CN117151887A - Authority adjusting method, authority adjusting device, computer equipment and storage medium - Google Patents
Authority adjusting method, authority adjusting device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN117151887A CN117151887A CN202310967263.9A CN202310967263A CN117151887A CN 117151887 A CN117151887 A CN 117151887A CN 202310967263 A CN202310967263 A CN 202310967263A CN 117151887 A CN117151887 A CN 117151887A
- Authority
- CN
- China
- Prior art keywords
- resource transfer
- abnormal
- user account
- abnormal behavior
- log data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000012546 transfer Methods 0.000 claims abstract description 376
- 206010000117 Abnormal behaviour Diseases 0.000 claims abstract description 131
- 238000012545 processing Methods 0.000 claims abstract description 48
- 238000004458 analytical method Methods 0.000 claims abstract description 44
- 230000002159 abnormal effect Effects 0.000 claims description 99
- 238000011156 evaluation Methods 0.000 claims description 59
- 230000006399 behavior Effects 0.000 claims description 47
- 238000004590 computer program Methods 0.000 claims description 24
- 238000000605 extraction Methods 0.000 claims description 16
- 230000005856 abnormality Effects 0.000 claims description 5
- 238000013480 data collection Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 description 12
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012549 training Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 230000004931 aggregating effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013136 deep learning model Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/06—Asset management; Financial planning or analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3438—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Engineering & Computer Science (AREA)
- Development Economics (AREA)
- General Business, Economics & Management (AREA)
- Economics (AREA)
- Technology Law (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Entrepreneurship & Innovation (AREA)
- Human Resources & Organizations (AREA)
- Computer Hardware Design (AREA)
- Game Theory and Decision Science (AREA)
- Quality & Reliability (AREA)
- Computer Security & Cryptography (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application relates to a permission adjustment method, a permission adjustment device, computer equipment and a storage medium. The method comprises the following steps: collecting log data of each micro service in the distributed system based on the distributed message processing platform; extracting features of the log data to obtain resource transfer features in the log data; processing the resource transfer characteristics by adopting an abnormal behavior analysis model to obtain abnormal behavior results aiming at each user account; and calling an application programming interface based on the abnormal behavior result, and adjusting the resource transfer permission of the user account corresponding to the abnormal behavior result. By adopting the method, the resource transfer risk can be avoided in advance.
Description
Technical Field
The present application relates to the field of big data technology, and in particular, to a rights adjustment method, apparatus, computer device, storage medium, and computer program product.
Background
With the development of internet technology and the popularization of various payment channels, network transactions are rapidly increased, and various internet applications are full of a large number of transactions at all times. With the consequent security problems of resource transfer.
However, the current resource transfer method or the traditional method has the problem that the resource transfer risk cannot be avoided in advance.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a rights adjustment method, apparatus, computer device, computer-readable storage medium, and computer program product that can avoid resource transfer risk in advance.
In a first aspect, the present application provides a rights adjustment method, including:
collecting log data of each micro service in the distributed system based on the distributed message processing platform;
extracting features of the log data to obtain resource transfer features in the log data;
processing the resource transfer characteristics by adopting an abnormal behavior analysis model to obtain abnormal behavior results aiming at each user account;
and calling an application programming interface based on the abnormal behavior result, and adjusting the resource transfer permission of the user account corresponding to the abnormal behavior result.
In one embodiment, the method further comprises:
acquiring history log data of each micro service;
extracting features of the history log data to obtain history resource transfer features in the history log data;
and establishing an abnormal behavior analysis model based on the historical resource transfer characteristics and the abnormal resource transfer behaviors corresponding to the historical resource transfer characteristics.
In one embodiment, feature extraction is performed on log data to obtain a resource transfer feature in the log data, including:
extracting features of the log data to obtain resource transfer features corresponding to each resource transfer behavior; the resource transfer characteristics comprise resource transfer time information, resource transfer numerical information, resource transfer physical address information and resource transfer IP address information;
and processing the resource transfer characteristics corresponding to the resource transfer behaviors based on the user accounts to obtain the resource transfer characteristics corresponding to the user accounts.
In one embodiment, processing the resource transfer feature using the abnormal behavior analysis model to obtain an abnormal behavior result for each user account includes:
processing the resource transfer characteristics corresponding to the user account to obtain the resource transfer numerical value abnormal information, the resource transfer frequency abnormal information and the resource transfer access abnormal information corresponding to the user account;
and processing the resource transfer numerical value abnormal information, the resource transfer frequency abnormal information and the resource transfer access abnormal information corresponding to the user account by adopting an abnormal behavior analysis model to obtain an abnormal behavior result of the user account.
In one embodiment, an abnormal behavior analysis model is used to process abnormal information of a resource transfer value, abnormal information of a frequency of resource transfer and abnormal information of resource transfer access corresponding to a user account, so as to obtain an abnormal behavior result of the user account, including:
processing the resource transfer numerical value abnormal information, the resource transfer frequency abnormal information and the resource transfer access abnormal information corresponding to the user account by adopting an abnormal behavior analysis model to obtain behavior evaluation of the user account; the abnormal behavior evaluation comprises a resource transfer numerical value evaluation, a resource transfer frequency evaluation and a resource transfer access evaluation;
if the resource transfer value evaluation is greater than the resource transfer value threshold, the abnormal behavior result of the user account comprises abnormal resource transfer value;
if the resource transfer frequency evaluation is greater than the resource transfer frequency threshold, the abnormal behavior result of the user account comprises abnormal resource transfer frequency;
if the resource transfer access rating is greater than the resource transfer access threshold, the abnormal behavior result of the user account includes a resource transfer access abnormality.
In one embodiment, invoking the application programming interface based on the abnormal behavior result, and adjusting the resource transfer permission of the user account corresponding to the abnormal behavior result includes:
if the abnormal behavior result comprises abnormal resource transfer value, calling a corresponding application programming interface based on the evaluation of the resource transfer value, and adjusting the resource transfer value authority of the user account;
if the abnormal behavior result comprises abnormal resource transfer frequency, calling a corresponding application programming interface based on the resource frequency value evaluation, and adjusting the resource transfer frequency authority of the user account;
if the abnormal behavior result comprises abnormal resource transfer access, calling a corresponding application programming interface based on the resource transfer numerical value evaluation, and adjusting the resource transfer access authority of the user account.
In a second aspect, the present application provides a rights adjustment apparatus, the apparatus comprising:
the data collection module is used for collecting log data of each micro service in the distributed system based on the distributed message processing platform;
the feature extraction module is used for extracting features of the log data to obtain resource transfer features in the log data;
the abnormal judgment module is used for processing the resource transfer characteristics by adopting an abnormal behavior analysis model to obtain abnormal behavior results aiming at each user account;
and the permission adjustment module is used for calling the application programming interface based on the abnormal behavior result and adjusting the resource transfer permission of the user account corresponding to the abnormal behavior result.
In a third aspect, the application provides a computer device comprising a memory storing a computer program and a processor implementing the steps of the method described above when the processor executes the computer program.
In a fourth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method described above.
In a fifth aspect, the application provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method described above.
The authority adjusting method, the device, the computer equipment, the storage medium and the computer program product collect log data of each micro service in the distributed system by the aid of the distributed message processing platform; extracting features of the log data to obtain resource transfer features in the log data; processing the resource transfer characteristics by adopting an abnormal behavior analysis model to obtain abnormal behavior results aiming at each user account; the application programming interface is called based on the abnormal behavior result, the resource transfer authority of the user account corresponding to the abnormal behavior result is adjusted, the abnormal resource transfer behaviors of all the user accounts are analyzed and processed in quasi-real time on the premise that the original resource transfer is not affected, the risk of resource transfer can be avoided in advance, the probability of the next abnormal resource transfer behavior is reduced, and the risks including, but not limited to, the stability of a distributed system, the identification information of the fraudulent user account and the like are prevented.
Drawings
FIG. 1 is a flow chart of a rights adjustment method in one embodiment;
FIG. 2 is a flow chart of an abnormal behavior analysis model training step in one embodiment;
FIG. 3 is a flow chart of a rights adjustment step in one embodiment;
FIG. 4 is a flowchart illustrating a rights adjustment procedure in another embodiment;
FIG. 5 is a flowchart illustrating a rights adjustment procedure in yet another embodiment;
FIG. 6 is a flowchart illustrating a rights adjustment step in yet another embodiment;
FIG. 7 is a block diagram of a rights adjustment apparatus in one embodiment;
fig. 8 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
In one embodiment, as shown in fig. 1, there is provided a rights adjustment method, including:
step 110, collecting log data of each micro service in a distributed system based on a distributed message processing platform;
in particular, in the large environment of the micro-service architecture, the distributed system can adopt a unified distributed message processing platform for aggregating and analyzing the problems generated by each micro-service of the distributed system in terms of resource transfer, or displaying the resource transfer success rate, the resource occupation condition and the like of the distributed system. Based on the distributed message processing platform, log data of each micro service in the distributed system can be collected, wherein the distributed message processing platform can comprise a Kafka distributed message processing platform and is used for collecting log data generated by each micro service in the whole distributed system, so that comprehensive and non-repeated collection is ensured, and errors caused by data collection are reduced.
In some examples, after log data for each micro service in the distributed system is collected, a full log flush may be performed on the log data, and the log data may be converted into a standard format, so as to obtain log data in the standard format, so as to enter the next step.
Step 120, extracting features of the log data to obtain resource transfer features in the log data;
specifically, feature extraction can be performed on the log data, for example, the log data under the standard format can be screened based on the correlation between the log data and the resource transfer service to obtain current resource transfer data; further, feature extraction can be performed on the current resource transfer data to obtain resource transfer features in the log data. In some examples, the resource transfer characteristics in the log data may include resource transfer time information, resource transfer numerical information, resource transfer physical address information, and resource transfer IP address information. By extracting the characteristics of the log data, the abnormal resource transfer behavior can be conveniently and comprehensively and accurately identified.
130, processing the resource transfer characteristics by adopting an abnormal behavior analysis model to obtain abnormal behavior results aiming at each user account;
specifically, the resource transfer characteristics can be processed by applying an abnormal behavior analysis model based on big data analysis frameworks such as a Hadoop big data processing platform or a Spark distributed data processing platform so as to analyze the abnormal behaviors of the user accounts and obtain abnormal behavior results aiming at each user account. The abnormal behavior analysis model may be trained based on historical resource transfer data, which may include historical resource transfer characteristics and abnormal resource transfer behaviors corresponding to the historical resource transfer characteristics. The abnormal behavior results for each user account may include resource transfer value anomalies, resource transfer frequency anomalies, and resource transfer access anomalies. The abnormal behavior analysis model is adopted to process the resource transfer characteristics, so that abnormal behavior results aiming at all user accounts are obtained, and the resource transfer permission of the user accounts can be conveniently and adaptively adjusted.
In some examples, analysis may be performed on the resource transfer characteristics within a certain interval, for example, a time interval for the resource transfer behavior, a physical address interval for a user account corresponding to the resource transfer behavior, an IP address interval for a user account corresponding to the resource transfer behavior, or a transfer value interval for the resource transfer behavior, to identify whether the resource transfer behavior is an abnormal behavior, and a corresponding abnormal behavior type.
And 140, calling an application programming interface based on the abnormal behavior result, and adjusting the resource transfer permission of the user account corresponding to the abnormal behavior result.
Specifically, the abnormal behavior result may include, for example, whether the abnormal behavior exists in the resource transfer behavior of each user account and the corresponding abnormal behavior type, and further, based on the abnormal resource transfer behavior, a corresponding application programming interface may be called, so as to adjust the resource transfer authority of the user account corresponding to the abnormal behavior result, so as to avoid the risk of resource transfer in advance, reduce the probability of the next abnormal resource transfer behavior, and prevent risks including, but not limited to, affecting the stability of the distributed system, stealing identification information of the fraudulent user account, and the like.
In some examples, corresponding pre-warning information may be output based on the abnormal behavior results to prompt manual processing of the abnormal behavior results.
In the embodiment, log data of each micro service in the distributed system is collected through a distributed message processing platform; extracting features of the log data to obtain resource transfer features in the log data; processing the resource transfer characteristics by adopting an abnormal behavior analysis model to obtain abnormal behavior results aiming at each user account; the application programming interface is called based on the abnormal behavior result, the resource transfer authority of the user account corresponding to the abnormal behavior result is adjusted, the abnormal resource transfer behaviors of all the user accounts are analyzed and processed in quasi-real time on the premise that the original resource transfer is not affected, the risk of resource transfer can be avoided in advance, the probability of the next abnormal resource transfer behavior is reduced, and the risks including, but not limited to, the stability of a distributed system, the identification information of the fraudulent user account and the like are prevented.
In one embodiment, as shown in fig. 2, the method further comprises:
step 210, acquiring history log data of each micro service;
step 220, extracting features of the history log data to obtain history resource transfer features in the history log data;
step 230, based on the historical resource transfer characteristics and the abnormal resource transfer behaviors corresponding to the historical resource transfer characteristics, an abnormal behavior analysis model is established.
Specifically, historical log data of each micro service of the distributed system can be obtained, wherein the historical log data can comprise log data aiming at different abnormal resource transfer behaviors; the characteristic extraction can be carried out on the history log data to obtain the history resource transfer characteristic in the history log data. The historical resource transfer characteristics in the historical log data may include historical resource transfer time information, historical resource transfer numerical information, historical resource transfer physical address information, and historical resource transfer IP address (Internet Protocol Address) information. The preset model can be trained based on the historical resource transfer characteristics and the abnormal resource transfer behaviors corresponding to the historical resource transfer characteristics to obtain an abnormal behavior analysis model, the preset model can be a deep learning model, and the abnormal behavior analysis model is a training model with accuracy passing corresponding tests. The abnormal behavior analysis model is obtained through training and can be used for identifying abnormal resource transfer behaviors.
In some examples, the manner in which the user accounts are tagged or aliased may be managed by determining a plurality of user accounts over a time interval, and the historical log data for each micro-service is unit-collected from the tags or aliases for feature extraction and analytical modeling. The obtained abnormal behavior analysis model can be used for identifying abnormal resource transfer behaviors.
In one embodiment, as shown in fig. 3, feature extraction is performed on log data to obtain a resource transfer feature in the log data, including:
step 310, extracting features of the log data to obtain resource transfer features corresponding to each resource transfer behavior; the resource transfer characteristics comprise resource transfer time information, resource transfer numerical information, resource transfer physical address information and resource transfer IP address information;
step 320, processing the resource transfer characteristics corresponding to each resource transfer behavior based on each user account, to obtain the resource transfer characteristics corresponding to each user account.
Specifically, feature extraction can be performed on the log data to obtain resource transfer features corresponding to each resource transfer behavior, wherein the feature extraction can be performed by screening the log data in a standard format to obtain current resource transfer data; further, feature extraction can be performed on the current resource transfer data, for example, a key information identification mode is adopted to obtain resource transfer features in log data. The resource transfer characteristics may include resource transfer time information, resource transfer numerical information, resource transfer physical address information, and resource transfer IP address information, where the resource transfer time information may include a time corresponding to a resource transfer behavior; the resource transfer physical address information may include a physical address of a device to which the user account corresponding to the resource transfer behavior is logged in; the resource transfer IP address information may include an IP address corresponding to the resource transfer behavior. Further, the resource transfer characteristics corresponding to each resource transfer behavior can be processed based on each user account to obtain the resource transfer characteristics corresponding to each user account, and the resource transfer characteristics can include a resource transfer time characteristic, a resource transfer numerical value characteristic, a resource transfer physical address characteristic and a resource transfer IP address characteristic. By extracting the characteristics of the log data, the abnormal resource transfer behavior can be conveniently and comprehensively and accurately identified.
In one embodiment, as shown in fig. 4, the processing the resource transfer feature by using the abnormal behavior analysis model to obtain the abnormal behavior result for each user account includes:
step 410, processing the resource transfer characteristics corresponding to the user account to obtain the resource transfer numerical value anomaly information, the resource transfer frequency anomaly information and the resource transfer access anomaly information corresponding to the user account;
and step 420, processing the resource transfer numerical value abnormal information, the resource transfer frequency abnormal information and the resource transfer access abnormal information corresponding to the user account by adopting an abnormal behavior analysis model to obtain an abnormal behavior result of the user account.
Specifically, the resource transfer characteristics corresponding to the user account can be processed, for example, the resource transfer numerical value characteristics are processed, so as to obtain the abnormal information of the resource transfer numerical value corresponding to the user account; processing the resource transfer time characteristics to obtain abnormal information of the resource transfer frequency corresponding to the user account; and processing the physical address feature of the resource transfer and the IP address feature of the resource transfer to obtain abnormal information of the resource transfer access corresponding to the user account. Further, the abnormal behavior analysis model may be used to process abnormal information of the resource transfer value, abnormal information of the frequency of the resource transfer and abnormal information of the resource transfer access corresponding to the user account, so as to obtain an abnormal behavior result of the user account, where the abnormal behavior result of the user account may include at least one of abnormal value of the resource transfer, abnormal frequency of the resource transfer and abnormal access of the resource transfer. The abnormal behavior analysis model is adopted to process the resource transfer characteristics, so that abnormal behavior results aiming at all user accounts are obtained, and the resource transfer permission of the user accounts can be conveniently and adaptively adjusted.
In one embodiment, as shown in fig. 5, processing the abnormal information of the resource transfer value, the abnormal information of the frequency of resource transfer and the abnormal information of the access of resource transfer corresponding to the user account by using the abnormal behavior analysis model to obtain an abnormal behavior result of the user account includes:
step 510, processing the abnormal information of the resource transfer value, the abnormal information of the resource transfer frequency and the abnormal information of the resource transfer access corresponding to the user account by adopting an abnormal behavior analysis model to obtain behavior evaluation of the user account; the abnormal behavior evaluation comprises a resource transfer numerical value evaluation, a resource transfer frequency evaluation and a resource transfer access evaluation;
step 520, if the resource transfer value evaluation is greater than the resource transfer value threshold, the abnormal behavior result of the user account includes abnormal resource transfer value;
step 530, if the resource transfer frequency evaluation is greater than the resource transfer frequency threshold, the abnormal behavior result of the user account includes abnormal resource transfer frequency;
if the resource transfer access rating is greater than the resource transfer access threshold, the user account's abnormal behavior results include a resource transfer access anomaly, step 540.
Specifically, the abnormal behavior analysis model can be adopted to process the abnormal information of the resource transfer value, the abnormal information of the resource transfer frequency and the abnormal information of the resource transfer access corresponding to the user account, so as to obtain the evaluation of the resource transfer value, the evaluation of the resource transfer frequency and the evaluation of the resource transfer access of the user account; for example, the abnormal behavior analysis model processes abnormal information of the resource transfer value of the user account, so that the resource transfer value evaluation aiming at the user account can be obtained, the resource transfer value evaluation can be a percentile value, and the higher the resource transfer value evaluation is, the higher the abnormal degree of the resource transfer value is represented; if the resource transfer value evaluation is greater than the resource transfer value threshold, it may be determined that the abnormal behavior result of the user account includes an abnormal resource transfer value. The abnormal behavior analysis model processes the abnormal information of the resource transfer frequency of the user account, so that the resource transfer frequency evaluation aiming at the user account can be obtained, the resource transfer frequency evaluation can be a percentile value, and the higher the resource transfer frequency evaluation is, the higher the abnormal degree of the resource transfer frequency is represented; if the resource transfer frequency evaluation is greater than the resource transfer frequency threshold, it can be determined that the abnormal behavior result of the user account comprises abnormal resource transfer frequency. The abnormal behavior analysis model processes the abnormal information of the resource transfer access of the user account, so that the resource transfer access evaluation aiming at the user account can be obtained, the resource transfer access evaluation can be a percentile value, and the higher the resource transfer access evaluation is, the higher the abnormal degree of the resource transfer access is represented. If the resource transfer access evaluation is greater than the resource transfer access threshold, it may be determined that the abnormal behavior result of the user account includes a resource transfer access abnormality. The abnormal behavior analysis model is adopted to process the resource transfer characteristics, so that abnormal behavior results aiming at all user accounts are obtained, and the resource transfer permission of the user accounts can be conveniently and adaptively adjusted.
In one embodiment, as shown in fig. 6, invoking an application programming interface based on an abnormal behavior result, and adjusting a resource transfer authority of a user account corresponding to the abnormal behavior result includes:
step 610, if the abnormal behavior result includes abnormal resource transfer value, calling a corresponding application programming interface based on the evaluation of the resource transfer value, and adjusting the resource transfer value authority of the user account;
step 620, if the abnormal behavior result includes abnormal resource transfer frequency, calling a corresponding application programming interface based on the resource transfer frequency value evaluation, and adjusting the resource transfer frequency authority of the user account;
step 630, if the abnormal behavior result includes abnormal resource transfer access, invoking the corresponding application programming interface based on the resource transfer numerical value evaluation, and adjusting the resource transfer access authority of the user account.
Specifically, if the abnormal behavior result includes abnormal resource transfer value, calling a corresponding application programming interface based on the evaluation of the resource transfer value, and adjusting the resource transfer value authority of the user account, for example, according to the abnormal degree of the resource transfer value, adjusting the maximum allowable value of single resource transfer in the resource transfer value authority of the user account and/or the total allowable value of the resource transfer in a preset time; if the abnormal behavior result comprises abnormal resource transfer frequency, calling a corresponding application programming interface based on the resource frequency value evaluation, and adjusting the resource transfer frequency authority of the user account, for example, according to the abnormal degree of the resource transfer frequency, adjusting the allowable resource transfer times in the preset time in the resource transfer frequency authority of the user account; if the abnormal behavior result comprises abnormal resource transfer access, calling a corresponding application programming interface based on the resource transfer numerical value evaluation, and adjusting the resource transfer access permission of the user account, for example, according to the abnormal degree of the resource transfer access, adjusting the access permission equipment and/or the access permission network in the resource transfer access permission of the user account. The resource transfer permission of the user account corresponding to the abnormal behavior result is adjusted by calling the corresponding application programming interface based on the abnormal resource transfer behavior so as to avoid the risk of resource transfer in advance, the probability of the next abnormal resource transfer behavior is reduced, and risks including, but not limited to, influencing the stability of the distributed system, stealing identification information of the fraudulent user account and the like can be prevented.
In some examples, the application programming interface (Application Programming Interface, API) may be an interface of a third party; the application programming interface may be a front end interface and may include some predefined functions to provide the application with access to the front end functionality.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a right adjusting device for realizing the right adjusting method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation of one or more embodiments of the rights adjustment device provided below may refer to the limitation of the rights adjustment method hereinabove, and will not be repeated herein.
In one embodiment, as shown in fig. 7, there is provided a rights adjustment apparatus, the apparatus including:
a data collection module 710 for collecting log data of each micro service in the distributed system based on the distributed message processing platform;
the feature extraction module 720 is configured to perform feature extraction on the log data to obtain a resource transfer feature in the log data;
the anomaly determination module 730 is configured to process the resource transfer feature by using an anomaly behavior analysis model to obtain an anomaly behavior result for each user account;
and the permission adjustment module 740 is used for calling the application programming interface based on the abnormal behavior result and adjusting the resource transfer permission of the user account corresponding to the abnormal behavior result.
In one embodiment, the apparatus further includes a model building module for obtaining historical log data of each micro service;
extracting features of the history log data to obtain history resource transfer features in the history log data;
and establishing an abnormal behavior analysis model based on the historical resource transfer characteristics and the abnormal resource transfer behaviors corresponding to the historical resource transfer characteristics.
In one embodiment, the feature extraction module 720 is further configured to perform feature extraction on the log data to obtain resource transfer features corresponding to each resource transfer behavior; the resource transfer characteristics comprise resource transfer time information, resource transfer numerical information, resource transfer physical address information and resource transfer IP address information;
and processing the resource transfer characteristics corresponding to the resource transfer behaviors based on the user accounts to obtain the resource transfer characteristics corresponding to the user accounts.
In one embodiment, the anomaly determination module 730 is further configured to process the resource transfer characteristic corresponding to the user account, so as to obtain the resource transfer numerical anomaly information, the resource transfer frequency anomaly information and the resource transfer access anomaly information corresponding to the user account;
and processing the resource transfer numerical value abnormal information, the resource transfer frequency abnormal information and the resource transfer access abnormal information corresponding to the user account by adopting an abnormal behavior analysis model to obtain an abnormal behavior result of the user account.
In one embodiment, the anomaly determination module 730 is further configured to process the anomaly information of the resource transfer value, the anomaly information of the frequency of resource transfer, and the anomaly information of the access of resource transfer corresponding to the user account by using the anomaly behavior analysis model, so as to obtain a behavior evaluation of the user account; the abnormal behavior evaluation comprises a resource transfer numerical value evaluation, a resource transfer frequency evaluation and a resource transfer access evaluation;
if the resource transfer value evaluation is greater than the resource transfer value threshold, the abnormal behavior result of the user account comprises abnormal resource transfer value;
if the resource transfer frequency evaluation is greater than the resource transfer frequency threshold, the abnormal behavior result of the user account comprises abnormal resource transfer frequency;
if the resource transfer access rating is greater than the resource transfer access threshold, the abnormal behavior result of the user account includes a resource transfer access abnormality.
In one embodiment, the permission adjustment module 740 is further configured to adjust the permission of the resource transfer value of the user account based on the resource transfer value evaluation and call the corresponding application programming interface if the abnormal behavior result includes that the resource transfer value is abnormal;
if the abnormal behavior result comprises abnormal resource transfer frequency, calling a corresponding application programming interface based on the resource frequency value evaluation, and adjusting the resource transfer frequency authority of the user account;
if the abnormal behavior result comprises abnormal resource transfer access, calling a corresponding application programming interface based on the resource transfer numerical value evaluation, and adjusting the resource transfer access authority of the user account.
The respective modules in the above-described rights adjustment apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In an embodiment, a computer device is provided comprising a memory storing a computer program and a processor implementing the steps of the method described above when the processor executes the computer program.
In one embodiment, a computer readable storage medium is provided, having stored thereon a computer program which, when executed by a processor, implements the steps of the method described above.
In an embodiment, a computer program product is provided comprising a computer program which, when executed by a processor, implements the steps of the method described above.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 8. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing data for rights adjustment, such as log data. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a rights adjustment method.
It will be appreciated by those skilled in the art that the structure shown in FIG. 8 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
It should be noted that, the information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) of the user account related to the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related country and region.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.
Claims (10)
1. A rights adjustment method, the method comprising:
collecting log data of each micro service in the distributed system based on the distributed message processing platform;
extracting features of the log data to obtain resource transfer features in the log data;
processing the resource transfer characteristics by adopting an abnormal behavior analysis model to obtain abnormal behavior results aiming at each user account;
and calling an application programming interface based on the abnormal behavior result, and adjusting the resource transfer permission of the user account corresponding to the abnormal behavior result.
2. The method according to claim 1, wherein the method further comprises:
acquiring history log data of each micro service;
extracting features of the history log data to obtain history resource transfer features in the history log data;
and establishing the abnormal behavior analysis model based on the historical resource transfer characteristics and the abnormal resource transfer behaviors corresponding to the historical resource transfer characteristics.
3. The method of claim 1, wherein the feature extraction of the log data to obtain the resource transfer feature in the log data comprises:
extracting features of the log data to obtain the resource transfer features corresponding to each resource transfer behavior; the resource transfer characteristics comprise resource transfer time information, resource transfer numerical information, resource transfer physical address information and resource transfer IP address information;
and processing the resource transfer characteristics corresponding to the resource transfer behaviors based on the user accounts to obtain the resource transfer characteristics corresponding to the user accounts.
4. The method of claim 3, wherein processing the resource transfer features using an abnormal behavior analysis model to obtain abnormal behavior results for each user account comprises:
processing the resource transfer characteristics corresponding to the user account to obtain resource transfer numerical value abnormal information, resource transfer frequency abnormal information and resource transfer access abnormal information corresponding to the user account;
and processing the resource transfer numerical value abnormal information, the resource transfer frequency abnormal information and the resource transfer access abnormal information corresponding to the user account by adopting the abnormal behavior analysis model to obtain the abnormal behavior result of the user account.
5. The method of claim 3, wherein the processing the resource transfer value anomaly information, the resource transfer frequency anomaly information, and the resource transfer access anomaly information corresponding to the user account using the anomaly behavior analysis model to obtain the anomaly behavior result for the user account comprises:
processing the resource transfer numerical value abnormal information, the resource transfer frequency abnormal information and the resource transfer access abnormal information corresponding to the user account by adopting the abnormal behavior analysis model to obtain behavior evaluation of the user account; the abnormal behavior evaluation comprises a resource transfer numerical value evaluation, a resource transfer frequency evaluation and a resource transfer access evaluation;
if the resource transfer numerical value evaluation is greater than a resource transfer numerical value threshold, the abnormal behavior result of the user account comprises a resource transfer numerical value abnormality;
if the resource transfer frequency evaluation is greater than a resource transfer frequency threshold, the abnormal behavior result of the user account comprises abnormal resource transfer frequency;
and if the resource transfer access evaluation is greater than a resource transfer access threshold, the abnormal behavior result of the user account comprises a resource transfer access abnormality.
6. The method of claim 5, wherein the invoking an application programming interface based on the abnormal behavior result adjusts a resource transfer right of the user account corresponding to the abnormal behavior result, comprising:
if the abnormal behavior result comprises that the resource transfer value is abnormal, adjusting the resource transfer value authority of the user account based on the application programming interface corresponding to the resource transfer value evaluation call;
if the abnormal behavior result comprises the abnormal resource transfer frequency, calling the corresponding application programming interface based on the resource transfer frequency numerical value evaluation, and adjusting the resource transfer frequency authority of the user account;
and if the abnormal behavior result comprises the abnormal resource transfer access, adjusting the resource transfer access authority of the user account based on the application programming interface corresponding to the resource transfer numerical value evaluation call.
7. A rights adjustment apparatus, the apparatus comprising:
the data collection module is used for collecting log data of each micro service in the distributed system based on the distributed message processing platform;
the feature extraction module is used for extracting features of the log data to obtain resource transfer features in the log data;
the abnormal judgment module is used for processing the resource transfer characteristics by adopting an abnormal behavior analysis model to obtain abnormal behavior results aiming at each user account;
and the permission adjustment module is used for calling an application programming interface based on the abnormal behavior result and adjusting the resource transfer permission of the user account corresponding to the abnormal behavior result.
8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310967263.9A CN117151887A (en) | 2023-08-02 | 2023-08-02 | Authority adjusting method, authority adjusting device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310967263.9A CN117151887A (en) | 2023-08-02 | 2023-08-02 | Authority adjusting method, authority adjusting device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117151887A true CN117151887A (en) | 2023-12-01 |
Family
ID=88885813
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310967263.9A Pending CN117151887A (en) | 2023-08-02 | 2023-08-02 | Authority adjusting method, authority adjusting device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117151887A (en) |
-
2023
- 2023-08-02 CN CN202310967263.9A patent/CN117151887A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112003870B (en) | Network encryption traffic identification method and device based on deep learning | |
| US20210092160A1 (en) | Data set creation with crowd-based reinforcement | |
| WO2019144549A1 (en) | Vulnerability testing method and device, computer equipment, and storage medium | |
| CN114185708A (en) | Data analysis method and device based on distributed link tracking and electronic equipment | |
| CN110471945B (en) | Active data processing method, system, computer equipment and storage medium | |
| CN105634855A (en) | Method and device for recognizing network address abnormity | |
| CN116991675A (en) | Abnormal access monitoring method and device, computer equipment and storage medium | |
| CN117151887A (en) | Authority adjusting method, authority adjusting device, computer equipment and storage medium | |
| CN114490415A (en) | Service testing method, computer device, storage medium, and computer program product | |
| CN114880637B (en) | Account risk verification method and device, computer equipment and storage medium | |
| CN116881164A (en) | Verification and correction method, device and equipment for test data in financial information system | |
| CN114741673B (en) | Behavior risk detection method, clustering model construction method and device | |
| CN116401667B (en) | Android malicious software detection method and device based on CNN-GRU | |
| CN117312030A (en) | Information processing method, apparatus, computer device, and storage medium | |
| CN117130880A (en) | Data processing method, apparatus, device, storage medium, and program product | |
| CN116996881A (en) | Abnormal group identification method, device, computer equipment and storage medium | |
| CN117978539A (en) | Network intrusion detection system, method, apparatus, computer device and medium | |
| CN117743169A (en) | Training method, device, equipment and storage medium for automatic test model | |
| CN117196628A (en) | Method, apparatus, computer device and readable storage medium for detecting group fraud | |
| CN117354154A (en) | Network element determination method, device, computer equipment and storage medium | |
| CN116909785A (en) | Processing method, device, equipment, storage medium and program product for abnormal event | |
| CN116680106A (en) | Abnormality locating method, device, equipment and storage medium | |
| CN118070067A (en) | Data verification method and device based on Flink technology and computer equipment | |
| CN115758179A (en) | Method and device for evaluating aggregated transaction platform, computer equipment and storage medium | |
| CN117113342A (en) | Application identification method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |