Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the application, from which the application can also be applied to other similar scenarios without inventive effort for a person skilled in the art. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
It should be understood that "system", "device", "unit" and/or "module" as used herein is a method for distinguishing different components, elements, parts, portions or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this application and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
Flow charts are used herein to illustrate operations performed by systems according to embodiments of the present application. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
Aiming at the problems in the prior art, the inventor provides a digital service vulnerability detection method and a server combined with big data analysis in a targeted manner, and the method and the server can analyze the service vulnerability classification characteristics of different service vulnerability category items of a digital interactive service item, further ensure the integrity of the service vulnerability detection result of the digital interactive service item, and avoid the subsequent abnormal digital service interaction caused by the missed detection and the false detection of individual service vulnerabilities.
First, an exemplary digital service vulnerability detection method combined with big data analysis is described, please refer to fig. 1, which is a flowchart of an exemplary digital service vulnerability detection method and/or process combined with big data analysis according to some embodiments of the present invention, and the digital service vulnerability detection method combined with big data analysis may include the following technical solutions described in steps S10 and S20.
S10, determining digital interactive service items corresponding to interactive operation label information in the digital service interactive data based on the received digital service interactive data uploaded by each digital service device, and acquiring multiple groups of digital service interactive data of the digital interactive service items recorded by each digital service device in a preset vulnerability detection period;
in this embodiment, the method may be applied to a digital server communicatively connected to a plurality of digital business devices, where the digital server may provide different digital business services for the digital business devices, and the digital business services may relate to many service fields in daily production and life, such as a digital shopping service, a digital cloud office service, a digital cloud education service, a digital cloud game service, a digital government and enterprise service, a digital internet of things service, and a digital platform operation and maintenance service, which are not limited herein.
Generally, the digital server may be a digital server or a digital server cluster, the digital service interaction device may be an intelligent electronic device with a service interaction function (such as a visual interaction function), such as a mobile phone, a tablet computer, a notebook computer, and the like, which is not limited herein, and on this basis, the digital service interaction data may be service interaction data generated during communication between the digital service devices or during communication between the digital service device and the digital server, and the digital service interaction data has bidirectionality and can reflect detailed interaction situations of both service interaction parties.
Further, the interactive operation label information is used for distinguishing different interactive operations. For example, in the digital shopping service, the interactive operation tag information "a 1" may represent a placing operation, the interactive operation tag information "a 2" may represent a returning operation, and the interactive operation tag information "a 3" may represent a complaint operation. In the digital government and enterprise service, the interactive operation tag information 'b 1' can represent a query operation, the interactive operation tag information 'b 2' can represent an upload operation, and the interactive operation tag information 'b 3' can represent a download operation. In the operation and maintenance service of the digital platform, the interactive operation tag information 'c 1' can represent software testing operation, the interactive operation tag information 'c 2' can represent script repairing operation, and the interactive operation tag information 'c 3' can represent online operation of a product.
It can be understood that different interactive operation tag information may correspond to different interactive operation and digital interactive service items, and therefore, the corresponding digital interactive service items can be accurately positioned through the interactive operation tag information in the digital service interactive data, so that classification processing of vulnerability detection is realized, integrity of vulnerability detection is ensured, and missing detection and false detection are avoided.
In an actual implementation process, the preset vulnerability detection time period may be determined according to vulnerability events recorded by the digital server, for example, in a past period of time, if the vulnerability events recorded by the digital server are x1 pieces, the preset vulnerability detection time period may be t1, and if the vulnerability events recorded by the digital server are x2 pieces, the preset vulnerability detection time period may be t 2. By the design, the integrity of the digital service interaction data can be ensured based on each digital service device side by acquiring the multiple groups of digital service interaction data of the digital interaction service items recorded by each digital service device in the preset vulnerability detection period.
It can be understood that the digitized service interaction data acquired by the digitized server is divided into two types, the first type of data is uploaded by each digitized service device, the second type of data is corresponding to the digitized interaction service transaction recorded by each digitized service device within the preset bug detection period, in a colloquial manner, the digitized server can determine the corresponding digitized interaction service transaction m1 according to the uploaded digitized service interaction data1, and determine the corresponding digitized interaction service transaction m1 based on the digitized service interaction data1 to acquire a plurality of sets of digitized service interaction data12 of the digitized interaction service transaction m1 recorded by each digitized service device within the preset bug detection period, in this embodiment, the digitized service interaction data1 and the plurality of sets of digitized service interaction data12 may or may not overlap, and specifically, may be analyzed based on actual conditions, and is not limited herein.
Based on the above contents, in some possible embodiments, in order to completely obtain multiple sets of digitized service interaction data of a digitized interaction service item to implement subsequent service vulnerability detection, the above steps "based on the received digitized service interaction data uploaded by each piece of digitized service equipment, determine the digitized interaction service item corresponding to the interaction operation tag information in the digitized service interaction data, and obtain multiple sets of digitized service interaction data of the digitized interaction service item recorded by each piece of digitized service equipment within a preset vulnerability detection period," may include the following contents: receiving digital service interaction data uploaded by each digital service device, wherein the digital service interaction data comprise interaction operation label information of digital interaction service items, and information generation time intervals and information generation modes of the interaction operation label information; aiming at each group of received digital service interaction data, determining corresponding digital interaction service items according to interaction operation label information in the digital service interaction data, and acquiring a plurality of groups of digital service interaction data of the digital interaction service items recorded by each digital service device in a preset vulnerability detection period.
For example, the information generation period of the interactive operation tag information may be used to characterize when the interactive operation tag information is generated, and the information generation manner of the interactive operation tag information may be used to distinguish the generation manner of the interactive operation tag information, such as whether the interactive operation tag information is generated in real time or in a delayed manner, and whether the interactive operation tag information is generated in a service interaction process or a non-service interaction process, which is not limited herein.
On the basis of the above contents, the digital interactive service items of each group of digital service interactive data can be positioned, and then a plurality of groups of digital service interactive data of the digital interactive service items recorded by each digital service device in the preset vulnerability detection period are obtained, so that a plurality of groups of digital service interactive data of different digital interactive service items recorded by each digital service device in the preset vulnerability detection period can be completely obtained.
For example, for the digitized service interaction data1, the corresponding digitized service interaction transaction may be a digitized service interaction transaction m1, and further, the sets of digitized service interaction data of the digitized service interaction transaction m1 recorded by each digitized service device within the preset vulnerability detection period may be data 12. For another example, for the digitized service interaction data2, the corresponding digitized service interaction item may be a digitized service interaction item m2, and further, the sets of digitized service interaction data of the digitized service interaction item m2 recorded by each digitized service device within the preset vulnerability detection time period may be data 22. For another example, for the digitized service interaction data3, the corresponding digitized service interaction item may be a digitized service interaction item m3, and further, the sets of digitized service interaction data of the digitized service interaction item m3 recorded by each digitized service device within the preset vulnerability detection time period may be data 32.
By the design, the corresponding digital interactive service items can be determined based on different digital service interactive data, and the complete multiple groups of digital service interactive data of the digital interactive service items can be further obtained, so that subsequent multi-type service vulnerability analysis and detection can be conveniently carried out, and missing detection and false detection are avoided.
S20, determining the service vulnerability classification characteristics of at least one service vulnerability category item of the digital interactive service item according to the information generation time period and the information generation mode in the multiple groups of digital service interactive data of the digital interactive service item, and determining the service vulnerability detection result of the digital interactive service item.
In an actual implementation process, each set of digital service interaction data in the multiple sets of digital service interaction data of the digital interaction service event also includes interaction operation tag information of the corresponding digital interaction service event and an information generation period and an information generation mode of the interaction operation tag information.
For example, the service vulnerability category item may include a variety of items, such as a multi-terminal interaction scenario category item, an associated service category item, an operation behavior category item, and a network delay category item, which are not limited herein. The service vulnerability classification characteristics can be used for describing service vulnerability conditions of different service vulnerability category items, so that a service vulnerability detection result of digital interactive service items can be conveniently carried out subsequently. In the subsequent implementation process, service vulnerability detection can be respectively carried out based on the multi-terminal interaction scene category project, the associated service category project, the operation behavior category project and the network delay category project, so that corresponding service vulnerability detection results are obtained. By the design, the service vulnerability classification characteristics of different service vulnerability category projects of the digital interactive service items can be analyzed, so that the integrity of the service vulnerability detection result of the digital interactive service items is ensured, and the subsequent digital service interaction abnormity caused by the missed detection and the false detection of individual service vulnerabilities is avoided.
On the basis of the above contents, the steps of determining the service vulnerability classification characteristic of at least one service vulnerability category item of the digital interactive service item according to the information generation time period and the information generation mode in the multiple sets of digital service interactive data of the digital interactive service item, and determining the service vulnerability detection result of the digital interactive service item may include the following contents: determining a service interaction error reporting log of the digital interaction service item under a preset service vulnerability operation environment according to an information generation time period and an information generation mode in the multiple groups of digital service interaction data of the digital interaction service item, and determining a service vulnerability classification characteristic of at least one service vulnerability category item of the digital interaction service item according to the service interaction error reporting log; and determining a service vulnerability detection result of the digital interactive service item according to the service vulnerability classification characteristics of the at least one service vulnerability category item.
For example, the service vulnerability operating environment may be understood as a digital service interaction scenario in which a service vulnerability is likely to occur, and the service vulnerability operating environment may be different for different service fields. Further, the business interaction error reporting log may be used to record error reporting events related to business service vulnerabilities, for example, in the digital shopping service, the business interaction error reporting log may record "order lost error reporting event", "repeated payment error reporting event", and the like, which is not limited herein. It can be understood that the service vulnerability classification characteristics of at least one service vulnerability category item of the digital interactive service item can be completely determined through the service interaction error report log, and then the service vulnerability detection result of the digital interactive service item is completely determined through the service vulnerability classification characteristics.
In some possible embodiments, the preset service vulnerability operating environment may include a preset multi-terminal interaction scenario, and the at least one service vulnerability category item includes a multi-terminal interaction scenario category item, based on which the steps of "determining a service interaction error report log of the digital interaction service item in the preset service vulnerability operating environment according to an information generation time period and an information generation manner in the multiple sets of digital service interaction data of the digital interaction service item, determining a service vulnerability classification characteristic of the at least one service vulnerability category item of the digital interaction service item according to the service interaction error report log" may include the following contents: the multiple groups of digital service interaction data of the digital interaction service items are sorted according to the information generation time interval; determining a comparison result of information generation time periods of every two groups of adjacent digital service interaction data, and if the comparison result of the information generation time periods reaches a first set time length, judging whether a service vulnerability operating environment of first digital service interaction data in the two groups of adjacent digital service interaction data, of which the information generation time periods are prior, is the preset multi-terminal interaction scene; and if so, determining service vulnerability classification characteristics corresponding to the multi-terminal interaction scene category items of the digital interaction service items based on the preset multi-terminal interaction scene.
For example, the sets of digitized service interaction data of the digitized service transaction may be sorted in a positive or negative order of the information generation period, such as the digitized service interaction data of the digitized service transaction m1 being the digitized service interaction data12a, the digitized service interaction data12b, the digitized service interaction data12c, the digitized service interaction data12d, and the digitized service interaction data12 e.
For example, after the digitized service interaction data of the digitized interaction service transaction m1 is sorted into the digitized service interaction data12a, the digitized service interaction data12b, the digitized service interaction data12c, the digitized service interaction data12d, and the digitized service interaction data12e according to the positive sequence of the information generation time interval, the obtained data sequence may be: digitized service interaction data12c- -digitized service interaction data12a- -digitized service interaction data12e- -digitized service interaction data12d- -digitized service interaction data12 b.
For another example, after the digitized service interaction data of the digitized interaction service transaction m1 is sorted into the digitized service interaction data12a, the digitized service interaction data12b, the digitized service interaction data12c, the digitized service interaction data12d, and the digitized service interaction data12e according to the reverse order of the information generation time interval, the obtained data sequence may be: digitized service interaction data12b- -digitized service interaction data12d- -digitized service interaction data12e- -digitized service interaction data12a- -digitized service interaction data12 c.
Further, each two adjacent sets of digitized service interaction data may be digitized service interaction data12b and digitized service interaction data12d, digitized service interaction data12d and digitized service interaction data12e, digitized service interaction data12e and digitized service interaction data12a, digitized service interaction data12a and digitized service interaction data12 c. On the basis of the above, the comparison result of the information generation periods of every two adjacent sets of the digitized service interaction data may be a period difference, and may be generally determined by the intermediate event point of the information generation period.
On the premise that the comparison result of the information generation time interval reaches a first set time interval, the information generation continuity of every two groups of adjacent digital service interaction data can be represented to be affected, and under the condition, whether the service vulnerability running environment of the first digital service interaction data in the information generation time interval in the two groups of adjacent digital service interaction data is the preset multi-terminal interaction scene or not can be judged. If the service vulnerability operating environment of the first digital service interaction data in the information generation time period of the two sets of adjacent digital service interaction data is the preset multi-terminal interaction scene, the service vulnerability classification characteristics corresponding to the multi-terminal interaction scene category items of the digital interaction service items can be determined based on the preset multi-terminal interaction scene and the service interaction error reporting log of the digital interaction service items under the preset service vulnerability operating environment (multi-terminal interaction scene). Therefore, the method and the device can realize the targeted analysis of different service vulnerability operating environments, so that the service vulnerability classification characteristics corresponding to the multi-end interaction scene category items of the digital interaction service items can be accurately extracted.
In some other embodiments, the step of determining a service interaction error report log of the digital interactive service item under a preset service vulnerability operating environment according to an information generation time period and an information generation mode in the multiple sets of digital service interaction data of the digital interactive service item, and determining the service vulnerability classification characteristic of at least one service vulnerability category item of the digital interactive service item according to the service interaction error report log may further include the following steps: acquiring each group of digital service interaction data recorded by each digital service device in the preset vulnerability detection time period, and determining associated digital service interaction content corresponding to a service interaction event record of the service interaction event record and the service interaction event record of the digital interaction service item according to an information generation time period and an information generation mode in the acquired digital service interaction data; if the correlated digital service interactive content carries bug repair information, determining a first service bug classification characteristic of a correlated service category item of the digital interactive service item according to the bug repair information; judging whether the service vulnerability operating environment of the digital service interaction data is the preset multi-terminal interaction scene or not aiming at each group of digital service interaction data of the associated digital service interaction content, if so, determining a second service vulnerability classification characteristic of the associated service category item of the associated digital service interaction content according to the preset multi-terminal interaction scene; the feature content of the service vulnerability classification feature of the associated service category project is one of the first service vulnerability classification feature, the second service vulnerability classification feature and a feature fusion result of the first service vulnerability classification feature and the second service vulnerability classification feature.
For example, the service interaction event record may be used to record and store different service interaction events, the associated digital service interaction content includes a previous service interaction event corresponding to the digital interaction service event or a service interaction content of a service interaction event having an interaction object transfer relationship, and the associated digital service interaction content may be a visual content, such as a text, an image, and the like, which is not limited herein. Further, if the correlated digital service interaction content carries bug repair information, it indicates that a service bug exists before a service corresponding to the correlated digital service interaction content, in this case, a first service bug classification feature of a correlated service category item of the digital interaction service item may be determined according to the bug repair information, where the correlated service category item corresponds to the correlated digital service interaction content.
Furthermore, for each group of digital service interaction data of the associated digital service interaction content, the service vulnerability operating environment can be positioned by judging whether the service vulnerability operating environment of the digital service interaction data is the preset multi-terminal interaction scene, so that when the service vulnerability operating environment of the digital service interaction data is judged to be the preset multi-terminal interaction scene, the second service vulnerability classification characteristic of the associated service category item of the associated digital service interaction content is determined according to the preset multi-terminal interaction scene. The feature content of the service vulnerability classification feature of the associated service category project is one of the first service vulnerability classification feature, the second service vulnerability classification feature and the feature fusion result of the first service vulnerability classification feature and the second service vulnerability classification feature, so that the global integrity and the scene adaptability of the service vulnerability classification feature can be ensured.
In some other embodiments, the at least one service vulnerability category item further includes an operation behavior category item, based on which the following service vulnerability classification characteristics may relate to characteristic information related to an operation behavior, for example, the steps of "determining a service interaction error report log of the digital interaction service item under a preset service vulnerability operating environment according to an information generation time period and an information generation manner in the multiple sets of digital service interaction data of the digital interaction service item, determining a service vulnerability classification characteristic of at least one service vulnerability category item of the digital interaction service item according to the service interaction error report log" may include the following contents: arranging the digital service interaction data of the associated digital service interaction content according to the information generation time interval; for each two groups of adjacent digital service interaction data of the digital interaction service items in the preset vulnerability detection time period, if the information generation mode in the first digital service interaction data in the information generation time period is the preset multi-terminal interaction scene, determining the operation behavior of the digital interaction service items based on the information generation mode in the second digital service interaction data in the information generation time period; for every two groups of adjacent digital service interaction data of the associated digital service interaction content in the preset vulnerability detection period, if the service vulnerability operating environment in the first digital service interaction data is the preset multi-terminal interaction scene, determining the operation behavior of the associated digital service interaction content based on the information generation mode corresponding to the second digital service interaction data; and if the behavior feature similarity of the operation behavior of the associated digital service interaction content and the operation behavior of the digital interaction service item is within a preset similarity interval, and the comparison result of the information generation time intervals of two groups of second digital service interaction data corresponding to the operation behavior of the associated digital service interaction content and the operation behavior of the digital interaction service item is less than a second set time length, determining the service classification feature corresponding to the operation behavior category item of the digital interaction service item through the operation behavior of the associated digital service interaction content and the operation behavior of the digital interaction service item.
For example, determining the operation behavior of the digital interactive service item based on the information generation mode in the second digital service interaction data after the information generation period may be implemented by the following modes: analyzing the information generation mode in the second digital service interaction data after the information generation time period to obtain operation feedback information corresponding to the information generation mode in the second digital service interaction data after the information generation time period, and determining the operation behavior of the digital interaction service item through the operation feedback information, for example, if the operation feedback information is an image display, the operation behavior may be an image selection behavior.
For example, for every two groups of adjacent digitized service interaction data of the associated digitized service interaction content in the preset vulnerability detection period, one group may be defined as a first digitized service interaction data, and the other group may be defined as a second digitized service interaction data, on this basis, if the service vulnerability operating environment in the first digitized service interaction data is the preset multi-terminal interaction scene, the operating behavior of the associated digitized service interaction content may be determined by an information generation manner corresponding to the second digitized service interaction data, that is, for every two groups of adjacent digitized service interaction data, if the service vulnerability operating environment in one group of digitized service interaction data is the preset multi-terminal interaction scene, the operating behavior of the associated digitized service interaction content may be determined by an information generation manner corresponding to the other group of digitized service interaction data, therefore, the operation behavior of the associated digital service interaction content can be completely and accurately determined according to the time sequence relevance between the adjacent digital service interaction data.
For example, for different operation behaviors, if the behavior feature similarity (for example, cosine similarity of behavior feature vector) of the operation behavior f1 associated with the digital service interaction content and the operation behavior f2 of the digital interaction service transaction is within a preset similarity interval (flexibly adjusted according to actual service conditions), and the comparison result (for example, the time period difference of the information generation time period, specifically, the calculation manner is described in the foregoing description) of the information generation time periods of the two sets of second digital service interaction data corresponding to the operation behavior f1 associated with the digital service interaction content and the operation behavior f2 of the digital interaction service transaction is smaller than a second set time period (set according to actual conditions, which is not limited herein), the operation behavior category of the digital interaction service transaction is determined by the operation behavior f1 associated with the digital service interaction content and the operation behavior f2 of the digital interaction service transaction And (4) service vulnerability classification characteristics corresponding to the projects. Therefore, the behavior feature similarity of different operation behaviors can be analyzed, and the service vulnerability classification features corresponding to the operation behavior category items of the digital interactive service items are determined by combining the comparison result of the information generation time period, so that the comprehensive consideration of the operation behaviors and the time sequence features is realized, and the reliability of the service vulnerability classification features corresponding to the operation behavior category items is ensured.
In some possible embodiments, based on the above, the method may further include: determining the associated operation behaviors of the digital interactive service item and the associated digital service interactive content in a first vulnerability detection time period according to the digital interactive service item and the digital service interactive data of the associated digital service interactive content in the first vulnerability detection time period; and updating the preset multi-terminal interaction scene according to the determined associated operation behavior.
For example, the associated operation behavior may be used to characterize a dynamic service interaction condition of the digital interaction service item and the associated digital service interaction content in the first vulnerability detection period, and the associated operation behavior may include an operation behavior of a service participant corresponding to the digital interaction service item and an interaction behavior corresponding to the associated digital service interaction content, which is not limited herein. Therefore, the multi-terminal interactive scene is updated through the associated operation behaviors, and the timeliness of the multi-terminal interactive scene can be ensured. For example, the scene tag or the scene feature of the multi-terminal interaction scene may be modified and adjusted according to the call path of the behavior function of the associated operation behavior, or the preset multi-terminal interaction scene may be updated in other ways by combining the associated operation behavior, which is not limited herein.
In another embodiment, the at least one service vulnerability category item includes a network latency category item, and the network latency may be understood as a data information transmission latency caused by insufficient communication bandwidth, such as slow page refresh, interaction response latency, and the like, which are not limited herein. Based on this, the above steps "determine a service interaction error reporting log of the digital interactive service item in a preset service vulnerability operating environment according to an information generation time period and an information generation mode in the multiple sets of digital service interaction data of the digital interactive service item, and determine a service vulnerability classification characteristic of at least one service vulnerability category item of the digital interactive service item according to the service interaction error reporting log", may further include the following: determining a service loophole operating environment as a service transmission track of the digital service interaction data of the preset multi-terminal interaction scene from the plurality of groups of digital service interaction data of the digital interaction service items; and determining the service vulnerability classification characteristics corresponding to the network delay category items of the digital interactive service items according to the determined service transmission track.
For example, the service delivery trajectory of the digital service interaction data may be a Knowledge Graph (Knowledge Graph) composed of association conditions between different service events, and an execution logic relationship and a causal relationship between different service events corresponding to the digital service interaction data may be obtained through the service delivery trajectory, so that the service vulnerability classification characteristics corresponding to the network delay category item of the digital interaction service item may be completely determined through the service delivery trajectory. For example, the service vulnerability classification characteristics corresponding to the network delay category item of the digital interactive service item may be determined by the node having the abnormal attribute information in the service delivery trajectory. Generally, the service vulnerability classification characteristics corresponding to the network delay category items may include network parameter characteristics and bandwidth occupation characteristics corresponding to different service interaction events, and may also include other types of characteristics, which are not limited herein.
Based on the above, the preset service vulnerability operating environment may include a preset offline service interaction scenario, and based on this, the method may further include the following two embodiments, which are embodiment 1 and embodiment 2, respectively, where embodiment 1 and embodiment 2 may be alternatively implemented or implemented in parallel according to actual situations.
In embodiment 1, for each digital interactive service item, digital service interaction data of the digital interactive service item recorded by each digital service device in a second vulnerability detection period is obtained, a service interaction error report log of the digital interactive service item in the preset offline service interaction scene is determined according to the obtained digital service interaction data, and a service vulnerability classification feature of a first service state category item of the digital interactive service item is updated according to the service interaction error report log of the digital interactive service item in the preset offline service interaction scene.
In embodiment 1, the second vulnerability detection time period may be adjusted according to an actual situation, for example, the second vulnerability detection time period may be determined according to the received offline service trigger identifier, and on this basis, the service interaction error report log of the digital interaction service item in the preset offline service interaction scenario is determined according to the acquired digital service interaction data, which may be implemented by combining the offline time duration corresponding to the second vulnerability detection time period, and it may be understood that the service interaction error report log in the offline service interaction scenario includes an error report event related to the offline service (offline service). Therefore, the service vulnerability classification characteristic of the first service state category item of the digital interactive service item can be obtained according to the service interaction error report log of the digital interactive service item in the preset offline service interaction scene. In this embodiment, the first service status category item may be understood as a real-time service status category item.
Embodiment 2, for each digital interactive service item, acquiring a service assistant detection record of the digital interactive service item in a third vulnerability detection period, and updating a service vulnerability classification feature of a second service state category item of the digital interactive service item according to the acquired service assistant detection record; the service vulnerability detection result of the digital interactive service item is determined based on the service vulnerability classification characteristics of the at least one service vulnerability category item and the service vulnerability classification characteristics of at least one of the first service state category item and the second service state category item.
In embodiment 2, the third vulnerability detection period may be determined according to an activation period of the service assistant software, and the service assistant detection record is used to record the usage condition of the service assistant software, for example, in the visual interactive service, the service assistant software (remote manual collaboration operation service) may be started to implement a corresponding digital interactive service event. By the design, the service helper detection record of the service helper software can be taken into account, so that the service vulnerability classification characteristics of the second service state category item of the digital interactive service item are updated, and high correlation between the service vulnerability classification characteristics and actual service interaction is ensured.
In some optional embodiments, based on the above, the method may further include: determining service vulnerability classification characteristics of vulnerability repair category items of the digital interaction service items according to vulnerability repair information of the digital interaction service items; the service vulnerability detection result of the digital interactive service item is determined based on the service vulnerability classification characteristic of the at least one service vulnerability category item of the digital interactive service item and the service vulnerability classification characteristic of the vulnerability repair category item. By the design, the service vulnerability classification characteristics can be completely and accurately positioned based on the specific vulnerability repair information, so that the accuracy and the reliability of the service vulnerability classification characteristics are ensured.
In some optional embodiments, the service vulnerability detection result of the digital interactive service item is obtained by determining feature content of the obtained service vulnerability classification feature based on the service vulnerability classification feature of each category item of the digital interactive service item, and based on this, the method may further include the following contents: and outputting vulnerability repair prompt information when the content description value of the feature content of the service vulnerability classification feature of the service vulnerability detection result representing the digital interactive service item meets a preset trigger condition, wherein the vulnerability repair prompt information comprises an information generation mode of the latest digital service interactive data of the digital interactive service item.
For example, the feature content of the service vulnerability classification feature may be a feature vector, the content description value may quantitatively express the feature content, the content description value may be any integer between 0 and 10 or 0 and 100, different content description values refer to different feature contents, correspondingly, the preset trigger condition may be a condition for vulnerability repair prompting, for example, if the content description value 8 meets the preset trigger condition (for example, less than 10 and greater than 5), the content description value 8 may represent that a vulnerability repair requirement exists, and at this time, vulnerability repair prompting information may be output. The vulnerability repair prompt message may be output to the digital service device, or may be output to a third-party operation and maintenance platform, which is not limited herein. Because the vulnerability repair prompt information comprises the information generation mode of the latest digital service interaction data of the digital interaction service items, the latest digital service interaction data can be considered in the subsequent service vulnerability repair, so that the latest digital service interaction data can be rapidly processed after the service vulnerability repair, the interaction efficiency of the digital service is improved, and unnecessary abnormal conditions are avoided as far as possible.
In some optional embodiments, the step of "determining the service vulnerability detection result of the digital interactive service item according to the service vulnerability classification characteristics of the at least one service vulnerability category item" may be implemented by the method described in the following steps (1) to (5).
(1) And acquiring an event category label of each interactive event content block in the interactive service content to be detected corresponding to the digital interactive service item, and classifying the interactive event content blocks according to event categories according to the event category labels. For example, the interactive event content block may be obtained by splitting an event of the interactive service content to be detected, and the event category tag is used to distinguish the interactive event content block.
(2) And obtaining the event category heat distribution and the content validity detection result distribution of the interactive event content block of each event category in the interactive service content to be detected according to the event category label. For example, the event category heat distribution and the content validity detection result distribution may be expressed in the form of a list or a graph, the event category heat distribution is used to record the interaction heat and popularity of different events, and the content validity detection result distribution is used to record the validity of different events. In some specific examples, the step "obtaining, according to the event category tag, event category heat distribution and content validity detection result distribution of the interactivity event content block of each event category in the interactivity service content to be detected" may include the following: obtaining a global relevance description value of the interactive event content block of each event category in the interactive service content to be detected according to the event category label; obtaining an event category heat degree change track of the interactive event content block according to a global relevance description value of the interactive event content block of each event category in the interactive service content to be detected, and taking the event category heat degree change track as the event category heat degree distribution; obtaining the relative word vector distance between each interactive event content block and each preset category label in the interactive service content to be detected according to the event category labels; and obtaining a variation track of the content validity detection result distribution of the interactive event content blocks of each event category in the interactive service content to be detected according to the relative word vector distance, wherein the variation track is used as the content validity detection result distribution. Therefore, the lack of the distribution of event category heat and the distribution of content validity detection results can be avoided.
Further, the step of obtaining the global relevance description value of the interactive event content block of each event category in the interactive service content to be detected according to the event category tag may include the following steps: obtaining the content block distribution condition of the number of the interactive event content blocks of any event category in the number of all the interactive event content blocks according to the event category labels; according to the event category labels, acquiring the number of interactive service contents to be detected of interactive event content blocks comprising any event category in a pre-stored interactive service content candidate set to be detected; the interactive service content candidate set to be detected comprises at least two interactive service contents to be detected; obtaining a global relevance description value of the interactive event content block of any event category in the interactive service content to be detected according to the distribution condition of the number of the interactive event content blocks of any event category in the content blocks of all the interactive event content blocks, the number of the interactive service content to be detected in the interactive service content candidate set to be detected, and the number of the interactive service content to be detected in the interactive service content candidate set to be detected; and sequentially obtaining the global relevance description value of the interactive event content block of each event category in the interactive service content to be detected. By the design, different global relevance description values can be determined quickly and accurately, and mutual interference among the global relevance description values is avoided.
(3) And obtaining the content correlation coefficient of the interactive service content to be detected and the interactive service content of the preset sample according to the interactive event content block heat distribution and the content validity detection result distribution. For example, the content Correlation Coefficient may be expressed by different types of Correlation coefficients, such as a Pearson Correlation Coefficient (Pearson Correlation Coefficient).
(4) And taking the interactive service content to be detected with the content correlation coefficient larger than the set correlation coefficient as the potential abnormal interactive service content. For example, the set correlation coefficient may be designed according to the actual service condition, which is not described herein.
(5) Determining a content feature map in the potential abnormal interactive service content, and matching the service vulnerability classification feature of the at least one service vulnerability category item with the content feature map to obtain a matching result; and determining the service vulnerability detection result of the digital interactive service item according to the matching result. For example, the content feature map may be expressed in a graph Data (graphical Data) form, the service vulnerability classification features of the at least one service vulnerability category item may be matched with the content feature map, the euclidean distance between the service vulnerability classification features of the at least one service vulnerability category item and the content feature map may be calculated, the matching result may include the matching rate between the service vulnerability classification features of the service vulnerability category item and the content feature map, and then the content feature map corresponding to the matching result whose matching rate is within the set interval may be retained, so as to identify the retained content feature map and obtain the service vulnerability detection result of the corresponding digital interaction service item. It can be understood that the service vulnerability detection result may include different types of service vulnerabilities, so that the integrity of service vulnerability detection can be ensured, and the influence of missed detection or false detection on subsequent normal service handling is avoided.
In summary, by implementing the above-mentioned scheme, the digital interactive service item corresponding to the interactive operation tag information in the digital service interactive data uploaded by each digital service device can be determined, so as to implement accurate positioning of the digital interactive service item, and further obtain multiple sets of digital service interactive data of the digital interactive service item recorded by each digital service device in the preset vulnerability detection period to complete collection of the interactive data of the digital interactive service item, so that the service vulnerability classification characteristics of at least one service vulnerability category item of the digital interactive service item can be completely and comprehensively determined based on the information generation period and the information generation manner in the multiple sets of digital service interactive data of the digital interactive service item, and further ensure the integrity of the service vulnerability detection result of the digital interactive service item, the method avoids the abnormity of subsequent digital service interaction caused by the missed detection and the false detection of individual service loopholes.
Next, for the digital service vulnerability detection method combined with big data analysis, an exemplary digital service vulnerability detection apparatus combined with big data analysis is further provided in the embodiment of the present invention, as shown in fig. 2, the digital service vulnerability detection apparatus 200 combined with big data analysis may include the following functional modules.
The interactive data obtaining module 210 is configured to determine, based on the received digital service interaction data uploaded by each digital service device, a digital interactive service item corresponding to interactive operation tag information in the digital service interaction data, and obtain multiple sets of digital service interaction data of the digital interactive service item recorded by each digital service device within a preset vulnerability detection period.
The detection result determining module 220 is configured to determine, according to the information generation period and the information generation manner in the multiple sets of digital service interaction data of the digital interaction service transaction, a service vulnerability classification characteristic of at least one service vulnerability category item of the digital interaction service transaction, and determine a service vulnerability detection result of the digital interaction service transaction.
Then, based on the above method embodiment and apparatus embodiment, the embodiment of the present invention further provides a system embodiment, that is, a digital service vulnerability detection system combined with big data analysis, please refer to fig. 3, where a digital service vulnerability detection system 30 combined with big data analysis may include a digital server 10 and a digital service device 20. The digital server 10 and the digital service device 20 are in communication to implement the above method, and further, the functionality of the digital service vulnerability detection system 30 in combination with big data analysis is described as follows. The digital server 10 determines digital interactive service items corresponding to interactive operation tag information in the digital service interactive data based on the received digital service interactive data uploaded by each digital service device, and acquires a plurality of groups of digital service interactive data of the digital interactive service items recorded by each digital service device within a preset vulnerability detection period; and determining the service vulnerability classification characteristics of at least one service vulnerability category item of the digital interactive service item according to the information generation time period and the information generation mode in the multiple groups of digital service interactive data of the digital interactive service item, and determining the service vulnerability detection result of the digital interactive service item.
It is to be understood that for the description of the above device embodiment and system embodiment, reference is made to the description of the method shown in fig. 1, and details are not repeated here.
Further, referring to fig. 4, the digital server 10 may include a processing engine 110, a network module 120 and a memory 130, wherein the processing engine 110 and the memory 130 communicate through the network module 120.
Processing engine 110 may process the relevant information and/or data to perform one or more of the functions described herein. For example, in some embodiments, processing engine 110 may include at least one processing engine (e.g., a single core processing engine or a multi-core processor). By way of example only, the Processing engine 110 may include a Central Processing Unit (CPU), an Application-Specific Integrated Circuit (ASIC), an Application-Specific Instruction Set Processor (ASIP), a Graphics Processing Unit (GPU), a Physical Processing Unit (PPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), a Programmable Logic Device (PLD), a controller, a microcontroller Unit, a Reduced Instruction Set Computer (RISC), a microprocessor, or the like, or any combination thereof.
Network module 120 may facilitate the exchange of information and/or data. In some embodiments, the network module 120 may be any type of wired or wireless network or combination thereof. Merely by way of example, the Network module 120 may include a cable Network, a wired Network, a fiber optic Network, a telecommunications Network, an intranet, the internet, a Local Area Network (LAN), a Wide Area Network (WAN), a Wireless Local Area Network (WLAN), a Metropolitan Area Network (MAN), a Public Switched Telephone Network (PSTN), a bluetooth Network, a Wireless personal Area Network, a Near Field Communication (NFC) Network, and the like, or any combination thereof. In some embodiments, the network module 120 may include at least one network access point. For example, the network module 120 may include wired or wireless network access points, such as base stations and/or network access points.
The Memory 130 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 130 is used for storing a program, and the processing engine 110 executes the program after receiving the execution instruction.
It will be appreciated that the configuration shown in fig. 4 is merely illustrative and that the digitizer server 10 may include more or fewer components than shown in fig. 4 or may have a different configuration than shown in fig. 4. The components shown in fig. 4 may be implemented in hardware, software, or a combination thereof.
It should be understood that, for the above, a person skilled in the art can deduce from the above disclosure to determine the meaning of the related technical term without doubt, for example, for some values, coefficients, weights, indexes, factors, and other terms, a person skilled in the art can deduce and determine from the logical relationship between the above and the following, and the value range of these values can be selected according to the actual situation, for example, 0 to 1, for example, 1 to 10, and for example, 50 to 100, which are not limited herein.
The skilled person can unambiguously determine some preset, reference, predetermined, set and target technical features/terms, such as threshold values, threshold intervals, threshold ranges, etc., from the above disclosure. For some technical characteristic terms which are not explained, the technical solution can be clearly and completely implemented by those skilled in the art by reasonably and unambiguously deriving the technical solution based on the logical relations in the previous and following paragraphs. Prefixes of unexplained technical feature terms, such as "first", "second", "previous", "next", "current", "history", "latest", "best", "target", "specified", and "real-time", etc., can be unambiguously derived and determined from the context. Suffixes of technical feature terms not explained, such as "list", "feature", "sequence", "set", "matrix", "unit", "element", "track", and "list", etc., may also be derived and determined unambiguously from the foregoing and following text.
The foregoing disclosure of embodiments of the present invention will be apparent to those skilled in the art. It should be understood that the process of deriving and analyzing technical terms, which are not explained, by those skilled in the art based on the above disclosure is based on the contents described in the present application, and thus the above contents are not an inventive judgment of the overall scheme.
It should be appreciated that the system and its modules shown above may be implemented in a variety of ways. For example, in some embodiments, the system and its modules may be implemented in hardware, software, or a combination of software and hardware. Wherein the hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the methods and systems described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided, for example, on a carrier medium such as a diskette, CD-or DVD-ROM, a programmable memory such as read-only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The system and its modules of the present application may be implemented not only by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., but also by software executed by various types of processors, for example, or by a combination of the above hardware circuits and software (e.g., firmware).
It is to be noted that different embodiments may produce different advantages, and in different embodiments, any one or combination of the above advantages may be produced, or any other advantages may be obtained.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be considered merely illustrative and not restrictive of the broad application. Various modifications, improvements and adaptations to the present application may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present application and thus fall within the spirit and scope of the exemplary embodiments of the present application.
Also, this application uses specific language to describe embodiments of the application. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the present application is included in at least one embodiment of the present application. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the present application may be combined as appropriate.
Moreover, those skilled in the art will appreciate that aspects of the present application may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereon. Accordingly, various aspects of the present application may be embodied entirely in hardware, entirely in software (including firmware, resident software, micro-code, etc.) or in a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the present application may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.
The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for the operation of various portions of the present application may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages, and the like. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
Additionally, unless explicitly recited in the claims, the order of processing elements and sequences, use of numbers and letters, or use of other designations in this application is not intended to limit the order of the processes and methods in this application. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing server or mobile device.
Similarly, it should be noted that in the preceding description of embodiments of the application, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to require more features than are expressly recited in the claims. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
Numerals describing the number of components, attributes, etc. are used in some embodiments, it being understood that such numerals used in the description of the embodiments are modified in some instances by the use of the modifier "about", "approximately" or "substantially". Unless otherwise indicated, "about", "approximately" or "substantially" indicates that the numbers allow for adaptive variation. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximations that may vary depending upon the desired properties of the individual embodiments. In some embodiments, the numerical parameter should take into account the specified significant digits and employ a general digit preserving approach. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of the range are approximations, in the specific examples, such numerical values are set forth as precisely as possible within the scope of the application.
The entire contents of each patent, patent application publication, and other material cited in this application, such as articles, books, specifications, publications, documents, and the like, are hereby incorporated by reference into this application. Except where the application is filed in a manner inconsistent or contrary to the present disclosure, and except where the claim is filed in its broadest scope (whether present or later appended to the application) as well. It is noted that the descriptions, definitions and/or use of terms in this application shall control if they are inconsistent or contrary to the statements and/or uses of the present application in the material attached to this application.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present application. Other variations are also possible within the scope of the present application. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the present application can be viewed as being consistent with the teachings of the present application. Accordingly, the embodiments of the present application are not limited to only those embodiments explicitly described and depicted herein.