CN113918435B - Method and device for determining risk level of application program and storage medium - Google Patents
Method and device for determining risk level of application program and storage medium Download PDFInfo
- Publication number
- CN113918435B CN113918435B CN202111211486.XA CN202111211486A CN113918435B CN 113918435 B CN113918435 B CN 113918435B CN 202111211486 A CN202111211486 A CN 202111211486A CN 113918435 B CN113918435 B CN 113918435B
- Authority
- CN
- China
- Prior art keywords
- risk
- application program
- sets
- value
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 239000011159 matrix material Substances 0.000 claims description 74
- 238000004364 calculation method Methods 0.000 claims description 66
- 238000004422 calculation algorithm Methods 0.000 claims description 3
- 238000001514 detection method Methods 0.000 description 45
- 230000008569 process Effects 0.000 description 14
- 238000009826 distribution Methods 0.000 description 7
- 238000010606 normalization Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 230000003247 decreasing effect Effects 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 208000001613 Gambling Diseases 0.000 description 1
- 230000004931 aggregating effect Effects 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000000712 assembly Effects 0.000 description 1
- 238000000429 assembly Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 238000005094 computer simulation Methods 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000005315 distribution function Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003012 network analysis Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3409—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
- G06F18/2411—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Quality & Reliability (AREA)
- Computing Systems (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Mathematical Physics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Hardware Design (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the application discloses a method and a device for determining an application program risk level and a storage medium. The method comprises the following steps: acquiring risk values of at least one application program, wherein the at least one application program corresponds to a plurality of sets, determining a risk type corresponding to the risk values of each application program in a plurality of preset risk types, and calculating the risk value of each set in the plurality of sets according to the risk type of each risk value and the tolerance of each set corresponding to each risk type; and determining the risk level of an application program system according to the risk value of each set in the plurality of sets, wherein the application program system refers to a system formed by application programs contained in the plurality of sets. Therefore, the risk level of each risk application program is determined, and the experience of the application program provider is good.
Description
Technical Field
The application relates to the technical field of internet, in particular to a method and a device for determining an application program risk level and a storage medium.
Background
In the existing network protection technology, a website provider provides a plurality of websites for a website detection party, and the website detection party receives the websites and performs risk investigation on the websites one by one. However, the website detecting party can only detect at least one risk website in the plurality of websites, but cannot determine the risk level of each risk website, so that the experience of the website provider is poor.
Disclosure of Invention
Aiming at the technical problems, the embodiment of the application provides a method and a device for determining the risk level of an application program and a storage medium, so as to solve the problem that the risk level of each risk application program cannot be determined, and the experience of an application program provider is poor.
A first aspect of an embodiment of the present application provides a method for determining an application risk level, including:
acquiring a risk value of at least one application program, wherein the at least one application program corresponds to a plurality of sets, and each application program in the at least one application program belongs to one of the plurality of sets;
Determining risk types corresponding to the risk values of the application programs in a plurality of preset risk types, and the tolerance of each set in the plurality of sets to each risk type;
Calculating the risk value of each set in the multiple sets according to the risk type corresponding to the risk value of each application program in the preset multiple risk types and the tolerance of each set corresponding to each risk type;
And determining the risk level of an application program system according to the risk value of each set in the plurality of sets, wherein the application program system refers to a system formed by application programs contained in the plurality of sets.
In some embodiments, the acquiring the risk value of the at least one application corresponding to any application includes:
collecting information of the application program;
acquiring risk information from the acquired information through a preset path topology model;
and calculating the risk value of the application program based on the risk information according to the preset importance and influence.
In some embodiments, the determining the tolerance of each of the plurality of sets for the respective risk type includes:
Obtaining a weight matrix according to the preset priority coefficients of the multiple risk types, wherein each feature vector in the weight matrix represents tolerance coefficients of each set corresponding to each risk type;
and if the weight matrix meets the logic consistency of the priority, taking the feature vector in the weight matrix as the tolerance of the corresponding set to the corresponding risk type.
In some embodiments, the risk types according to the risk values and the tolerance of the respective sets corresponding to the respective risk types correspond to any set, and the risk values of the sets satisfy:
where w i refers to the tolerance of the set to the ith risk type of the plurality of risk types, and y i refers to the average risk value of the ith risk type of the plurality of risk types.
In some embodiments, the method further comprises:
According to the algorithm:
A first sub-risk value of the application system is calculated, wherein x i represents a risk value of an i-th set of the plurality of sets.
In some embodiments, the determining the risk level of the application system according to the risk value of each of the plurality of sets includes:
Calculating a risk value of the application program system according to the risk value of each set in the plurality of sets and the first sub-risk value of the application program system;
calculating a risk level coefficient of the application program system according to the risk value of the application program system;
And determining the risk level of the application program system according to the risk level coefficient of the application program system.
In some embodiments, the calculating the risk value of the application system according to the risk value of each set of the plurality of sets and the first sub-risk value of the application system satisfies:
Wherein R refers to a risk value of the application program system, And w both refer to risk weights.
A second aspect of an embodiment of the present application provides an apparatus for determining an application risk level, including:
A risk value calculation module of an application program, configured to obtain a risk value of at least one application program, where the at least one application program corresponds to a plurality of sets, and each application program in the at least one application program belongs to one of the plurality of sets;
the tolerance module of the risk type is used for determining the risk type corresponding to the risk value of each application program in a plurality of preset risk types and the tolerance of each set corresponding to each risk type in the plurality of sets;
The risk value calculation module is used for calculating the risk value of each set in the multiple sets according to the risk type corresponding to the risk value of each application program in the preset multiple risk types and the tolerance of each risk type corresponding to each set;
and the risk level calculation module is used for determining the risk level of an application program system according to the risk value of each set in the plurality of sets, wherein the application program system refers to a system formed by application programs contained in the plurality of sets.
In some embodiments, an information module of an application program is configured to collect information of the application program, obtain risk information from the collected information through a preset path topology model, and calculate a risk value of the application program based on the risk information according to a preset importance and influence degree.
A third aspect of embodiments of the present application provides a storage medium having stored thereon computer executable instructions which, when executed by a computing device, are operable to implement the method of the previous embodiments.
According to the embodiment of the application, the risk value of at least one application program is firstly obtained, the tolerance corresponding to each risk type is obtained according to the risk value of each application program, the risk value of each set in a plurality of sets is further calculated, the risk level of an application program system is determined according to the risk value of each set in the plurality of sets, and therefore the risk level of each risk application program is determined, so that the experience of an application program provider is better.
Drawings
The features and advantages of the present application will be more clearly understood by reference to the accompanying drawings, which are illustrative and should not be construed as limiting the application in any way, in which:
FIG. 1 is a flowchart of a method for determining an application risk level according to the present application;
FIG. 2 is a schematic diagram of specific risk types in a method for determining risk levels of an application program according to the present application;
FIG. 3 is a schematic diagram of a critical path topology for risk detection in a method for determining risk level of an application program according to the present application;
Fig. 4 is a schematic diagram of a risk detection critical path topology in a method for determining an application risk level according to the present application.
Detailed Description
In the following detailed description, numerous specific details are set forth by way of examples in order to provide a thorough understanding of the relevant disclosure. However, it will be apparent to one of ordinary skill in the art that the present application may be practiced without these specific details. It should be appreciated that the terms "system," "apparatus," "unit," and/or "module" are used herein to describe various elements, components, portions or assemblies in a sequential order. However, these terms may be replaced with other expressions if the other expressions can achieve the same purpose.
It will be understood that when a device, unit, or module is referred to as being "on," "connected to," or "coupled to" another device, unit, or module, it can be directly on, connected to, or coupled to, or in communication with the other device, unit, or module, or intervening devices, units, or modules may be present unless the context clearly indicates an exception. For example, the term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the scope of the application. As used in the specification and in the claims, the terms "a," "an," "the," and/or "the" are not specific to a singular, but may include a plurality, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" are intended to cover only those features, integers, steps, operations, elements, and/or components that are explicitly identified, but do not constitute an exclusive list, as other features, integers, steps, operations, elements, and/or components may be included.
As shown in fig. 1, the present application provides a method for determining an application risk level, including:
step S10 obtains a risk value of at least one application program, where the at least one application program corresponds to a plurality of sets, and each application program in the at least one application program belongs to one of the plurality of sets.
It should be noted that the application program includes software programs such as phishing fraud-websites, phishing fraud-APP, phishing fraud-social media, threat misinformation, brand infringement, data leakage, copyright piracy, code leakage, etc. Therefore, the risk level determination method of the present application is applicable to any of the above-described applications, and is of course applicable to applications other than the above-described applications, that is, to applications of any digital risk level determination method. As shown in table 1 below, represent various risks that an application includes:
TABLE 1
The following is an example of a risk detection process for phishing fraud in the website type. In one embodiment, the acquiring the risk value of the at least one application program includes: and collecting information of the application program. The information of the application program has risk types, as shown in fig. 2, in order to accurately describe a risk calculation scheme, the risk detection process of the application program phishing fraud is illustrated by way of example, the following example is implemented by way of example by a set as a brand, and the brand may be a branch or a branch of a bank by way of example. The risk detection calculation process of the application program phishing fraud comprises the following steps of:
the first step, the risk detection engine collects data and includes multimedia resource information such as application text information, source codes, picture information, application screenshot and the like.
And secondly, checking the picture content of the webpage screenshot through a pornography picture detection engine and a gambling picture detection engine, and if the webpage screenshot does not pass the checking, enabling the risk data to enter a IOCs (Indicator of compromise) active detection process, such as a multidimensional application program classification calculation process.
Thirdly, performing first-order judgment of risk data types by a structure detection engine aiming at source codes of the risk data; and extracting application program text information through the keyword and theme extraction module, and then carrying out semantic similarity measurement on the extracted information and brand text information in a brand information base, so as to calculate brand correlation.
And fourthly, calculating the source code of the application program through the rule engine calculation, and judging whether a login component exists or not. If the login component does not exist, the risk data is sent to the brand infringement risk calculation flow, otherwise, the fifth step is executed.
Fifthly, performing image type calculation on the acquired risk data, firstly judging whether an anti-attack image exists in the risk data, and if the anti-attack image exists, increasing the probability of risk of the piece of risk information; further, comparing the image similarity through the screenshot of the application program and the screenshot of the brand-related application program stored in the brand information base; and finally, searching brand infringement examples by the images and the webpage screenshot in the risk data, and judging whether suspicious infringement behaviors exist at the same time.
Sixth, the rule calculation engine calculates whether the domain name of the application program is associated with the brand existence in the brand base information base. If there is an association relationship, then detection results such as brand relevance and web page screenshot similarity cannot be used as a evidence chain of the risk.
And seventhly, filling results of picture content auditing, application program structure classification, brand correlation, whether login components are included, whether attack resisting images exist, application program similarity, brand infringement instance detection, brand association judgment and the like into risk data to serve as an evidence chain to assist downstream task calculation.
In one embodiment, as shown in fig. 2, risk information is obtained from the collected information through a preset path topology model.
In the process of risk calculation of the risk data, a risk detection model for risk type distinguishing and perfecting an evidence chain is contained in the detected path topology. From the perspective of risk data risk values and risk level calculations we need to find the critical path topology in the risk detection path. To describe the solution precisely, define the risk detection critical path topology as follows:
First, in the risk detection calculation process, a risk calculation model that can be used to perfect a risk data evidence chain is a node in a critical path topology.
Second, the data flow direction between models is an edge in the topology and is a directed edge.
Third, when the critical path topology is simplified, the risk detection critical path topology is the topology with the system most simplified.
Application program phishing fraud risk detection calculation path topology as shown in fig. 3, only the calculation nodes available for perfecting the risk evidence chain are reserved according to the definition of the risk detection key path topology. The risk data collection nodes are only nodes which are convenient to describe and keep, and are not nodes in the critical path topology. Meanwhile, the topology is the simplest topology, and simplification calculation is not needed.
And calculating the risk value of the application program based on the risk information according to the preset importance and influence. The comprehensive influence degree of the application program phishing fraud risk detection models is shown in fig. 4, comprehensive influence degree modeling of the risk detection models is carried out based on the risk detection critical path topology, the influence relation among the models is represented by modeling through a selective directed graph, and the influence relation and the influence intensity among the models can be clearly and intuitively seen.
As shown in fig. 4, the nodes are detection models, and the directed edges are the direct influence of the start point model on the end point model. The impact level evaluation criteria are shown in table 2 below:
TABLE 2
| Influence degree | Interpretation of the drawings |
| 0 | Has no influence on |
| 1 | Low influence degree |
| 2 | To a moderate extent |
| 3 | High influence degree |
| 4 | To a very high extent |
In the comprehensive influence modeling, the importance of the model in the whole system is considered, and the standard reference influence assessment standard. Model system importance is shown in table 3 below:
TABLE 3 Table 3
| Model | Importance level |
| Brand relevance calculation | 4 |
| Brand relevance calculation | 1 |
| Application screenshot similarity calculation | 4 |
| Structure detection | 1 |
| Challenge image detection | 4 |
Based on the information, an application program phishing fraud risk detection model relation matrix M is constructed as shown in the following table 4:
TABLE 4 Table 4
Where M ij represents the degree of influence of model i on model j when i+.j, and represents the importance of model i in the overall system when i=j. Normalization is a normal operation that normalizes transactions. If the average is a typical normalization operation, it is most important to perform normalization by removing the influence of the dimension with a maximum value as a standard. Therefore, solving the canonical influence matrix of the relation matrix is as follows:
Directly affecting the matrix M, the values in definition M are denoted by a ij: m= (a ij)n×n;
Definition:
i.e., first solving the numerical sums for each row, and then solving the maximum in the matrix based on the maximum value for each row, as shown in table 5 below:
TABLE 5
Maxvar=max(12,1,4,3,7)=12
Defining an initial specification impact matrix:
the details are shown in table 6 below:
TABLE 6
The information entropy is fused to optimize an initial specification influence matrix, and the specification influence matrix is defined as follows:
The integrated influence matrix is then solved by the canonical influence matrix. The matrix is affected synthetically, english total relation matrix, and is therefore denoted by T. The composite impact matrix is defined as follows:
T=N+N2+N3+…+NK
Wherein T is a comprehensive influence matrix, N is a normalized influence matrix, and the normalized direct influence matrix is squared and represents an added indirect influence between models. After the canonical influence matrix has been raised, the matrix approaches 0, i.e., a zero matrix. While I is an identity matrix, i.e. a matrix with a diagonal value of 1 and elsewhere a value of 0. The synthetic impact matrix is derived:
Based on an equal ratio formula, the comprehensive influence matrix:
Since the specification influences the matrix to approach 0 after the matrix is raised, the matrix is:
Wherein (I-N) -1 is the inverse of (I-N).
The business is combined with the analysis of the normative influence matrix fused with the information entropy, the normative influence matrix belongs to log normal distribution, and the normative influence matrix squaring is obtained by the same method and is also log normal distribution. Then formalized analysis is required to verify the rationality of the model if the comprehensive impact matrix meets the business data distribution. Formalized verification can be simplified to verify that the sum of two log normal distribution functions meets the log normal distribution. Formal verification is as follows:
given two independent log normal distributions defined on the same sample space;
probability density function f 1;
probability density function f 2;
Setting random variables:
Z=X1+X2
The probability density function is then:
Definition of the definition
To the right of the integral sign is a normal distributed density function form, so that the integral result is 1, and then the final form of f z (z) is:
After formal verification, we can conclude that: the comprehensive influence matrix T accords with service data distribution, and the comprehensive influence degree modeling of the risk detection model is reasonable.
The median T ij of the integrated influence matrix T represents the direct influence of the model i on the model j plus the indirect influence, i.e. the degree of the integrated influence generated. At the same time, t ij also represents the degree to which model j is comprehensively affected by model i. In summary, the sum of the values of each row of the comprehensive influence matrix T represents the comprehensive influence value, i.e. the influence degree, of each row of the corresponding model on all other models, and the set is denoted as D.
D=(D1,D2,D3,…,Dn)
Wherein:
The sum of the values of the columns of the integrated influence matrix T indicates the integrated influence, i.e. the degree of influence, of all other models on the model corresponding to each column, and this set is denoted as C.
C=(C1,C2,C3,…,Cn)
Wherein:
The degree of influence of the model i and the degree of influence are added to obtain the centrality of the model, denoted as M i,
Mi=Di+Ci
Through the above calculation process, the comprehensive influence degree of the model of the application program phishing fraud risk detection is shown in the following table 7:
TABLE 7
| Model | Degree of combined influence |
| Brand relevance calculation | 4.029 |
| Brand relevance calculation | 0.911 |
| Application screenshot similarity calculation | 2.809 |
| Structure detection | 1.478 |
| Challenge image detection | 2.857 |
The importance of each model in the risk data risk value and risk level solution is calculated based on the comprehensive influence of the risk detection models. Meanwhile, based on system modeling experience, some unaccounted factors can influence risk data risk values and a risk level calculation system, so that disturbance items are introduced to balance data distribution and increase robustness of the system. Based on a network analysis method (Analytic Network Process), the weight of the disturbance term lambda in the whole system is set to be 1%. The importance of the risk detection model is calculated as follows:
Where w i represents the importance of the risk detection model i;
W=(w1,w2,…,wn,wλ)
Where w represents the importance of the risk detection model, i.e., the disturbance term weight.
Based on the above calculation process, the importance of the application program type phishing fraud risk detection model is shown in the following table 8:
TABLE 8
| Model | Model importance |
| Brand relevance calculation | 0.330 |
| Brand relevance calculation | 0.075 |
| Application screenshot similarity calculation | 0.230 |
| Structure detection | 0.121 |
| Challenge image detection | 0.234 |
The output results of the risk detection model can be categorized into three types, and the details are as follows:
Binary output result: if yes, whether a login component exists, whether a challenge image exists, and the like;
correlation results: such as brand association and brand information similarity;
degree of offset: if the application program screenshot similarity calculation module results, the calculation mode is as follows:
The offset refers to the output result of the detection model with the threshold value set, for example, the threshold value of the application screenshot similarity calculation module is set to 0.7, and when the similarity is greater than 0.7, the application screenshot is considered to be similar to the brand application screenshot in the brand base information base.
The degree of offset is defined as follows:
where D represents the degree of offset, S represents the probability of similarity, and K represents the model threshold.
Meanwhile, the output of the risk detection model is normalized, and the influence of dimension on the risk value and the risk grade calculation of the risk data is removed. The importance of the comprehensive risk detection model and the risk detection model output calculate risk data risk values as follows:
wherein w i represents the importance of the model i, and x i represents the normalized result of the model detection output; where w 0 represents the importance of the disturbance term λ, currently set to 1%, x 0 represents the value of the disturbance term, and values within [0.6,1] closed interval are randomly selected.
The risk data risk level is calculated as follows:
Wherein risk represents the risk value of the ith data, K is a risk value threshold, and when risk is not less than K, the risk data is considered to be at risk, otherwise, the risk data is discarded. The risk level is calculated by first calculating the offset of the risk value relative to the threshold, i.e., (risk-K). And then carrying out integer division calculation on the risk level score interval, namely dividing 1-K by 5, wherein the settlement result is the corresponding risk level. The risk class is divided into five stages, one stage is highest, the other stage is lowest, and the steps from one stage to the other stage are gradually decreased. And calculating the tolerance of each set corresponding to each risk type in the multiple sets in the next step by calculating the risk value of at least one application program.
Step S20 determines risk types corresponding to the risk values of the respective applications in a preset plurality of risk types, and a tolerance of each set in the plurality of sets corresponding to the respective risk types.
In one embodiment, a weight matrix is obtained according to the preset priority coefficients of the risk types, and each feature vector in the weight matrix represents tolerance coefficients of each set corresponding to each risk type.
Preferably, the brand collection risk value and risk level calculation mainly comprises three parts: risk classification data aggregation, risk type tolerance calculation, and overall aggregate risk value and risk level calculation.
And if the weight matrix meets the logic consistency of the priority, taking the feature vector in the weight matrix as the tolerance of the corresponding set to the corresponding risk type.
Firstly, aggregating risk data based on risk categories in the risk data, and calculating an average risk value of each risk category in the following calculation mode:
Where H represents the average risk value for a certain overall aggregate risk category and x i represents the risk value for risk data i.
Next, brand risk type tolerance calculations are performed, first a priority sequence r= (R 1,r2,r3...rn) for each brand for the different risk types to be monitored needs to be given. Where R represents a set of risk type priority sequences, R i represents a risk type with a priority ranking i, and R 1 has a higher priority than R 2.
Solving the tolerance of brands to different risk types, wherein the process is as follows:
A judgment matrix is constructed, namely A [ i ] [ j ] of the matrix represents the priority of the risk type i to the risk type j. The priority values are set based on the hierarchy of the finite sequence, e.g., five total hierarchies, and then the priority values are listed in table 9:
TABLE 9
| Priority level | Priority of |
| Equal priority | 1 |
| Slightly give priority to | 2 |
| Stronger priority | 3 |
| Intense priority | 4 |
| Extreme priority | 5 |
Defining the priority of the risk type i as O i;
the matrix constructed according to the priority level between the risk types, i.e., the positive reciprocal matrix, is shown in the following table 10:
table 10
| Risk category A | Risk category B | Risk category C | |
| Risk category A | 1 | OA-OB+1 | OA-OC+1 |
| Risk category B | OB-OA+1 | 1 | OB-OA+1 |
| Risk category C | OC-OA+1 | OC-OB+1 | 1 |
Determination of matrix eigenvectors (weight matrices)
First, the product is calculated for each row of elements of the matrix to obtain a matrix M of n rows 1 columns
Second, calculate the n-th root for matrix M
Thirdly, normalization processing is carried out, namely: dividing each element by the sum of the total elements to obtain a feature vector w i,wi, namely the tolerance coefficient of each feature vector characterization set corresponding to each risk type in the weight matrix.
Further, if the weight matrix meets the logic consistency of the priority, the feature vector in the weight matrix is used as the tolerance of the corresponding set to the corresponding risk type.
Specifically, calculating the maximum feature root λ of the judgment matrix includes the following:
Judging the matrix x weight vector to obtain a matrix M;
an n x weight vector is calculated for each element of M.
And according to the information, judging consistency test of the matrix: the consistency check is that the weight matrix meets the logic consistency of priority. When a is strongly preferred over b and b is slightly preferred, it is apparent that a must be preferred over b. This is to judge the logical consistency of thinking, otherwise the judgment is contradictory.
The judgment matrix has a unique non-zero and maximum eigenvalue λ max =n (n is the order of the judgment matrix) under the condition that the above-mentioned complete consistency is satisfied. However, in general decision problems, it is not possible for the decision maker to give accurate w i/wj metrics, and only make a decision to evaluate them. Thus, the actual A [ i ] [ j ] judgment given deviates from the ideal w i/wj, and the complete consistency of the judgment matrix cannot be ensured. Therefore, in order to ensure that the conclusion obtained by using the AHP is basically reasonable, consistency test is also required to be performed on the constructed judgment matrix.
Wherein, when the consistency index ci=0, a is consistent; the greater the CI, the more severe the degree of inconsistency of A.
In order to measure satisfactory consistency in different judgment matrixes, according to experience, an average random consistency index RI value of the judgment matrixes is also required to be introduced. For the 1-9 th order judgment matrix, the RI values are shown in the following table 11:
| Order of | RI value |
| 1 | 0.00 |
| 2 | 0.00 |
| 3 | 0.58 |
| 4 | 0.90 |
| 5 | 1.12 |
| 6 | 1.24 |
| 7 | 1.32 |
| 8 | 1.41 |
| 9 | 1.45 |
When the order is >2, the ratio of the consistency index CI of the judgment matrix to the consistency index RI of the same-order average random number becomes a random consistency ratio, and is marked as CR.
When cr=ci/RI < 0.1, the judgment matrix is considered to have satisfactory consistency, otherwise, the judgment matrix needs to be adjusted to have satisfactory consistency.
And finally solving to obtain a weight matrix with satisfactory consistency. And respectively obtaining a weight matrix according to the two special cases.
Finally, the tolerance of each set to the risk type i is defined as w i
Step S30 calculates a risk value of each set of the multiple sets according to a risk type corresponding to the risk value of each application program in the preset multiple risk types and a tolerance of each set corresponding to each risk type.
Specifically, the tolerance of the individual sets to risk types and the average risk value for each risk type calculate the overall set risk value as follows:
where w i refers to the tolerance of the set to the ith risk type of the plurality of risk types, and y i refers to the average risk value of the ith risk type of the plurality of risk types.
Step S40 determines a risk level of an application system according to the risk value of each set in the plurality of sets, where the application system refers to a system formed by applications included in the plurality of sets.
Preferably, the customer overall risk value and risk level calculation scheme comprises two parts, namely internal risk value calculation and external risk value calculation, wherein the internal risk value refers to the risk value represented by all threat information in the process of carrying out personalized potential risk exposure face early warning calculation on threat information based on customer digital asset information and supply chain information, and the internal risk value is provided by a potential risk exposure face early warning calculation engine.
Specifically, according to an algorithm
A first sub-risk value of the application system is calculated, wherein x i represents a risk value of an i-th set of the plurality of sets.
Further, calculating a risk level coefficient of the application program system according to the risk value of the application program system, namely
Further, determining a risk level of the application program system according to the risk level coefficient of the application program system, and calculating a system overall risk value by fusing an internal risk value and an external risk value in the following manner:
Namely, to calculate the risk value of the application program system:
wherein R refers to the risk value, w and All refer to risk weights that can be obtained from commercial analysis.
Specifically, the overall risk level of the risk level set of the application program system is determined according to the risk level coefficient of the application program system.
The calculation method is as follows:
R represents a risk value of the application program system, K is a risk value threshold, and when R is more than or equal to K, the client is considered to have digital risk, otherwise, the risk is negligible. When the risk level is calculated, firstly, the offset of the risk value relative to the threshold value, namely R-K, is calculated. And then carrying out integer division calculation on the risk level score interval, namely dividing 1-K by 5, wherein the settlement result is the corresponding risk level. The risk class is divided into five stages, one stage is highest, the other stage is lowest, and the steps from one stage to the other stage are gradually decreased.
According to the application, through the constructed digital risk protection risk calculation scheme, the risk value and the risk level are finally obtained, and in fact, the digital risk protection calculation scheme comprises risk value and risk level calculation of risk data, brand overall risk value and risk level calculation and client overall risk value and risk level calculation, wherein brand overall clients refer to application program risk values and risk levels, namely, risk values and risk levels of all sets, and client overall risk values and risk levels refer to risk values and risk levels of an overall application program system.
The risk value and the risk level of the risk data can be obtained, strict formal verification is carried out, the rationality of modeling is ensured, and disturbance items are added in the risk value calculation process to improve the robustness of a risk value calculation system; the canonical influence matrix in the risk value calculation process improves the information representation capability by fusing the information entropy and the initial canonical influence matrix; a risk level calculation mode is constructed; brand overall risk value and risk level calculation part advantage: comprehensively considering the tolerance of brands on different risk types, and calculating risk values; creatively constructs a calculation mode of the tolerance of the brand to the risk type; customer overall risk value and risk level calculation part advantage: the risk value calculation fuses the internal risk and the external risk information.
The application also provides a device for determining the risk level of the application program, which comprises the following steps:
And the risk value calculation module of the application program is used for acquiring the risk value of at least one application program, wherein the at least one application program corresponds to a plurality of sets, and each application program in the at least one application program belongs to one of the plurality of sets.
And the tolerance module is used for determining the risk type corresponding to the risk value of each application program in a plurality of preset risk types and the tolerance of each set corresponding to each risk type in the plurality of sets.
The risk value calculation module is used for calculating the risk value of each set in the multiple sets according to the risk type corresponding to the risk value of each application program in the preset multiple risk types and the tolerance of each set corresponding to each risk type.
And the risk level calculation module is used for determining the risk level of an application program system according to the risk value of each set in the plurality of sets, wherein the application program system refers to a system formed by application programs contained in the plurality of sets.
Through the module, the risk value of each set in the sets is calculated, and the risk level of the application program system is determined according to the risk value of each set in the sets, so that the risk level of each risk application program is determined, and the experience of an application program provider is better.
Embodiments of the present application provide a storage medium having stored thereon computer executable instructions which, when executed by a computing device, are operable to implement the methods described in the previous embodiments.
It is to be understood that the above-described embodiments of the present application are merely illustrative of or explanation of the principles of the present application and are in no way limiting of the application. Accordingly, any modification, equivalent replacement, improvement, etc. made without departing from the spirit and scope of the present application should be included in the scope of the present application. Furthermore, the appended claims are intended to cover such equivalents as fall within the scope and boundary of the appended claims, or such scope and boundary.
Claims (5)
1. A method for determining a risk level of an application, the method comprising:
acquiring a risk value of at least one application program, wherein the at least one application program corresponds to a plurality of sets, and each application program in the at least one application program belongs to one of the plurality of sets;
Determining a risk type corresponding to a risk value of each application program in a plurality of preset risk types, and determining tolerance of each set in the plurality of sets corresponding to each risk type;
Calculating the risk value of each set in the multiple sets according to the risk type of the risk value of each application program and the tolerance of each set corresponding to each risk type;
Determining a risk level of an application program system according to the risk value of each set in the plurality of sets, wherein the application program system refers to a system formed by application programs contained in the plurality of sets;
The determining the tolerance of each set of the plurality of sets to the respective risk type includes:
Obtaining a weight matrix according to the preset priority coefficients of the multiple risk types, wherein each feature vector in the weight matrix represents tolerance coefficients of each set corresponding to each risk type;
If the weight matrix meets the logic consistency of the priority, taking the feature vector in the weight matrix as the tolerance of the corresponding set to the corresponding risk type;
According to the risk type of each risk value and the tolerance of each risk type corresponding to each set, corresponding to any set, the risk value x of each set satisfies:
wherein, Refers to the tolerance of the aggregate to an ith risk type of the plurality of risk types,Representing an average risk value of an ith risk type in the plurality of risk types, and n represents the number of risk types;
the determining method further comprises the following steps:
According to an algorithm A first sub-risk value of the application system is calculated,
Wherein x j represents a risk value of a j-th set of the plurality of sets; m represents the number of the sets;
the determining the risk level of the application program system according to the risk value of each set in the plurality of sets comprises the following steps:
Calculating a risk value of the application program system according to the risk value of each set in the plurality of sets and the first sub-risk value of the application program system;
calculating a risk level coefficient of the application program system according to the risk value of the application program system;
And determining the risk level of the application program system according to the risk level coefficient of the application program system.
2. The method for determining an application risk level according to claim 1, wherein obtaining a risk value of at least one application corresponding to any application comprises:
collecting information of the application program;
acquiring risk information from the acquired information through a preset path topology model;
and calculating the risk value of the application program based on the risk information according to the preset importance and influence.
3. An apparatus for determining an application risk level, wherein the determining apparatus is configured to implement the method for determining an application risk level according to claim 1, the apparatus comprising:
A risk value calculation module of an application program, configured to obtain a risk value of at least one application program, where the at least one application program corresponds to a plurality of sets, and each application program in the at least one application program belongs to one of the plurality of sets;
the tolerance module of the risk type is used for determining the risk type corresponding to the risk value of each application program in a plurality of preset risk types and the tolerance of each set corresponding to each risk type in the plurality of sets;
The risk value calculation module is used for calculating the risk value of each set in the multiple sets according to the risk type of each risk value and the tolerance of each set corresponding to each risk type;
and the risk level calculation module is used for determining the risk level of an application program system according to the risk value of each set in the plurality of sets, wherein the application program system refers to a system formed by application programs contained in the plurality of sets.
4. The apparatus for determining a risk level of an application according to claim 3, further comprising:
And the information module of the application program is used for acquiring information of the application program, acquiring risk information from the acquired information through a preset path topology model, and calculating a risk value of the application program based on the risk information according to the preset importance and influence.
5. A storage medium having stored thereon computer executable instructions for performing the method of any of the preceding claims 1-2 when said computer executable instructions are executed by a computing device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111211486.XA CN113918435B (en) | 2021-10-18 | 2021-10-18 | Method and device for determining risk level of application program and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111211486.XA CN113918435B (en) | 2021-10-18 | 2021-10-18 | Method and device for determining risk level of application program and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113918435A CN113918435A (en) | 2022-01-11 |
| CN113918435B true CN113918435B (en) | 2024-10-22 |
Family
ID=79241353
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111211486.XA Active CN113918435B (en) | 2021-10-18 | 2021-10-18 | Method and device for determining risk level of application program and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113918435B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115688130B (en) * | 2022-10-17 | 2023-10-20 | 支付宝(杭州)信息技术有限公司 | Data processing method, device and equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110264326A (en) * | 2019-05-24 | 2019-09-20 | 阿里巴巴集团控股有限公司 | Identify the method, device and equipment of abnormal account aggregation and adventure account set |
| CN110991858A (en) * | 2019-11-28 | 2020-04-10 | 南方电网科学研究院有限责任公司 | Cross-border power grid networking project evaluation method and related device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107203939A (en) * | 2017-05-26 | 2017-09-26 | 阿里巴巴集团控股有限公司 | Determine method and device, the computer equipment of consumer's risk grade |
| CN112990792B (en) * | 2021-05-11 | 2021-08-31 | 北京智源人工智能研究院 | Method and device for automatically detecting infringement risk and electronic equipment |
-
2021
- 2021-10-18 CN CN202111211486.XA patent/CN113918435B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110264326A (en) * | 2019-05-24 | 2019-09-20 | 阿里巴巴集团控股有限公司 | Identify the method, device and equipment of abnormal account aggregation and adventure account set |
| CN110991858A (en) * | 2019-11-28 | 2020-04-10 | 南方电网科学研究院有限责任公司 | Cross-border power grid networking project evaluation method and related device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113918435A (en) | 2022-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| O'Mahony et al. | Detecting noise in recommender system databases | |
| Liu et al. | Who is. com? Learning to parse WHOIS records | |
| CN110958220A (en) | Network space security threat detection method and system based on heterogeneous graph embedding | |
| CN108764707A (en) | A kind of data assessment system and method | |
| CN107153656B (en) | Information searching method and device | |
| CN113098887A (en) | Phishing website detection method based on website joint characteristics | |
| CN102523311A (en) | Illegal domain name recognition method and device | |
| CN110929525A (en) | Network loan risk behavior analysis and detection method, device, equipment and storage medium | |
| CN114915479A (en) | Web attack phase analysis method and system based on Web log | |
| CN108667678A (en) | A kind of O&M Log security detection method and device based on big data | |
| Cao et al. | Enhancing recommender systems under volatile userinterest drifts | |
| CN112839014A (en) | Method, system, device and medium for establishing model for identifying abnormal visitor | |
| CN112115326A (en) | Multi-label classification and vulnerability detection method for Ether house intelligent contracts | |
| CN113918435B (en) | Method and device for determining risk level of application program and storage medium | |
| Wagner | Privacy Policies Across the Ages: Content and Readability of Privacy Policies 1996--2021 | |
| TK et al. | Identifying sensitive data items within hadoop | |
| CN112765660A (en) | Terminal security analysis method and system based on MapReduce parallel clustering technology | |
| CN109271495B (en) | Question-answer recognition effect detection method, device, equipment and readable storage medium | |
| CN114785710A (en) | Method and system for evaluating service capability of industrial internet identification analysis secondary node | |
| CN112468444B (en) | Internet domain name abuse identification method and device, electronic equipment and storage medium | |
| CN117033552A (en) | Information evaluation method, device, electronic equipment and storage medium | |
| Periyasamy et al. | Prediction of future vulnerability discovery in software applications using vulnerability syntax tree (PFVD-VST). | |
| CN117081801A (en) | Fingerprint identification method, device and medium for content management system of website | |
| CN116881687A (en) | Power grid sensitive data identification method and device based on feature extraction | |
| CN112989374B (en) | Data security risk identification method and device based on complex network analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |