[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN112948822A - Big data audit scene analysis method and system applied to intelligent education system - Google Patents

Big data audit scene analysis method and system applied to intelligent education system Download PDF

Info

Publication number
CN112948822A
CN112948822A CN202110240968.1A CN202110240968A CN112948822A CN 112948822 A CN112948822 A CN 112948822A CN 202110240968 A CN202110240968 A CN 202110240968A CN 112948822 A CN112948822 A CN 112948822A
Authority
CN
China
Prior art keywords
message
information
monitoring
risk
intelligent education
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110240968.1A
Other languages
Chinese (zh)
Other versions
CN112948822B (en
Inventor
卢启伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Clp Yingshuo Shenzhen Smart Internet Co ltd
Original Assignee
Clp Yingshuo Shenzhen Smart Internet Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Clp Yingshuo Shenzhen Smart Internet Co ltd filed Critical Clp Yingshuo Shenzhen Smart Internet Co ltd
Priority to CN202110240968.1A priority Critical patent/CN112948822B/en
Publication of CN112948822A publication Critical patent/CN112948822A/en
Application granted granted Critical
Publication of CN112948822B publication Critical patent/CN112948822B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/32Monitoring with visual or acoustical indication of the functioning of the machine
    • G06F11/324Display of status information
    • G06F11/327Alarm or error message display
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Quality & Reliability (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a big data audit scene analysis method and system applied to an intelligent education system, wherein the method comprises the following steps: dividing the intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number; scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and obtaining the message sent to a target window; and analyzing and processing the message sent to the target window to determine whether risks exist in the big data processing process. The system comprises modules corresponding to the steps of the method.

Description

Big data audit scene analysis method and system applied to intelligent education system
Technical Field
The invention provides a big data audit scene analysis method and system applied to an intelligent education system, and belongs to the technical field of intelligent education.
Background
The most direct problem brought by various diversified tools under a big data Hadoop ecosystem is that diversified programming languages and diversified programming interfaces increase the safety audit coverage of big data and enhance the data analysis difficulty of the big data. Therefore, effective auditing needs to be realized under the Hadoop big data architecture environment, various UI management interfaces and various programming interfaces need to be audited simultaneously, and the system has the capability of analyzing various protocols and programming languages of the Hadoop architecture. The auditing difficulty can be summarized as follows:
1. hadoop big data unstructured data (NO SQL), the traditional scheme can not realize the comprehensive security monitoring of the data;
2. the diversification of database connection tools in Hadoop, the traditional scheme can only carry out safety monitoring on a typical C/S client access mode, and a comprehensive management means is lacked;
3. the Hadoop open interface and platform, and the information network sharing result in the increase of data risk points and increase of channels for stealing and divulging secrets;
when the Hadoop is applied to a large-scale intelligent education platform system, the risk monitoring and management capability is often low due to the auditing difficulty, so that the data access risk of the large-scale intelligent education platform is increased.
Disclosure of Invention
The invention provides a big data audit scene analysis method and a big data audit scene analysis system applied to an intelligent education system, which are used for solving the problem of low risk management capability of the existing intelligent education system, and adopt the following technical scheme:
a big data audit scenario analysis method applied to a smart education system, the method comprising the following steps:
dividing the intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number;
scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and obtaining the message sent to a target window;
and analyzing and processing the message sent to the target window to determine whether risks exist in the big data processing process.
Further, the scanning is performed on each audit unit, a hook point is obtained, a hook function is embedded in the hook point, an event message generated by each audit unit is monitored, and message interception is performed, including:
searching a Java layer in a system object in the intelligent education system meeting the specified requirements as a hook point;
putting the hook function into the business logic of the intelligent education system object to be processed and analyzed for execution;
event messages of business logic needing to be processed and analyzed in the intelligent education system in the execution process are monitored through a hook function, and messages sent to a target window are intercepted.
Further, the hook point required by the regulation satisfies the following condition: the system object is a static object.
Further, analyzing and processing the message sent to the target window to determine whether a risk exists in the big data processing process, including:
setting a message storage unit in a storage area of the intelligent education system, and dividing the storage area of the message storage unit, wherein the storage areas correspond to the auditing units one by one;
copying the message contents sent to the target window in sequence according to the generation time of the message, generating corresponding message files according to the copied message contents, and sequentially storing the message files into each storage area in the message storage unit from early to late according to the generation time of the message;
scanning, analyzing and identifying the messages in the message file of each storage area, identifying whether the information or codes in the messages have risk information or codes stored in a database, and if the risk information or codes stored in the database do not exist, indicating the safety of the messages and allowing the messages to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message;
marking the sending node which sends the risky message, setting a monitoring time period for the sending node, and individually monitoring the event message generated by the sending node;
and in a set monitoring period, monitoring each message information sent by the sending node in real time, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
Further, the monitoring time is set by the following process:
judging whether a sending node sending a message with risk sends information with risk for the first time, if the sending node sends the information with risk for the first time in the current operation process of the intelligent education system, setting the length of a monitoring time interval through a monitoring time first setting model, wherein the monitoring time first setting model is as follows:
Figure BDA0002962135100000021
when n is 1, n-1 is 1, and
Figure BDA0002962135100000022
wherein, T1Representing a monitoring period length obtained by an over-monitoring time first setting model; n represents the number of times that the sending node sends the message on the day; delta TiRepresenting a time interval between the transmission node transmitting the message i +1 times and transmitting the information i times; Δ T represents the time interval between the current transmission of risky message information by the transmitting node and the previous transmission of the message; delta TminThe minimum value of the time interval for sending the message in the current day by the sending node is represented; delta TmaxThe maximum value of the time interval of sending the message in the current day is represented by the sending node; t is0Indicating the length of the preset initial monitoring period; delta1Representing the time adjustment coefficient, δ1The value range of (A) is 0.83-0.94;
if the party node does not send risky message information for the first time in the current operation process of the intelligent education system, setting the monitoring time period length through a monitoring time second setting model, wherein the monitoring time second setting model is as follows:
Figure BDA0002962135100000031
wherein, T2Representing a monitoring period length obtained by the excess monitoring time second setting model; delta2Representing the time adjustment coefficient, δ2The value range of (A) is 1.13-1.28; m represents the number of times of the sending node of the message information with risks in the current day, Delta TliRepresents the time interval between the i +1 th transmission of the risky message information and the i th transmission of the risky message information by the transmitting node.
Further, the risk index of the transmitting node is calculated by the following formula:
Figure BDA0002962135100000032
wherein, H represents the risk index, T represents the operation duration of the intelligent education system on the day, L1、L2And L3Respectively representing a preset first unit index value, a preset second unit index value and a preset third unit index value, L1、L2And L3Are all natural constants.
A big data audit scenario analysis system applied to a smart education system, the system comprising:
the unit division module is used for dividing the intelligent education platform into k audit units according to different implementation functions, wherein k is a natural number;
the hook embedding module is used for scanning each audit unit to acquire a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and acquiring the message sent to a target window;
and the risk processing module is used for analyzing and processing the message sent to the target window and determining whether a risk exists in the big data processing process.
Further, the hook embedding module comprises:
the searching module is used for searching the Java layer as a hook point in a system object in the intelligent education system meeting the specified requirements;
the execution module is used for putting the hook function into the business logic of the intelligent education system object to be processed and analyzed to be executed;
and the message acquisition module is used for monitoring event messages of the business logic needing processing and analysis in the intelligent education system in the execution process through a hook function and simultaneously intercepting messages sent to the target window.
Further, the hook point required by the regulation satisfies the following condition: the system object is a static object.
Further, the risk processing module includes:
the intelligent education system comprises a storage division module, a data processing module and an auditing module, wherein the storage division module is used for setting a message storage unit in a storage area of the intelligent education system and dividing the storage area of the message storage unit, and the storage areas correspond to the auditing units one to one;
the information dividing module is used for copying the message contents sent to the target window in sequence according to the generation time of the message, generating corresponding message files according to the copied message contents, and sequentially storing the message files into each storage area in the message storage unit from early to late according to the generation time of the message;
the scanning identification module is used for scanning, analyzing and identifying the messages in the message files of each storage area, identifying whether the information or codes in the messages have risk information or codes stored in the database, and if the risk information or codes stored in the database do not exist, indicating that the messages are safe and allowing the messages to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message;
the marking module is used for marking the sending node which sends the information with risks, setting a monitoring time interval aiming at the sending node and independently monitoring the event information generated by the sending node;
and the monitoring module is used for monitoring each message information sent by the sending node in real time in a set monitoring time period, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, the intelligent education system gives an alarm to prompt operation and maintenance personnel to carry out risk processing.
The invention has the beneficial effects that:
according to the big data audit scene analysis method and system applied to the intelligent education system, the audit units are divided on the basis of functions, so that the management efficiency and the message monitoring degree of audit management can be effectively improved. Meanwhile, the capturing efficiency of the messages sent by all nodes of the intelligent education system can be effectively improved through the hook function, the capturing success rate of the messages sent by all nodes of the intelligent education system is effectively improved, and the number of missed message capturing is reduced. On the other hand, the big data audit scene analysis method and the big data audit scene analysis system applied to the intelligent education system can effectively improve the monitoring processing efficiency and the monitoring processing strength of the message information risks, improve the Fengxia monitoring strength of the whole intelligent education system, and greatly improve the big data access safety of the intelligent education system.
Drawings
FIG. 1 is a flow chart of the method of the present invention;
fig. 2 is a system block diagram of the system of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
The embodiment of the invention provides a big data audit scenario analysis method applied to an intelligent education system, and as shown in figure 1, the method comprises the following steps:
s1, dividing the intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number;
s2, scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting and obtaining messages sent to a target window;
s3, analyzing and processing the message sent to the target window, and determining whether a risk exists in the big data processing process.
The method includes the steps of scanning each audit unit, obtaining a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting messages, and comprises the following steps:
s201, searching a Java layer in a system object in the intelligent education system meeting the specified requirements to serve as a hook point;
s202, putting the hook function into a business logic of an intelligent education system object to be processed and analyzed to be executed;
s203, monitoring event messages of the business logic needing to be processed and analyzed in the intelligent education system in the execution process through a hook function, and simultaneously intercepting messages sent to a target window.
Wherein the hook points required by the regulation meet the following conditions: the system object is a static object.
The working principle of the technical scheme is as follows: in order to realize the auditing effect of big data, a Hook technology is adopted, which is also called a Hook function, and is a special message processing mechanism, which can monitor various event messages in a system or a process, intercept and capture messages sent to a target window and process the messages. Therefore, the hook can be customized in the system to monitor the occurrence of specific events in the system, and perform specific functions, such as screen word fetching, log monitoring, keyboard and mouse input interception, and the like. The Hook core can be divided into a thread Hook and a system Hook, and the thread Hook monitors event messages of a specified thread. The system hook monitors all threads in the system for event messages. Specifically, the method comprises the following steps:
firstly, dividing an intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number; then, scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and obtaining the message sent to a target window; and finally, analyzing and processing the message sent to the target window to determine whether risks exist in the big data processing process.
The steps implemented by the Hook technology are also divided into two steps, and the first step is to find a Hook point (Java layer), which must satisfy the following conditions: the Hook method is needed, the object to which the method belongs must be static, because the Hook technology acquires the object through reflection, and the Hook technology acquires the object of the system, a new object cannot be newly acquired, and the object which is created by the system must be used, so that the object which is static can be ensured to be consistent with the object of the system. And secondly, putting the Hook method outside the system for execution, namely putting business logic needing processing and analysis, and based on the solution thought, designing the big data auditing system to carry out secondary development on the big data Hadoop core ecological component, and fusing the Hook technology on the basis of the original code to obtain the operation event message in the component, thereby realizing the auditing of operation application. The method specifically comprises the following steps:
firstly, searching a Java layer in a system object in the intelligent education system meeting the specified requirements as a hook point; then, putting the hook function into the business logic of the intelligent education system object to be processed and analyzed for execution; and finally, monitoring event messages of the business logic needing to be processed and analyzed in the intelligent education system in the execution process through a hook function, and simultaneously intercepting messages sent to a target window.
The effect of the above technical scheme is as follows: by dividing the auditing units based on functions, the management efficiency and the message monitoring strength of auditing management can be effectively improved. Meanwhile, the capturing efficiency of the messages sent by all nodes of the intelligent education system can be effectively improved through the hook function, the capturing success rate of the messages sent by all nodes of the intelligent education system is effectively improved, and the number of missed message capturing is reduced. On the other hand, the monitoring processing efficiency and the dynamics of message information risk can be effectively improved, the Fengxiao monitoring dynamics of the whole intelligent education system is improved, and the data access security of the intelligent education system is improved to a great extent.
In an embodiment of the present invention, analyzing and processing the message sent to the target window to determine whether a risk exists in the big data processing process includes:
s301, setting a message storage unit in a storage area of the intelligent education system, and dividing the message storage unit into storage areas, wherein the storage areas correspond to the auditing units one by one;
s302, copying the message contents sent to the target window in sequence according to the generation time of the message, generating corresponding message files according to the copied message contents, and sequentially storing the message files in each storage area in the message storage unit from early to late according to the generation time of the message;
s303, scanning, analyzing and identifying the message in the message file of each storage area, identifying whether the information or the code in the message has risk information or code stored in a database, if the risk information or the code stored in the database does not exist, indicating that the message is safe, and allowing the message to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message;
s304, marking the sending node which sends the information with risk, setting a monitoring time interval for the sending node, and individually monitoring the event information generated by the sending node;
s305, monitoring each message information sent by the sending node in real time in a set monitoring time period, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
The working principle of the technical scheme is as follows: firstly, setting a message storage unit in a storage area of the intelligent education system, and dividing the storage area of the message storage unit, wherein the storage areas correspond to the auditing units one by one; then, message contents sent to the target window are copied in sequence according to the generation time of the messages, corresponding message files are generated according to the copied message contents, and the message files are sequentially stored in each storage area in the message storage unit from early to late according to the generation time of the messages; then, scanning, analyzing and identifying the message in the message file of each storage area, identifying whether the information or code in the message has risk information or code stored in the database, if the risk information or code stored in the database does not exist, indicating that the message is safe, and allowing the message to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message; then, marking the sending node which sends the information with risk, setting a monitoring time interval for the sending node, and individually monitoring the event information generated by the sending node; and finally, monitoring each message information sent by the sending node in real time in a set monitoring time period, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
The effect of the above technical scheme is as follows: carry out the risk control through above-mentioned mode, can effectively improve the control treatment effeciency and the dynamics of message information risk, get into the phoenix's nephelin control dynamics that improves whole wisdom education system, improved wisdom education system's the big security of data access to a great extent.
In an embodiment of the present invention, the monitoring time is set by the following process:
judging whether a sending node sending a message with risk sends information with risk for the first time, if the sending node sends the information with risk for the first time in the current operation process of the intelligent education system, setting the length of a monitoring time interval through a monitoring time first setting model, wherein the monitoring time first setting model is as follows:
Figure BDA0002962135100000071
when n is 1, n-1 is 1, and
Figure BDA0002962135100000072
wherein, T1Representing a monitoring period length obtained by an over-monitoring time first setting model; n represents the number of times that the sending node sends the message on the day; delta TiRepresenting a time interval between the transmission node transmitting the message i +1 times and transmitting the information i times; Δ T represents the time interval between the current transmission of risky message information by the transmitting node and the previous transmission of the message; delta TminThe minimum value of the time interval for sending the message in the current day by the sending node is represented; delta TmaxThe maximum value of the time interval of sending the message in the current day is represented by the sending node; t is0Indicating the length of the preset initial monitoring period; delta1Representing the time adjustment coefficient, δ1The value range of (A) is 0.83-0.94;
if the party node does not send risky message information for the first time in the current operation process of the intelligent education system, setting the monitoring time period length through a monitoring time second setting model, wherein the monitoring time second setting model is as follows:
Figure BDA0002962135100000073
wherein, T2Representing a monitoring period length obtained by the excess monitoring time second setting model; delta2Representing the time adjustment coefficient, δ2The value range of (A) is 1.13-1.28; m represents the number of times of the sending node of the message information with risks in the current day, Delta TliRepresents the time interval between the i +1 th transmission of the risky message information and the i th transmission of the risky message information by the transmitting node.
The effect of the above technical scheme is as follows: the monitoring time obtained through the formula can be set in a targeted manner according to the actual operation condition of the message sending node, so that the set monitoring time length can effectively meet the requirement that the monitoring module can effectively monitor the risk message sending node, the monitoring time length can meet the judgment time length obtained by the risk index, the accuracy of obtaining the risk index of the subsequent message sending node is effectively improved, the problem that the monitoring efficiency and the strength of the sending node are insufficient due to the fact that the time length is insufficient in the fixed monitoring time length is avoided, and further the accuracy of evaluating the risk index of the subsequent message sending node is caused to be bad influence.
On the other hand, the monitoring time length obtained by the formula is highly matched with the actual message sending condition of the message sending node, so that the monitoring time length can be set to ensure that the sending node is effectively monitored, the running time rationality of the monitoring module can be ensured, the monitoring intensity of the sending node can be improved, the excessive resource consumption of the education system can be effectively reduced, the excessive system resources are prevented from being consumed by overlong monitoring time, and the running load of the system is increased.
The risk index of the transmitting node is calculated by the following formula:
Figure BDA0002962135100000081
wherein, H represents the risk index, T represents the operation duration of the intelligent education system on the day, L1、L2And L3Respectively representing a preset first unit index value, a preset second unit index value and a preset third unit index value, L1、L2And L3Are all natural constants.
The effect of the above technical scheme is as follows: through the risk index, effective and accurate risk assessment can be performed on each message sending node of the intelligent education system.
The embodiment of the invention provides a big data audit scenario analysis system applied to an intelligent education system, and as shown in fig. 2, the system comprises:
the unit division module is used for dividing the intelligent education platform into k audit units according to different implementation functions, wherein k is a natural number;
the hook embedding module is used for scanning each audit unit to acquire a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and acquiring the message sent to a target window;
and the risk processing module is used for analyzing and processing the message sent to the target window and determining whether a risk exists in the big data processing process.
Wherein the hook embedding module comprises:
the searching module is used for searching the Java layer as a hook point in a system object in the intelligent education system meeting the specified requirements;
the execution module is used for putting the hook function into the business logic of the intelligent education system object to be processed and analyzed to be executed;
and the message acquisition module is used for monitoring event messages of the business logic needing processing and analysis in the intelligent education system in the execution process through a hook function and simultaneously intercepting messages sent to the target window.
Wherein the hook points required by the regulation meet the following conditions: the system object is a static object.
The working principle of the technical scheme is as follows: firstly, dividing the intelligent education platform into k auditing units according to different implementation functions through a unit dividing module, wherein k is a natural number; then, scanning each audit unit by using a hook embedding module to obtain a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and obtaining the message sent to a target window; and then, analyzing and processing the message sent to the target window by using a risk processing module, and determining whether a risk exists in the big data processing process.
The operation process of the hook embedded module comprises the following steps:
firstly, searching a Java layer as a hook point in a system object in the intelligent education system meeting the specified requirements through a searching module; then, an execution module is used for putting the hook function into the business logic of the intelligent education system object to be processed and analyzed to be executed; and finally, monitoring event messages of the business logic needing processing and analysis in the intelligent education system in the execution process by adopting a message acquisition module through a hook function, and simultaneously intercepting messages sent to a target window.
The effect of the above technical scheme is as follows: by dividing the auditing units based on functions, the management efficiency and the message monitoring strength of auditing management can be effectively improved. Meanwhile, the capturing efficiency of the messages sent by all nodes of the intelligent education system can be effectively improved through the hook function, the capturing success rate of the messages sent by all nodes of the intelligent education system is effectively improved, and the number of missed message capturing is reduced. On the other hand, the monitoring processing efficiency and the dynamics of message information risk can be effectively improved, the Fengxiao monitoring dynamics of the whole intelligent education system is improved, and the data access security of the intelligent education system is improved to a great extent.
In one embodiment of the invention, the risk processing module comprises:
the intelligent education system comprises a storage division module, a data processing module and an auditing module, wherein the storage division module is used for setting a message storage unit in a storage area of the intelligent education system and dividing the storage area of the message storage unit, and the storage areas correspond to the auditing units one to one;
the information dividing module is used for copying the message contents sent to the target window in sequence according to the generation time of the message, generating corresponding message files according to the copied message contents, and sequentially storing the message files into each storage area in the message storage unit from early to late according to the generation time of the message;
the scanning identification module is used for scanning, analyzing and identifying the messages in the message files of each storage area, identifying whether the information or codes in the messages have risk information or codes stored in the database, and if the risk information or codes stored in the database do not exist, indicating that the messages are safe and allowing the messages to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message;
the marking module is used for marking the sending node which sends the information with risks, setting a monitoring time interval aiming at the sending node and independently monitoring the event information generated by the sending node;
and the monitoring module is used for monitoring each message information sent by the sending node in real time in a set monitoring time period, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, the intelligent education system gives an alarm to prompt operation and maintenance personnel to carry out risk processing.
The working principle of the technical scheme is as follows: firstly, setting a message storage unit in a storage area of the intelligent education system through a storage division module, and dividing the storage area of the message storage unit, wherein the storage areas correspond to the auditing units one by one; then, the message content sent to the target window is sequentially copied by using an information dividing module according to the generation time of the message, a corresponding message file is generated according to the copied message content, and the message file is sequentially stored in each storage area in a message storage unit from early to late according to the generation time of the message; then, a scanning identification module is adopted to scan, analyze and identify the messages in the message file of each storage area, identify whether the information or codes in the messages have risk information or codes stored in a database, if the risk information or codes stored in the database do not exist, the messages are safe, and the messages are allowed to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message; then, marking the sending node which sends the information with risks by using a marking module, setting a monitoring time period for the sending node, and individually monitoring the event information generated by the sending node; and finally, monitoring each message information sent by the sending node in real time in a set monitoring time period through a monitoring module, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
The effect of the above technical scheme is as follows: carry out the risk control through above-mentioned mode, can effectively improve the control treatment effeciency and the dynamics of message information risk, get into the phoenix's nephelin control dynamics that improves whole wisdom education system, improved wisdom education system's the big security of data access to a great extent.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A big data audit scenario analysis method applied to a smart education system is characterized by comprising the following steps:
dividing the intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number;
scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and obtaining the message sent to a target window;
and analyzing and processing the message sent to the target window to determine whether risks exist in the big data processing process.
2. The data audit scenario analysis method of claim 1, wherein the scanning for each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and performing message interception includes:
searching a Java layer in a system object in the intelligent education system meeting the specified requirements as a hook point;
putting the hook function into the business logic of the intelligent education system object to be processed and analyzed for execution;
event messages of business logic needing to be processed and analyzed in the intelligent education system in the execution process are monitored through a hook function, and messages sent to a target window are intercepted.
3. The data audit scenario analysis method of claim 2, wherein the hook point required by the specification meets the following condition: the system object is a static object.
4. The method for analyzing the data auditing scene according to claim 1, characterized in that the analyzing and processing the message sent to the target window to determine whether a risk exists in the big data processing process comprises:
setting a message storage unit in a storage area of the intelligent education system, and dividing the storage area of the message storage unit, wherein the storage areas correspond to the auditing units one by one;
copying the message contents sent to the target window in sequence according to the generation time of the message, generating corresponding message files according to the copied message contents, and sequentially storing the message files into each storage area in the message storage unit from early to late according to the generation time of the message;
scanning, analyzing and identifying the messages in the message file of each storage area, identifying whether the information or codes in the messages have risk information or codes stored in a database, and if the risk information or codes stored in the database do not exist, indicating the safety of the messages and allowing the messages to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message;
marking the sending node which sends the risky message, setting a monitoring time period for the sending node, and individually monitoring the event message generated by the sending node;
and in a set monitoring period, monitoring each message information sent by the sending node in real time, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
5. The data audit scenario analysis method of claim 4, wherein the monitoring time is set by:
judging whether a sending node sending a message with risk sends information with risk for the first time, if the sending node sends the information with risk for the first time in the current operation process of the intelligent education system, setting the length of a monitoring time interval through a monitoring time first setting model, wherein the monitoring time first setting model is as follows:
Figure FDA0002962135090000021
when n is 1, n-1 is 1, and
Figure FDA0002962135090000022
wherein, T1Representing a monitoring period length obtained by an over-monitoring time first setting model; n represents the number of times that the sending node sends the message on the day; delta TiRepresenting a time interval between the transmission node transmitting the message i +1 times and transmitting the information i times; Δ T represents the time interval between the current transmission of risky message information by the transmitting node and the previous transmission of the message; delta TminThe minimum value of the time interval for sending the message in the current day by the sending node is represented; delta TmaxThe maximum value of the time interval of sending the message in the current day is represented by the sending node; t is0Indicating the length of the preset initial monitoring period; delta1Representing the time adjustment coefficient, δ1The value range of (A) is 0.83-0.94;
if the party node does not send risky message information for the first time in the current operation process of the intelligent education system, setting the monitoring time period length through a monitoring time second setting model, wherein the monitoring time second setting model is as follows:
Figure FDA0002962135090000023
wherein, T2Representing a monitoring period length obtained by the excess monitoring time second setting model; delta2Representing the time adjustment coefficient, δ2The value range of (A) is 1.13-1.28; m represents the number of times of the sending node of the message information with risks in the current day, Delta TliRepresents the time interval between the i +1 th transmission of the risky message information and the i th transmission of the risky message information by the transmitting node.
6. The data auditing scenario analysis method of claim 4, where the risk index of the sending node is calculated by the following formula:
Figure FDA0002962135090000024
wherein, H represents the risk index, T represents the operation duration of the intelligent education system on the day, L1、L2And L3Respectively representing a preset first unit index value, a preset second unit index value and a preset third unit index value, L1、L2And L3Are all natural constants.
7. A big data audit scenario analysis system applied to a smart education system, the system comprising:
the unit division module is used for dividing the intelligent education platform into k audit units according to different implementation functions, wherein k is a natural number;
the hook embedding module is used for scanning each audit unit to acquire a hook point, embedding a hook function in the hook point, monitoring an event message generated by each audit unit, and intercepting and acquiring the message sent to a target window;
and the risk processing module is used for analyzing and processing the message sent to the target window and determining whether a risk exists in the big data processing process.
8. The data audit scenario analysis system of claim 7, wherein the hook embedding module includes:
the searching module is used for searching the Java layer as a hook point in a system object in the intelligent education system meeting the specified requirements;
the execution module is used for putting the hook function into the business logic of the intelligent education system object to be processed and analyzed to be executed;
and the message acquisition module is used for monitoring event messages of the business logic needing processing and analysis in the intelligent education system in the execution process through a hook function and simultaneously intercepting messages sent to the target window.
9. The data audit scenario analysis system of claim 8, wherein the required hook point meets the following condition: the system object is a static object.
10. The data audit scenario analysis system of claim 7, wherein the risk processing module includes:
the intelligent education system comprises a storage division module, a data processing module and an auditing module, wherein the storage division module is used for setting a message storage unit in a storage area of the intelligent education system and dividing the storage area of the message storage unit, and the storage areas correspond to the auditing units one to one;
the information dividing module is used for copying the message contents sent to the target window in sequence according to the generation time of the message, generating corresponding message files according to the copied message contents, and sequentially storing the message files into each storage area in the message storage unit from early to late according to the generation time of the message;
the scanning identification module is used for scanning, analyzing and identifying the messages in the message files of each storage area, identifying whether the information or codes in the messages have risk information or codes stored in the database, and if the risk information or codes stored in the database do not exist, indicating that the messages are safe and allowing the messages to be sent to a target window; if the risk information or the codes stored in the database exist, the message is refused to be sent to the target window, and the message interception reminding information is fed back to the sending node of the message;
the marking module is used for marking the sending node which sends the information with risks, setting a monitoring time interval aiming at the sending node and independently monitoring the event information generated by the sending node;
and the monitoring module is used for monitoring each message information sent by the sending node in real time in a set monitoring time period, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, the intelligent education system gives an alarm to prompt operation and maintenance personnel to carry out risk processing.
CN202110240968.1A 2021-03-04 2021-03-04 Big data audit scene analysis method and system applied to intelligent education system Active CN112948822B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110240968.1A CN112948822B (en) 2021-03-04 2021-03-04 Big data audit scene analysis method and system applied to intelligent education system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110240968.1A CN112948822B (en) 2021-03-04 2021-03-04 Big data audit scene analysis method and system applied to intelligent education system

Publications (2)

Publication Number Publication Date
CN112948822A true CN112948822A (en) 2021-06-11
CN112948822B CN112948822B (en) 2024-10-18

Family

ID=76247665

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110240968.1A Active CN112948822B (en) 2021-03-04 2021-03-04 Big data audit scene analysis method and system applied to intelligent education system

Country Status (1)

Country Link
CN (1) CN112948822B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114390012A (en) * 2021-12-15 2022-04-22 中国电子科技集团公司第三十研究所 West trust application data evidence obtaining method based on reverse analysis
CN117596223A (en) * 2024-01-18 2024-02-23 北京亿赛通科技发展有限责任公司 Method, device and system for managing and controlling outgoing messages of instant messaging software client

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130312097A1 (en) * 2012-05-21 2013-11-21 Fortinet, Inc. Detecting malicious resources in a network based upon active client reputation monitoring
CN104091098A (en) * 2014-07-15 2014-10-08 福建师范大学 Document operation safety auditing system
CN106897609A (en) * 2015-12-17 2017-06-27 北京奇虎科技有限公司 The method and device that a kind of application program to dynamic load is monitored
WO2017113561A1 (en) * 2015-12-30 2017-07-06 腾讯科技(深圳)有限公司 Information interception processing method and terminal, and computer storage medium
KR101813840B1 (en) * 2017-08-22 2017-12-29 국민건강보험공단 System for performing audit task using risk evaluation analysis and method thereof
CN107992751A (en) * 2017-12-21 2018-05-04 郑州云海信息技术有限公司 A kind of real-time threat detection method based on branch's behavior model
CN109525593A (en) * 2018-12-20 2019-03-26 中科曙光国际信息产业有限公司 A kind of pair of hadoop big data platform concentrates security management and control system and method
US10503822B1 (en) * 2012-03-02 2019-12-10 Apparity, LLC Application tracking, auditing and collaboration systems and methods
US20200104470A1 (en) * 2016-06-10 2020-04-02 OneTrust, LLC Data processing systems and methods for efficiently assessing the risk of privacy campaigns
CN111107054A (en) * 2019-11-21 2020-05-05 深信服科技股份有限公司 Data auditing method, device, equipment and storage medium
CN111552700A (en) * 2020-04-23 2020-08-18 国网河北省电力有限公司 Intelligent audit platform for dynamically auditing project construction process of power system
CN112084091A (en) * 2020-09-09 2020-12-15 北京升鑫网络科技有限公司 System behavior auditing method, device, terminal and storage medium

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10503822B1 (en) * 2012-03-02 2019-12-10 Apparity, LLC Application tracking, auditing and collaboration systems and methods
US20130312097A1 (en) * 2012-05-21 2013-11-21 Fortinet, Inc. Detecting malicious resources in a network based upon active client reputation monitoring
CN104091098A (en) * 2014-07-15 2014-10-08 福建师范大学 Document operation safety auditing system
CN106897609A (en) * 2015-12-17 2017-06-27 北京奇虎科技有限公司 The method and device that a kind of application program to dynamic load is monitored
WO2017113561A1 (en) * 2015-12-30 2017-07-06 腾讯科技(深圳)有限公司 Information interception processing method and terminal, and computer storage medium
CN106936793A (en) * 2015-12-30 2017-07-07 腾讯科技(深圳)有限公司 A kind of information intercepting processing method and terminal
US20200104470A1 (en) * 2016-06-10 2020-04-02 OneTrust, LLC Data processing systems and methods for efficiently assessing the risk of privacy campaigns
KR101813840B1 (en) * 2017-08-22 2017-12-29 국민건강보험공단 System for performing audit task using risk evaluation analysis and method thereof
CN107992751A (en) * 2017-12-21 2018-05-04 郑州云海信息技术有限公司 A kind of real-time threat detection method based on branch's behavior model
CN109525593A (en) * 2018-12-20 2019-03-26 中科曙光国际信息产业有限公司 A kind of pair of hadoop big data platform concentrates security management and control system and method
CN111107054A (en) * 2019-11-21 2020-05-05 深信服科技股份有限公司 Data auditing method, device, equipment and storage medium
CN111552700A (en) * 2020-04-23 2020-08-18 国网河北省电力有限公司 Intelligent audit platform for dynamically auditing project construction process of power system
CN112084091A (en) * 2020-09-09 2020-12-15 北京升鑫网络科技有限公司 System behavior auditing method, device, terminal and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘国城;杨丽丽;: "大数据下"互联网+智慧教育"安全审计模式研究", 东北师大学报(哲学社会科学版), no. 05 *
苏祥;胡建伟;崔艳鹏;: "一种易部署的Android应用程序动态监测方案", 计算机科学, no. 02 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114390012A (en) * 2021-12-15 2022-04-22 中国电子科技集团公司第三十研究所 West trust application data evidence obtaining method based on reverse analysis
CN117596223A (en) * 2024-01-18 2024-02-23 北京亿赛通科技发展有限责任公司 Method, device and system for managing and controlling outgoing messages of instant messaging software client

Also Published As

Publication number Publication date
CN112948822B (en) 2024-10-18

Similar Documents

Publication Publication Date Title
US11936667B2 (en) Cyber security system applying network sequence prediction using transformers
CN107566163B (en) Alarm method and device for user behavior analysis association
US8775333B1 (en) Systems and methods for generating a threat classifier to determine a malicious process
CN106778253A (en) Threat context aware information security Initiative Defense model based on big data
CN103618652A (en) Audit and depth analysis system and audit and depth analysis method of business data
CN103701783A (en) Preprocessing unit, data processing system consisting of same, and processing method
CN112948822B (en) Big data audit scene analysis method and system applied to intelligent education system
CN114500099A (en) Big data attack processing method and server for cloud service
KR20210083936A (en) System for collecting cyber threat information
CN107506408A (en) To the method and system of magnanimity event distribution formula association matching
KR20210108340A (en) IT Infrastructure Fault Learning and Analysis System Using Linguistic Analysis Techniques
CN112581129A (en) Block chain transaction data management method and device, computer equipment and storage medium
CN106452815A (en) Informatization management method, device and system
CN112799908B (en) Intelligent terminal safety monitoring method, equipment and medium based on edge calculation
CN111209171B (en) Closed loop handling method and device for security risk and storage medium
CN116090015B (en) Intelligent authority application management system and method based on big data
CN104023205A (en) Intelligent security monitoring system
CN116049877B (en) Method, system, equipment and storage medium for identifying and desensitizing private data
CN117972704A (en) Blockchain ecological safety collaborative supervision method
KR102426889B1 (en) Apparatus, method and program for analyzing and processing data by log type for large-capacity event log
CN112560083B (en) Safety protection method and device and electronic equipment
CN109902831B (en) Service decision processing method and device
Subach et al. Rule-oriented Method of Cyber Incidents Detection by SIEM Based on Fuzzy Logical Inference.
CN118101337B (en) Intelligent defense method and system for railway network space based on information collaboration
CN115409213A (en) Digital road operation and maintenance method based on predictive maintenance

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant