to the prior art or a part of the technical solution, or in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods of the various embodiments of the present disclosure. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Finally, it should be noted that: the foregoing examples are merely illustrative of specific embodiments of the present disclosure, and are not intended to limit the scope of the disclosure, although the disclosure has been described in detail with reference to the foregoing examples, it will be understood by those of ordinary skill in the art that: any person skilled in the art, within the technical scope of the disclosure of the present disclosure, may modify or easily conceive changes to the technical solutions described in the foregoing embodiments, or make equivalent substitutions for some of the technical features thereof; such modifications, changes or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the disclosure, and are intended to be included within the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims (7)

1. A method of updating intelligence data, comprising:
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, an information source verification information acquisition request is sent to an upstream threat information platform which has a cascade relation with the target threat information platform; the number of the upstream threat information platforms with cascade relation with the target threat information platform is multiple, and the same information data is stored in the multiple upstream threat information platforms; the target threat information platform comprises information data which is uploaded and stored after validity verification;
Receiving information source verification information which is sent by the upstream threat information platform after the safety verification is passed and comprises hash values of information source files matched with the information source verification information acquisition request; wherein the security verification includes whitelist verification and token authentication; the hash value of the information source file is obtained by carrying out hash processing on the information source file matched with the information source verification information acquisition request; the information source verification information comprises transmission link information for recording the transmission condition of an information source file;
Verifying the information source verification information, and sending an information source file acquisition request to the upstream threat information platform when the verification result is passed;
Updating the information data stored in the target threat information platform according to the received target information source file sent by the upstream threat information platform;
Updating the information data stored in the downstream threat information platform having a cascade relation with the target threat information platform based on the updated information data stored in the target threat information platform; wherein the cascade relationship comprises an annular cascade relationship or a serial cascade relationship;
the sending an information source verification information acquisition request to an upstream threat information platform having a cascade relationship with the target threat information platform includes:
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, sequentially sending information source verification information acquisition requests to a plurality of upstream threat information platforms which have cascade relations with the target threat information platform according to a polling sequence corresponding to the polling requests; or under the condition that the target threat information platform is detected to meet the preset information data updating condition, determining a target upstream threat information platform from a plurality of upstream threat information platforms having cascade relations with the target threat information platform, and sending an information source verification information acquisition request to the target upstream threat information platform;
the updating of the information data stored in the target threat information platform comprises the following steps: updating the information source file to be updated, which is matched with the target information source file, in the target threat information platform based on a preset data updating mode and the target information source file, wherein the preset data updating mode comprises full updating and incremental updating.
2. The method of claim 1, wherein the targeted threat intelligence platform has stored therein a plurality of intelligence source files containing intelligence data;
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, sending an information source verification information acquisition request to an upstream threat information platform having a cascade relation with the target threat information platform, wherein the information source verification information acquisition request comprises:
and when any information source file is detected to meet the preset information source file updating condition, sending the information source file to an upstream threat information platform which has a cascade relation with the target threat information platform, and verifying an information acquisition request of the information source corresponding to the information source file.
3. The method of claim 1, wherein said validating said intelligence source validation information comprises:
Determining a hash value to be matched of an information source file corresponding to the information source verification information acquisition request stored in the target threat information platform;
And under the condition that the hash value to be matched is detected to be different from the hash value in the information source verification information, determining that the verification result is passed.
4. The method of claim 1, wherein said receiving intelligence source verification information sent by said upstream threat intelligence platform comprises:
receiving information source verification information comprising the transfer link information sent by the upstream threat information platform; the transfer link information comprises network address information corresponding to the upstream threat information platform.
5. An information data updating apparatus, comprising:
The sending module is used for sending an information source verification information acquisition request to an upstream threat information platform having a cascade relation with the target threat information platform under the condition that the target threat information platform is detected to meet a preset information data updating condition; the number of the upstream threat information platforms with cascade relation with the target threat information platform is multiple, and the same information data is stored in the multiple upstream threat information platforms; the target threat information platform comprises information data which is uploaded and stored after validity verification;
The receiving module is used for receiving information source verification information which is sent by the upstream threat information platform after the safety verification is passed and comprises hash values of information source files matched with the information source verification information acquisition request; wherein the security verification includes whitelist verification and token authentication; the hash value of the information source file is obtained by carrying out hash processing on the information source file matched with the information source verification information acquisition request; the information source verification information comprises transmission link information for recording the transmission condition of an information source file;
the verification module is used for verifying the information source verification information and sending an information source file acquisition request to the upstream threat information platform when the verification result is passed;
the first updating module is used for updating the information data stored in the target threat information platform according to the received target information source file sent by the upstream threat information platform;
The second updating module is used for updating the information data stored in the downstream threat information platform with cascade relation with the target threat information platform based on the updated information data stored in the target threat information platform; wherein the cascade relationship comprises an annular cascade relationship or a serial cascade relationship;
the sending module is used for sending an information source verification information acquisition request to an upstream threat information platform having a cascade relation with the target threat information platform, wherein the sending module is used for:
Under the condition that the target threat information platform is detected to meet the preset information data updating condition, sequentially sending information source verification information acquisition requests to a plurality of upstream threat information platforms which have cascade relations with the target threat information platform according to a polling sequence corresponding to the polling requests; or under the condition that the target threat information platform is detected to meet the preset information data updating condition, determining a target upstream threat information platform from a plurality of upstream threat information platforms having cascade relations with the target threat information platform, and sending an information source verification information acquisition request to the target upstream threat information platform;
The first updating module is used for updating the information data stored in the target threat information platform, and is used for: updating the information source file to be updated, which is matched with the target information source file, in the target threat information platform based on a preset data updating mode and the target information source file, wherein the preset data updating mode comprises full updating and incremental updating.
6. A computer device, comprising: a processor, a memory and a bus, said memory storing machine readable instructions executable by said processor, said processor and said memory communicating over the bus when the computer device is running, said machine readable instructions when executed by said processor performing the steps of the method of updating intelligence data according to any of claims 1 to 4.
7. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps of the method for updating intelligence data according to any one of claims 1 to 4.
CN202311075419.9A 2023-08-24 2023-08-24 Information data updating method and device, computer equipment and storage medium Active CN116781432B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311075419.9A CN116781432B (en) 2023-08-24 2023-08-24 Information data updating method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311075419.9A CN116781432B (en) 2023-08-24 2023-08-24 Information data updating method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN116781432A CN116781432A (en) 2023-09-19
CN116781432B true CN116781432B (en) 2024-05-28

Family

ID=88008512

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311075419.9A Active CN116781432B (en) 2023-08-24 2023-08-24 Information data updating method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116781432B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109739810A (en) * 2018-12-07 2019-05-10 中山市江波龙电子有限公司 File synchronisation method, server, client and the device with store function
CN110213055A (en) * 2019-05-07 2019-09-06 北京奇安信科技有限公司 Intelligence update method, apparatus, computer equipment and computer readable storage medium
CN110677472A (en) * 2019-09-24 2020-01-10 杭州安恒信息技术股份有限公司 IOC intelligent extraction and sharing-based cooperative defense method
CN114003904A (en) * 2021-12-31 2022-02-01 北京微步在线科技有限公司 Information sharing method, device, computer equipment and storage medium
CN115145941A (en) * 2022-09-02 2022-10-04 北京微步在线科技有限公司 Information management method, system and computer readable storage medium
CN115865453A (en) * 2022-11-25 2023-03-28 南京南瑞信息通信科技有限公司 Information sharing system, method, device and storage medium based on endogenous information
CN115987697A (en) * 2023-03-21 2023-04-18 安徽省大数据中心 Multi-level information data sharing method and system based on event subscription mechanism
CN116389510A (en) * 2023-04-18 2023-07-04 奇安信科技集团股份有限公司 Method, device and medium for updating local threat information data

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3050256B1 (en) * 2013-09-29 2019-03-13 McAfee, LLC Threat intelligence on a data exchange layer
US10938875B2 (en) * 2019-04-26 2021-03-02 Dell Products L.P. Multi-processor/endpoint data duplicating system
EP4420300A1 (en) * 2021-10-18 2024-08-28 Sophos Limited Network appliances for secure enterprise resources

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109739810A (en) * 2018-12-07 2019-05-10 中山市江波龙电子有限公司 File synchronisation method, server, client and the device with store function
CN110213055A (en) * 2019-05-07 2019-09-06 北京奇安信科技有限公司 Intelligence update method, apparatus, computer equipment and computer readable storage medium
CN110677472A (en) * 2019-09-24 2020-01-10 杭州安恒信息技术股份有限公司 IOC intelligent extraction and sharing-based cooperative defense method
CN114003904A (en) * 2021-12-31 2022-02-01 北京微步在线科技有限公司 Information sharing method, device, computer equipment and storage medium
CN115145941A (en) * 2022-09-02 2022-10-04 北京微步在线科技有限公司 Information management method, system and computer readable storage medium
CN115865453A (en) * 2022-11-25 2023-03-28 南京南瑞信息通信科技有限公司 Information sharing system, method, device and storage medium based on endogenous information
CN115987697A (en) * 2023-03-21 2023-04-18 安徽省大数据中心 Multi-level information data sharing method and system based on event subscription mechanism
CN116389510A (en) * 2023-04-18 2023-07-04 奇安信科技集团股份有限公司 Method, device and medium for updating local threat information data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李建华等主编.《网络信息系统安全管理》.机械工业出版社,2021,第248-249页. *

Also Published As

Publication number Publication date
CN116781432A (en) 2023-09-19

Similar Documents

Publication Publication Date Title
CN112446785B (en) Cross-chain transaction method, system, device, equipment and storage medium
CN103975337B (en) Predictability heap overflow is protected
CN106230851B (en) Data security method and system based on block chain
RU2680736C1 (en) Malware files in network traffic detection server and method
JP5646631B2 (en) Device audit
CN110582988A (en) Secure system operation
CN110971656B (en) Secure storage of data in a blockchain
CN109829294B (en) Firmware verification method, system, server and electronic equipment
CN101496019B (en) Method for access authentication for distributed file system and distributed file system
EP3270318B1 (en) Dynamic security module terminal device and method for operating same
CN104396220A (en) Method and device for secure content retrieval
US11757884B2 (en) Method and system for controlling the release of a resource
CN111492355B (en) Method and control system for controlling and/or monitoring a device
CN113950679A (en) Validating a measurement dataset using speaker consensus
CN111222160A (en) Intelligent contract execution method and system
US20200265135A1 (en) Protecting a software program against tampering
CN116896480A (en) Network security management system based on block chain
Kim et al. Shadowauth: Backward-compatible automatic can authentication for legacy ecus
CN115989480A (en) Method for modifying software in a motor vehicle
CN116561820B (en) Trusted data processing method and related device
CN116781432B (en) Information data updating method and device, computer equipment and storage medium
CN117407437A (en) Block chain-based data processing method, equipment and readable storage medium
CN112713996A (en) Fault verification method based on block chain, server and terminal
CN105653932A (en) Software upgrading validation method and device
CN112425121A (en) Usage control data network for distributed databases

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant