[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN116415237B - Risk device identification method, apparatus, computer device and storage medium - Google Patents

Risk device identification method, apparatus, computer device and storage medium Download PDF

Info

Publication number
CN116415237B
CN116415237B CN202310204643.7A CN202310204643A CN116415237B CN 116415237 B CN116415237 B CN 116415237B CN 202310204643 A CN202310204643 A CN 202310204643A CN 116415237 B CN116415237 B CN 116415237B
Authority
CN
China
Prior art keywords
element information
risk
identification
identified
terminal equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310204643.7A
Other languages
Chinese (zh)
Other versions
CN116415237A (en
Inventor
郑顺潮
董永川
李书亮
张清斌
费建东
刘彬
兰海峰
应吕鹏
金路
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
INSIGMA TECHNOLOGY CO LTD
HONG KONG-ZHUHAI-MACAO BRIDGE AUTHORITY
Original Assignee
INSIGMA TECHNOLOGY CO LTD
HONG KONG-ZHUHAI-MACAO BRIDGE AUTHORITY
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by INSIGMA TECHNOLOGY CO LTD, HONG KONG-ZHUHAI-MACAO BRIDGE AUTHORITY filed Critical INSIGMA TECHNOLOGY CO LTD
Priority to CN202310204643.7A priority Critical patent/CN116415237B/en
Publication of CN116415237A publication Critical patent/CN116415237A/en
Application granted granted Critical
Publication of CN116415237B publication Critical patent/CN116415237B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application relates to a risk device identification method, apparatus, computer device, storage medium and computer program product. The method comprises the following steps: element information of the terminal equipment to be identified is obtained, and the element information is preprocessed to obtain preprocessed element information of the terminal equipment to be identified; determining a target element information identification model matched with the preprocessed element information from a preset element information identification model, and outputting an identification result of the preprocessed element information through the target element information identification model; determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the element information after pretreatment to the element information after pretreatment; and obtaining a risk identification result aiming at the terminal equipment to be identified according to the target element information identification rule. By adopting the method, the identification efficiency of the risk equipment can be improved.

Description

Risk device identification method, apparatus, computer device and storage medium
Technical Field
The present application relates to the field of information security technologies, and in particular, to a risk device identification method, an apparatus, a computer device, a storage medium, and a computer program product.
Background
With the development of computer network technology, various types of terminal devices enter lives of people, and the phenomenon that more and more terminal devices are maliciously utilized occurs while bringing convenience to lives of people.
In the conventional technology, the risk equipment is identified mainly by means of log analysis on the traffic. However, due to the complex construction of the current service system, the current service system is mostly in containerized, distributed and high-availability deployment, and the complex operations such as log collection and summary analysis are needed to be manually performed based on flow analysis, so that the identification efficiency of risk equipment is low.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a risk device identification method, apparatus, computer device, computer-readable storage medium, and computer program product that can improve the risk device identification efficiency.
In a first aspect, the present application provides a risk device identification method. The method comprises the following steps:
acquiring element information of terminal equipment to be identified, and preprocessing the element information to obtain preprocessed element information of the terminal equipment to be identified;
determining a target element information identification model matched with the preprocessed element information from a preset element information identification model, and outputting an identification result of the preprocessed element information through the target element information identification model;
Determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the preprocessed element information to the preprocessed element information;
and obtaining a risk identification result aiming at the terminal equipment to be identified according to the target element information identification rule.
In one embodiment, the acquiring element information of the terminal device to be identified includes:
identifying the equipment identifier of the terminal equipment to be identified;
and acquiring corresponding element information from the terminal equipment to be identified according to the equipment identifier, and taking the element information as target element information of the terminal equipment to be identified.
In one embodiment, before determining the target element information identification model matched with the preprocessed element information from the preset element information identification models, the method further includes:
confirming element information types of the element information after pretreatment;
respectively constructing element information identification models aiming at the element information types;
and updating the element information identification model in real time to obtain an updated element information identification model serving as the preset element information identification model.
In one embodiment, the preset element information identification model is an updated element information identification model for each element information type;
the determining a target element information identification model matched with the preprocessed element information from the preset element information identification model comprises the following steps:
identifying an element information identification model with the same corresponding element information type as the element information type of the preprocessed element information from the updated element information identification model for each element information type;
and using the identified element information identification model as a target element information identification model matched with the preprocessed element information.
In one embodiment, before the risk identification result for the terminal device to be identified is obtained according to the target element information identification rule, the method further includes:
acquiring a calculation result of a streaming data index aiming at the terminal equipment to be identified;
according to the calculation result of the stream data index, identifying candidate risk equipment from the terminal equipment to be identified;
the step of obtaining a risk identification result for the terminal equipment to be identified according to the target element information identification rule comprises the following steps:
Acquiring risk scores corresponding to the target element information identification rules to obtain total risk scores of the candidate risk devices;
identifying the candidate risk devices with the total risk score exceeding a preset value as risk devices in the candidate risk devices;
and taking the risk equipment as a risk identification result aiming at the terminal equipment to be identified.
In one embodiment, after obtaining the risk identification result for the terminal device to be identified according to the identification result and the target element information identification rule, the method further includes:
performing format conversion processing on the risk identification result according to a preset format to obtain a risk identification result in the preset format;
and generating and pushing corresponding early warning information according to the risk identification result in the preset format.
In a second aspect, the application further provides a risk equipment identification device. The device comprises:
the information acquisition module is used for acquiring element information of the terminal equipment to be identified, preprocessing the element information and obtaining preprocessed element information of the terminal equipment to be identified;
the model matching module is used for determining a target element information identification model matched with the preprocessed element information from a preset element information identification model, and outputting an identification result of the preprocessed element information through the target element information identification model;
The rule matching module is used for determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the preprocessed element information to the preprocessed element information;
and the result determining module is used for obtaining a risk identification result aiming at the terminal equipment to be identified according to the identification result and the target element information identification rule.
In a third aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:
acquiring element information of terminal equipment to be identified, and preprocessing the element information to obtain preprocessed element information of the terminal equipment to be identified;
determining a target element information identification model matched with the preprocessed element information from a preset element information identification model, and outputting an identification result of the preprocessed element information through the target element information identification model;
Determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the preprocessed element information to the preprocessed element information;
and obtaining a risk identification result aiming at the terminal equipment to be identified according to the target element information identification rule.
In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
acquiring element information of terminal equipment to be identified, and preprocessing the element information to obtain preprocessed element information of the terminal equipment to be identified;
determining a target element information identification model matched with the preprocessed element information from a preset element information identification model, and outputting an identification result of the preprocessed element information through the target element information identification model;
determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the preprocessed element information to the preprocessed element information;
And obtaining a risk identification result aiming at the terminal equipment to be identified according to the target element information identification rule.
In a fifth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:
acquiring element information of terminal equipment to be identified, and preprocessing the element information to obtain preprocessed element information of the terminal equipment to be identified;
determining a target element information identification model matched with the preprocessed element information from a preset element information identification model, and outputting an identification result of the preprocessed element information through the target element information identification model;
determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the preprocessed element information to the preprocessed element information;
and obtaining a risk identification result aiming at the terminal equipment to be identified according to the target element information identification rule.
The risk equipment identification method, the risk equipment identification device, the computer equipment, the storage medium and the computer program product are used for preprocessing element information by acquiring the element information of the terminal equipment to be identified to obtain the preprocessed element information of the terminal equipment to be identified; determining a target element information identification model matched with the preprocessed element information from the preset element information identification model, and outputting an identification result of the preprocessed element information through the target element information identification model; then, determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the element information after pretreatment to the element information after pretreatment; and finally, according to the target element information identification rule, obtaining a risk identification result aiming at the terminal equipment to be identified. In this way, the element information of the terminal equipment to be identified is firstly obtained, and the element information is preprocessed, so that the preprocessed element information in a corresponding format can be accurately obtained; determining a target element information identification model matched with the preprocessed element information from the preset element information identification models, and outputting the identification result of the preprocessed element information through the target element information identification model, so that the preprocessed element information is accurately and sequentially matched with the preset element information identification model, and the identification result returned by the model is quickly and effectively obtained; then, determining a target element information identification rule matched with the updated element information from preset element information identification rules, so as to accurately match the updated element information with the preset element information identification rule in sequence and effectively obtain the target element information identification rule; and finally, according to the target element information identification rule, obtaining a risk identification result aiming at the terminal equipment to be identified, namely adopting a detection model based on an artificial intelligence algorithm to detect the terminal equipment to be identified, so that the detection speed is greatly increased, and the whole process does not need manual participation, thereby avoiding complex operations such as manual log collection, summarization analysis and the like, and further improving the identification efficiency of the risk equipment.
Drawings
FIG. 1 is an application environment diagram of a risk device identification method in one embodiment;
FIG. 2 is a flow chart of a risk device identification method according to one embodiment;
FIG. 3 is a flowchart illustrating a step of updating an element information identification model in one embodiment;
FIG. 4 is a flow chart of another embodiment of a risk device identification method;
FIG. 5 is a flow chart of a method of identifying risk devices according to yet another embodiment;
FIG. 6 is a block diagram of a risk device identification apparatus in one embodiment;
fig. 7 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
The risk equipment identification method provided by the embodiment of the application can be applied to an application environment shown in fig. 1. Wherein the risk device identification terminal 104 communicates with the device 101, the device 102 and the device 103, respectively, via a network. Specifically, referring to fig. 1, a risk device identification terminal 104 acquires element information of a device 101, a device 102 and a device 103, respectively, and performs preprocessing on the element information to obtain preprocessed element information of a terminal device to be identified; determining a target element information identification model matched with the preprocessed element information from a preset element information identification model, and outputting an identification result of the preprocessed element information through the target element information identification model; determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the element information after pretreatment to the element information after pretreatment; and according to the target element information identification rule, obtaining risk identification results for the equipment 101, the equipment 102 and the equipment 103.
Among them, the devices 101, 102, and 103 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and the like. The risk equipment identification terminal 104 is an intelligent fusion terminal device integrating functions of equipment state monitoring, communication networking, in-situ analysis decision, collaborative calculation and the like, and is used for identifying risk equipment and outputting a risk identification result.
In one embodiment, as shown in fig. 2, a risk device identification method is provided, and an example of application of the method to the risk device identification terminal in fig. 1 is described, including the following steps:
step S201, element information of the terminal equipment to be identified is obtained, and the element information is preprocessed to obtain preprocessed element information of the terminal equipment to be identified.
The terminal device to be identified refers to a terminal device needing risk identification, such as an H5 terminal device, an android device and an IOS (mobile operating system developed by apple company) device.
The element information refers to terminal equipment information to be acquired aiming at the terminal equipment to be identified.
The preprocessing refers to preprocessing element information, and the element information is converted into probe data.
The obtained element information is different for different types of terminal devices.
Specifically, the risk equipment identification terminal responds to an identification request of the risk equipment, generates an element information acquisition instruction, acquires element information of the terminal equipment to be identified according to the element information acquisition instruction, and performs preprocessing on the element information to obtain the element information after preprocessing.
For example, the risk equipment identification terminal buries points according to the element information acquisition instruction, different terminal equipment (such as H5, android, IOS, etc.), the buries points trigger a script for loading element acquisition, the script performs information acquisition on the terminal equipment at regular time, and the acquired partial information is as follows:
1) The information collected by the H5 terminal equipment is as follows:
element name Collecting field names Element name Collecting field names
userAgent Browser UA ID Device unique value
browserName Browser name localCode Local area network address
browserVersion Browser version webSmartlD Intelligent lD
OS Operating system or platform passiveCode Gateway link address
timeZone Time zone crossCode Unifying device identification values
2) The information collected by the android device is as follows:
element name Collecting field names Element name Collecting field names
bluetooth Bluetooth mac ID Device unique value
baseStation Base station information localCode Local area network address
wifiList W old list imei Equipment identity code
model Device model imsi User identification code
device Device information crossCode Unifying device identification values
3) The information collected by the IOS device is as follows:
and preprocessing the acquired element information to obtain the element information in the form of probe data.
Step S202, determining a target element information identification model matched with the preprocessed element information from the preset element information identification models, and outputting the identification result of the preprocessed element information through the target element information identification model.
The preset element information identification model refers to various pre-constructed data processing models, such as an IP (Internet Protocol Address ) risk identification model.
The target element information identification model refers to a data processing model matched with the element information after preprocessing among various data processing models constructed in advance.
Specifically, the risk equipment identification terminal acquires an updated element information identification model as a preset element information identification model, sequentially matches the preprocessed element information with the preset element information identification model to obtain a target element information identification model matched with the preprocessed element information, and processes the preprocessed element information through the target element information identification model to obtain an identification result of the preprocessed element information.
For example, the risk equipment identification terminal determines one of target element information identification models matched with the preprocessed element information from preset element information identification models as an IP risk identification model, maintains an IP risk detail library based on IP dimensions, and can quickly match and inquire the IP dimensions in the acquired elements.
Step S203, determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the preprocessed element information to the preprocessed element information.
The preset element information identification rules refer to various rules defined in advance, and examples are as follows:
among the various rules defined in advance, the target element information identification rule refers to a rule that matches the updated element information.
The updated element information is element information obtained by adding the identification result of the element information after preprocessing to the element information after preprocessing.
Specifically, the risk equipment identification terminal acquires an updated element information identification rule as a preset element information identification rule, sequentially matches the updated element information with the preset element information identification rule, and records a target element information identification rule matched with the updated element information.
For example, the risk equipment identification terminal sequentially matches the updated element information with a preset element information identification rule (default matching total rule), and records a target element information identification rule matched with the updated element information.
And step S204, obtaining a risk identification result aiming at the terminal equipment to be identified according to the target element information identification rule.
The risk identification result refers to a risk score corresponding to each target element information identification rule, and the obtained judgment result is aimed at whether the terminal equipment to be identified is risk equipment.
Specifically, the risk equipment identification terminal acquires and analyzes the target element information identification rule, and obtains a risk identification result aiming at the terminal equipment to be identified according to the analysis result.
For example, an android mobile phone device with the same ID (Identity document, identity number) requests 1000 times within 24 hours, but the collected electric quantity information is not changed all the time (the streaming data processing platform counts the number of times of the request and the change condition of the electric quantity), so that the device can be judged to have a certain risk; if retrigger is as follows: the device is a proxy request (which can be judged by a data model of the IP), and the like, the device can be judged to be a risk device with high probability, and then the risk marking is carried out on the device.
In the risk equipment identification method, element information of the terminal equipment to be identified is obtained, and the element information is preprocessed to obtain preprocessed element information of the terminal equipment to be identified; determining a target element information identification model matched with the preprocessed element information from the preset element information identification model, and outputting an identification result of the preprocessed element information through the target element information identification model; then, determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the element information after pretreatment to the element information after pretreatment; and finally, according to the target element information identification rule, obtaining a risk identification result aiming at the terminal equipment to be identified. In this way, the element information of the terminal equipment to be identified is firstly obtained, and the element information is preprocessed, so that the preprocessed element information in a corresponding format can be accurately obtained; determining a target element information identification model matched with the preprocessed element information from the preset element information identification models, and outputting the identification result of the preprocessed element information through the target element information identification model, so that the preprocessed element information is accurately and sequentially matched with the preset element information identification model, and the identification result returned by the model is quickly and effectively obtained; then, determining a target element information identification rule matched with the updated element information from preset element information identification rules, so as to accurately match the updated element information with the preset element information identification rule in sequence and effectively obtain the target element information identification rule; and finally, according to the target element information identification rule, obtaining a risk identification result aiming at the terminal equipment to be identified, namely adopting a detection model based on an artificial intelligence algorithm to detect the terminal equipment to be identified, so that the detection speed is greatly increased, and the whole process does not need manual participation, thereby avoiding complex operations such as manual log collection, summarization analysis and the like, and further improving the identification efficiency of the risk equipment.
In one embodiment, the step S201 includes obtaining element information of the terminal device to be identified, which specifically includes the following contents: identifying a device identifier of the terminal device to be identified; and acquiring corresponding element information from the terminal equipment to be identified according to the equipment identification, and taking the element information as target element information of the terminal equipment to be identified.
The device identifier refers to identifiers for distinguishing different terminal device types, and may be a device type, a device name, and the like.
The target element information refers to corresponding element information acquired from the terminal equipment to be identified according to the equipment identifier of the terminal equipment to be identified.
Specifically, the risk equipment identification terminal generates an element information acquisition instruction, acquires and analyzes equipment identification of the terminal equipment to be identified according to the element information acquisition instruction, and acquires corresponding element information from the terminal equipment to be identified according to an analysis result of the equipment identification to obtain target element information of the terminal equipment to be identified.
For example, the risk equipment identification terminal acquires and analyzes the equipment identifier of the terminal equipment to be identified, and identifies that the terminal equipment to be identified is android equipment, and then the target element information acquired by the android equipment is as follows:
In this embodiment, the device identifier of the terminal device to be identified is identified, and corresponding element information is collected from the terminal device to be identified according to the device identifier, and is used as target element information of the terminal device to be identified; thus, the target element information corresponding to the terminal equipment to be identified is accurately and effectively obtained according to the equipment identification of the terminal equipment to be identified.
In one embodiment, the step S202 further includes the following steps before determining the target element information identification model matched with the preprocessed element information from the preset element information identification models: confirming element information types of the element information after pretreatment; respectively constructing element information identification models aiming at the element information types; updating the element information identification model in real time to obtain an updated element information identification model as a preset element information identification model.
The element information type refers to the type of element information, such as battery power information, base station information, IP information, and the like.
The element information recognition model refers to various data processing models, such as an IP risk recognition model.
Specifically, the risk equipment identification terminal identifies and analyzes the preprocessed element information, confirms the element information types according to analysis results, respectively constructs element information identification models aiming at the element information types, and repeatedly trains the models to obtain the element information identification models after training; and pulling the updated element information identification model in real time to serve as a preset element information identification model.
In this embodiment, the element information type of the element information after the preprocessing is confirmed; respectively constructing element information identification models aiming at the element information types; updating the element information identification model in real time to obtain an updated element information identification model which is used as a preset element information identification model; thus, the element information identification model aiming at various element information types is updated rapidly and effectively.
In one embodiment, the step S202 determines, from the preset element information identification models, a target element information identification model that matches the preprocessed element information, and specifically includes the following contents: identifying an element information identification model of which the corresponding element information type is the same as the element information type of the preprocessed element information from the updated element information identification models for the element information types; the identified element information identification model is used as a target element information identification model matched with the preprocessed element information.
The target element information identification model refers to a data processing model which is the same as the element information type of the element information after preprocessing.
Specifically, the risk equipment identification terminal analyzes the element information types of the element information after preprocessing, acquires updated element information identification models for each element information type, and identifies, from the element information identification models, an element information identification model having the same corresponding element information type as the element information type of the element information after preprocessing as a target element information identification model matching the element information after preprocessing.
For example, the risk equipment identification terminal determines one of target element information identification models matched with the preprocessed element information from preset element information identification models as an IP risk identification model, maintains an IP risk detail library based on IP dimensions, and can quickly match and inquire the IP dimensions in the acquired elements.
In the present embodiment, the element information identification model having the same element information type as that of the element information after preprocessing is identified from among the updated element information identification models for the respective element information types; the identified element information identification model is used as a target element information identification model matched with the preprocessed element information; therefore, the preprocessed element information is accurately matched with the preset element information identification model in sequence, and the target element information identification model matched with the preprocessed element information is effectively determined.
In one embodiment, the step S203 further includes the following before the risk identification result for the terminal device to be identified is obtained according to the target element information identification rule: acquiring a calculation result of a streaming data index aiming at terminal equipment to be identified; according to the calculation result of the stream data index, identifying candidate risk equipment from terminal equipment to be identified;
Step S203, according to the target element information identification rule, obtains a risk identification result for the terminal device to be identified, which specifically includes the following contents: acquiring risk scores corresponding to the target element information identification rules to obtain total risk scores of candidate risk devices; identifying candidate risk devices with total risk scores exceeding a preset value as risk devices in the candidate risk devices; and taking the risk equipment as a risk identification result aiming at the terminal equipment to be identified.
The calculation result of the streaming data index refers to a specific situation of a certain index counted by the streaming data processing platform.
The candidate risk equipment refers to terminal equipment with a certain potential risk.
Wherein the risk score is a measure of the size of the risk, and the higher the score, the greater the risk.
The risk device refers to a terminal device with safety risk.
Specifically, the risk equipment identification terminal obtains a calculation result of a streaming data index aiming at the terminal equipment to be identified; analyzing whether an abnormal condition exists in the calculation result of the streaming data index, and identifying candidate risk equipment from the terminal equipment to be identified according to the analysis result of the abnormal condition; acquiring risk scores corresponding to the target element information identification rules, and calculating to obtain total risk scores of candidate risk devices; comparing the total risk scores of the candidate risk devices with the preset value respectively, and identifying the candidate risk devices with the total risk scores exceeding the preset value as risk devices in the candidate risk devices; and taking the identified risk equipment as a risk identification result aiming at the terminal equipment to be identified.
For example, an OS (Operating System) like "OS (Operating System) contains a keyword Linux, but the risk score corresponding to the element information identification rule against normal operation, such as" Windows "is high, and the terminal device can determine as a risk device when triggering the element information identification rule once.
In the embodiment, a calculation result of a streaming data index for terminal equipment to be identified is obtained; according to the calculation result of the streaming data index, candidate risk equipment is identified from the terminal equipment to be identified, so that the risk equipment is primarily identified by analyzing the objective index of the calculation result of the streaming data index; obtaining risk scores corresponding to the target element information identification rules to obtain total risk scores of candidate risk devices; identifying candidate risk devices with total risk scores exceeding a preset value as risk devices in the candidate risk devices; the risk equipment is used as a risk identification result aiming at the terminal equipment to be identified; and comparing the objective data of the risk score with a preset value, and rapidly and accurately identifying the risk equipment according to the comparison result.
In one embodiment, the step S204 further includes the following after obtaining the risk identification result for the terminal device to be identified according to the identification result and the target element information identification rule: performing format conversion processing on the risk identification result according to a preset format to obtain a risk identification result in the preset format; and generating and pushing corresponding early warning information according to the risk identification result in the preset format.
The preset format refers to a JSON (JavaScript Object Notation, JS object numbered musical notation) data exchange format.
The early warning information refers to early warning notification generated aiming at the risk identification result.
Specifically, the risk equipment identification terminal performs format conversion processing on the risk identification result according to the JSON data exchange format to obtain the risk identification result of the JSON data exchange format, and generates and pushes a corresponding early warning notice to the related contact person according to the risk identification result.
In this embodiment, the risk identification result in the preset format is obtained by performing format conversion processing on the risk identification result in the preset format; and then, generating and pushing corresponding early warning information according to the risk identification result in the preset format, so that a user can quickly and accurately obtain the risk identification result of the terminal equipment to be identified.
In one embodiment, as shown in fig. 4, another risk device identification method is provided, specifically including the following steps:
step S401, identifying the equipment identifier of the terminal equipment to be identified; and acquiring corresponding element information from the terminal equipment to be identified according to the equipment identification, and taking the element information as target element information of the terminal equipment to be identified.
Step S402, preprocessing the element information to obtain preprocessed element information of the terminal equipment to be identified.
Step S403, confirming element information type of the element information after preprocessing; respectively constructing element information identification models aiming at the element information types; updating the element information identification model in real time to obtain an updated element information identification model as a preset element information identification model.
Step S404, identifying an element information identification model with the same element information type as the element information after preprocessing from the updated element information identification models for each element information type; and taking the identified element information identification model as a target element information identification model matched with the preprocessed element information, and outputting an identification result of the preprocessed element information through the target element information identification model.
Step S405, determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the preprocessed element information to the preprocessed element information.
Step S406, obtaining a calculation result of a streaming data index for the terminal equipment to be identified; and identifying candidate risk equipment from the terminal equipment to be identified according to the calculation result of the stream data index.
Step S407, obtaining risk scores corresponding to the target element information identification rules to obtain total risk scores of candidate risk equipment; identifying candidate risk devices with total risk scores exceeding a preset value as risk devices in the candidate risk devices; and taking the risk equipment as a risk identification result aiming at the terminal equipment to be identified.
Step S408, performing format conversion processing on the risk identification result according to a preset format to obtain a risk identification result in the preset format; and generating and pushing corresponding early warning information according to the risk identification result in the preset format.
In the risk equipment identification method, the equipment identification of the terminal equipment to be identified is identified, and the corresponding element information is acquired from the terminal equipment to be identified according to the equipment identification and is used as the target element information of the terminal equipment to be identified, so that the target element information corresponding to the terminal equipment to be identified is accurately and effectively obtained according to the equipment identification of the terminal equipment to be identified; the element information is preprocessed, so that the preprocessed element information in a corresponding format can be accurately obtained; confirming element information types of the preprocessed element information, respectively constructing element information identification models aiming at the element information types, updating the element information identification models in real time to obtain updated element information identification models serving as preset element information identification models, and accordingly updating the element information identification models aiming at various element information types rapidly and effectively; identifying an element information identification model with the same element information type as the element information after preprocessing from the updated element information identification models aiming at each element information type, taking the identified element information identification model as a target element information identification model matched with the element information after preprocessing, and outputting the identification result of the element information after preprocessing through the target element information identification model, thereby accurately matching the element information after preprocessing with a preset element information identification model in sequence, and effectively determining a target element information identification model matched with the element information after preprocessing; then, determining a target element information identification rule matched with the updated element information from preset element information identification rules; acquiring a calculation result of a streaming data index aiming at the terminal equipment to be identified, and identifying candidate risk equipment from the terminal equipment to be identified according to the calculation result of the streaming data index, so that the risk equipment is primarily identified by analyzing an objective index of the calculation result of the streaming data index; acquiring risk scores corresponding to the target element information identification rules, obtaining total risk scores of candidate risk devices, and identifying candidate risk devices with the total risk scores exceeding a preset value as risk devices in the candidate risk devices; the risk equipment is used as a risk identification result aiming at the terminal equipment to be identified, so that objective data of risk scores is compared with a preset value, and the risk equipment is rapidly and accurately identified according to the comparison result; finally, carrying out format conversion treatment on the risk identification result according to a preset format to obtain a risk identification result in the preset format; generating and pushing corresponding early warning information according to a risk identification result in a preset format; the detection model based on the artificial intelligence algorithm is adopted to detect the terminal equipment to be identified, so that the detection speed is greatly increased, manual participation is not needed in the whole process, complex operations such as log collection, summarization and analysis and the like are avoided, and the identification efficiency of the risk equipment is improved.
In order to more clearly clarify the risk equipment identification method provided in the embodiment of the present application, a specific embodiment of the risk equipment identification method is described below in detail. In one embodiment, as shown in fig. 5, the application further provides a risk device identification method, which specifically includes the following steps:
step 1: and an element acquisition component. The component comprises two parts of contents, a first part and a terminal element acquisition script, wherein the element acquisition script is loaded from the element acquisition component when the terminal equipment is applied to trigger a buried point, and the element acquisition script is used for acquiring information of the terminal equipment; and the second part, the element acquisition component is used for collecting element information of the terminal equipment, preprocessing the information into probe data, and inputting the probe data into the risk identification engine.
Step 2: element risk rules and model management component that a user can use to define risk identification rules and data processing models and take effect in real time.
Step 3: and the risk identification engine component synchronizes rules and data processing models defined by users in real time, receives probe data input by the element acquisition component, performs rule matching and model data calling, and then outputs identified risks.
Step 4: and the risk result output component is used for receiving the decision result of the risk identification engine and is used for interfacing the service early warning system or providing inquiry.
According to the risk equipment identification method, the embedded points are carried out on different terminal equipment, the embedded points trigger scripts for loading element acquisition, the scripts timely carry out information acquisition on the terminal equipment, so that element information of the terminal equipment to be identified is acquired, the element information is preprocessed into probe data, and preprocessed element information in a probe data format can be accurately obtained; then defining a data processing model and risk identification rules and enabling the data processing model and the risk identification rules to take effect in real time, so that element information identification models aiming at various element information types and various risk identification rules are updated rapidly and effectively; then receiving probe data input by the element acquisition component, carrying out rule matching and model data calling, and then outputting identified risks, so that an identification result of risk equipment is accurately obtained according to known risk identification rules and a data processing model; and finally, receiving a decision result of the risk identification engine, and using the decision result to interface with a service early warning system or provide inquiry, namely adopting a detection model based on an artificial intelligence algorithm to detect the terminal equipment to be identified, so that the detection speed is greatly increased, and the whole process does not need manual participation, thereby avoiding complex operations such as manual log collection, summarization analysis and the like, and further improving the identification efficiency of the risk equipment.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a risk equipment identification device for realizing the above-mentioned related risk equipment identification method. The implementation of the solution provided by the apparatus is similar to the implementation described in the above method, so the specific limitation in the embodiments of the risk device identification apparatus or apparatus provided below may refer to the limitation of the risk device identification method hereinabove, and will not be described herein.
In one embodiment, as shown in fig. 6, there is provided a risk device identification apparatus, including: an information acquisition module 601, a model matching module 602, a rule matching module 603, and a result determination module 604, wherein:
the information obtaining module 601 is configured to obtain element information of a terminal device to be identified, and pre-process the element information to obtain pre-processed element information of the terminal device to be identified.
The model matching module 602 is configured to determine a target element information identification model that matches the preprocessed element information from the preset element information identification models, and output an identification result of the preprocessed element information through the target element information identification model.
A rule matching module 603, configured to determine, from preset element information identification rules, a target element information identification rule that matches the updated element information; the updated element information is obtained by adding the identification result of the preprocessed element information to the preprocessed element information.
And the result determining module 604 is configured to obtain a risk identification result for the terminal device to be identified according to the identification result and the target element information identification rule.
In one embodiment, the information obtaining module 601 is further configured to identify a device identifier of the terminal device to be identified; and acquiring corresponding element information from the terminal equipment to be identified according to the equipment identification, and taking the element information as target element information of the terminal equipment to be identified.
In one embodiment, the risk device identification apparatus further includes a model building module for confirming an element information type of the preprocessed element information; respectively constructing element information identification models aiming at the element information types; updating the element information identification model in real time to obtain an updated element information identification model as a preset element information identification model.
In one embodiment, the model matching module 602 is further configured to identify, from the updated element information identification models for each element information type, an element information identification model that has the same corresponding element information type as the element information type of the element information after preprocessing; the identified element information identification model is used as a target element information identification model matched with the preprocessed element information.
In one embodiment, the risk equipment identification device further comprises a preliminary screening module, configured to obtain a calculation result of the streaming data index for the terminal equipment to be identified; and identifying candidate risk equipment from the terminal equipment to be identified according to the calculation result of the stream data index.
The result determining module 604 is further configured to obtain risk scores corresponding to the target element information identification rules, so as to obtain a total risk score of the candidate risk device; identifying candidate risk devices with total risk scores exceeding a preset value as risk devices in the candidate risk devices; and taking the risk equipment as a risk identification result aiming at the terminal equipment to be identified.
In one embodiment, the risk equipment identification device further includes a result pushing module, configured to perform format conversion processing on the risk identification result according to a preset format, so as to obtain a risk identification result in the preset format; and generating and pushing corresponding early warning information according to the risk identification result in the preset format.
The respective modules in the risk device identification apparatus described above may be implemented in whole or in part by software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a terminal, and the internal structure of which may be as shown in fig. 7. The computer device includes a processor, a memory, an input/output interface, a communication interface, a display unit, and an input means. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface, the display unit and the input device are connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a risk device identification method. The display unit of the computer device is used for forming a visual picture, and can be a display screen, a projection device or a virtual reality imaging device. The display screen can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be a key, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the structure shown in fig. 7 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:
element information of the terminal equipment to be identified is obtained, and the element information is preprocessed to obtain preprocessed element information of the terminal equipment to be identified;
determining a target element information identification model matched with the preprocessed element information from a preset element information identification model, and outputting an identification result of the preprocessed element information through the target element information identification model;
determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the element information after pretreatment to the element information after pretreatment;
And obtaining a risk identification result aiming at the terminal equipment to be identified according to the target element information identification rule.
In one embodiment, the processor when executing the computer program further performs the steps of: identifying a device identifier of the terminal device to be identified; and acquiring corresponding element information from the terminal equipment to be identified according to the equipment identification, and taking the element information as target element information of the terminal equipment to be identified.
In one embodiment, the processor when executing the computer program further performs the steps of: confirming element information types of the element information after pretreatment; respectively constructing element information identification models aiming at the element information types; updating the element information identification model in real time to obtain an updated element information identification model as a preset element information identification model.
In one embodiment, the processor when executing the computer program further performs the steps of: identifying an element information identification model of which the corresponding element information type is the same as the element information type of the preprocessed element information from the updated element information identification models for the element information types; the identified element information identification model is used as a target element information identification model matched with the preprocessed element information.
In one embodiment, the processor when executing the computer program further performs the steps of: acquiring a calculation result of a streaming data index aiming at terminal equipment to be identified; according to the calculation result of the stream data index, identifying candidate risk equipment from terminal equipment to be identified; acquiring risk scores corresponding to the target element information identification rules to obtain total risk scores of candidate risk devices; identifying candidate risk devices with total risk scores exceeding a preset value as risk devices in the candidate risk devices; and taking the risk equipment as a risk identification result aiming at the terminal equipment to be identified.
In one embodiment, the processor when executing the computer program further performs the steps of: performing format conversion processing on the risk identification result according to a preset format to obtain a risk identification result in the preset format; and generating and pushing corresponding early warning information according to the risk identification result in the preset format.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, the user information (including, but not limited to, user equipment information, user personal information, etc.) and the data (including, but not limited to, data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data are required to comply with the related laws and regulations and standards of the related countries and regions.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the various embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase ChangeMemory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as Static Random access memory (Static Random access memory AccessMemory, SRAM) or dynamic Random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the various embodiments provided herein may include at least one of relational databases and non-relational databases. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic units, quantum computing-based data processing logic units, etc., without being limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the present application. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application shall be subject to the appended claims.

Claims (6)

1. A method of risk device identification, the method comprising:
identifying a device identifier of the terminal device to be identified; acquiring corresponding element information from the terminal equipment to be identified according to the equipment identifier, serving as target element information of the terminal equipment to be identified, and preprocessing the target element information to obtain preprocessed target element information of the terminal equipment to be identified;
Identifying an element information identification model with the same corresponding element information type as the element information type of the preprocessed target element information from a preset element information identification model; the identified element information identification model is used as a target element information identification model matched with the preprocessed target element information, and the identification result of the preprocessed target element information is output through the target element information identification model; the preset element information identification model is an updated element information identification model aiming at each element information type;
determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the preprocessed target element information to the preprocessed target element information;
acquiring a calculation result of a streaming data index aiming at the terminal equipment to be identified; according to the calculation result of the stream data index, identifying candidate risk equipment from the terminal equipment to be identified; acquiring risk scores corresponding to the target element information identification rules to obtain total risk scores of the candidate risk devices; identifying the candidate risk devices with the total risk score exceeding a preset value as risk devices in the candidate risk devices; and taking the risk equipment as a risk identification result aiming at the terminal equipment to be identified.
2. The method according to claim 1, further comprising, before identifying, from among the preset element information identification models, an element information identification model having the same corresponding element information type as the element information type of the preprocessed target element information:
confirming element information type of the preprocessed target element information;
respectively constructing element information identification models aiming at the element information types;
and updating the element information identification model in real time to obtain an updated element information identification model serving as the preset element information identification model.
3. The method according to any one of claims 1 to 2, characterized by further comprising, after the risk device is used as a risk recognition result for the terminal device to be recognized:
performing format conversion processing on the risk identification result according to a preset format to obtain a risk identification result in the preset format;
and generating and pushing corresponding early warning information according to the risk identification result in the preset format.
4. A risk device identification apparatus, the apparatus comprising:
the information acquisition module is used for identifying the equipment identifier of the terminal equipment to be identified; acquiring corresponding element information from the terminal equipment to be identified according to the equipment identifier, serving as target element information of the terminal equipment to be identified, and preprocessing the target element information to obtain preprocessed target element information of the terminal equipment to be identified;
The model matching module is used for identifying an element information identification model with the same corresponding element information type as the element information type of the preprocessed target element information from the preset element information identification model; the identified element information identification model is used as a target element information identification model matched with the preprocessed target element information, and the identification result of the preprocessed target element information is output through the target element information identification model; the preset element information identification model is an updated element information identification model aiming at each element information type;
the rule matching module is used for determining a target element information identification rule matched with the updated element information from preset element information identification rules; the updated element information is obtained by adding the identification result of the preprocessed target element information to the preprocessed target element information;
the result determining module is used for obtaining a calculation result of the streaming data index aiming at the terminal equipment to be identified; according to the calculation result of the stream data index, identifying candidate risk equipment from the terminal equipment to be identified; acquiring risk scores corresponding to the target element information identification rules to obtain total risk scores of the candidate risk devices; identifying the candidate risk devices with the total risk score exceeding a preset value as risk devices in the candidate risk devices; and taking the risk equipment as a risk identification result aiming at the terminal equipment to be identified.
5. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 3 when the computer program is executed.
6. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 3.
CN202310204643.7A 2023-03-03 2023-03-03 Risk device identification method, apparatus, computer device and storage medium Active CN116415237B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310204643.7A CN116415237B (en) 2023-03-03 2023-03-03 Risk device identification method, apparatus, computer device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310204643.7A CN116415237B (en) 2023-03-03 2023-03-03 Risk device identification method, apparatus, computer device and storage medium

Publications (2)

Publication Number Publication Date
CN116415237A CN116415237A (en) 2023-07-11
CN116415237B true CN116415237B (en) 2024-03-19

Family

ID=87048868

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310204643.7A Active CN116415237B (en) 2023-03-03 2023-03-03 Risk device identification method, apparatus, computer device and storage medium

Country Status (1)

Country Link
CN (1) CN116415237B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107172004A (en) * 2016-03-08 2017-09-15 中兴通讯股份有限公司 The methods of risk assessment and device of a kind of Network Security Device
CN108449307A (en) * 2017-02-16 2018-08-24 上海行邑信息科技有限公司 A method of risk equipment for identification
CN111695824A (en) * 2020-06-16 2020-09-22 深圳前海微众银行股份有限公司 Risk tail end client analysis method, device, equipment and computer storage medium
CN112822143A (en) * 2019-11-15 2021-05-18 网宿科技股份有限公司 Method, system and equipment for evaluating IP address
CN115525897A (en) * 2022-09-27 2022-12-27 杭州安恒信息技术股份有限公司 System detection method and device for terminal equipment, electronic device and storage medium
CN115643082A (en) * 2022-10-20 2023-01-24 北京神州泰岳软件股份有限公司 Method and device for determining lost host and computer equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112418580A (en) * 2019-08-22 2021-02-26 上海哔哩哔哩科技有限公司 Risk control method, computer equipment and readable storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107172004A (en) * 2016-03-08 2017-09-15 中兴通讯股份有限公司 The methods of risk assessment and device of a kind of Network Security Device
CN108449307A (en) * 2017-02-16 2018-08-24 上海行邑信息科技有限公司 A method of risk equipment for identification
CN112822143A (en) * 2019-11-15 2021-05-18 网宿科技股份有限公司 Method, system and equipment for evaluating IP address
CN111695824A (en) * 2020-06-16 2020-09-22 深圳前海微众银行股份有限公司 Risk tail end client analysis method, device, equipment and computer storage medium
CN115525897A (en) * 2022-09-27 2022-12-27 杭州安恒信息技术股份有限公司 System detection method and device for terminal equipment, electronic device and storage medium
CN115643082A (en) * 2022-10-20 2023-01-24 北京神州泰岳软件股份有限公司 Method and device for determining lost host and computer equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种基于实体行为风险评估的信任模型;张润莲;武小年;周胜源;董小社;;计算机学报(第04期);全文 *
结合灰色网络威胁分析的信息安全风险评估;赵刚;吴天水;;清华大学学报(自然科学版)(第12期);全文 *

Also Published As

Publication number Publication date
CN116415237A (en) 2023-07-11

Similar Documents

Publication Publication Date Title
CN112100545A (en) Visualization method, device and equipment of network assets and readable storage medium
CN110245714B (en) Image recognition method and device and electronic equipment
CN107240029B (en) Data processing method and device
CN109241223B (en) Behavior track identification method and system
CN114143049B (en) Abnormal flow detection method and device, storage medium and electronic equipment
CN111651741B (en) User identity recognition method, device, computer equipment and storage medium
CN112019820A (en) Interface generation method and device
CN112685799B (en) Device fingerprint generation method and device, electronic device and computer readable medium
CN112214677A (en) Interest point recommendation method and device, electronic equipment and storage medium
CN111148018A (en) Method and device for identifying and positioning regional value based on communication data
CN115563600A (en) Data auditing method and device, electronic equipment and storage medium
CN112085588B (en) Method and device for determining safety of rule model and data processing method
CN116415237B (en) Risk device identification method, apparatus, computer device and storage medium
CN110457600B (en) Method, device, storage medium and computer equipment for searching target group
CN112019377A (en) Method, system, electronic device and storage medium for network user role identification
CN113254672B (en) Method, system, equipment and readable storage medium for identifying abnormal account
CN115758271A (en) Data processing method, data processing device, computer equipment and storage medium
CN115827379A (en) Abnormal process detection method, device, equipment and medium
CN114492994A (en) Power information processing system, method and device based on power big data
CN111241277A (en) Sparse graph-based user identity identification method and device
CN116112200B (en) Method, device, computer equipment and storage medium for detecting longitudinal access of power distribution network
CN110719260B (en) Intelligent network security analysis method and device and computer readable storage medium
CN107959680A (en) One kind is without identification number register login method and system
CN109413031B (en) Anti-fraud model construction method, device, equipment and readable storage medium
CN110008220B (en) Method and device for obtaining attenuation coefficient of blacklist conduction spectrum and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant