WO2019179068A1 - Risk detection method and device, and mobile terminal and storage medium - Google Patents

Risk detection method and device, and mobile terminal and storage medium Download PDF

Info

Publication number
WO2019179068A1
WO2019179068A1 PCT/CN2018/104729 CN2018104729W WO2019179068A1 WO 2019179068 A1 WO2019179068 A1 WO 2019179068A1 CN 2018104729 W CN2018104729 W CN 2018104729W WO 2019179068 A1 WO2019179068 A1 WO 2019179068A1
Authority
WO
WIPO (PCT)
Prior art keywords
rule
risk
risk detection
template
data request
Prior art date
Application number
PCT/CN2018/104729
Other languages
French (fr)
Chinese (zh)
Inventor
孙成
龙觉刚
叶俊锋
赖云辉
罗先贤
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019179068A1 publication Critical patent/WO2019179068A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/16Real estate
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/16Real estate
    • G06Q50/167Closing

Definitions

  • the present application relates to the field of Internet risks, and in particular, to a risk detection method, apparatus, mobile terminal, and storage medium.
  • risk detection rules in real estate transactions are usually implemented by software developers by modifying the back-end code of the business system; in the use of risk detection rules, business rules and risk detection are often linearly connected, when professional developers perform operational requests on the business. Access to risk detection rules is included; in addition, system risk detection rules and business rules are extremely difficult to split.
  • the defects of the prior art risk detection mainly include: the software developer manually modifies the background code, the operation is complicated, the response speed of the system is slowed down, and the access of other systems is inconvenient.
  • the technical solution proposes a risk detection system for rule modification and access in the real estate transaction system, which does not require professional software developers to modify, so as to reduce the difficulty of modifying the risk detection rules and ensure that the risk detection rules are not matched. Affects normal business requests without affecting normal system response speed.
  • the present application aims to propose a risk detecting method, apparatus, mobile terminal and storage medium to solve the deficiencies in the above background art.
  • the modification of the traditional risk detection rules is limited to the need of professionals; the system access requirements are high, and it is not convenient for other systems to access and use; when the risk detection is performed, the response speed of the system normal service request is reduced.
  • a risk detection method includes: S1: selecting a service system, and setting a risk detection rule template in the service system, wherein the risk detection rule template is provided with a rule condition and a rule action for performing, where the rule condition is Setting a rule trigger threshold; S2: setting a listener to listen to all data requests received in the service system; S3: verifying the data request received by the monitoring service system through the rule trigger threshold in the risk detection rule template, and determining the data Whether the request is within the risk range and the corresponding action is executed by the rule action.
  • the present application further provides a risk detecting apparatus, where the risk detecting apparatus includes: a setting module, configured to select a service system, and set a risk detection rule template in the service system, the risk detection rule template a rule condition and a rule action for performing are set, and a rule trigger threshold is set in the rule condition; the listening module is configured to set a listener, and listen to all data requests received in the service system; The module is configured to check the data request received in the monitoring service system through the rule trigger threshold in the risk detection rule template, determine whether the data request is within the risk range, and execute the corresponding countermeasure by the rule action.
  • a setting module configured to select a service system, and set a risk detection rule template in the service system, the risk detection rule template a rule condition and a rule action for performing are set, and a rule trigger threshold is set in the rule condition
  • the listening module is configured to set a listener, and listen to all data requests received in the service system
  • the module is configured to check the data request received in the monitoring service system through the
  • the present application further provides a mobile terminal comprising: a touch sensitive display; a memory; one or more processors; the one or more processors configured to perform the following steps:
  • S1 Select a service system, and set a risk detection rule template in the service system, where the risk detection rule template has a rule condition and a rule action, and the rule trigger threshold is set in the rule condition;
  • S3 Checking the data request received in the monitoring service system by using the rule trigger threshold in the risk detection rule template, determining whether the data request is within the risk range, and performing corresponding countermeasures by using the rule action.
  • the present application also provides a storage medium storing computer readable instructions that, when executed by one or more processors, cause one or more processors to perform the following steps:
  • S1 Select a service system, and set a risk detection rule template in the service system, where the risk detection rule template has a rule condition and a rule action, and the rule trigger threshold is set in the rule condition;
  • S3 Checking the data request received in the monitoring service system by using the rule trigger threshold in the risk detection rule template, determining whether the data request is within the risk range, and performing corresponding countermeasures by using the rule action.
  • the above-mentioned risk detection method, device, mobile terminal and storage medium select a service system, and customize a risk detection rule template for risk detection according to its business function and other business systems with which data is exchanged, and set rules therein.
  • Conditions and rule actions for execution setting up a listener in the business system to listen for all data requests received in the business system; operating the business process to process the business logic and the application of the risk detection rules in an asynchronous thread,
  • the system business logic runs normally, and the data request and the risk detection rule are matched to determine whether the request is within the risk range, and the corresponding action is performed by the rule action. Countermeasures.
  • FIG. 2 is a flow chart of setting a risk detection rule template in an embodiment of the present application
  • FIG. 3 is a flowchart of setting a listener program in an embodiment of the present application.
  • FIG. 5 is a structural structural diagram of a risk risk detecting apparatus according to an embodiment of the present application.
  • FIG. 6 is a schematic block diagram of an embodiment of a structure of a mobile terminal according to an embodiment of the present disclosure.
  • the present application provides a technical solution:
  • a risk detection method comprising: S1: selecting a service system, setting a risk detection rule template in the service system, wherein the risk detection rule template is provided with a rule condition and a rule action for execution , setting a rule trigger threshold in the rule condition.
  • the risk detection rule template is a risk detection rule template for risk detection set in the real estate transaction system, and has a rule condition for defining risk detection and a rule for executing the specified risk detection step. Action, the risk detection rule template is implemented by changing the rule condition set on the template and the rule action for execution when the update is needed.
  • the risk detection means that the risk manager adopts various measures and methods to eliminate or reduce the risk entry or occurrence of the data request in the real estate transaction system, so as to reduce the loss of data information caused by the risk.
  • S2 Set the listener to listen to all data requests received in the business system.
  • the intercepting program is to embed a Trojan program in the real estate transaction system for backing up all the data request contents in the real estate transaction system, and uploading to the fixed property in the real estate transaction system through a network connection or WIFI.
  • the listening principle is GSM, which encodes, encrypts, and interleaves the voice signal channel on the system channel, and forms a burst to be modulated and transmitted.
  • the signal is demodulated, deinterleaved, channel decoded, and speech decoded, and then restored to a voice signal in the real estate transaction system;
  • the GSM system uses narrowband time division multiple access (TDMA) in the transmission process.
  • TDMA narrowband time division multiple access
  • each frame is divided into a plurality of time slots, and then according to a specific time gap allocation principle, the mobile phone user sends a signal to the base station in each frame for a specified time interval, and the base stations respectively specify In the time gap, different data request signals are received, and the base station also transmits signals to different real estate transaction systems according to a prescribed time interval, and each user receives signals in a specified time interval.
  • S3 Checking the data request received in the monitoring service system by using the rule trigger threshold in the risk detection rule template, determining whether the data request is within the risk range, and performing corresponding countermeasures by using the rule action.
  • the data request in the real estate transaction system is verified, and the request data is judged to be within the risk range by comparing and matching the request data with the data template in the real estate transaction system.
  • the corresponding countermeasures include shielding the IP address of the requesting party, the operation account issued by the locking request, and the like.
  • S1 includes S101 to S103:
  • S101 Select a service system, and customize a risk detection rule template for risk detection according to its business function and other business systems with which data is exchanged, and set rule conditions and rule actions for execution.
  • a custom risk detection rule template is provided, which has a rule condition for defining risk detection and a rule action for performing the specified risk detection step. The rule conditions and the rule actions for execution cooperate to control the risk monitoring in the real estate transaction system.
  • a rule trigger threshold is set in the rule condition, and the threshold value, also called a threshold value, refers to a lowest value or a highest value that an effect can generate.
  • the user sets a maximum value and a minimum value of the request data within a risk range as a rule threshold, and is used to verify whether the request data is within a risk range, and the user sets a risk threshold template in the background of the real estate transaction system. Can be updated.
  • a data request is received, it is determined whether the data request is within the risk range by matching the data request content with the rule trigger threshold.
  • S102 The service system loads a specific rule engine to parse the risk detection rule template, and generates a corresponding risk detection rule after importing the template, and the modification rule only needs to modify the template and import the online update rule.
  • the settings in the risk detection rule template include a rule name, a trigger condition, a priority, and an execution.
  • the first parameter is the name of the view file (in this case, the file name is blog_template.php)
  • the second parameter is an associative array containing the data to be replaced by the template.
  • the template will contain two variables: ⁇ blog_title ⁇ and ⁇ blog_heading ⁇ .
  • S2 includes S201 to S202:
  • the listener is configured to monitor the received data request and determine whether the content of the monitored data request is within the risk range.
  • S202 Store the monitored content to a preset position in the listener.
  • the listener After listening to the content of the data request, the listener connects to the front-end codec through the computer system server, downloads the data through the streaming protocol, and then stores the monitored data request content in a preset location in the listener.
  • S3 includes S301 to S302:
  • S301 The corresponding risk detection rule is invoked according to the content of the data request, and the requested service function is matched with the rule trigger threshold function corresponding to the risk detection rule template.
  • the corresponding risk detection rule is invoked to determine whether the request is within the risk range according to the matching of the requesting service function and the rule corresponding to the risk detection risk detection rule template.
  • the implementation of the rule trigger threshold may adopt a pre-made risk operation feature list, which stores a known risk operation feature, and may also store non-business data such as an underlying file access and operation, a call to a system level operation, and the like. Requesting or instructing the operational characteristics of the request in order to prevent security risks arising from exploitation of the vulnerabilities in the code itself;
  • an instruction for performing a rule action in the risk detection rule template is executed according to the result of the matching. For example, the IP address of the requesting party is blocked, and the operation account issued by the locking request is blocked.
  • the rule triggers the threshold matching according to the requested service function and the risk detection risk detection rule template, and determines that the request is directly processed through the normal service logical channel if there is no risk.
  • the present application further provides a risk detecting apparatus.
  • the risk detecting apparatus includes: a setting module, configured to select a service system, and configured to set a risk detection rule template in the service system.
  • the risk detection rule template is provided with a rule condition and a rule action for performing, and a rule trigger threshold is set in the rule condition;
  • the interception module is set to set a listener, and listens to all data requests received in the service system.
  • the verification module is configured to check the data request received in the monitoring service system through the rule trigger threshold in the risk detection rule template, determine whether the data is in the risk range, and execute the corresponding countermeasure by the rule action.
  • different real estate transaction systems set different risk detection rules, and any risk detection rule has a set of identification rules for determining whether it is an illegal request;
  • the rule trigger threshold uses a preset risk operation feature list,
  • the list of risk operation features includes an underlying file access and a call to a system operation that is not a business class data request operation feature;
  • the countermeasure includes masking the requestor IP address or an operation account issued by the lock request.
  • the setting module includes: a rule setting module, configured to customize a risk detection rule template for risk detection according to a service function of the service system and other service systems with which data is exchanged, and set a rule condition therein And a rule action module for executing; the rule generation module is configured to load a specific rule engine to parse the risk detection rule template by the business system, and generate a corresponding risk detection rule after importing the template, and the modification rule only needs to modify and import the template. You can complete the online update rules.
  • the listening module comprises: a listener setting module, configured to set a listener in the system, configured to listen to all data request content; and listen to the content storage module, and set to store the monitored content in the listener. Set the location.
  • the verification module includes: a matching module, configured to: according to the monitored data request content, invoke a corresponding risk detection rule to match the requested service function with a rule trigger threshold function corresponding to the risk detection rule template;
  • the countermeasure module is set to have a risk if the data request content is within the rule trigger threshold, execute the corresponding countermeasure according to the rule action for execution, and issue a warning prompt;
  • the execution module is set to if the data request content is not at the rule trigger threshold Within there, there is no risk and it is imported into the execution queue of normal business logic.
  • the present application further provides a mobile terminal for implementing a method for detecting risk across mobile applications.
  • the terminal may be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), an in-vehicle computer, and the mobile terminal is used as a mobile phone as an example:
  • FIG. 6 is a block diagram showing a partial structure of a mobile phone related to a mobile terminal provided by an embodiment of the present application.
  • the mobile phone includes: a baseband processing module 410, a memory 420, an input unit 430, a display unit 440, a sensor 450, an audio circuit 460, a Wireless Fidelity (WiFi) module 470, a processor 480, and a power supply 490. component.
  • WiFi Wireless Fidelity
  • FIG. 6 does not constitute a limitation to the handset, and may include more or less components than those illustrated, or some components may be combined, or different components may be arranged.
  • the baseband processing module 410 can be used to synthesize the baseband signal to be transmitted or to decode the received baseband signal. Specifically, the audio signal is compiled into a baseband code for transmission upon transmission; upon reception, the received baseband code is interpreted as an audio signal. At the same time, it is also responsible for the compilation of address information, text information (short message text, website and text), and picture information.
  • the memory 420 can be used to store software programs and modules, and the processor 480 executes various functional applications and data processing of the mobile phone by running software programs and modules stored in the memory 420.
  • the memory 420 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to Data created by the use of the mobile phone (such as audio data, phone book, etc.).
  • memory 420 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
  • the input unit 430 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function controls of the handset.
  • the input unit 430 may include a touch panel 431 and other input devices 432.
  • the touch panel 431 also referred to as a touch screen, can collect touch operations on or near the user (such as a user using a finger, a stylus, or the like on the touch panel 431 or near the touch panel 431. Operation), and drive the corresponding connecting device according to a preset program.
  • the touch panel 431 may include two parts: a touch detection device and a touch controller.
  • the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
  • the processor 480 is provided and can receive commands from the processor 480 and execute them.
  • the touch panel 431 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves.
  • the input unit 430 may also include other input devices 432.
  • other input devices 432 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
  • the display unit 440 can be used to display information input by the user or information provided to the user as well as various menus of the mobile phone.
  • the display unit 440 can include a display panel 441.
  • the display panel 441 can be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like.
  • the touch panel 431 can cover the display panel 441. When the touch panel 431 detects a touch operation on or near the touch panel 431, it transmits to the processor 480 to determine the type of the touch event, and then the processor 480 according to the touch event. The type provides a corresponding visual output on display panel 441.
  • the touch panel 431 and the display panel 441 are used as two independent components to implement the input and input functions of the mobile phone in FIG. 6, in some embodiments, the touch panel 431 may be integrated with the display panel 441. Realize the input and output functions of the phone.
  • the handset may also include at least one type of sensor 450, such as a light sensor, motion sensor, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 441 according to the brightness of the ambient light, and the proximity sensor may close the display panel 441 and/or when the mobile phone moves to the ear. Or backlight.
  • the accelerometer sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity.
  • the mobile phone can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; as for the mobile phone can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, no longer Narration.
  • the gesture of the mobile phone such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration
  • vibration recognition related functions such as pedometer, tapping
  • the mobile phone can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, no longer Narration.
  • Audio circuit 460, speaker 461, and microphone 462 provide an audio interface between the user and the handset.
  • the audio circuit 460 can transmit the converted electrical data of the received audio data to the speaker 461 for conversion to the sound signal output by the speaker 461; on the other hand, the microphone 462 converts the collected sound signal into an electrical signal by the audio circuit 460. After receiving, it is converted into audio data, and then processed by the audio data output processor 480, sent to the other mobile phone via the RF circuit 410, or outputted to the memory 420 for further processing.
  • WiFi is a short-range wireless transmission technology
  • the mobile phone can help users to send and receive emails, browse web pages, and access streaming media through the WiFi module 470, which provides users with wireless broadband Internet access.
  • FIG. 6 shows the WiFi module 470, it can be understood that it does not belong to the essential configuration of the mobile phone, and may be omitted as needed within the scope of not changing the essence of the present application.
  • the processor 480 is the control center of the handset, and connects various portions of the entire handset using various interfaces and lines, by executing or executing software programs and/or modules stored in the memory 420, and invoking data stored in the memory 420, executing The phone's various functions and processing data, so that the overall monitoring of the phone.
  • the processor 480 may include one or more processing units; preferably, the processor 480 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
  • the modem processor primarily handles wireless communications. It can be understood that the above modem processor may not be integrated into the processor 480.
  • the handset also includes a power source 490 (such as a battery) that supplies power to the various components.
  • a power source 490 such as a battery
  • the power source can be logically coupled to the processor 480 via a power management system to manage functions such as charging, discharging, and power management through the power management system.
  • the mobile phone may further include a camera, a Bluetooth module, and the like, and details are not described herein again.
  • the processor 480 included in the terminal may perform the steps of the risk detecting method in the foregoing embodiment.
  • the present application also provides a storage medium storing computer readable instructions, which when executed by one or more processors, cause one or more processors to execute in the above embodiments
  • the step of the risk detecting method wherein the storage medium may be a non-volatile storage medium.
  • the program may be stored in a computer readable storage medium, and the storage medium may include: Read Only Memory (ROM), Random Access Memory (RAM), disk or optical disk.
  • ROM Read Only Memory
  • RAM Random Access Memory

Abstract

A risk detection method and device, and a mobile terminal and a storage medium. The risk detection method comprises: selecting a service system, and setting a risk detection rule template in the service system, the risk detection rule template being internally provided with rule conditions and rule actions for execution, and a rule triggering threshold being set in the rule conditions (S1); setting a monitoring program to monitor all data requests received in the service system (S2); and determining whether the data requests are within a risk range or not according to the checking performed on the monitored data requests received in the service system by means of the rule triggering threshold in the risk detection rule template, and executing a corresponding strategy by means of the rule actions (S3). The method is simple and easy to use, and saves the labor and time cost. The detection rules are high in matching response speed and have small influences on the system.

Description

风险检测方法、装置、移动终端和存储介质Risk detection method, device, mobile terminal and storage medium
本申请要求于2018年03月22日提交中国专利局、申请号为201810239614.3、发明名称为“风险检测方法、装置、移动终端和存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 201101239614.3, entitled "Risk Detection Method, Apparatus, Mobile Terminal, and Storage Medium", filed on March 22, 2018, the entire contents of which are incorporated by reference. In this application.
技术领域Technical field
本申请涉及互联网风险领域,尤其涉及风险检测方法、装置、移动终端和存储介质。The present application relates to the field of Internet risks, and in particular, to a risk detection method, apparatus, mobile terminal, and storage medium.
背景技术Background technique
在房产交易业务系统中,需要对各种各样的业务操作进行风险检测,对应的在业务逻辑中需要插入各种风险检测规则。房产交易中的风险检测规则,通常是由软件开发人员通过修改业务系统后台代码来实现;在风险检测规则使用中,业务规则与风险检测常进行线形对接,当专业开发人员对业务实行操作请求时,会附带对风险检测规则的访问;此外,系统风险检测规则与业务规则极难拆分。In the real estate transaction business system, it is necessary to perform risk detection on various business operations, and correspondingly, various risk detection rules need to be inserted in the business logic. The risk detection rules in real estate transactions are usually implemented by software developers by modifying the back-end code of the business system; in the use of risk detection rules, business rules and risk detection are often linearly connected, when professional developers perform operational requests on the business. Access to risk detection rules is included; in addition, system risk detection rules and business rules are extremely difficult to split.
现有技术风险检测的缺陷主要有:软件开发人员手动修改后台代码,操作繁杂,减缓了系统的反应速度,且不方便其他系统的接入使用。The defects of the prior art risk detection mainly include: the software developer manually modifies the background code, the operation is complicated, the response speed of the system is slowed down, and the access of other systems is inconvenient.
针对以上缺陷,本技术方案提出了一种房产交易系统中规则修改及接入的风险检测系统,不需要专业的软件开发人员修改,以降低风险检测规则的修改难度,保证风险检测规则匹配时不影响正常的业务请求,且不影响正常的系统响应速度。In view of the above defects, the technical solution proposes a risk detection system for rule modification and access in the real estate transaction system, which does not require professional software developers to modify, so as to reduce the difficulty of modifying the risk detection rules and ensure that the risk detection rules are not matched. Affects normal business requests without affecting normal system response speed.
发明内容Summary of the invention
本申请目的在于提出一种风险检测方法、装置、移动终端和存储介质,以解决上述背景技术中的不足之处。传统的风险检测规则的修改限于需专业人员;系统接入要求高,不方便其他系统的接入使用;在风险检测时降低系统正常业务请求的响应速度。The present application aims to propose a risk detecting method, apparatus, mobile terminal and storage medium to solve the deficiencies in the above background art. The modification of the traditional risk detection rules is limited to the need of professionals; the system access requirements are high, and it is not convenient for other systems to access and use; when the risk detection is performed, the response speed of the system normal service request is reduced.
为了实现上述目的,本申请提供如下技术方案:In order to achieve the above object, the present application provides the following technical solutions:
一种风险检测方法,包括:S1:选定一业务系统,在业务系统内设置风险 检测规则模板,所述风险检测规则模板内设有规则条件和用于执行的规则动作,在所述规则条件中设置规则触发阈值;S2:设置监听程序,监听业务系统中接收到的所有数据请求;S3:通过风险检测规则模板中规则触发阈值对监听业务系统中接收到的数据请求的校验,判断数据请求是否在风险范围内,并通过规则动作执行对应的对策。A risk detection method includes: S1: selecting a service system, and setting a risk detection rule template in the service system, wherein the risk detection rule template is provided with a rule condition and a rule action for performing, where the rule condition is Setting a rule trigger threshold; S2: setting a listener to listen to all data requests received in the service system; S3: verifying the data request received by the monitoring service system through the rule trigger threshold in the risk detection rule template, and determining the data Whether the request is within the risk range and the corresponding action is executed by the rule action.
基于相同的技术构思,本申请还提供一种风险检测装置,所述风险检测装置包括:设置模块,设置为选定一业务系统,在业务系统内设置风险检测规则模板,所述风险检测规则模板内设有规则条件和用于执行的规则动作,在所述规则条件中设置规则触发阈值;所述监听模块,设置为设置监听程序,监听业务系统中接收到的所有数据请求;所述校验模块,设置为通过风险检测规则模板中规则触发阈值对监听业务系统中接收到的数据请求的校验,判断数据请求是否在风险范围内,并通过规则动作执行对应的对策。Based on the same technical concept, the present application further provides a risk detecting apparatus, where the risk detecting apparatus includes: a setting module, configured to select a service system, and set a risk detection rule template in the service system, the risk detection rule template a rule condition and a rule action for performing are set, and a rule trigger threshold is set in the rule condition; the listening module is configured to set a listener, and listen to all data requests received in the service system; The module is configured to check the data request received in the monitoring service system through the rule trigger threshold in the risk detection rule template, determine whether the data request is within the risk range, and execute the corresponding countermeasure by the rule action.
基于相同的技术构思,本申请还提供一种移动终端,包括:触敏显示器;存储器;一个或多个处理器;所述一个或多个处理器被配置为执行以下步骤:Based on the same technical concept, the present application further provides a mobile terminal comprising: a touch sensitive display; a memory; one or more processors; the one or more processors configured to perform the following steps:
S1:选定一业务系统,在业务系统内设置风险检测规则模板,所述风险检测规则模板内设有规则条件和规则动作,在所述规则条件中设置规则触发阈值;S1: Select a service system, and set a risk detection rule template in the service system, where the risk detection rule template has a rule condition and a rule action, and the rule trigger threshold is set in the rule condition;
S2:设置监听程序,监听业务系统中接收到的所有数据请求;S2: setting a listener to listen to all data requests received in the service system;
S3:通过风险检测规则模板中规则触发阈值对监听业务系统中接收到的数据请求的校验,判断该数据请求是否在风险范围内,并通过规则动作执行对应的对策。S3: Checking the data request received in the monitoring service system by using the rule trigger threshold in the risk detection rule template, determining whether the data request is within the risk range, and performing corresponding countermeasures by using the rule action.
基于相同的技术构思,本申请还提供一种存储有计算机可读指令的存储介质,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:Based on the same technical concept, the present application also provides a storage medium storing computer readable instructions that, when executed by one or more processors, cause one or more processors to perform the following steps:
S1:选定一业务系统,在业务系统内设置风险检测规则模板,所述风险检测规则模板内设有规则条件和规则动作,在所述规则条件中设置规则触发阈值;S1: Select a service system, and set a risk detection rule template in the service system, where the risk detection rule template has a rule condition and a rule action, and the rule trigger threshold is set in the rule condition;
S2:设置监听程序,监听业务系统中接收到的所有数据请求;S2: setting a listener to listen to all data requests received in the service system;
S3:通过风险检测规则模板中规则触发阈值对监听业务系统中接收到的数据请求的校验,判断该数据请求是否在风险范围内,并通过规则动作执行对应的对策。S3: Checking the data request received in the monitoring service system by using the rule trigger threshold in the risk detection rule template, determining whether the data request is within the risk range, and performing corresponding countermeasures by using the rule action.
上述风险检测方法、装置、移动终端和存储介质,选定一业务系统,根据其业务功能和与之进行数据交互的其他业务系统自定义一用于风险检测的风险检测规则模板,其内设置规则条件和用于执行的规则动作;在业务系统中设置监听程序,用于监听所有在业务系统中收到的数据请求;将业务系统处理业务逻辑的过程和风险检测规则的应用以异步线程运作,在请求数据的监控与风险检测风险检测规则模板的匹配过程进行时,系统业务逻辑正常运行,通过数据请求与风险检测规则的匹配,判断该请求是否在风险范围内,并通过规则动作执行对应的对策。The above-mentioned risk detection method, device, mobile terminal and storage medium select a service system, and customize a risk detection rule template for risk detection according to its business function and other business systems with which data is exchanged, and set rules therein. Conditions and rule actions for execution; setting up a listener in the business system to listen for all data requests received in the business system; operating the business process to process the business logic and the application of the risk detection rules in an asynchronous thread, When the matching process between the request data monitoring and the risk detection risk detection rule template is performed, the system business logic runs normally, and the data request and the risk detection rule are matched to determine whether the request is within the risk range, and the corresponding action is performed by the rule action. Countermeasures.
附图说明DRAWINGS
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本申请的限制。Various other advantages and benefits will become apparent to those skilled in the art from a The drawings are only for the purpose of illustrating the preferred embodiments and are not intended to be limiting.
图1为本申请一个实施例中风险检测整体实现流程图;1 is a flowchart of an overall implementation of risk detection in an embodiment of the present application;
图2为本申请一个实施例中设置风险检测规则模板流程图;2 is a flow chart of setting a risk detection rule template in an embodiment of the present application;
图3为本申请一个实施例中设置监听程序流程图;3 is a flowchart of setting a listener program in an embodiment of the present application;
图4为本申请一个实施例中风险检测规则校验流程图;4 is a flowchart of a risk detection rule verification in an embodiment of the present application;
图5为本申请一个实施例中风险风险检测装置的结构框架图;FIG. 5 is a structural structural diagram of a risk risk detecting apparatus according to an embodiment of the present application; FIG.
图6为本申请实施例提供的移动终端部分结构的实施例示意框图。FIG. 6 is a schematic block diagram of an embodiment of a structure of a mobile terminal according to an embodiment of the present disclosure.
具体实施方式detailed description
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application are clearly and completely described in the following with reference to the drawings in the embodiments of the present application. It is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.
在一个实施例中,如图1所示,本申请提供一种技术方案:In an embodiment, as shown in FIG. 1 , the present application provides a technical solution:
一种风险检测方法,所述风险检测方法,包括:S1:选定一业务系统,在业务系统内设置风险检测规则模板,所述风险检测规则模板内设有规则条件和用于执行的规则动作,在所述规则条件中设置规则触发阈值。所述风险检测规则模板,是在房产交易系统中进行风险检测时设置的用于风险检测的风险检测规则模板,其内设有限定风险检测的规则条件和指定风险检测步骤的用于执行的规则动作,所述风险检测规则模板在需要进行更新时通过更改模板上设置的规则条件和用于执行的规则动作来实现。所述风险检测是指风险管理者采取各种措施和方法,消灭或减少所述房产交易系统中数据请求时风险的进入或者发生,以减少由于风险发生造成的数据信息损失。A risk detection method, the risk detection method, comprising: S1: selecting a service system, setting a risk detection rule template in the service system, wherein the risk detection rule template is provided with a rule condition and a rule action for execution , setting a rule trigger threshold in the rule condition. The risk detection rule template is a risk detection rule template for risk detection set in the real estate transaction system, and has a rule condition for defining risk detection and a rule for executing the specified risk detection step. Action, the risk detection rule template is implemented by changing the rule condition set on the template and the rule action for execution when the update is needed. The risk detection means that the risk manager adopts various measures and methods to eliminate or reduce the risk entry or occurrence of the data request in the real estate transaction system, so as to reduce the loss of data information caused by the risk.
S2:设置监听程序,监听业务系统中接收到的所有数据请求。所述监听程序是在所述房产交易系统中植入一木马程序,用于备份所述房产交易系统中所有的数据请求内容,并通过网络连接或者WIFI上传至所述房产交易系统中一个固定的位置;所述监听原理是GSM,是在系统信道上把语音信号信道进行编码、加密、交织,形成突发脉冲串经调制后发射。在所述房产交易系统接收端,信号经解调后去交织、信道解码、语音解码,然后在所述房产交易系统中恢复成语音信号;GSM系统在传输过程中采用窄带时分多址(TDMA)技术,它的每个载频信道的带宽是200KHz,每帧8个时隙,理论上允许一个射频同时进行8组交互,每个时隙长度为0.577ms,帧时长4.615ms,就是把时间分割成周期性的帧,每一帧再分割成许多个时间间隙,之后根据特定的时间间隙分配原则,使移动手机用户在每帧中按指定的时间间隙,向着基站发送信号,基站分别在各自指定的时间间隙中,接收到不同的数据请求信号,同时基站也按规定的时间间隙,给不同的房产交易系统发射信号,各用户在指定的时间间隙中接受信号。S2: Set the listener to listen to all data requests received in the business system. The intercepting program is to embed a Trojan program in the real estate transaction system for backing up all the data request contents in the real estate transaction system, and uploading to the fixed property in the real estate transaction system through a network connection or WIFI. Position; the listening principle is GSM, which encodes, encrypts, and interleaves the voice signal channel on the system channel, and forms a burst to be modulated and transmitted. At the receiving end of the real estate transaction system, the signal is demodulated, deinterleaved, channel decoded, and speech decoded, and then restored to a voice signal in the real estate transaction system; the GSM system uses narrowband time division multiple access (TDMA) in the transmission process. Technology, its bandwidth of each carrier frequency channel is 200KHz, 8 time slots per frame, theoretically allows one RF to perform 8 groups of interactions at the same time, each time slot is 0.577ms in length and the frame duration is 4.615ms, which is to divide the time. Periodically, each frame is divided into a plurality of time slots, and then according to a specific time gap allocation principle, the mobile phone user sends a signal to the base station in each frame for a specified time interval, and the base stations respectively specify In the time gap, different data request signals are received, and the base station also transmits signals to different real estate transaction systems according to a prescribed time interval, and each user receives signals in a specified time interval.
S3:通过风险检测规则模板中规则触发阈值对监听业务系统中接收到的数据请求的校验,判断该数据请求是否在风险范围内,并通过规则动作执行对应的对策。对所述房产交易系统中的数据请求进行校验,通过将请求数据与所述房产交易系统中数据模板的对比与匹配来判断所述请求数据是否在风险范围 内。所述对应的对策包括屏蔽请求方的IP地址、锁定请求发出的操作账号等。S3: Checking the data request received in the monitoring service system by using the rule trigger threshold in the risk detection rule template, determining whether the data request is within the risk range, and performing corresponding countermeasures by using the rule action. The data request in the real estate transaction system is verified, and the request data is judged to be within the risk range by comparing and matching the request data with the data template in the real estate transaction system. The corresponding countermeasures include shielding the IP address of the requesting party, the operation account issued by the locking request, and the like.
在一个实施例中,如图2所示,S1包括S101至S103:In one embodiment, as shown in FIG. 2, S1 includes S101 to S103:
S101:选定一业务系统,根据其业务功能和与之进行数据交互的其他业务系统,自定义一用于风险检测的风险检测规则模板,其内设置规则条件和用于执行的规则动作。自定义设置一风险检测规则模板,其内设有限定风险检测的规则条件和指定风险检测步骤的用于执行的规则动作。所述规则条件和用于执行的规则动作共同配合,用于所述房产交易系统中对风险监测的控制。S101: Select a service system, and customize a risk detection rule template for risk detection according to its business function and other business systems with which data is exchanged, and set rule conditions and rule actions for execution. A custom risk detection rule template is provided, which has a rule condition for defining risk detection and a rule action for performing the specified risk detection step. The rule conditions and the rule actions for execution cooperate to control the risk monitoring in the real estate transaction system.
在所述规则条件中设置规则触发阈值,所述阈值,又称临界值,是指一个效应能够产生的最低值或最高值。使用者设置所述请求数据在风险范围内的最大值和最小值作为规则阈值,用于校验所述请求数据是否在风险范围内,且使用者在所述房产交易系统后台设置风险阈值的模板可以被更新。当接收到数据请求时,通过将数据请求内容与规则触发阈值进行匹配,以判断该数据请求是否在风险范围内。A rule trigger threshold is set in the rule condition, and the threshold value, also called a threshold value, refers to a lowest value or a highest value that an effect can generate. The user sets a maximum value and a minimum value of the request data within a risk range as a rule threshold, and is used to verify whether the request data is within a risk range, and the user sets a risk threshold template in the background of the real estate transaction system. Can be updated. When a data request is received, it is determined whether the data request is within the risk range by matching the data request content with the rule trigger threshold.
S102:由业务系统加载特定规则引擎解析风险检测规则模板,使用时导入模板后生成对应的风险检测规则,修改规则仅需对模板进行修改并导入后即可完成在线更新规则。S102: The service system loads a specific rule engine to parse the risk detection rule template, and generates a corresponding risk detection rule after importing the template, and the modification rule only needs to modify the template and import the online update rule.
所述风险检测规则模板内设置包括规则名称、触发条件、优先级、执行。The settings in the risk detection rule template include a rule name, a trigger condition, a priority, and an execution.
举例来说,解析风险检测规则模板时使用parse()方法来解析或者显示,如表1所示:For example, parsing or displaying the risk detection rule template using the parse() method, as shown in Table 1:
Figure PCTCN2018104729-appb-000001
Figure PCTCN2018104729-appb-000001
第一个参数为视图文件的名称(在这个例子里,文件名为blog_template.php),第二个参数为一个关联数组,它包含了要对模板进行替 换的数据。上例中,模板将包含两个变量:{blog_title}和{blog_heading}。The first parameter is the name of the view file (in this case, the file name is blog_template.php), and the second parameter is an associative array containing the data to be replaced by the template. In the above example, the template will contain two variables: {blog_title} and {blog_heading}.
没有必要对$this->parser->parse()方法返回的结果进行echo或其他的处理,它会自动的保存到输出类,以待发送给浏览器。但是,如果你希望它将数据返回而不是存到输出类里去,你可以将第三个参数设置为TRUE,如表2所示:It is not necessary to echo or otherwise process the result returned by the $this->parser->parse() method, which is automatically saved to the output class for delivery to the browser. However, if you want it to return data instead of saving it to the output class, you can set the third parameter to TRUE, as shown in Table 2:
$string=$this->parser->parse('blog_template',$data,TRUE);$string=$this->parser->parse('blog_template',$data,TRUE);
在一个实施例中,如图3所示,S2包括S201至S202:In one embodiment, as shown in FIG. 3, S2 includes S201 to S202:
S201:在系统中设置监听程序,用于监听所有数据请求内容;S201: setting a listener in the system for monitoring all data request contents;
创建监听程序首先在计算机上选择oracle,再选择“配置和移值工具”,打开Oracle Net Manager;然后选择“监听程序”,点击左边的“+”图标,实现监听程序的创建。该监听程序用于对接收到的数据请求进行监听,判断监听到的数据请求内容是否在风险范围内。Create a listener First select oracle on the computer, then select "Configuration and Move Tool" to open Oracle Net Manager; then select "Listener", click the "+" icon on the left to create the listener. The listener is configured to monitor the received data request and determine whether the content of the monitored data request is within the risk range.
S202:将监听到的内容存储至监听器中预设位置。S202: Store the monitored content to a preset position in the listener.
监听器在监听到数据请求内容后,通过计算机系统服务器连接前端编解码器,通过流媒体协议下载数据,然后将监听到的数据请求内容存放至监听器内预设的位置中。After listening to the content of the data request, the listener connects to the front-end codec through the computer system server, downloads the data through the streaming protocol, and then stores the monitored data request content in a preset location in the listener.
在一个实施例中,如图4所示,S3包括S301至S302:In one embodiment, as shown in FIG. 4, S3 includes S301 to S302:
S301:根据监听到的数据请求内容,调用对应的风险检测规则,使请求的业务功能与风险检测规则模板对应的规则触发阈值功能进行匹配;S301: The corresponding risk detection rule is invoked according to the content of the data request, and the requested service function is matched with the rule trigger threshold function corresponding to the risk detection rule template.
调用相应的风险检测规则,根据请求的业务功能与风险检测风险检测规则模板对应的规则触发阈值的匹配,来判断该请求是否在风险范围内。所述规则触发阈值的实现可采用预制一风险操作特征列表,其内存入已知的风险操作特征,其内也可存入如底层文件访问和操作、对系统级操作的调用等非业务类数据请求或者指令请求的操作特征,以便防范业务功能中因开发代码自身存在的漏洞而产生的安全风险;The corresponding risk detection rule is invoked to determine whether the request is within the risk range according to the matching of the requesting service function and the rule corresponding to the risk detection risk detection rule template. The implementation of the rule trigger threshold may adopt a pre-made risk operation feature list, which stores a known risk operation feature, and may also store non-business data such as an underlying file access and operation, a call to a system level operation, and the like. Requesting or instructing the operational characteristics of the request in order to prevent security risks arising from exploitation of the vulnerabilities in the code itself;
S302:若数据请求内容在规则触发阈值之内,则存在风险,根据用于执行的规则动作执行对应的对策,并发出警告提示;S302: If the data request content is within the rule trigger threshold, there is a risk, and the corresponding countermeasure is executed according to the rule action for execution, and a warning prompt is issued;
若存在风险,则根据匹配的结果,执行风险检测规则模板中用于执行的规则动作的指令。例如屏蔽请求方的IP地址、锁定请求发出的操作账号。If there is a risk, an instruction for performing a rule action in the risk detection rule template is executed according to the result of the matching. For example, the IP address of the requesting party is blocked, and the operation account issued by the locking request is blocked.
S303:若数据请求内容不在规则触发阈值之内,则不存在风险,将其导入正常业务逻辑的执行队列中。S303: If the data request content is not within the rule trigger threshold, there is no risk and is imported into the execution queue of the normal business logic.
根据请求的业务功能与风险检测风险检测规则模板对应的规则触发阈值的匹配,判断该请求若不存在风险,则直接通过正常业务逻辑通道进行处理。The rule triggers the threshold matching according to the requested service function and the risk detection risk detection rule template, and determines that the request is directly processed through the normal service logical channel if there is no risk.
基于相同的技术构思,本申请还提供一种风险检测装置,如图5所示,该风险检测装置包括:设置模块,设置为选定一业务系统,在业务系统内用于设置风险检测规则模板,所述风险检测规则模板内设有规则条件和用于执行的规则动作,在所述规则条件中设置规则触发阈值;监听模块,设置为设置监听程序,监听业务系统中接收到的所有数据请求;校验模块,设置为通过风险检测规则模板中规则触发阈值对监听业务系统中接收到的数据请求的校验,判断数据该请求是否在风险范围内,并通过规则动作执行对应的对策。本实施例中,不同的房产交易系统设置不同的风险检测规则,任一风险检测规则对应有一套识别规则,用于判断是否为非法请求;规则触发阈值采用预先设置的风险操作特征列表,所述风险操作特征列表包含底层文件访问和对系统操作的调用非业务类数据请求操作特征;所述对策包括屏蔽请求方IP地址或锁定请求发出的操作账号。Based on the same technical concept, the present application further provides a risk detecting apparatus. As shown in FIG. 5, the risk detecting apparatus includes: a setting module, configured to select a service system, and configured to set a risk detection rule template in the service system. The risk detection rule template is provided with a rule condition and a rule action for performing, and a rule trigger threshold is set in the rule condition; the interception module is set to set a listener, and listens to all data requests received in the service system. The verification module is configured to check the data request received in the monitoring service system through the rule trigger threshold in the risk detection rule template, determine whether the data is in the risk range, and execute the corresponding countermeasure by the rule action. In this embodiment, different real estate transaction systems set different risk detection rules, and any risk detection rule has a set of identification rules for determining whether it is an illegal request; the rule trigger threshold uses a preset risk operation feature list, The list of risk operation features includes an underlying file access and a call to a system operation that is not a business class data request operation feature; the countermeasure includes masking the requestor IP address or an operation account issued by the lock request.
在一个实施例中,设置模块包括:规则设置模块,设置为根据业务系统的业务功能和与之进行数据交互的其他业务系统自定义一用于风险检测的风险检测规则模板,其内设置规则条件和用于执行的规则动作;规则生成模块,设置为由业务系统加载特定规则引擎解析风险检测规则模板,使用时导入模板后生成对应的风险检测规则,修改规则仅需对模板进行修改并导入后即可完成在线更新规则。In an embodiment, the setting module includes: a rule setting module, configured to customize a risk detection rule template for risk detection according to a service function of the service system and other service systems with which data is exchanged, and set a rule condition therein And a rule action module for executing; the rule generation module is configured to load a specific rule engine to parse the risk detection rule template by the business system, and generate a corresponding risk detection rule after importing the template, and the modification rule only needs to modify and import the template. You can complete the online update rules.
在一个实施例中,监听模块包括:监听程序设置模块,设置为在系统中设置监听程序,设置为监听所有数据请求内容;监听内容存储模块,设置为将监听到的内容存储至监听器中预设位置。In one embodiment, the listening module comprises: a listener setting module, configured to set a listener in the system, configured to listen to all data request content; and listen to the content storage module, and set to store the monitored content in the listener. Set the location.
在一个实施例中,校验模块包括:匹配模块,设置为根据监听到的数据请求内容,调用对应的风险检测规则,使请求的业务功能与风险检测规则模板对应的规则触发阈值功能进行匹配;对策模块,设置为若数据请求内容在规则触发阈值之内,则存在风险,根据用于执行的规则动作执行对应的对策,并发出警告提示;执行模块,设置为若数据请求内容不在规则触发阈值之内,则不存在风险,将其导入正常业务逻辑的执行队列中。In an embodiment, the verification module includes: a matching module, configured to: according to the monitored data request content, invoke a corresponding risk detection rule to match the requested service function with a rule trigger threshold function corresponding to the risk detection rule template; The countermeasure module is set to have a risk if the data request content is within the rule trigger threshold, execute the corresponding countermeasure according to the rule action for execution, and issue a warning prompt; the execution module is set to if the data request content is not at the rule trigger threshold Within there, there is no risk and it is imported into the execution queue of normal business logic.
基于相同的技术构思,本申请还挺提供一种移动终端,用于实现跨移动应用风险检测的方法,如图6所示,为了便于说明,仅示出了与本申请实施例相关的部分,具体技术细节未揭示的,请参照本申请实施例方法部分。该终端可以为包括手机、平板电脑、PDA(Personal Digital Assistant,个人数字助理)、POS(Point of Sales,销售终端)、车载电脑等任意终端设备,以移动终端为手机为例:Based on the same technical concept, the present application further provides a mobile terminal for implementing a method for detecting risk across mobile applications. As shown in FIG. 6 , for the convenience of description, only parts related to the embodiment of the present application are shown. For specific technical details not disclosed, please refer to the method part of the embodiment of the present application. The terminal may be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), an in-vehicle computer, and the mobile terminal is used as a mobile phone as an example:
图6示出的是与本申请实施例提供的移动终端相关的手机的部分结构的框图。参考图6,手机包括:基带处理模块410、存储器420、输入单元430、显示单元440、传感器450、音频电路460、无线保真(Wireless Fidelity,WiFi)模块470、处理器480、以及电源490等部件。本领域技术人员可以理解,图6中示出的手机结构并不构成对手机的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。FIG. 6 is a block diagram showing a partial structure of a mobile phone related to a mobile terminal provided by an embodiment of the present application. Referring to FIG. 6, the mobile phone includes: a baseband processing module 410, a memory 420, an input unit 430, a display unit 440, a sensor 450, an audio circuit 460, a Wireless Fidelity (WiFi) module 470, a processor 480, and a power supply 490. component. It will be understood by those skilled in the art that the structure of the handset shown in FIG. 6 does not constitute a limitation to the handset, and may include more or less components than those illustrated, or some components may be combined, or different components may be arranged.
基带处理模块410可用于合成即将发射的基带信号,或对接收到的基带信号进行解码。具体地说,就是发射时把音频信号编译成用来发射的基带码;接收时,把收到的基带码解译为音频信号。同时,也负责地址信息、文字信息(短讯文字、网站和文字)、图片信息的编译。The baseband processing module 410 can be used to synthesize the baseband signal to be transmitted or to decode the received baseband signal. Specifically, the audio signal is compiled into a baseband code for transmission upon transmission; upon reception, the received baseband code is interpreted as an audio signal. At the same time, it is also responsible for the compilation of address information, text information (short message text, website and text), and picture information.
存储器420可用于存储软件程序以及模块,处理器480通过运行存储在存储器420的软件程序以及模块,从而执行手机的各种功能应用以及数据处理。 存储器420可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据手机的使用所创建的数据(比如音频数据、电话本等)等。此外,存储器420可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。The memory 420 can be used to store software programs and modules, and the processor 480 executes various functional applications and data processing of the mobile phone by running software programs and modules stored in the memory 420. The memory 420 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to Data created by the use of the mobile phone (such as audio data, phone book, etc.). Moreover, memory 420 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
输入单元430可用于接收输入的数字或字符信息,以及产生与手机的用户设置以及功能控制有关的键信号输入。具体地,输入单元430可包括触控面板431以及其他输入设备432。触控面板431,也称为触摸屏,可收集用户在其上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触控面板431上或在触控面板431附近的操作),并根据预先设定的程式驱动相应的连接装置。可选的,触控面板431可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器480,并能接收处理器480发来的命令并加以执行。此外,可以采用电阻式、电容式、红外线以及表面声波等多种类型实现触控面板431。除了触控面板431,输入单元430还可以包括其他输入设备432。具体地,其他输入设备432可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)、轨迹球、鼠标、操作杆等中的一种或多种。The input unit 430 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function controls of the handset. Specifically, the input unit 430 may include a touch panel 431 and other input devices 432. The touch panel 431, also referred to as a touch screen, can collect touch operations on or near the user (such as a user using a finger, a stylus, or the like on the touch panel 431 or near the touch panel 431. Operation), and drive the corresponding connecting device according to a preset program. Optionally, the touch panel 431 may include two parts: a touch detection device and a touch controller. Wherein, the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information. The processor 480 is provided and can receive commands from the processor 480 and execute them. In addition, the touch panel 431 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves. In addition to the touch panel 431, the input unit 430 may also include other input devices 432. Specifically, other input devices 432 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
显示单元440可用于显示由用户输入的信息或提供给用户的信息以及手机的各种菜单。显示单元440可包括显示面板441,可选的,可以采用液晶显示器(Liquid Crystal Display,LCD)、有机发光二极管(Organic Light-Emitting Diode,OLED)等形式来配置显示面板441。进一步的,触控面板431可覆盖显示面板441,当触控面板431检测到在其上或附近的触摸操作后,传送给处理器480以确定触摸事件的类型,随后处理器480根据触摸事件的类型在显示面板441上提供相应的视觉输出。虽然在图6中,触控面板431与显示面板441是作为两个独立的部件来实现手机的输入和输入功能,但是在某些实施例中,可以将触控面板431与显示面板441集成而实现手机的输入和输出功能。The display unit 440 can be used to display information input by the user or information provided to the user as well as various menus of the mobile phone. The display unit 440 can include a display panel 441. Alternatively, the display panel 441 can be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like. Further, the touch panel 431 can cover the display panel 441. When the touch panel 431 detects a touch operation on or near the touch panel 431, it transmits to the processor 480 to determine the type of the touch event, and then the processor 480 according to the touch event. The type provides a corresponding visual output on display panel 441. Although the touch panel 431 and the display panel 441 are used as two independent components to implement the input and input functions of the mobile phone in FIG. 6, in some embodiments, the touch panel 431 may be integrated with the display panel 441. Realize the input and output functions of the phone.
手机还可包括至少一种传感器450,比如光传感器、运动传感器以及其他传感器。具体地,光传感器可包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示面板441的亮度,接近传感器可在手机移动到耳边时,关闭显示面板441和/或背光。作为运动传感器的一种,加速计传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别手机姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等;至于手机还可配置的陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。The handset may also include at least one type of sensor 450, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 441 according to the brightness of the ambient light, and the proximity sensor may close the display panel 441 and/or when the mobile phone moves to the ear. Or backlight. As a kind of motion sensor, the accelerometer sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity. It can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; as for the mobile phone can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, no longer Narration.
音频电路460、扬声器461,传声器462可提供用户与手机之间的音频接口。音频电路460可将接收到的音频数据转换后的电信号,传输到扬声器461,由扬声器461转换为声音信号输出;另一方面,传声器462将收集的声音信号转换为电信号,由音频电路460接收后转换为音频数据,再将音频数据输出处理器480处理后,经RF电路410以发送给比如另一手机,或者将音频数据输出至存储器420以便进一步处理。 Audio circuit 460, speaker 461, and microphone 462 provide an audio interface between the user and the handset. The audio circuit 460 can transmit the converted electrical data of the received audio data to the speaker 461 for conversion to the sound signal output by the speaker 461; on the other hand, the microphone 462 converts the collected sound signal into an electrical signal by the audio circuit 460. After receiving, it is converted into audio data, and then processed by the audio data output processor 480, sent to the other mobile phone via the RF circuit 410, or outputted to the memory 420 for further processing.
WiFi属于短距离无线传输技术,手机通过WiFi模块470可以帮助用户收发电子邮件、浏览网页和访问流式媒体等,它为用户提供了无线的宽带互联网访问。虽然图6示出了WiFi模块470,但是可以理解的是,其并不属于手机的必须构成,完全可以根据需要在不改变本申请的本质的范围内而省略。WiFi is a short-range wireless transmission technology, and the mobile phone can help users to send and receive emails, browse web pages, and access streaming media through the WiFi module 470, which provides users with wireless broadband Internet access. Although FIG. 6 shows the WiFi module 470, it can be understood that it does not belong to the essential configuration of the mobile phone, and may be omitted as needed within the scope of not changing the essence of the present application.
处理器480是手机的控制中心,利用各种接口和线路连接整个手机的各个部分,通过运行或执行存储在存储器420内的软件程序和/或模块,以及调用存储在存储器420内的数据,执行手机的各种功能和处理数据,从而对手机进行整体监控。可选的,处理器480可包括一个或多个处理单元;优选的,处理器480可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器480中。The processor 480 is the control center of the handset, and connects various portions of the entire handset using various interfaces and lines, by executing or executing software programs and/or modules stored in the memory 420, and invoking data stored in the memory 420, executing The phone's various functions and processing data, so that the overall monitoring of the phone. Optionally, the processor 480 may include one or more processing units; preferably, the processor 480 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like. The modem processor primarily handles wireless communications. It can be understood that the above modem processor may not be integrated into the processor 480.
手机还包括给各个部件供电的电源490(比如电池),优选的,电源可以通过电源管理系统与处理器480逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。The handset also includes a power source 490 (such as a battery) that supplies power to the various components. Preferably, the power source can be logically coupled to the processor 480 via a power management system to manage functions such as charging, discharging, and power management through the power management system.
尽管未示出,手机还可以包括摄像头、蓝牙模块等,在此不再赘述。Although not shown, the mobile phone may further include a camera, a Bluetooth module, and the like, and details are not described herein again.
在本申请实施例中,该终端所包括的处理器480可以执行上述实施例中风险检测方法的步骤。In the embodiment of the present application, the processor 480 included in the terminal may perform the steps of the risk detecting method in the foregoing embodiment.
基于相同的技术构思,本申请还提供一种存储有计算机可读指令的存储介质,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行上述实施例中风险检测方法的步骤,其中,存储介质可以为非易失性存储介质。Based on the same technical concept, the present application also provides a storage medium storing computer readable instructions, which when executed by one or more processors, cause one or more processors to execute in the above embodiments The step of the risk detecting method, wherein the storage medium may be a non-volatile storage medium.
本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读存储介质中,存储介质可以包括:只读存储器(ROM,Read Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁盘或光盘等。A person skilled in the art may understand that all or part of the various steps of the foregoing embodiments may be performed by a program to instruct related hardware. The program may be stored in a computer readable storage medium, and the storage medium may include: Read Only Memory (ROM), Random Access Memory (RAM), disk or optical disk.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。It will be understood by those skilled in the art that all or part of the steps of implementing the above embodiments may be performed by a program to instruct related hardware, and the program may be stored in a computer readable storage medium, the above mentioned storage. The medium can be a read only memory, a magnetic disk or an optical disk or the like.
以上所述实施例仅表达了本申请一些示例性实施例,其描述较为具体和详细,但并不能因此而理解为对本申请专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。The above-described embodiments are only illustrative of some exemplary embodiments of the present application, and the description thereof is more specific and detailed, and is not to be construed as limiting the scope of the claims. It should be noted that a number of variations and modifications may be made by those skilled in the art without departing from the spirit and scope of the present application. Therefore, the scope of the invention should be determined by the appended claims.

Claims (20)

  1. 一种风险检测方法,包括:A risk detection method, including:
    S1:选定一业务系统,在业务系统内设置风险检测规则模板,所述风险检测规则模板内设有规则条件和用于执行的规则动作,在所述规则条件中设置规则触发阈值;S1: Select a service system, and set a risk detection rule template in the service system, where the risk detection rule template is provided with a rule condition and a rule action for performing, and a rule trigger threshold is set in the rule condition;
    S2:设置监听程序,监听业务系统中接收到的所有数据请求;S2: setting a listener to listen to all data requests received in the service system;
    S3:通过风险检测规则模板中规则触发阈值对监听业务系统中接收到的数据请求的校验,判断该数据请求是否在风险范围内,并通过规则动作执行对应的对策。S3: Checking the data request received in the monitoring service system by using the rule trigger threshold in the risk detection rule template, determining whether the data request is within the risk range, and performing corresponding countermeasures by using the rule action.
  2. 如权利要求1所述的一种风险检测方法,其中,所述S1包括:A risk detecting method according to claim 1, wherein said S1 comprises:
    S101:选定一业务系统,根据其业务功能和与之进行数据交互的其他业务系统自定义一用于风险检测的风险检测规则模板,其内设置规则条件和用于执行的规则动作;S101: Select a service system, and customize a risk detection rule template for risk detection according to its business function and other business systems with which data is exchanged, and set rule conditions and rule actions for execution;
    S102:由业务系统加载特定规则引擎解析风险检测规则模板,使用时导入模板后生成对应的风险检测规则,修改规则仅需对模板进行修改并导入后即可完成在线更新规则。S102: The service system loads a specific rule engine to parse the risk detection rule template, and generates a corresponding risk detection rule after importing the template, and the modification rule only needs to modify the template and import the online update rule.
  3. 如权利要求1所述的一种风险检测方法,其中,所述S2包括:A risk detecting method according to claim 1, wherein said S2 comprises:
    S201:在系统中设置监听程序,用于监听所有数据请求内容;S201: setting a listener in the system for monitoring all data request contents;
    S202:将监听到的内容存储至监听器中预设位置。S202: Store the monitored content to a preset position in the listener.
  4. 如权利要求1所述的一种风险检测方法,其中,所述S3包括:A risk detecting method according to claim 1, wherein said S3 comprises:
    S301:根据监听到的数据请求内容,调用对应的风险检测规则,使请求的业务功能与风险检测规则模板对应的规则触发阈值功能进行匹配;S301: The corresponding risk detection rule is invoked according to the content of the data request, and the requested service function is matched with the rule trigger threshold function corresponding to the risk detection rule template.
    S302:若数据请求内容在规则触发阈值之内,则存在风险,根据用于执行的规则动作执行对应的对策,并发出警告提示;S302: If the data request content is within the rule trigger threshold, there is a risk, and the corresponding countermeasure is executed according to the rule action for execution, and a warning prompt is issued;
    S303:若数据请求内容不在规则触发阈值之内,则不存在风险,将其导入 正常业务逻辑的执行队列中。S303: If the data request content is not within the rule trigger threshold, there is no risk and it is imported into the execution queue of the normal business logic.
  5. 如权利要求1所述的一种风险检测方法,其中,所述风险检测方法还包括,不同的房产交易系统设置不同的风险检测规则,任一风险检测规则对应有一套识别规则,用于判断是否为非法请求。The risk detecting method according to claim 1, wherein the risk detecting method further comprises: different risk detecting rules are set by different real estate transaction systems, and any risk detecting rule corresponds to a set of identifying rules for determining whether Is an illegal request.
  6. 如权利要求1所述的一种风险检测方法,其中,所述规则触发阈值采用预先设置的风险操作特征列表,所述风险操作特征列表包含底层文件访问和对系统操作的调用非业务类数据请求操作特征。The risk detection method according to claim 1, wherein the rule trigger threshold adopts a preset risk operation feature list, and the risk operation feature list includes an underlying file access and a non-business data request for invoking a system operation. Operating characteristics.
  7. 如权利要求1所述的一种风险检测方法,其中,所述对策包括屏蔽请求方IP地址或锁定请求发出的操作账号。A risk detecting method according to claim 1, wherein said countermeasure comprises masking the requester IP address or an operation account issued by the lock request.
  8. 一种风险检测装置,包括:A risk detecting device comprising:
    设置模块,设置为选定一业务系统,在业务系统内设置风险检测规则模板,所述风险检测规则模板内设有规则条件和用于执行的规则动作,在所述规则条件中设置规则触发阈值;The setting module is configured to select a business system, and set a risk detection rule template in the business system, where the risk detection rule template has a rule condition and a rule action for execution, and the rule trigger threshold is set in the rule condition ;
    监听模块,设置为设置监听程序,监听业务系统中接收到的所有数据请求;a listening module, configured to set a listener, and listen to all data requests received in the business system;
    校验模块,设置为通过风险检测规则模板中规则触发阈值对监听业务系统中接收到的数据请求的校验,判断该数据请求是否在风险范围内,并通过规则动作执行对应的对策。The verification module is configured to check the data request received in the monitoring service system through the rule trigger threshold in the risk detection rule template, determine whether the data request is within the risk range, and execute the corresponding countermeasure by the rule action.
  9. 根据权利要求8所述的风险检测装置,其中,所述设置模块包括:The risk detecting device according to claim 8, wherein the setting module comprises:
    规则设置模块,设置为根据业务系统的业务功能和与之进行数据交互的其他业务系统自定义一用于风险检测的风险检测规则模板,其内设置规则条件和用于执行的规则动作;a rule setting module, configured to customize a risk detection rule template for risk detection according to a business function of the business system and other business systems with which data is exchanged, and set a rule condition and a rule action for execution;
    规则生成模块,设置为由业务系统加载特定规则引擎解析风险检测规则模板,使用时导入模板后生成对应的风险检测规则,修改规则仅需对模板进行修改并导入后即可完成在线更新规则。The rule generation module is configured to load a specific rule engine to parse the risk detection rule template by the business system, and generate a corresponding risk detection rule after importing the template, and the modification rule only needs to modify the template and import the online update rule.
  10. 根据权利要求8所述的风险检测装置,其中,所述监听模块包括:The risk detecting apparatus according to claim 8, wherein the monitoring module comprises:
    监听程序设置模块,设置为在系统中设置监听程序,用于监听所有数据请求内容;The listener setting module is set to set a listener in the system for monitoring all data request contents;
    监听内容存储模块,设置为将监听到的内容存储至监听器中预设位置。The content storage module is monitored and configured to store the monitored content to a preset location in the listener.
  11. 根据权利要求8所述的风险检测装置,其中,所述校验模块包括:The risk detecting apparatus according to claim 8, wherein the verification module comprises:
    匹配模块,设置为根据监听到的数据请求内容,调用对应的风险检测规则,使请求的业务功能与风险检测规则模板对应的规则触发阈值功能进行匹配;The matching module is configured to: according to the content of the monitored data request, invoke the corresponding risk detection rule, so that the requested service function matches the rule trigger threshold function corresponding to the risk detection rule template;
    对策模块,设置为若数据请求内容在规则触发阈值之内,则存在风险,根据用于执行的规则动作执行对应的对策,并发出警告提示;The countermeasure module is set to have a risk if the data request content is within the rule trigger threshold, and the corresponding countermeasure is executed according to the rule action for execution, and a warning prompt is issued;
    执行模块,设置为若数据请求内容不在规则触发阈值之内,则不存在风险,将其导入正常业务逻辑的执行队列中。The execution module is set so that if the data request content is not within the rule trigger threshold, there is no risk and it is imported into the execution queue of the normal business logic.
  12. 根据权利要求8所述的风险检测装置,其中,不同的房产交易系统设置不同的风险检测规则,任一风险检测规则对应有一套识别规则,用于判断是否为非法请求;The risk detecting apparatus according to claim 8, wherein different real estate transaction systems set different risk detection rules, and any risk detection rule corresponds to a set of identification rules for determining whether the request is an illegal request;
    所述规则触发阈值采用预先设置的风险操作特征列表,所述风险操作特征列表包含底层文件访问和对系统操作的调用非业务类数据请求操作特征;The rule trigger threshold adopts a preset risk operation feature list, where the risk operation feature list includes an underlying file access and a call for non-business data request operation feature for system operation;
    所述对策包括屏蔽请求方IP地址或锁定请求发出的操作账号。The countermeasure includes shielding the requester IP address or the operation account issued by the lock request.
  13. 一种移动终端,包括:触敏显示器;存储器;一个或多个处理器;A mobile terminal comprising: a touch sensitive display; a memory; one or more processors;
    所述一个或多个处理器被配置为执行以下步骤:The one or more processors are configured to perform the following steps:
    S1:选定一业务系统,在业务系统内设置风险检测规则模板,所述风险检测规则模板内设有规则条件和规则动作,在所述规则条件中设置规则触发阈值;S1: Select a service system, and set a risk detection rule template in the service system, where the risk detection rule template has a rule condition and a rule action, and the rule trigger threshold is set in the rule condition;
    S2:设置监听程序,监听业务系统中接收到的所有数据请求;S2: setting a listener to listen to all data requests received in the service system;
    S3:通过风险检测规则模板中规则触发阈值对监听业务系统中接收到的数据请求的校验,判断该数据请求是否在风险范围内,并通过规则动作执行对应 的对策。S3: Checking the data request received in the monitoring service system by using the rule trigger threshold in the risk detection rule template, determining whether the data request is within the risk range, and performing corresponding countermeasures by using the rule action.
  14. 根据权利要求14所述的移动终端,其中,所述步骤S1使得所述处理器执行以下步骤:The mobile terminal of claim 14, wherein said step S1 causes said processor to perform the following steps:
    S101:选定一业务系统,根据其业务功能和与之进行数据交互的其他业务系统自定义一用于风险检测的风险检测规则模板,其内设置规则条件和用于执行的规则动作;S101: Select a service system, and customize a risk detection rule template for risk detection according to its business function and other business systems with which data is exchanged, and set rule conditions and rule actions for execution;
    S102:由业务系统加载特定规则引擎解析风险检测规则模板,使用时导入模板后生成对应的风险检测规则,修改规则仅需对模板进行修改并导入后即可完成在线更新规则。S102: The service system loads a specific rule engine to parse the risk detection rule template, and generates a corresponding risk detection rule after importing the template, and the modification rule only needs to modify the template and import the online update rule.
  15. 根据权利要求14所述的移动终端,其中,所述步骤S2使得所述处理器执行以下步骤:The mobile terminal of claim 14, wherein said step S2 causes said processor to perform the following steps:
    S201:在系统中设置监听程序,设置为监听所有数据请求内容;S201: setting a listener in the system, and setting to listen to all data request contents;
    S202:将监听到的内容存储至监听器中预设位置。S202: Store the monitored content to a preset position in the listener.
  16. 根据权利要求14所述的移动终端,其中,所述步骤S3使得所述处理器执行以下步骤:The mobile terminal of claim 14, wherein said step S3 causes said processor to perform the following steps:
    S301:根据监听到的数据请求内容,调用对应的风险检测规则,使请求的业务功能与风险检测规则模板对应的规则触发阈值功能进行匹配;S301: The corresponding risk detection rule is invoked according to the content of the data request, and the requested service function is matched with the rule trigger threshold function corresponding to the risk detection rule template.
    S302:若数据请求内容在规则触发阈值之内,则存在风险,根据用于执行的规则动作执行对应的对策,并发出警告提示;S302: If the data request content is within the rule trigger threshold, there is a risk, and the corresponding countermeasure is executed according to the rule action for execution, and a warning prompt is issued;
    S303:若数据请求内容不在规则触发阈值之内,则不存在风险,将其导入正常业务逻辑的执行队列中。S303: If the data request content is not within the rule trigger threshold, there is no risk and is imported into the execution queue of the normal business logic.
  17. 一种存储有计算机可读指令的存储介质,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:A storage medium storing computer readable instructions that, when executed by one or more processors, cause one or more processors to perform the steps of:
    S1:选定一业务系统,在业务系统内设置风险检测规则模板,所述风险检测规则模板内设有规则条件和规则动作,在所述规则条件中设置规则触发阈值;S1: Select a service system, and set a risk detection rule template in the service system, where the risk detection rule template has a rule condition and a rule action, and the rule trigger threshold is set in the rule condition;
    S2:设置监听程序,监听业务系统中接收到的所有数据请求;S2: setting a listener to listen to all data requests received in the service system;
    S3:通过风险检测规则模板中规则触发阈值对监听业务系统中接收到的数据请求的校验,判断该数据请求是否在风险范围内,并通过规则动作执行对应的对策。S3: Checking the data request received in the monitoring service system by using the rule trigger threshold in the risk detection rule template, determining whether the data request is within the risk range, and performing corresponding countermeasures by using the rule action.
  18. 根据权利要求18所述的存储介质,其中,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:The storage medium of claim 18, wherein the computer readable instructions are executed by one or more processors such that the one or more processors perform the following steps:
    S101:选定一业务系统,根据其业务功能和与之进行数据交互的其他业务系统自定义一用于风险检测的风险检测规则模板,其内设置规则条件和用于执行的规则动作;S101: Select a service system, and customize a risk detection rule template for risk detection according to its business function and other business systems with which data is exchanged, and set rule conditions and rule actions for execution;
    S102:由业务系统加载特定规则引擎解析风险检测规则模板,使用时导入模板后生成对应的风险检测规则,修改规则仅需对模板进行修改并导入后即可完成在线更新规则。S102: The service system loads a specific rule engine to parse the risk detection rule template, and generates a corresponding risk detection rule after importing the template, and the modification rule only needs to modify the template and import the online update rule.
  19. 根据权利要求18所述的存储介质,其中,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:The storage medium of claim 18, wherein the computer readable instructions are executed by one or more processors such that the one or more processors perform the following steps:
    S201:在系统中设置监听程序,设置为监听所有数据请求内容;S201: setting a listener in the system, and setting to listen to all data request contents;
    S202:将监听到的内容存储至监听器中预设位置。S202: Store the monitored content to a preset position in the listener.
  20. 根据权利要求18所述的存储介质,其中,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:The storage medium of claim 18, wherein the computer readable instructions are executed by one or more processors such that the one or more processors perform the following steps:
    S301:根据监听到的数据请求内容,调用对应的风险检测规则,使请求的业务功能与风险检测规则模板对应的规则触发阈值功能进行匹配;S301: The corresponding risk detection rule is invoked according to the content of the data request, and the requested service function is matched with the rule trigger threshold function corresponding to the risk detection rule template.
    S302:若数据请求内容在规则触发阈值之内,则存在风险,根据用于执行的规则动作执行对应的对策,并发出警告提示;S302: If the data request content is within the rule trigger threshold, there is a risk, and the corresponding countermeasure is executed according to the rule action for execution, and a warning prompt is issued;
    S303:若数据请求内容不在规则触发阈值之内,则不存在风险,将其导入正常业务逻辑的执行队列中。S303: If the data request content is not within the rule trigger threshold, there is no risk and is imported into the execution queue of the normal business logic.
PCT/CN2018/104729 2018-03-22 2018-09-08 Risk detection method and device, and mobile terminal and storage medium WO2019179068A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810239614.3 2018-03-22
CN201810239614.3A CN108615158B (en) 2018-03-22 2018-03-22 Risk detection method and device, mobile terminal and storage medium

Publications (1)

Publication Number Publication Date
WO2019179068A1 true WO2019179068A1 (en) 2019-09-26

Family

ID=63659313

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/104729 WO2019179068A1 (en) 2018-03-22 2018-09-08 Risk detection method and device, and mobile terminal and storage medium

Country Status (2)

Country Link
CN (1) CN108615158B (en)
WO (1) WO2019179068A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110515975A (en) * 2019-07-17 2019-11-29 阿里巴巴集团控股有限公司 Risk detecting system, method and device
CN112307480B (en) * 2019-07-24 2023-09-05 中移互联网有限公司 Risk analysis method and device for equipment where application software is located
CN110995688B (en) * 2019-11-27 2021-11-16 深圳申朴信息技术有限公司 Personal data sharing method and device for internet financial platform and terminal equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927485A (en) * 2014-04-24 2014-07-16 东南大学 Android application program risk assessment method based on dynamic monitoring
CN104050182A (en) * 2013-03-13 2014-09-17 Sap股份公司 Configurable rule for monitoring data of in-memory database
CN105701708A (en) * 2014-11-25 2016-06-22 航天信息股份有限公司 Risk management method and risk management system
CN107645482A (en) * 2016-07-22 2018-01-30 阿里巴巴集团控股有限公司 A kind of risk control method and device for business operation
CN107767021A (en) * 2017-09-12 2018-03-06 阿里巴巴集团控股有限公司 A kind of risk control method and equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1835014A (en) * 2006-03-28 2006-09-20 阿里巴巴公司 Method and system of monitoring on-line service risk
CN107231042A (en) * 2017-03-31 2017-10-03 国网山东省电力公司日照供电公司 Circuit-breaker remote control operation on-site monitoring prior-warning device and its implementation
CN107465668A (en) * 2017-07-17 2017-12-12 广州慧睿思通信息科技有限公司 A kind of GSM mobile handset speech monitoring method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104050182A (en) * 2013-03-13 2014-09-17 Sap股份公司 Configurable rule for monitoring data of in-memory database
CN103927485A (en) * 2014-04-24 2014-07-16 东南大学 Android application program risk assessment method based on dynamic monitoring
CN105701708A (en) * 2014-11-25 2016-06-22 航天信息股份有限公司 Risk management method and risk management system
CN107645482A (en) * 2016-07-22 2018-01-30 阿里巴巴集团控股有限公司 A kind of risk control method and device for business operation
CN107767021A (en) * 2017-09-12 2018-03-06 阿里巴巴集团控股有限公司 A kind of risk control method and equipment

Also Published As

Publication number Publication date
CN108615158A (en) 2018-10-02
CN108615158B (en) 2022-09-30

Similar Documents

Publication Publication Date Title
WO2020238351A1 (en) Application downloading and classification method and terminal device
WO2018049893A1 (en) Data transmission method and terminal device
WO2020215932A1 (en) Method for displaying unread message and terminal device
US9329661B2 (en) Information processing method and electronic device
US9798512B1 (en) Context-based volume adjustment
US20220329741A1 (en) Camera start method and electronic device
WO2021057290A1 (en) Information control method and electronic device
WO2020258952A1 (en) Permission configuration method and terminal device
CN108681427B (en) Access right control method and terminal equipment
CN111462785B (en) Recording control method, recording control device, storage medium and mobile terminal
WO2019179068A1 (en) Risk detection method and device, and mobile terminal and storage medium
WO2018214748A1 (en) Method and apparatus for displaying application interface, terminal and storage medium
WO2020192324A1 (en) Interface displaying method and terminal device
WO2021017738A1 (en) Interface display method and electronic device
JP2018504708A (en) Method, device, and system for managing information recommendations
WO2021093766A1 (en) Message display method, and electronic apparatus
WO2021121225A1 (en) Method for installing application program, and electronic apparatus
WO2019007371A1 (en) Method for preventing information from being stolen, storage device, and mobile terminal
WO2018024138A1 (en) Method, device, terminal and computer storage medium for detecting malicious website
WO2021115220A1 (en) Information sharing method, electronic device and computer-readable storage medium
CN111459362A (en) Information display method, information display device, electronic apparatus, and storage medium
CN108124016A (en) A kind of method and apparatus for sending POST request
CN111090529B (en) Information sharing method and electronic equipment
WO2015062234A1 (en) Mobile terminal resource processing method, device and apparatus
CN110012151B (en) Information display method and terminal equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18910725

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 12/01/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18910725

Country of ref document: EP

Kind code of ref document: A1