CN112799722A - Command recognition method, device, equipment and storage medium - Google Patents
Command recognition method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112799722A CN112799722A CN202110184311.8A CN202110184311A CN112799722A CN 112799722 A CN112799722 A CN 112799722A CN 202110184311 A CN202110184311 A CN 202110184311A CN 112799722 A CN112799722 A CN 112799722A
- Authority
- CN
- China
- Prior art keywords
- command
- executed
- operation instruction
- execution
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 96
- 238000003860 storage Methods 0.000 title claims abstract description 21
- 238000011022 operating instruction Methods 0.000 claims abstract description 9
- 238000004458 analytical method Methods 0.000 claims description 36
- 238000004519 manufacturing process Methods 0.000 claims description 16
- 230000011218 segmentation Effects 0.000 claims description 15
- 238000012360 testing method Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 9
- 230000000694 effects Effects 0.000 claims description 9
- 230000008569 process Effects 0.000 description 34
- 238000007726 management method Methods 0.000 description 18
- 238000012423 maintenance Methods 0.000 description 15
- 238000004891 communication Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000002427 irreversible effect Effects 0.000 description 5
- 238000013459 approach Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 238000005096 rolling process Methods 0.000 description 1
- 238000010845 search algorithm Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
- 230000003245 working effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30003—Arrangements for executing specific machine instructions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30145—Instruction analysis, e.g. decoding, instruction word fields
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the application discloses a command identification method, a device, equipment and a storage medium, wherein the method comprises the following steps: acquiring a command to be executed; analyzing the command to be executed to obtain at least one operation instruction to be matched and an execution parameter of each operation instruction, wherein the execution parameter of the operation instruction at least comprises an execution object of the operation instruction; comparing the at least one operating instruction to be matched and the execution parameter of each operating instruction with a preset operating instruction and a preset execution parameter to obtain a comparison result of the command to be executed; and judging the execution mode of the command to be executed based on the comparison result of the command to be executed.
Description
Technical Field
Embodiments of the present application relate to computer technology, and relate to, but are not limited to, a command recognition method, apparatus, device, and storage medium.
Background
In the daily operation and maintenance management process of the infrastructure, different systems or platforms have respective differentiated management methods. Due to the fact that the technical capability levels of operation and maintenance users are not uniform, when operation and maintenance operation is conducted on a production system, the current operation and maintenance auditing platform cannot well identify whether a command input by the user is a high-risk command or not in real time, and therefore irreversible loss is caused to services.
Disclosure of Invention
In view of this, embodiments of the present application provide a command recognition method, device, apparatus, and storage medium.
The technical scheme of the embodiment of the application is realized as follows:
in a first aspect, an embodiment of the present application provides a command identification method, where the method includes: acquiring a command to be executed; analyzing the command to be executed to obtain at least one operation instruction to be matched and an execution parameter of each operation instruction, wherein the execution parameter of the operation instruction at least comprises an execution object of the operation instruction; comparing the at least one operating instruction to be matched and the execution parameter of each operating instruction with a preset operating instruction and a preset execution parameter to obtain a comparison result of the command to be executed; and judging the execution mode of the command to be executed based on the comparison result of the command to be executed.
In a second aspect, an embodiment of the present application provides a command recognition apparatus, including: the acquisition module is used for acquiring a command to be executed; the analysis module is used for analyzing the command to be executed to obtain at least one operation instruction to be matched and an execution parameter of each operation instruction, wherein the execution parameter of the operation instruction at least comprises an execution object of the operation instruction; the first comparison module is used for comparing the at least one to-be-matched operation instruction and the execution parameter of each operation instruction with a preset operation instruction and a preset execution parameter to obtain a comparison result of the to-be-executed instruction; and the first judgment module is used for judging the execution mode of the command to be executed based on the comparison result of the command to be executed.
In a third aspect, an embodiment of the present application provides an electronic device, including a memory and a processor, where the memory stores a computer program that is executable on the processor, and the processor implements the steps in the method when executing the program.
In a fourth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps in the method.
According to the command identification method, the device, the equipment and the storage medium, the command to be executed is analyzed, the comparison result between the operation instruction in the command to be executed and the execution parameter of each operation instruction and the preset execution parameter is determined, and finally the execution mode of the command to be executed is judged based on the comparison result of the command to be executed. Thus, the operation command input by the user can be recognized in real time; when the condition that the input command to be executed is possibly a dangerous command is detected, real-time reminding can be carried out according to rules, so that irreversible loss caused by high-risk command sending is avoided.
Drawings
Fig. 1 is a schematic flowchart illustrating an implementation process of a command recognition method according to an embodiment of the present application;
fig. 2 is a schematic flow chart illustrating an implementation of another command recognition method according to an embodiment of the present application;
fig. 3 is a schematic flowchart illustrating an implementation process of another command recognition method according to an embodiment of the present application;
fig. 4 is a schematic flowchart illustrating an implementation process of another command recognition method according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a command recognition apparatus according to an embodiment of the present disclosure;
fig. 6 is a hardware entity diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, specific technical solutions of the present invention will be described in further detail below with reference to the accompanying drawings in the embodiments of the present application. The following examples are intended to illustrate the present application but are not intended to limit the scope of the present application.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or different subsets of all possible embodiments, and may be combined with each other without conflict.
In the following description, references to the terms "first \ second \ third" are only to distinguish similar objects and do not denote a particular order, but rather the terms "first \ second \ third" are used to interchange specific orders or sequences, where appropriate, so as to enable the embodiments of the application described herein to be practiced in other than the order shown or described herein.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the present application only and is not intended to be limiting of the application.
Before further detailed description of the embodiments of the present application, terms and expressions referred to in the embodiments of the present application will be described, and the terms and expressions referred to in the embodiments of the present application will be used for the following explanation.
1) The bastion machine is used for monitoring and recording the operation behaviors of the users on the devices such as servers, network devices, security devices, databases and the like in the network by using various technical means in order to ensure that the network and the data are not invaded and damaged by external and internal users under a specific network environment, so as to realize centralized alarm, timely processing and audit and responsibility determination.
2) The CMDB, a Configuration Management Database (CMDB), is a logical Database containing information of the whole life cycle of Configuration items and relationships (including physical relationships, real-time communication relationships, non-real-time communication relationships, and dependency relationships) between the Configuration items. The CMDB stores and manages various configuration information of equipment in the IT architecture of the enterprise, is closely connected with all service support and service delivery processes, supports the operation of the processes, exerts the value of the configuration information and simultaneously depends on the related processes to ensure the accuracy of data.
3) API (Application Programming Interface) is some predefined function or convention for linking different components of a software system. To provide a set of routines that applications and developers can access based on certain software or hardware without accessing source code or understanding the details of the internal workings.
4) The infrastructure, an IT automation tool, may configure the system, deploy software, and coordinate more advanced IT tasks, such as continuous deployment or zero-downtime rolling updates.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
It should be understood that some of the embodiments described herein are only for explaining the technical solutions of the present application, and are not intended to limit the technical scope of the present application.
Referring to fig. 1, a command identification method provided in an embodiment of the present application executes the following steps:
step S101, obtaining a command to be executed;
in the implementation process, the command to be executed may be a command issued by the user to the operating system to execute a specific operation. For example, a Disk Operating System (DOS) command refers to a command of a DOS Operating System, and the DOS command is an operation command for Disk management because the DOS is actually a Disk Operating System. The difference from the Windows operating system is that the man-machine interaction is performed by inputting commands in the form of command lines, and the instructions are transmitted to the computer in the form of commands to realize the operation of the computer. The Linux command is a command for managing a Linux system. For the Linux system, whether a central processing unit, a memory, a disk drive, a keyboard, a mouse, a user and the like are files, a command managed by the Linux system is a core of normal operation, and is similar to a previous DOS command. There are two types of Linux commands in the system: built-in Shell commands and Linux commands. Here, Linux is a type of operating system, and a user can obtain it freely through a network or other routes, and can modify its source code arbitrarily.
In some embodiments, the obtained command to be executed may be a combination of commands to be executed, or may be a plurality of commands to be executed issued to the system in the form of a script. The script content uploaded by the user needs to be scanned to obtain the executed command in the script.
Step S102, analyzing the command to be executed to obtain at least one operation instruction to be matched and an execution parameter of each operation instruction, wherein the execution parameter of the operation instruction at least comprises an execution object of the operation instruction;
in the implementation process, the command to be executed is composed of an operation instruction and an execution parameter of the operation instruction, wherein the operation instruction can be an instruction and a command for commanding the machine to work, the program is a series of instructions arranged in a certain sequence, and the process of executing the program is the working process of the computer. The controller commands the machine to work by instructions, and a user expresses own intention by the instructions and gives the instructions to the controller for execution; the execution parameters of the operation instruction at least comprise an execution object of the operation instruction. For example: under the condition that the command to be executed is rm-rf/data, the operation instruction is rm, the execution parameter of the operation instruction is rf/data, and the effect of executing the command is to delete the data directory under the "/" directory.
Step S103, comparing the at least one operation instruction to be matched and the execution parameter of each operation instruction with a preset operation instruction and a preset execution parameter to obtain a comparison result of the command to be executed;
in the implementation process, a knowledge base can be set for storing the preset operation instruction and the preset execution parameter, the preset operation instruction and the preset execution parameter in the knowledge base are compared under the condition that comparison is needed, and the newly added preset operation instruction and the preset execution parameter can be stored in the knowledge base under the condition that a user determines that the preset operation instruction and the preset execution parameter need to be added, so that different comparison requirements of the user are met, and the preset operation instruction and the preset execution parameter in the knowledge base are updated in time. For example, rm is set as a preset high-risk operation instruction, -rf/(space) is set as a preset execution parameter, where if a user erroneously outputs a space after rm-rf/it may cause the root directory of the system to be deleted, so that in the case where the operation instruction to be matched and the execution parameter of each of the operation instructions are determined as rm-rf/(space), it may be determined that the execution command is a high-risk command.
And step S104, judging the execution mode of the command to be executed based on the comparison result of the command to be executed.
In the implementation process, under the condition that the command to be executed is determined to be a high-risk command, the command to be executed can be intercepted firstly, then real-time reminding is carried out according to the rule, a prompt is given to the user once, the user is enabled to select a proper execution mode, and irreversible loss is avoided.
In the embodiment of the application, the operation instruction in the command to be executed and the comparison result of the execution parameter of each operation instruction with the preset operation instruction and the preset execution parameter are determined by analyzing the command to be executed, and finally, the execution mode of the command to be executed is judged based on the comparison result of the command to be executed. Thus, the operation command input by the user can be recognized in real time; when the condition that the input command to be executed is possibly a dangerous command is detected, real-time reminding can be carried out according to rules, so that irreversible loss caused by high-risk command sending is avoided.
Referring to fig. 2, a command identification method provided in an embodiment of the present application executes the following steps:
step S201, obtaining a command to be executed;
step S202, analyzing the command to be executed to obtain at least one operation instruction to be matched and an execution parameter of each operation instruction, wherein the execution parameter of the operation instruction at least comprises an execution object of the operation instruction;
step S203, comparing the at least one operation instruction to be matched with the preset operation instruction to obtain an operation instruction comparison result;
in the implementation process, the operation instruction to be matched can be compared with a preset operation instruction, and the execution parameter of the operation instruction is compared under the condition that the operation instruction to be matched is determined to be a high-risk operation instruction; and under the condition that the operation instruction to be matched is determined not to be a high-risk operation instruction, the execution parameter comparison of the operation instruction is not needed, the process is ended, and the corresponding instruction to be executed can be issued.
Step S204, determining whether the operation instruction is a high-risk operation instruction or not based on the operation instruction comparison result, and comparing an execution parameter of the operation instruction with a preset execution parameter to obtain a parameter comparison result if any one of the operation instructions is the high-risk operation instruction;
in some embodiments, the obtained command to be executed may be a combination of commands to be executed, or may be a plurality of commands to be executed issued to the system in the form of a script. The script content uploaded by the user needs to be scanned to obtain the executed command in the script. In a case where any one of the operation instructions to be executed is determined to be a high-risk operation instruction, an execution parameter for executing the high-risk operation needs to be further determined.
In the implementation process, for example, if the command to be executed input by the user is a formatted disk command (mkfs. xfs-f/dev/sdb), the operation command mkfs.xfs needs to be compared with the execution parameter-f/dev/sdb of the operation command to determine whether the operation command is a high-risk operation command; and for example, deleting a root directory (rm-rf /), comparing an execution parameter-rf/of the operation instruction with a high-risk execution parameter of the operation instruction rm if the operation instruction is determined to be the high-risk operation instruction.
Step S205, determining whether the execution object of the operation instruction is a high-risk object or not based on the parameter comparison result, and if any execution object is the high-risk execution object, determining that the command to be executed is the high-risk command;
in some embodiments, one operation instruction may correspond to a plurality of execution objects, and in a case where any one of the plurality of execution objects is determined to be a high-risk execution object, the execution command is determined to be a high-risk command.
Step S206, based on the fact that the command to be executed is determined to be the high-risk command, judging that the execution mode of the command to be executed is to intercept the command to be executed.
And blocking the command of the user from issuing based on the fact that the command to be executed is determined to be the high-risk command, and then feeding back the command to the user in real time to prompt risk information and operation suggestions for the user. After the user confirmation is obtained, the instruction is issued.
In the embodiment of the application, the operation instructions are compared firstly, and then the execution parameters of the operation instructions are compared. In this way, under the condition that the operation instruction to be matched is determined to be a high-risk operation instruction, the execution parameters of the operation instruction are compared; under the condition that the operation instruction to be matched is determined not to be a high-risk operation instruction, the execution parameters of the operation instruction do not need to be compared, the process is ended, the corresponding instruction to be executed can be issued, and the comparison effect of the instruction to be executed is effectively improved. And blocking the command of the user from issuing based on the fact that the command to be executed is determined to be the high-risk command, and then feeding back the command to the user in real time to prompt risk information and operation suggestions for the user. After the user confirmation is obtained, the instruction is issued, the high-risk command is intercepted in time, and the operation risk is effectively reduced.
The command identification method provided by the embodiment of the application executes the following steps:
step S211, obtaining a command to be executed;
step S212, analyzing the command to be executed to obtain at least one operation instruction to be matched and an execution parameter of each operation instruction, wherein the execution parameter of the operation instruction at least comprises an execution object of the operation instruction;
step S213, determining the environment type of the command to be executed according to the execution parameter of the operation instruction;
in some embodiments, the environment information for executing the command to be executed may be acquired according to the execution parameter of the operation instruction. For example: in the case where an Internet Protocol (IP) address is included in the execution parameter of the operation instruction, the environment address where the execution command is executed may be determined according to the IP address.
In some embodiments, the type of environment in which the command to be executed is executed may also be determined according to the system to which the command to be executed needs to be sent, i.e., the IP address of the system.
In the implementation process, according to actual requirements, the attribute corresponding to the environment address can be set in the configuration management database. The environment address is identified with an environment type, e.g., a test environment or a production environment, to which the asset belongs as an attribute. And determining whether further high-risk command analysis is needed or not according to the environment type of the assets maintained in the configuration management database system.
Step S214, if the environment type is a test environment, judging that the command to be executed is an executable command;
in the implementation process, the operating system which issues the command to be executed is determined to be a test environment according to the acquired environment address, and the command can be directly issued to the target system because the test environment is the environment used for testing by the user and the loss caused by mistakenly issuing the high-risk command does not exist.
Step S215, if the environment type is a production environment, comparing the operation instruction to be matched and the execution parameter of each operation instruction with the preset operation instruction and the preset execution parameter to obtain a comparison result of the command to be executed;
in the implementation process, the operating system issuing the command to be executed is determined to be a production environment according to the acquired environment address, because the test environment is an environment used for generating by a user, loss caused by mistakenly issuing a high-risk command exists, and further high-risk command analysis is required.
In some embodiments, further high risk command analysis may also need to be initiated when a user marks certain non-productive systems as important applications in the configuration management database.
Step S216, based on the comparison result of the command to be executed, judging the execution mode of the command to be executed.
In the embodiment of the application, an execution parameter of an operation instruction determines an environment type of the command to be executed, and if the environment type is a test environment, the command to be executed is judged to be an executable command; if the environment type is a production environment, comparing the operation instruction to be matched and the execution parameter of each operation instruction with the preset operation instruction and the preset execution parameter to obtain a comparison result of the command to be executed. Therefore, whether high-risk command analysis needs to be started or not is determined according to different environment types of the commands to be executed, the efficiency of issuing the commands by a user can be effectively improved, and necessary high-risk command analysis can be started in a system needing the high-risk command analysis.
In an embodiment of the present application, the predetermined execution parameter includes a predetermined character and a predetermined internet protocol address, and the following steps are performed based on the result of comparing the operation instruction to determine whether the operation instruction is a high-risk operation instruction or not:
step S221, obtaining a command to be executed;
step S222, analyzing the command to be executed to obtain at least one operation instruction to be matched and an execution parameter of each operation instruction, wherein the execution parameter of the operation instruction at least comprises an execution object of the operation instruction;
in some embodiments, the operation command and the execution parameter input by the user need to be analyzed first, and then matched with the knowledge base. For example, firstly, an analysis tool receives an operation instruction and an execution parameter input by a user, and firstly, an analysis rule knowledge base is called to carry out analysis to construct a new data structure; since the data constructed here is the source of the high risk command analysis.
Step S223, comparing the at least one operation instruction to be matched with the preset operation instruction to obtain an operation instruction comparison result;
step S224, determining that the operation instruction is a high-risk operation instruction based on the operation instruction comparison result, and performing parameter word segmentation on an execution parameter of the operation instruction to obtain at least one character;
in some embodiments, the parameter participles are determined by the characteristics of the software whether to participle in spaces or in number of characters. Taking MySQL as an example, the nodes to be connected are written as MySQL-h127.0.0.1. After h is a parameter, the parameter value needs to be separated from h. Conventional segmentation in the form of spaces, punctuation, etc. is not suitable for the segmentation of parameters of this part. The word segmentation of the parameters needs to be performed separately. After identifying the parameter values, it is possible to further identify whether the node is at high risk or to label other attributes of the node with the necessary database. Performing parameter word segmentation on the execution parameter of the operation instruction to obtain at least one character.
Step S225A, determining that the command to be executed is the high-risk command based on the character including the preset character; or,
in some embodiments, it is necessary to compare whether the characters obtained after word segmentation contain necessary keywords. For example, some operation instructions start with a centerline flag parameter, or n characters after the centerline are execution parameters, or the executor parameter value is root may be a high risk connection, etc.
Step S225B, determining that the command to be executed is the high risk command based on the character including the preset internet protocol address;
in an implementation, for example, the character includes an IP address of a key application, and the command to be executed may be determined to be a high-risk command.
The above steps S225A and S225B may be performed simultaneously to complete the analysis of the high risk command.
Step S226, determining whether the execution object of the operation instruction is a high-risk object based on the parameter comparison result, and if any of the execution objects is the high-risk execution object, determining that the command to be executed is a high-risk command.
In the implementation process, the analysis of the high-risk command does not need to establish a knowledge base for all operation instructions and execution parameters. But only need to establish a knowledge base for the key operation instructions. The knowledge base can use a search-based approach or a rule engine-based approach to reasoning. The search mode can be understood as a search engine similar to hundredth and google, and keywords are input to recommend possibly wanted contents; and the rule engine refers to exact matching, as long as the condition is met and the result is returned in time.
Step S227, based on the determination that the command to be executed is the high-risk command, determining that the execution mode of the command to be executed is to intercept the command to be executed.
In the embodiment of the application, the execution parameter of the operation instruction is subjected to parameter word segmentation to obtain at least one character, and based on the character including the preset character, the command to be executed is determined to be the high-risk command, or, the character including the preset internet interconnection protocol address, the command to be executed is determined to be the high-risk command. Therefore, whether the command to be executed is a high-risk command or not can be determined efficiently by using the parameter word segmentation.
Referring to fig. 3, a command identification method provided in an embodiment of the present application executes the following steps:
s301, acquiring a command to be executed;
step S302, analyzing the command to be executed to obtain at least one operation instruction to be matched and an execution parameter of each operation instruction, wherein the execution parameter of the operation instruction at least comprises an execution object of the operation instruction;
step S303, comparing the at least one operation instruction to be matched and the execution parameter of each operation instruction with a preset operation instruction and a preset execution parameter to obtain a comparison result of the to-be-executed command;
step S304, outputting prompt information based on the comparison result, wherein the prompt information is used for prompting a user to determine an execution mode; the prompt information comprises a recommended user preset execution command, wherein the preset execution command has the same execution effect as the command to be executed;
in some embodiments, when it is determined that the command to be executed input by the user is a high-risk command, the user may be recommended the best operation practice according to the purpose that the user may achieve. For example, if a user needs to execute a shutdown instruction, there are multiple commands (init 0, hash, shutdown-h now) to complete shutdown of the system, and the correct shutdown instruction is shutdown-h now, but if the execution of the shutdown of init 0 may cause an application running in the system to be accidentally dropped by kill, data loss may result. If the command input by the user is init 0, the user can be prompted to use a shutdown-h now to complete the same function.
In some embodiments, while the user enters a command to be executed, a user-associated standardized instruction entry suggestion may be provided suggesting that the user operate with the standardized instruction.
In the implementation process, the commands to be executed which achieve the same effect may have multiple execution modes. Different implementations will achieve different results. If suggestions for executing commands can be provided in real time, it is a positive effect to enhance the operation and maintenance process standardization.
Step S305, judging the execution mode of the command to be executed based on the execution mode determined by the user.
In the implementation, the execution mode selected by the user in step S305 may be provided, and the execution mode of the command to be executed is determined.
In the embodiment of the application, prompt information is output based on the comparison result, wherein the prompt information is used for prompting a user to determine an execution mode; the prompt message comprises a recommended user preset execution command, wherein the preset execution command has the same execution effect as the command to be executed. Therefore, when the intelligent analysis module detects that the command to be executed is possibly a high-risk command, real-time reminding is carried out according to the rule; by providing a standardized execution suggestion, the operation quality of a common instruction of a user is improved; when a user inputs a high-risk command, the intelligent analysis system can provide the user with a correct use scene of a popular science related operation instruction and damage possibly caused to a production system. The user can select the correct execution mode which can achieve the same execution effect according to the prompt.
In the daily operation and maintenance management process of infrastructure, different systems or platforms have respective different management methods, and in the face of the complex operation and maintenance management, particularly production systems, it is very necessary to perform real-time safety risk assessment and optimal time reminding on the operation of users on the systems and platforms. Especially in many operation and maintenance organizations, users have many difficulties in knowledge and experience transfer.
There are many commercial or open source bastion platforms currently on the market that work as follows:
a user logs in the bastion machine, and only a legal user can use the platform; the bastion machine has role management and can divide the authority according to the responsibility of each user; the bastion machine has the system management capacity of crossing a Data Center (DC) and a platform; the fort machine has an auditing function and can record screens and log records of contents in the operation process; and when the production environment is abnormal, checking the audit log, and judging whether the operation and maintenance user has misoperation or hacking.
Due to the fact that the technical capability levels of operation and maintenance users are not uniform, when the operation and maintenance operation is carried out on a production system, the current bastion machine (also called as an audit platform) cannot well identify whether a command input by the user is a high-risk command or not in real time, and therefore irreversible loss is caused to business.
The auditing content of the bastion machine is as follows, a system administrator operates the IP address of the machine; a system administrator operates an account of the production system; the operation instruction input by the system administrator, the executed script and the script content.
In a conventional operation and maintenance scene, the common misoperation situation is as follows: in the daily operation and maintenance process of the Linux operating system, if a user wants to execute a command fsck for disk verification, the command is executed in a single-user mode, a repair mode or after unloading disk equipment, disk errors can be repaired, but in a normal working mode of the system, the command fscy-y is executed, indexes of the disks can be damaged, and data are lost and cannot be recovered; disk formatting, mkfs. xfs-f/dev/sdb, which may format disks; uninstall software, yum-y remove "software," may uninstall software packages that production applications depend on; the disk repair command, fsck-y, which may cause data loss under the root user of the operating system, should be switched to a single-user mode generally to execute the command, which is the correct operation mode. A false delete, rm-rf/data, user may want to delete the data directory under the "/" directory, resulting in one more space for the "/" directory, resulting in the system's root directory being deleted. In addition, some users may execute instructions in a variety of ways. Different implementations will achieve different results. If the suggestion of executing instructions can be provided in real time, it is positive for enhancing the operation and maintenance process standardization.
For example, a shutdown instruction is executed, and there are multiple commands (init 0, hash, shutdown-h now) to complete shutdown of the system, and the correct shutdown instruction is shutdown-h now, but if the init 0 shutdown is executed, the application program running in the system may be accidentally dropped by kill, and data loss may be caused.
The disadvantages of the existing solutions are: 1) the real-time performance is weak, commands input by users cannot be recognized in real time, and the current auditing platform can only record the user operation process; 2) poor knowledge management-no high risk operational commands are identified and managed, e.g. after a user enters high risk commands, these commands can be automatically added to the knowledge management; 3) the risk is high, when the user inputs dangerous commands, the operation of the user cannot be blocked; 4) the ability of identifying risk instructions and reminding in real time is not available, namely, the operation command word input by a user is misspelled, and the error cannot be fed back in real time and the correct command cannot be recommended. 5) There is no ability to recognize user commands in real time and provide standardized command suggestions.
In view of the foregoing problems, an embodiment of the present application provides a command identification method, and fig. 4 is a schematic diagram illustrating an implementation flow of the command identification method provided in the embodiment of the present application, where as shown in fig. 4, a workflow is described as follows:
step S401, the bastion machine acquires a command to be executed, wherein the command to be executed comprises an operation instruction and an execution parameter;
in some embodiments, the bastion machine may be accessible through a browser, or may be logged in through a dedicated tool, or may be invoked through a third party application based on an API form.
S402, the intelligent analysis component analyzes the command to be executed according to the analysis rule to obtain a command to be matched;
in some embodiments the intelligent analysis component includes a knowledge base and a configuration management database. The knowledge base is used for storing a preset operation instruction and a preset execution parameter, and the preset operation instruction and the preset execution parameter in the knowledge base are used for comparison under the condition that comparison is needed; the configuration management data determines whether to start intelligent analysis or not according to the environment type of the maintained asset, for example, if the maintained target system is a test environment, the configuration management data directly issues a command to the target system; and if the maintained target system is a production environment, carrying out intelligent judgment.
The intelligent analysis component analyzes the input command to be executed, and needs to construct a new data structure first to obtain the command to be matched.
In some embodiments, when a user performs command execution operations on a target system, the execution commands are synchronously forwarded to the intelligent analysis module, and the intelligent analysis module identifies context information and environment variable information of the operating environment. The collection of the environment variables is similar to the collection of the allowed setup. The intelligent analysis module integrates a knowledge base, and carries out rule-based search and verification on the input command to be executed and judges: if the input command is a high-risk operation command, the command is fed back to a user in real time, for example, the command input by the user is a formatted disk command (mkfs. xfs-f/dev/sdb) or a deleted root directory (rm-rf /), and the like, the command issuing of the user is blocked first, and risk information and operation suggestions are prompted to the user. After the user confirmation is obtained, the instruction is issued. When the operation command input by the user is dangerous, the optimal command or operation method can be recommended to the user in real time; if the input is a conventional operation command or the command does not appear in the knowledge base, the instruction issuing is executed according to the built-in rule, for example, the instruction is directly issued to the target system.
Step S403, the intelligent analysis component matches the command to be matched with the command in the knowledge base to obtain a matching result; or, analyzing the command to be matched by using the configuration management database to obtain an analysis result;
the intelligent analysis component utilizes a recommendation algorithm to identify and match the command to be executed based on the user input, and recommends a related use method and explanation to the user when the command to be executed input by the user is suspected to be a non-optimal command. And determining whether the relevant operation is to block or not to block the user operation according to the built-in rule.
The intelligent analysis component calls the knowledge base to match the operation commands constructed into the new data structure, and the matching mode has various forms, such as:
the method comprises the steps that firstly, instructions and parameters in a command to be matched are completely matched with instructions and parameters in a knowledge base;
in the second mode, the instruction in the command to be matched is matched with the instruction in the knowledge base;
allowing other relevant parameters to be extended according to the instruction;
in the second mode, the instruction in the command to be matched is accurately matched with the instruction in the knowledge base, and the parameter needs to be analyzed based on the rule:
rule one, contains the necessary keywords. For example, some instructions start with a centerline flag parameter, or the next n characters of the centerline are parameters, or a parameter value of root may be a high risk connection, etc. And a second rule, after parameter word segmentation, including keywords. (in fact many of the parameters are in the form of "characters" rather than words in the traditional sense). Taking MySQL as an example, the nodes to be connected are written as MySQL-h127.0.0.1, and the concept of parameter word segmentation determines whether to segment words by spaces or by the number of characters according to the characteristics of software. In the above example, -h is followed by a parameter, which needs to be separated from the parameter-h. Conventional segmentation in the form of spaces, punctuation, etc. is not suitable for the segmentation of parameters of this part. The word segmentation of the parameters needs to be performed separately. After identifying the parameter values, it is possible to further identify whether the node is at high risk or to label other attributes of the node with the necessary database.
And thirdly, accurately matching the instruction in the command to be matched with the instruction in the knowledge base, and matching key parameters based on the operation and maintenance database, wherein for example, the IP address of a certain key application is used by the connection character string of the database. The instruction analysis tool of the intelligent analysis module does not need to establish a knowledge base for all instructions and parameters. But only a knowledge base is established for the critical instructions. The knowledge base can use a search-based approach or a rule engine-based approach to reasoning.
And S404, determining the processing mode of the command according to the matching result or the analysis result.
In some embodiments, the intelligent analysis component workflow is to receive a command to be executed forwarded by the bastion machine, and first call an interface of the configuration management database to perform environment check, and the environment check mainly includes the following three cases: if the target system is a production system, intelligent analysis is started, and when the command input by the administrator belongs to a conventional command, the command is directly issued to the target system; if the target system is a non-production system, the intelligent analysis is not started, and a command is directly sent to the target system; the intelligent analysis also needs to be initiated when the administrator marks certain non-productive systems as important applications in the CMDB.
In some embodiments, when the command to be executed is determined to be a high-risk command, the interception processing is executed first, and then the execution is executed according to the execution mode determined by the user according to the prompt information; and under the condition that the command to be executed is determined not to be a high-risk command, issuing the command to be executed to a corresponding environment.
In the embodiment of the application, common high-risk commands under the system are managed based on the knowledge base; analyzing the operation instruction and the execution parameter input by the user by adopting a method of accurately matching the instruction and the fuzzy matching parameter; by applying a rule-based search algorithm, when a user inputs a high-risk operation instruction, the user is recommended an optimal operation practice according to the purpose which the user may achieve; when the user inputs an operation command, a user-related standardized instruction input suggestion is provided, and an engineer is suggested to operate by using the standardized command. And (3) constructing an analysis tool of instructions and parameters, identifying high-risk commands input by an administrator, scanning script contents uploaded by a user, and judging whether the high-risk commands exist in the script.
Based on the foregoing embodiments, an embodiment of the present application provides a command recognition apparatus, where the apparatus includes modules and sub-modules included in the modules, and each unit included in each sub-module may be implemented by a processor in an electronic device; of course, the implementation can also be realized through a specific logic circuit; in implementation, the processor may be a Central Processing Unit (CPU), a Microprocessor (MPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), or the like.
Fig. 5 is a schematic structural diagram of a command recognition apparatus according to an embodiment of the present application, and as shown in fig. 5, the command recognition apparatus 500 includes:
an obtaining module 501, configured to obtain a command to be executed;
an analyzing module 502, configured to analyze the command to be executed to obtain at least one operation instruction to be matched and an execution parameter of each operation instruction, where the execution parameter of the operation instruction at least includes an execution object of the operation instruction;
the first comparison module 503 is configured to compare the at least one to-be-matched operation instruction and the execution parameter of each operation instruction with a preset operation instruction and a preset execution parameter, so as to obtain a comparison result of the to-be-executed instruction;
a first determining module 504, configured to determine an execution manner of the command to be executed based on a comparison result of the command to be executed.
In some embodiments, the first comparison module 503 includes an operation instruction comparison submodule, an execution parameter comparison submodule, and a determination submodule, where the operation instruction comparison submodule is configured to compare the at least one operation instruction to be matched with the preset operation instruction to obtain an operation instruction comparison result; the execution parameter comparison submodule is used for determining whether the operation instruction is a high-risk operation instruction or not based on the operation instruction comparison result, and comparing the execution parameter of the operation instruction with the preset execution parameter if any one of the operation instruction is the high-risk operation instruction to obtain a parameter comparison result; the determining submodule is configured to determine whether an execution object of the operation instruction is a high-risk object based on the parameter comparison result, and determine that the command to be executed is a high-risk command if any of the execution objects is the high-risk execution object.
In some embodiments, the first determining module 504 is further configured to determine, based on determining that the command to be executed is the high-risk command, that the execution manner of the command to be executed is to intercept the command to be executed.
In some embodiments, the apparatus further includes a determining module, a second comparing module, and a second determining module, where the determining module is configured to determine, according to an execution parameter of the operation instruction, an environment type where the command to be executed is executed; the second comparison module is configured to compare the operation instruction to be matched and the execution parameter of each operation instruction with the preset operation instruction and the preset execution parameter if the environment type is a production environment, so as to obtain a comparison result of the to-be-executed instruction; the second judging module is configured to judge that the command to be executed is an executable command if the environment type is a test environment.
In some embodiments, the preset execution parameter includes a preset character and a preset internet protocol address, and the execution parameter comparison sub-module includes a first determining unit and a second determining unit, where the first determining unit is configured to perform parameter segmentation on the execution parameter of the operation instruction to obtain at least one character if the operation instruction is determined to be a high-risk operation instruction based on the comparison result of the operation instruction; the second determining unit is configured to determine that the command to be executed is the high-risk command based on that the characters include the preset characters; or, based on that the character includes the preset internet protocol address, determining that the command to be executed is the high-risk command.
In some embodiments, the first determining module 504 includes an output sub-module and a determining sub-module, where the output sub-module is configured to output a prompt message based on the comparison result, where the prompt message is used to prompt a user to determine an execution mode; and the judging submodule is used for judging the execution mode of the command to be executed based on the execution mode determined by the user.
In some embodiments, the prompt information includes a recommendation of a preset execution command of the user, where the preset execution command is a command with the same execution effect as the command to be executed.
The above description of the apparatus embodiments, similar to the above description of the method embodiments, has similar beneficial effects as the method embodiments. For technical details not disclosed in the embodiments of the apparatus of the present application, reference is made to the description of the embodiments of the method of the present application for understanding.
It should be noted that, in the embodiment of the present application, if the command recognition method is implemented in the form of a software functional module and sold or used as a standalone product, the command recognition method may also be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing an electronic device (which may be a tablet computer, a desktop computer, a server, etc.) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the present application are not limited to any specific combination of hardware and software.
Correspondingly, the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps in the method for detecting a watermark in a text provided in the above embodiments.
Correspondingly, based on the same technical concept, an embodiment of the present application provides an electronic device, configured to implement the command recognition method described in the foregoing method embodiment, and fig. 6 is a schematic diagram of a hardware entity of the electronic device according to the embodiment of the present application, and as shown in fig. 6, the hardware entity of the electronic device 600 includes: comprising a memory 601 and a processor 602, said memory 601 storing a computer program operable on the processor 602, said processor 602 implementing the steps in the command recognition method provided in the above embodiments when executing said program.
The Memory 601 is configured to store instructions and applications executable by the processor 602, and may also buffer data (e.g., image data, audio data, voice communication data, and video communication data) to be processed or already processed by the processor 602 and modules in the electronic device 600, and may be implemented by a FLASH Memory (FLASH) or a Random Access Memory (RAM).
Accordingly, embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the steps in the command recognition method provided in the above embodiments.
Here, it should be noted that: the above description of the storage medium and device embodiments is similar to the description of the method embodiments above, with similar advantageous effects as the method embodiments. For technical details not disclosed in the embodiments of the storage medium and apparatus of the present application, reference is made to the description of the embodiments of the method of the present application for understanding.
It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application. The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units; can be located in one place or distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as a removable Memory device, a Read Only Memory (ROM), a magnetic disk, or an optical disk.
Alternatively, the integrated units described above in the present application may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as independent products. Based on such understanding, the technical solutions of the embodiments of the present application may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for enabling an electronic device (which may be a tablet computer, a notebook computer, a desktop computer, a server, etc.) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a removable storage device, a ROM, a magnetic or optical disk, or other various media that can store program code.
The methods disclosed in the several method embodiments provided in the present application may be combined arbitrarily without conflict to obtain new method embodiments.
Features disclosed in several of the product embodiments provided in the present application may be combined in any combination to yield new product embodiments without conflict.
The features disclosed in the several method or apparatus embodiments provided in the present application may be combined arbitrarily, without conflict, to arrive at new method embodiments or apparatus embodiments.
The above description is only for the embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method of command recognition, the method comprising:
acquiring a command to be executed;
analyzing the command to be executed to obtain at least one operation instruction to be matched and an execution parameter of each operation instruction, wherein the execution parameter of the operation instruction at least comprises an execution object of the operation instruction;
comparing the at least one operating instruction to be matched and the execution parameter of each operating instruction with a preset operating instruction and a preset execution parameter to obtain a comparison result of the command to be executed;
and judging the execution mode of the command to be executed based on the comparison result of the command to be executed.
2. The method of claim 1, wherein the comparing the at least one to-be-matched operation instruction and the execution parameter of each operation instruction with a preset operation instruction and a preset execution parameter to obtain a comparison result of the to-be-executed command comprises:
comparing the at least one operation instruction to be matched with the preset operation instruction to obtain an operation instruction comparison result;
determining whether the operation instruction is a high-risk operation instruction or not based on the operation instruction comparison result, and if any one of the operation instructions is the high-risk operation instruction, comparing an execution parameter of the operation instruction with the preset execution parameter to obtain a parameter comparison result;
and determining whether the execution object of the operation instruction is a high-risk object or not based on the parameter comparison result, and if any one of the execution objects is the high-risk execution object, determining that the command to be executed is a high-risk command.
3. The method of claim 2, wherein the determining the execution mode of the command to be executed based on the comparison result of the command to be executed comprises:
and judging the execution mode of the command to be executed as intercepting the command to be executed based on the fact that the command to be executed is determined to be the high-risk command.
4. The method of claim 1, wherein the method further comprises:
determining the type of the environment for executing the command to be executed according to the execution parameters of the operation instruction;
if the environment type is a production environment, comparing the operation instruction to be matched and the execution parameter of each operation instruction with the preset operation instruction and the preset execution parameter to obtain a comparison result of the command to be executed;
and if the environment type is the test environment, judging that the command to be executed is an executable command.
5. The method of claim 2, wherein the predetermined execution parameters include a predetermined character and a predetermined internet protocol address, the determining whether the operation command is a high-risk operation command based on the operation command comparison result, and if any of the operation commands is a high-risk operation command, comparing the execution parameters of the operation command with the predetermined execution parameters to obtain a parameter comparison result includes:
determining that the operation instruction is a high-risk operation instruction based on the operation instruction comparison result, and performing parameter segmentation on an execution parameter of the operation instruction to obtain at least one character;
determining the command to be executed as the high-risk command based on the characters comprising the preset characters; or,
determining that the command to be executed is the high-risk command based on the character including the preset internet protocol address.
6. The method according to any one of claims 1 to 5, wherein the determining the execution mode of the command to be executed based on the comparison result of the command to be executed comprises:
outputting prompt information based on the comparison result, wherein the prompt information is used for prompting a user to determine an execution mode;
and judging the execution mode of the command to be executed based on the execution mode determined by the user.
7. The method of claim 6, wherein the prompt message comprises a recommendation of a user preset execution command, wherein the preset execution command is a command with the same execution effect as the command to be executed.
8. A command recognition apparatus comprising:
the acquisition module is used for acquiring a command to be executed;
the analysis module is used for analyzing the command to be executed to obtain at least one operation instruction to be matched and an execution parameter of each operation instruction, wherein the execution parameter of the operation instruction at least comprises an execution object of the operation instruction;
the first comparison module is used for comparing the at least one to-be-matched operation instruction and the execution parameter of each operation instruction with a preset operation instruction and a preset execution parameter to obtain a comparison result of the to-be-executed instruction;
and the first judgment module is used for judging the execution mode of the command to be executed based on the comparison result of the command to be executed.
9. An electronic device comprising a memory and a processor, the memory storing a computer program operable on the processor, the processor implementing the steps of the method of any one of claims 1 to 7 when executing the program.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110184311.8A CN112799722A (en) | 2021-02-08 | 2021-02-08 | Command recognition method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110184311.8A CN112799722A (en) | 2021-02-08 | 2021-02-08 | Command recognition method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112799722A true CN112799722A (en) | 2021-05-14 |
Family
ID=75815120
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110184311.8A Pending CN112799722A (en) | 2021-02-08 | 2021-02-08 | Command recognition method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112799722A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113505050A (en) * | 2021-06-07 | 2021-10-15 | 广发银行股份有限公司 | User behavior analysis method, system, device and storage medium |
| CN113645070A (en) * | 2021-08-10 | 2021-11-12 | 中国工商银行股份有限公司 | Network equipment operation execution method and device, computer equipment and storage medium |
| CN117675414A (en) * | 2024-01-31 | 2024-03-08 | 深圳昂楷科技有限公司 | Command auditing method, system and storage medium |
| CN118041975A (en) * | 2024-04-11 | 2024-05-14 | 杭州海浔科技有限公司 | Command processing transfer method, system and storage medium of concentrator device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103973782A (en) * | 2014-04-29 | 2014-08-06 | 上海上讯信息技术股份有限公司 | Operation and maintenance operation control system and method based on blacklist command setting |
| CN109344615A (en) * | 2018-07-27 | 2019-02-15 | 北京奇虎科技有限公司 | A kind of method and device detecting malicious commands |
| CN110245004A (en) * | 2019-06-13 | 2019-09-17 | 深圳前海微众银行股份有限公司 | Command executing method, device, equipment and computer readable storage medium |
-
2021
- 2021-02-08 CN CN202110184311.8A patent/CN112799722A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103973782A (en) * | 2014-04-29 | 2014-08-06 | 上海上讯信息技术股份有限公司 | Operation and maintenance operation control system and method based on blacklist command setting |
| CN109344615A (en) * | 2018-07-27 | 2019-02-15 | 北京奇虎科技有限公司 | A kind of method and device detecting malicious commands |
| CN110245004A (en) * | 2019-06-13 | 2019-09-17 | 深圳前海微众银行股份有限公司 | Command executing method, device, equipment and computer readable storage medium |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113505050A (en) * | 2021-06-07 | 2021-10-15 | 广发银行股份有限公司 | User behavior analysis method, system, device and storage medium |
| CN113645070A (en) * | 2021-08-10 | 2021-11-12 | 中国工商银行股份有限公司 | Network equipment operation execution method and device, computer equipment and storage medium |
| CN113645070B (en) * | 2021-08-10 | 2022-12-20 | 中国工商银行股份有限公司 | Network equipment operation execution method and device, computer equipment and storage medium |
| CN117675414A (en) * | 2024-01-31 | 2024-03-08 | 深圳昂楷科技有限公司 | Command auditing method, system and storage medium |
| CN117675414B (en) * | 2024-01-31 | 2024-05-17 | 深圳昂楷科技有限公司 | Command auditing method, system and storage medium |
| CN118041975A (en) * | 2024-04-11 | 2024-05-14 | 杭州海浔科技有限公司 | Command processing transfer method, system and storage medium of concentrator device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11716349B2 (en) | Machine learning detection of database injection attacks | |
| CN112799722A (en) | Command recognition method, device, equipment and storage medium | |
| EP3683683B1 (en) | Test cycle optimization using contextual association mapping | |
| CN110909363A (en) | Software third-party component vulnerability emergency response system and method based on big data | |
| JP2017041171A (en) | Test scenario generation support device and test scenario generation support method | |
| CN112016138A (en) | Method and device for automatic safe modeling of Internet of vehicles and electronic equipment | |
| US11625366B1 (en) | System, method, and computer program for automatic parser creation | |
| CN110532773B (en) | Malicious access behavior identification method, data processing method, device and equipment | |
| CN114676231A (en) | Target information detection method, device and medium | |
| CN112464237A (en) | Static code safety diagnosis method and device | |
| CN115809466B (en) | Security requirement generation method and device based on STRIDE model, electronic equipment and medium | |
| US20240037243A1 (en) | Artificial intelligence based security requirements identification and testing | |
| CN117118857A (en) | Knowledge graph-based network security threat management system and method | |
| CN116502617A (en) | Method and device for generating security test report | |
| CN116821903A (en) | Detection rule determination and malicious binary file detection method, device and medium | |
| US12001416B1 (en) | Systems and methods for generic data parsing applications | |
| US12056038B2 (en) | Log analyzer for fault detection | |
| CN115062144A (en) | Log anomaly detection method and system based on knowledge base and integrated learning | |
| JP2013058168A (en) | Information processor and information processing program | |
| CN116401714B (en) | Security information acquisition method, device, equipment and medium | |
| CN118380126B (en) | Medical article circulation management method and system | |
| US11137989B1 (en) | Constructing a data flow graph for a computing system of an organization | |
| CN115145982B (en) | Data processing method and device | |
| CN111131248B (en) | Website application security defect detection model modeling method and defect detection method | |
| US20240045955A1 (en) | Identifying security events in programming code for logging |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |