CN111400168B - Intelligent software wind control method, electronic device and computer readable storage medium - Google Patents
Intelligent software wind control method, electronic device and computer readable storage medium Download PDFInfo
- Publication number
- CN111400168B CN111400168B CN202010110447.XA CN202010110447A CN111400168B CN 111400168 B CN111400168 B CN 111400168B CN 202010110447 A CN202010110447 A CN 202010110447A CN 111400168 B CN111400168 B CN 111400168B
- Authority
- CN
- China
- Prior art keywords
- data
- wind control
- risk
- user
- normal distribution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012954 risk control Methods 0.000 claims abstract description 62
- 238000012544 monitoring process Methods 0.000 claims abstract description 37
- 238000007781 pre-processing Methods 0.000 claims abstract description 21
- 238000011217 control strategy Methods 0.000 claims abstract description 16
- 238000001914 filtration Methods 0.000 claims abstract description 14
- 238000007405 data analysis Methods 0.000 claims abstract description 7
- 238000013480 data collection Methods 0.000 claims abstract description 5
- 238000004364 calculation method Methods 0.000 claims description 37
- 230000006399 behavior Effects 0.000 claims description 10
- 238000004458 analytical method Methods 0.000 claims description 9
- 238000011156 evaluation Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 2
- 238000012545 processing Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 6
- 238000007619 statistical method Methods 0.000 description 6
- 230000000903 blocking effect Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012502 risk assessment Methods 0.000 description 4
- 238000013500 data storage Methods 0.000 description 3
- 230000003247 decreasing effect Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010205 computational analysis Methods 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Prevention of errors by analysis, debugging or testing of software
- G06F11/3604—Analysis of software for verifying properties of programs
- G06F11/3608—Analysis of software for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Selective Calling Equipment (AREA)
- Testing And Monitoring For Control Systems (AREA)
Abstract
The invention relates to a data analysis technology, and discloses an intelligent software wind control method, which comprises the following steps: historical data collection is carried out aiming at a preset wind control target, wherein the wind control target is the operation behavior of an operation module which needs to be subjected to risk control in software by a user; preprocessing and filtering the collected historical data; big data analysis is carried out on the preprocessed and filtered data aiming at the monitoring index, and a normal distribution curve with preset dimension is established; performing risk prediction according to the normal distribution curve and current operation data of the user; and executing a corresponding wind control strategy according to the risk prediction result. The invention also provides an electronic device and a computer readable storage medium. According to the invention, the normal distribution curve can be established by carrying out mathematical statistics according to the historical operation behavior habit of the user, and the risk judgment is carried out on the sensitive operation of the user according to the normal distribution curve, so that the safety of the user in operating the software is more effectively improved.
Description
Technical Field
The present invention relates to the field of data analysis technologies, and in particular, to an intelligent software wind control method, an electronic device, and a computer readable storage medium.
Background
Any industry may have various risks, and how to perform effective risk control requires the risk manager to take various measures and methods to eliminate or reduce various possibilities of occurrence of risk events, or to reduce losses caused by occurrence of risk events. In the present internet era, more and more things are already software-implemented, and a great deal of operations can be influenced by clicking a button, so that how to perform risk control on the operations of users is an important problem.
Traditional software wind control is mostly focused on preventing users from abnormal login and hacking, such as detection of common login places, anti-riot cracking, anti-man-in-the-middle attack and the like. However, the user name password leakage and the behavior after login such as malicious operation authorization cannot be effectively risk-controlled, and the user name password can only be post-remedied after the risk occurs, so that the risk possibly occurring in dangerous operation cannot be blocked in advance or predicted in advance, and huge loss is likely to be caused.
Disclosure of Invention
In view of the above, the present invention provides an intelligent software wind control method, an electronic device and a computer readable storage medium for solving at least one of the above problems.
Firstly, in order to achieve the above objective, the present invention provides an intelligent software wind control method, which includes the steps of:
historical data collection is carried out aiming at a preset wind control target, wherein the wind control target is the operation behavior of an operation module which needs to be subjected to risk control in software by a user;
preprocessing and filtering the collected historical data;
big data analysis is carried out on the preprocessed and filtered data aiming at the monitoring index, and a normal distribution curve with preset dimension is established;
according to the normal distribution curve and the current operation data of the wind control target by the user, risk prediction is carried out on the current operation; and
And executing a corresponding wind control strategy according to the risk prediction result.
Optionally, the method further comprises the steps of, before the preprocessing and filtering the data, analyzing the big data for the monitoring index:
and distributing the preprocessed and filtered data through a message queue, so that the data is pushed to a big data platform in a serialization way for analysis.
Optionally, the preprocessing is to calculate or count the monitoring index according to the collected historical data; the filtering is to compare the collected historical data or the preprocessed data with a preset threshold value and remove the maximum value and the minimum value which exceed the threshold value range.
Optionally, the preset dimensions include a current operator dimension and an overall user dimension.
Optionally, the monitoring index includes a time of a user entering the operation module and a stay time from entering to performing a sensitive operation.
Optionally, establishing the normal distribution curve of the preset dimension includes establishing four normal distribution curves according to the entering time of the current operator, the stay time of the current operator, the entering time of the whole users and the stay time of the whole users respectively.
Optionally, when there are multiple normal distribution curves, each normal distribution curve is preset with a weight corresponding to each normal distribution curve, and the step of estimating risk for the current operation according to the normal distribution curve and the operation data of the current wind control target by the user includes:
according to the operation data of the current operation, calculating the monitoring index;
respectively comparing the calculation result with a plurality of normal distribution curves to obtain corresponding risk assessment values;
and carrying out weighted calculation on the risk evaluation value obtained by comparing with each normal distribution curve and the weight corresponding to the normal distribution curve to obtain a final judgment result.
Optionally, the step of estimating the risk of the current operation according to the normal distribution curve and the operation data of the user on the wind control target currently further includes:
judging whether operation data exist in the current operation or not;
when the operation data does not exist, judging that the current operation is at risk;
when operation data exist, comparing the operation data or a calculation result aiming at the monitoring index with the threshold value, and judging that the current operation is at risk if the operation data or the calculation result aiming at the monitoring index is not in the threshold value range;
if the current operation is within the threshold range, judging whether the current operation is at risk or not according to the section of the calculation result of the current operation on the monitoring index in the corresponding normal distribution curve.
In addition, in order to achieve the above objective, the present invention further provides an electronic device, which includes a memory and a processor, wherein the memory stores an intelligent software wind control system that can be executed on the processor, and the intelligent software wind control system implements the steps of the intelligent software wind control method when executed by the processor.
Further, to achieve the above object, the present invention also provides a computer readable storage medium storing a smart software wind control system executable by at least one processor to cause the at least one processor to perform the steps of the smart software wind control method as described above.
Compared with the prior art, the intelligent software wind control method, the electronic device and the computer readable storage medium provided by the invention can be used for establishing a normal distribution curve by carrying out mathematical statistics according to the historical operation behavior habit of the user and carrying out risk judgment on sensitive operation of the user each time according to a certain rule according to the normal distribution curve. For the operation meeting the judgment conditions, automatic blocking can be performed, or a risk prompt can be given for manual checking. By adopting the method, on the basis of traditional software wind control, the supervision and early warning can be carried out on some risk operations of the user in some modules more deeply, dangerous operations can not be carried out even if the user name password or login credentials of the user are stolen, and the safety of the user in operating the software is improved to the greatest extent.
Drawings
FIG. 1 is a schematic diagram of an alternative hardware architecture of an electronic device according to the present invention;
FIG. 2 is a schematic diagram of a program module of a first embodiment of the intelligent software wind control system of the present invention;
FIG. 3 is a schematic diagram of a program module of a second embodiment of the intelligent software wind control system of the present invention;
FIG. 4 is a flow chart of a first embodiment of the intelligent software wind control method of the present invention;
FIG. 5 is a flow chart of a second embodiment of the intelligent software wind control method of the present invention;
the achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that the description of "first", "second", etc. in this disclosure is for descriptive purposes only and is not to be construed as indicating or implying a relative importance or implying an indication of the number of technical features being indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent and not within the scope of protection claimed in the present invention.
Referring to fig. 1, a schematic diagram of an alternative hardware architecture of an electronic device 2 according to the present invention is shown.
In this embodiment, the electronic device 2 may include, but is not limited to, a memory 11, a processor 12, and a network interface 13 that may be communicatively connected to each other through a system bus. It should be noted that fig. 1 only shows an electronic device 2 having components 11-13, but it should be understood that not all of the illustrated components are required to be implemented, and that more or fewer components may alternatively be implemented.
The electronic device 2 may be a server, a PC (Personal Computer ), or a terminal device such as a smart phone, a tablet computer, a palm computer, a portable computer, or the like. The server may be a rack server, a blade server, a tower server, or a cabinet server, and may be an independent server or a server cluster formed by a plurality of servers.
The memory 11 includes at least one type of readable storage medium including flash memory, hard disk, multimedia card, card memory (e.g., SD or DX memory, etc.), random Access Memory (RAM), static Random Access Memory (SRAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), programmable Read Only Memory (PROM), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the storage 11 may be an internal storage unit of the electronic device 2, such as a hard disk or a memory of the electronic device 2. In other embodiments, the memory 11 may also be an external storage device of the electronic apparatus 2, for example, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic apparatus 2. Of course, the memory 11 may also comprise both an internal memory unit and an external memory device of the electronic apparatus 2. In this embodiment, the memory 11 is generally used for storing an operating system and various application software installed on the electronic device 2, such as program codes of the intelligent software wind control system 200. Further, the memory 11 may be used to temporarily store various types of data that have been output or are to be output.
The processor 12 may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 12 is typically used to control the overall operation of the electronic device 2. In this embodiment, the processor 12 is configured to execute the program code or process data stored in the memory 11, for example, execute the intelligent software wind control system 200.
The network interface 13 may comprise a wireless network interface or a wired network interface, which network interface 13 is typically used for establishing a communication connection between the electronic apparatus 2 and other electronic devices.
So far, the hardware structure and function of the related device of the present invention have been described in detail. In the following, various embodiments of the present invention will be presented based on the above description.
First, the present invention proposes an intelligent software wind control system 200.
Referring to FIG. 2, a block diagram of a first embodiment of an intelligent software wind control system 200 according to the present invention is shown.
In this embodiment, the intelligent software wind control system 200 includes a series of computer program instructions stored in the memory 11, which when executed by the processor 12, implement the intelligent software wind control operations of the various embodiments of the present invention. In some embodiments, the intelligent software wind control system 200 may be divided into one or more modules based on the particular operations implemented by portions of the computer program instructions. For example, in fig. 2, the intelligent software wind control system 200 may be partitioned into a collection module 201, a preprocessing module 202, an analysis module 203, an estimation module 204, and an execution module 205. Wherein:
The collection module 201 is configured to collect historical data for a preset wind control target.
Specifically, the preset wind control target refers to an operation behavior of an operation module (a module with a certain sensitive function) in software, which needs to be risk controlled by a user, for example, an operation time of a certain page. The operation time specifically includes a time of entering the risk control module (or a time of starting to operate the risk control module), a time of leaving the risk control module (or a time of ending to operate the risk control module), a time of performing a sensitive operation (e.g., logging in, confirming a transfer, etc.), and the like.
After the user logs into the software system, he enters a certain risk control module, and the collection module 201 (front end) starts to collect various data and send it to the background (preprocessing module 202). And performing data processing on the wind control target by the background through the foreground and background interaction between the front end and the background. Taking the operation time of the user as an example, the front end needs to send the entering time and the leaving time of the user to a certain module to the background. Meanwhile, as the user may switch to another page in the operation process, or the operation system does not enter a sleep state for a long time, the time points (switching or returning and the like) are also sent to the background, more data are collected as much as possible, and the accuracy of the collected operation time is ensured.
The collection module 201 collects historical data of the wind control target in a preset statistical period, for example, collects historical data of the operation time of the risk control module A for a month, and sends the historical data to the background for processing.
The preprocessing module 202 is configured to preprocess and filter the collected historical data.
Specifically, after the preprocessing module 202 (background) receives various historical data for the wind control target sent by the collecting module 201, simple preprocessing and filtering are required. The preprocessing refers to calculation or statistics of indexes to be monitored according to collected historical data. The filtering means that the collected data or the preprocessed data is compared with a preset threshold value, and the maximum value and the minimum value which exceed the threshold value range are removed, so that the excessive influence of a few maximum values or minimum values on the final statistical result is avoided.
Taking the operation time of the wind control target as the user to a certain risk control module as an example, the monitoring index needing to be concerned is when the user enters the risk control module, and the stay time of the user from entering to executing the sensitive operation is what. Thus, after collecting the time each time a user enters the risk control module and the time a sensitive operation is performed, the preprocessing module 202 performs a simple calculation based on the historical data, resulting in a dwell time each time the user enters the risk control module until the sensitive operation is performed. In addition, for the case that the user switches to another page halfway or does not operate for a long time to enter a sleep state, corresponding calculation is performed, for example, the time for switching to another page is deducted when the stay time is calculated. And then comparing the residence time with a preset threshold value, and removing a few maximum values and a few minimum values.
The analysis module 203 is configured to analyze the preprocessed and filtered data with respect to the monitoring index, and establish a normal distribution curve with a preset dimension.
Specifically, the big data platform (analysis module 203) is the final data storage, computational analysis platform. In this embodiment, statistics of two dimensions are established for the wind control objective: current operator dimension and overall user dimension. And in addition to statistical analysis of the operation data (the preprocessed and filtered data) of the risk control module by the current operator on the big data platform, further carrying out big data statistical analysis by combining the historical data collected by all users to obtain the operation data of all users on the risk control module. And then, for the current operator dimension and the whole user dimension, respectively establishing a normal distribution curve according to the operation data analyzed for the monitoring index system so as to carry out subsequent wind control judgment.
Taking the operation time as an example, the big data platform can statistically analyze all the time of entering the risk control module and the stay time from entering the risk control module to executing the sensitive operation of the current operator in the statistical period, statistically analyze all the time of entering the risk control module and the stay time from entering the risk control module to executing the sensitive operation of the whole user in the statistical period, and then respectively establish four normal distribution curves according to the entering time of the current operator, the stay time of the current operator, the entering time of the whole user and the stay time of the whole user to be used as the judgment standard for carrying out the wind control judgment on the operation of the risk control module by the operator.
The estimating module 204 is configured to estimate risk of the operation according to the normal distribution curve and operation data (sensitive operation) of the user on the wind control target currently.
Specifically, this section has not been able to work as soon as the system is established, because sufficient user operation history data has not been collected. After collecting enough data, the estimation module 204 can estimate risk for the current operation of the wind control target according to the established normal distribution curve.
When a sensitive operation request arrives in the background, a judgment is made from the following three aspects:
(1) Judging whether the operation data exist in the operation or not, if the operation data do not exist in the operation, judging that the operation is at risk. The corresponding wind control strategy is to directly inhibit operation and record a risk log, which indicates that the operation is not performed in a normal flow.
(2) If the operation data exists, comparing the current operation data (or the calculation result aiming at the monitoring index) with a preset threshold value, and if the operation data (or the calculation result aiming at the monitoring index) is not in the threshold value range, judging that the operation is at risk. The corresponding wind control strategy is to directly inhibit operation and record a risk log.
(3) When the two judging steps pass through (operation data exist and are within the threshold range), a corresponding normal distribution curve is obtained from the big data platform, the section of the operation (the calculation result aiming at the monitoring index) is calculated, and then the comparison is carried out according to a preset risk standard (no risk exists in the preset section, and risk exists outside the preset section), so that whether the operation is at risk is judged. For the operation with risk, the corresponding wind control strategy can be automatically blocked (forbidden operation), or give a risk prompt for artificial check. And for the operation without risk, normally executing.
Taking the operation time of the wind control target for a user on a certain risk control module as an example, acquiring normal distribution curves corresponding to the entry time and the residence time of the risk control module in the current operator dimension and the whole user dimension, and judging which section belongs to the corresponding normal distribution curve according to the entry time and the residence time of the current operation.
Wherein, for a plurality of normal distribution curves of a plurality of dimensions, the respective corresponding weights are preset. And when risk prediction is carried out, calculating the monitoring index according to the operation data of the current operation, comparing the calculation result with a plurality of normal distribution curves respectively to obtain corresponding risk assessment values, and carrying out weighted calculation according to weights to obtain a final judgment result.
For example, a normal distribution curve can be established for the current operator's entry time, the current operator's residence time, the overall user's entry time, and the overall user's residence time, and when determining whether the current operation is at risk, the weights of the curves corresponding to the operator's residence time, the overall user's residence time, the operator's entry time, and the overall user's entry time are sequentially decreased according to the weight determination of the four normal distribution curves.
The executing module 205 is configured to execute a corresponding wind control policy according to the risk prediction result.
Specifically, after risk prediction is performed on the current sensitive operation of the user according to the rule, the execution module 205 performs corresponding processing according to the wind control policy corresponding to each prediction result, including prohibiting the operation, giving a risk prompt for manual verification, performing normal execution, and the like.
The intelligent software wind control system provided by the embodiment can carry out mathematical statistics according to the historical operation behavior habit of the user to establish a normal distribution curve, and carry out risk judgment on sensitive operation of the user each time according to a certain rule according to the normal distribution curve. For the operation meeting the judgment conditions, automatic blocking can be performed, or a risk prompt can be given for manual checking. By adopting the method, on the basis of traditional software wind control, the supervision and early warning can be carried out on some risk operations of the user in some modules more deeply, dangerous operations can not be carried out even if the user name password or login credentials of the user are stolen, and the safety of the user in operating the software is improved to the greatest extent.
Referring to FIG. 3, a block diagram of a second embodiment of an intelligent software wind control system 200 according to the present invention is shown. In this embodiment, the intelligent software wind control system 200 further includes a distribution module 206 in addition to the collection module 201, the preprocessing module 202, the analysis module 203, the estimation module 204, and the execution module 205 in the first embodiment.
The distributing module 206 is configured to distribute the preprocessed and filtered data through a Message Queue (MQ).
Specifically, the distribution module 206 sends the data preprocessed and filtered by the preprocessing module 202 to the MQ, which then pushes the data to the large data platform, thereby serializing the data, avoiding large amounts of data from flooding into the large data platform, and creating excessive stress on the platform.
In addition, the invention also provides an intelligent software wind control method.
Referring to fig. 4, a flowchart of a first embodiment of the intelligent software wind control method of the present invention is shown. In this embodiment, the execution sequence of the steps in the flowchart shown in fig. 4 may be changed, and some steps may be omitted according to different requirements. The method comprises the following steps:
step S400, historical data collection is conducted aiming at a preset wind control target.
Specifically, the preset wind control target refers to an operation behavior of an operation module (a module with a certain sensitive function) in software, which needs to be risk controlled by a user, for example, an operation time of a certain page. The operation time specifically includes a time of entering the risk control module (or a time of starting to operate the risk control module), a time of leaving the risk control module (or a time of ending to operate the risk control module), a time of performing a sensitive operation (e.g., logging in, confirming a transfer, etc.), and the like.
After a user logs into the software system, the user enters a certain risk control module, and the front end (e.g. browser) starts to collect various data and send the data to the background. And performing data processing on the wind control target by the background through the foreground and background interaction between the front end and the background. Taking the operation time of the user as an example, the front end needs to send the entering time and the leaving time of the user to a certain module to the background. Meanwhile, as the user may switch to another page in the operation process, or the operation system does not enter a sleep state for a long time, the time points (switching or returning and the like) are also sent to the background, more data are collected as much as possible, and the accuracy of the collected operation time is ensured.
The front end collects historical data of the wind control target in a preset statistical period, for example, the front end collects historical data of the operation time of the risk control module A for a user in one month, and sends the historical data to the background for processing.
Step S402, preprocessing and filtering the collected history data.
Specifically, after the background receives various historical data aiming at the wind control target, which is sent by the front end, simple preprocessing and filtering are needed. The preprocessing refers to calculation or statistics of indexes to be monitored according to collected historical data. The filtering means that the collected data or the preprocessed data is compared with a preset threshold value, and the maximum value and the minimum value which exceed the threshold value range are removed, so that the excessive influence of a few maximum values or minimum values on the final statistical result is avoided.
Taking the operation time of the wind control target as the user to a certain risk control module as an example, the monitoring index needing to be concerned is when the user enters the risk control module, and the stay time of the user from entering to executing the sensitive operation is what. Therefore, after the front end collects the time of each user entering the risk control module and the time of executing the sensitive operation, the background performs a simple calculation on the basis of the historical data sent by the front end, so as to obtain the residence time of each user from entering the risk control module to executing the sensitive operation. In addition, for the case that the user switches to another page halfway or does not operate for a long time to enter a sleep state, corresponding calculation is performed, for example, the time for switching to another page is deducted when the stay time is calculated. And then comparing the residence time with a preset threshold value, and removing a few maximum values and a few minimum values.
And step S404, carrying out big data analysis on the preprocessed and filtered data aiming at the monitoring index, and establishing a normal distribution curve with preset dimensions.
Specifically, the big data platform is a final data storage and calculation analysis platform. In this embodiment, statistics of two dimensions are established for the wind control objective: current operator dimension and overall user dimension. And in addition to statistical analysis of the operation data (the preprocessed and filtered data) of the risk control module by the current operator on the big data platform, further carrying out big data statistical analysis by combining the historical data collected by all users to obtain the operation data of all users on the risk control module. And then, for the current operator dimension and the whole user dimension, respectively establishing a normal distribution curve according to the operation data analyzed for the monitoring index system so as to carry out subsequent wind control judgment.
Taking the operation time as an example, the big data platform can statistically analyze all the time of entering the risk control module and the stay time from entering the risk control module to executing the sensitive operation of the current operator in the statistical period, statistically analyze all the time of entering the risk control module and the stay time from entering the risk control module to executing the sensitive operation of the whole user in the statistical period, and then respectively establish four normal distribution curves according to the entering time of the current operator, the stay time of the current operator, the entering time of the whole user and the stay time of the whole user to be used as the judgment standard for carrying out the wind control judgment on the operation of the risk control module by the operator.
And step S406, performing risk prediction on the operation according to the normal distribution curve and the operation data (sensitive operation) of the user on the wind control target.
Specifically, this section has not been able to work as soon as the system is established, because sufficient user operation history data has not been collected. After enough data are collected, risk prediction can be performed on the operation of the wind control target for the user currently according to the established normal distribution curve.
When a sensitive operation request arrives in the background, a judgment is made from the following three aspects:
(1) Judging whether the operation data exist in the operation or not, if the operation data do not exist in the operation, judging that the operation is at risk. The corresponding wind control strategy is to directly inhibit operation and record a risk log, which indicates that the operation is not performed in a normal flow.
(2) If the operation data exists, comparing the current operation data (or the calculation result aiming at the monitoring index) with a preset threshold value, and if the operation data (or the calculation result aiming at the monitoring index) is not in the threshold value range, judging that the operation is at risk. The corresponding wind control strategy is to directly inhibit operation and record a risk log.
(3) When the two judging steps pass through (operation data exist and are within the threshold range), a corresponding normal distribution curve is obtained from the big data platform, the section of the operation (the calculation result aiming at the monitoring index) is calculated, and then the comparison is carried out according to a preset risk standard (no risk exists in the preset section, and risk exists outside the preset section), so that whether the operation is at risk is judged. For the operation with risk, the corresponding wind control strategy can be automatically blocked (forbidden operation), or give a risk prompt for artificial check. And for the operation without risk, normally executing.
Taking the operation time of the wind control target for a user on a certain risk control module as an example, acquiring normal distribution curves corresponding to the entry time and the residence time of the risk control module in the current operator dimension and the whole user dimension, and judging which section belongs to the corresponding normal distribution curve according to the entry time and the residence time of the current operation.
Wherein, for a plurality of normal distribution curves of a plurality of dimensions, the respective corresponding weights are preset. And when risk prediction is carried out, calculating the monitoring index according to the operation data of the current operation, comparing the calculation result with a plurality of normal distribution curves respectively to obtain corresponding risk assessment values, and carrying out weighted calculation according to weights to obtain a final judgment result.
For example, a normal distribution curve can be established for the current operator's entry time, the current operator's residence time, the overall user's entry time, and the overall user's residence time, and when determining whether the current operation is at risk, the weights of the curves corresponding to the operator's residence time, the overall user's residence time, the operator's entry time, and the overall user's entry time are sequentially decreased according to the weight determination of the four normal distribution curves.
Step S408, executing a corresponding wind control strategy according to the risk prediction result.
Specifically, after risk prediction is performed on the current sensitive operation of the user according to the rule, corresponding processing is performed according to the wind control strategy corresponding to each prediction result, including operation prohibition, risk prompt giving, manual check, normal execution and the like.
According to the intelligent software wind control method provided by the embodiment, mathematical statistics can be carried out according to historical operation behavior habits of the user to establish a normal distribution curve, and risk judgment is carried out on sensitive operations of the user each time according to a certain rule according to the normal distribution curve. For the operation meeting the judgment conditions, automatic blocking can be performed, or a risk prompt can be given for manual checking. By adopting the method, on the basis of traditional software wind control, the supervision and early warning can be carried out on some risk operations of the user in some modules more deeply, dangerous operations can not be carried out even if the user name password or login credentials of the user are stolen, and the safety of the user in operating the software is improved to the greatest extent.
Fig. 5 is a schematic flow chart of a second embodiment of the intelligent software wind control method of the present invention. In this embodiment, the intelligent software wind control method further includes step S504 on the basis of the first embodiment.
The method comprises the following steps:
step S500, historical data collection is conducted aiming at a preset wind control target.
Specifically, the preset wind control target refers to an operation behavior of an operation module (a module with a certain sensitive function) in software, which needs to be risk controlled by a user, for example, an operation time of a certain page. The operation time specifically includes a time of entering the risk control module (or a time of starting to operate the risk control module), a time of leaving the risk control module (or a time of ending to operate the risk control module), a time of performing a sensitive operation (e.g., logging in, confirming a transfer, etc.), and the like.
After a user logs into the software system, the user enters a certain risk control module, and the front end (e.g. browser) starts to collect various data and send the data to the background. And performing data processing on the wind control target by the background through the foreground and background interaction between the front end and the background. Taking the operation time of the user as an example, the front end needs to send the entering time and the leaving time of the user to a certain module to the background. Meanwhile, as the user may switch to another page in the operation process, or the operation system does not enter a sleep state for a long time, the time points (switching or returning and the like) are also sent to the background, more data are collected as much as possible, and the accuracy of the collected operation time is ensured.
The front end collects historical data of the wind control target in a preset statistical period, for example, the front end collects historical data of the operation time of the risk control module A for a user in one month, and sends the historical data to the background for processing.
Step S502, preprocessing and filtering the collected history data.
Specifically, after the background receives various historical data aiming at the wind control target, which is sent by the front end, simple preprocessing and filtering are needed. The preprocessing refers to calculation or statistics of indexes to be monitored according to collected historical data. The filtering means that the collected data or the preprocessed data is compared with a preset threshold value, and the maximum value and the minimum value which exceed the threshold value range are removed, so that the excessive influence of a few maximum values or minimum values on the final statistical result is avoided.
Taking the operation time of the wind control target as the user to a certain risk control module as an example, the monitoring index needing to be concerned is when the user enters the risk control module, and the stay time of the user from entering to executing the sensitive operation is what. Therefore, after the front end collects the time of each user entering the risk control module and the time of executing the sensitive operation, the background performs a simple calculation on the basis of the historical data sent by the front end, so as to obtain the residence time of each user from entering the risk control module to executing the sensitive operation. In addition, for the case that the user switches to another page halfway or does not operate for a long time to enter a sleep state, corresponding calculation is performed, for example, the time for switching to another page is deducted when the stay time is calculated. And then comparing the residence time with a preset threshold value, and removing a few maximum values and a few minimum values.
And step S504, distributing the preprocessed and filtered data through the MQ message queue.
Specifically, the background sends the preprocessed and filtered data to the MQ, and the MQ pushes the data to the large data platform, so that the data is serialized, a large amount of data is prevented from rushing into the large data platform, and excessive pressure is generated on the platform.
And step S506, carrying out big data analysis on the preprocessed and filtered data obtained by distribution aiming at the monitoring index, and establishing a normal distribution curve with preset dimensionality.
Specifically, the big data platform is a final data storage and calculation analysis platform. In this embodiment, statistics of two dimensions are established for the wind control objective: current operator dimension and overall user dimension. And in addition to statistical analysis of the operation data (the preprocessed and filtered data) of the risk control module by the current operator on the big data platform, further carrying out big data statistical analysis by combining the historical data collected by all users to obtain the operation data of all users on the risk control module. Then, for the current operator dimension and the whole user dimension, a normal distribution curve is established according to the operation data analyzed by statistics, so that wind control judgment can be carried out later.
Taking the operation time as an example, the big data platform can statistically analyze all the time of entering the risk control module and the stay time from entering the risk control module to executing the sensitive operation of the current operator in the statistical period, statistically analyze all the time of entering the risk control module and the stay time from entering the risk control module to executing the sensitive operation of the whole user in the statistical period, and then respectively establish four normal distribution curves according to the entering time of the current operator, the stay time of the current operator, the entering time of the whole user and the stay time of the whole user to be used as the judgment standard for carrying out the wind control judgment on the operation of the risk control module by the operator.
And step S508, performing risk prediction on the operation according to the normal distribution curve and the operation data (sensitive operation) of the user on the wind control target.
Specifically, this section has not been able to work as soon as the system is established, because sufficient user operation history data has not been collected. After enough data are collected, risk prediction can be performed on the operation of the wind control target for the user currently according to the established normal distribution curve.
When a sensitive operation request arrives in the background, a judgment is made from the following three aspects:
(1) Judging whether the operation data exist in the operation or not, if the operation data do not exist in the operation, judging that the operation is at risk. The corresponding wind control strategy is to directly inhibit operation and record a risk log, which indicates that the operation is not performed in a normal flow.
(2) If the operation data exists, comparing the current operation data (or the calculation result aiming at the monitoring index) with a preset threshold value, and if the operation data (or the calculation result aiming at the monitoring index) is not in the threshold value range, judging that the operation is at risk. The corresponding wind control strategy is to directly inhibit operation and record a risk log.
(3) When the two judging steps pass through (operation data exist and are within the threshold range), a corresponding normal distribution curve is obtained from the big data platform, the section of the operation (the calculation result aiming at the monitoring index) is calculated, and then the comparison is carried out according to a preset risk standard (no risk exists in the preset section, and risk exists outside the preset section), so that whether the operation is at risk is judged. For the operation with risk, the corresponding wind control strategy can be automatically blocked (forbidden operation), or give a risk prompt for artificial check. And for the operation without risk, normally executing.
Taking the operation time of the wind control target for a user on a certain risk control module as an example, acquiring normal distribution curves corresponding to the entry time and the residence time of the risk control module in the current operator dimension and the whole user dimension, and judging which section belongs to the corresponding normal distribution curve according to the entry time and the residence time of the current operation.
And when risk prediction is carried out, calculating the monitoring index according to the operation data of the current operation, comparing the calculation result with the plurality of normal distribution curves respectively to obtain corresponding risk assessment values, and carrying out weighted calculation according to the weights to obtain a final judgment result.
For example, a normal distribution curve can be established for the current operator's entry time, the current operator's residence time, the overall user's entry time, and the overall user's residence time, and when determining whether the current operation is at risk, the weights of the curves corresponding to the operator's residence time, the overall user's residence time, the operator's entry time, and the overall user's entry time are sequentially decreased according to the weight determination of the four normal distribution curves.
And S510, executing a corresponding wind control strategy according to the risk prediction result.
Specifically, after risk prediction is performed on the current sensitive operation of the user according to the rule, corresponding processing is performed according to the wind control strategy corresponding to each prediction result, including operation prohibition, risk prompt giving, manual check, normal execution and the like.
According to the intelligent software wind control method provided by the embodiment, mathematical statistics can be carried out according to historical operation behavior habits of the user to establish a normal distribution curve, and risk judgment is carried out on sensitive operations of the user each time according to a certain rule according to the normal distribution curve. For the operation meeting the judgment conditions, automatic blocking can be performed, or a risk prompt can be given for manual checking. By adopting the method, on the basis of traditional software wind control, the supervision and early warning can be carried out on some risk operations of the user in some modules more deeply, dangerous operations can not be carried out even if the user name password or login credentials of the user are stolen, and the safety of the user in operating the software is improved to the greatest extent. In addition, when the preprocessed and filtered data are sent to the big data platform for analysis, the data are distributed through the MQ, so that the data are serialized, a large amount of data can be prevented from rushing into the big data platform, and excessive pressure is generated on the platform.
The present invention also provides another embodiment, namely, a computer readable storage medium, where a smart software wind control program is stored, where the smart software wind control program is executable by at least one processor, so that the at least one processor performs the steps of the smart software wind control method as described above.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
Claims (8)
1. An intelligent software wind control method, which is characterized by comprising the following steps:
historical data collection is carried out aiming at a preset wind control target, wherein the wind control target is the operation behavior of an operation module which needs to be subjected to risk control in software by a user;
preprocessing and filtering the collected historical data;
big data analysis is carried out on the preprocessed and filtered data aiming at the monitoring index, and a normal distribution curve with preset dimension is established;
judging whether operation data exists in the current sensitive operation or not; when the operation data does not exist, judging that the current sensitive operation is at risk; when operation data exist, comparing the operation data or a calculation result aiming at the monitoring index with the threshold value, and judging that the current sensitive operation has risk if the operation data or the calculation result aiming at the monitoring index is not in the threshold value range; if the current sensitive operation has operation data and the operation data or the calculation result aiming at the monitoring index is in a threshold range, a plurality of corresponding normal distribution curves are obtained from a large data platform, the section of the current sensitive operation is calculated, whether the current sensitive operation has risks or not is judged according to a preset risk standard based on the normal distribution curves, the normal distribution curves are preset with corresponding weights, the preset risk standard comprises calculation aiming at the monitoring index according to the operation data of the current sensitive operation, the calculation result is respectively compared with the normal distribution curves to obtain corresponding risk evaluation values, and the risk evaluation values are weighted according to the weights to obtain a final judgment result; and
And executing a corresponding wind control strategy according to the risk judgment result of the current sensitive operation, and recording a risk log.
2. The intelligent software wind control method according to claim 1, further comprising the step of, before said analyzing the preprocessed and filtered data for big data with respect to the monitoring index:
and distributing the preprocessed and filtered data through a message queue, so that the data is pushed to a big data platform in a serialization way for analysis.
3. The intelligent software wind control method according to claim 1 or 2, wherein the preprocessing is calculation or statistics for the monitoring index according to the collected historical data; the filtering is to compare the collected historical data or the preprocessed data with a preset threshold value and remove the maximum value and the minimum value which exceed the threshold value range.
4. The intelligent software wind control method of claim 1 or 2, wherein the preset dimensions include a current sensitive operator dimension and an overall user dimension.
5. The intelligent software wind control method of claim 4, wherein the monitoring metrics include a time of user entry into the operational module and a dwell time from entry into performing a sensitive operation.
6. The intelligent software wind control method according to claim 5, wherein the establishing a normal distribution curve of the preset dimension comprises establishing four normal distribution curves according to the entering time of the current sensitive operator, the stay time of the current sensitive operator, the entering time of the whole users and the stay time of the whole users respectively.
7. An electronic device comprising a memory, a processor, the memory having stored thereon an intelligent software wind control system operable on the processor, the intelligent software wind control system when executed by the processor implementing the steps of the intelligent software wind control method of any of claims 1-6.
8. A computer readable storage medium storing a smart software wind control system executable by at least one processor to cause the at least one processor to perform the steps of the smart software wind control method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010110447.XA CN111400168B (en) | 2020-02-21 | 2020-02-21 | Intelligent software wind control method, electronic device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010110447.XA CN111400168B (en) | 2020-02-21 | 2020-02-21 | Intelligent software wind control method, electronic device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111400168A CN111400168A (en) | 2020-07-10 |
| CN111400168B true CN111400168B (en) | 2023-10-20 |
Family
ID=71436309
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010110447.XA Active CN111400168B (en) | 2020-02-21 | 2020-02-21 | Intelligent software wind control method, electronic device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111400168B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114253819A (en) * | 2021-12-17 | 2022-03-29 | 杭州安恒信息技术股份有限公司 | User operation monitoring method and device and related equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111307A (en) * | 2009-12-29 | 2011-06-29 | 亿阳信通股份有限公司 | Method and device for monitoring and controlling network risks |
| CN106251214A (en) * | 2016-08-02 | 2016-12-21 | 东软集团股份有限公司 | account monitoring method and device |
| CN107645482A (en) * | 2016-07-22 | 2018-01-30 | 阿里巴巴集团控股有限公司 | A kind of risk control method and device for business operation |
| CN107888604A (en) * | 2017-11-27 | 2018-04-06 | 山东浪潮云服务信息科技有限公司 | A kind of internet data acquisition methods and acquisition device |
| CN108875388A (en) * | 2018-05-31 | 2018-11-23 | 康键信息技术(深圳)有限公司 | Real-time risk control method, device and computer readable storage medium |
| CN109446466A (en) * | 2018-09-05 | 2019-03-08 | 北京三快在线科技有限公司 | Method for detecting abnormality, device, electronic equipment and readable storage medium storing program for executing |
| CN110365698A (en) * | 2019-07-29 | 2019-10-22 | 杭州数梦工场科技有限公司 | Methods of risk assessment and device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9781148B2 (en) * | 2008-10-21 | 2017-10-03 | Lookout, Inc. | Methods and systems for sharing risk responses between collections of mobile communications devices |
| US10372910B2 (en) * | 2016-06-20 | 2019-08-06 | Jask Labs Inc. | Method for predicting and characterizing cyber attacks |
-
2020
- 2020-02-21 CN CN202010110447.XA patent/CN111400168B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111307A (en) * | 2009-12-29 | 2011-06-29 | 亿阳信通股份有限公司 | Method and device for monitoring and controlling network risks |
| CN107645482A (en) * | 2016-07-22 | 2018-01-30 | 阿里巴巴集团控股有限公司 | A kind of risk control method and device for business operation |
| CN106251214A (en) * | 2016-08-02 | 2016-12-21 | 东软集团股份有限公司 | account monitoring method and device |
| CN107888604A (en) * | 2017-11-27 | 2018-04-06 | 山东浪潮云服务信息科技有限公司 | A kind of internet data acquisition methods and acquisition device |
| CN108875388A (en) * | 2018-05-31 | 2018-11-23 | 康键信息技术(深圳)有限公司 | Real-time risk control method, device and computer readable storage medium |
| CN109446466A (en) * | 2018-09-05 | 2019-03-08 | 北京三快在线科技有限公司 | Method for detecting abnormality, device, electronic equipment and readable storage medium storing program for executing |
| CN110365698A (en) * | 2019-07-29 | 2019-10-22 | 杭州数梦工场科技有限公司 | Methods of risk assessment and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111400168A (en) | 2020-07-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109831465B (en) | Website intrusion detection method based on big data log analysis | |
| EP3306512B1 (en) | Account theft risk identification method, identification apparatus, and prevention and control system | |
| EP3544250B1 (en) | Method and device for detecting dos/ddos attack, server, and storage medium | |
| CN112685682B (en) | Method, device, equipment and medium for identifying forbidden object of attack event | |
| CN110602135B (en) | Network attack processing method and device and electronic equipment | |
| CN112953917B (en) | Network attack source identification method and device, computer equipment and storage medium | |
| CN118828514B (en) | A smart terminal security risk assessment system and method | |
| CN112749097B (en) | Performance evaluation method and device for fuzzy test tool | |
| CN111835737A (en) | WEB attack protection method based on automatic learning and related equipment thereof | |
| CN115001812A (en) | Data center online supervision safety early warning system based on internet | |
| CN114422186A (en) | Attack detection method and device, electronic equipment and storage medium | |
| CN106656917B (en) | Account authority management method and device | |
| CN110866831A (en) | Asset activity level determination method and device and server | |
| CN111400168B (en) | Intelligent software wind control method, electronic device and computer readable storage medium | |
| CN110955884B (en) | Method and device for determining upper limit times of password trial and error | |
| CN111064719B (en) | Method and device for detecting abnormal downloading behavior of file | |
| CN109583177B (en) | System and method for identifying new devices during user interaction with banking services | |
| CN114785567A (en) | Traffic identification method, device, equipment and medium | |
| RU2659736C1 (en) | System and method of detecting new devices under user interaction with banking services | |
| CN112333168B (en) | Attack identification method, device, equipment and computer readable storage medium | |
| CN116756716B (en) | Security verification method, system, equipment and storage medium based on big data | |
| CN110442466B (en) | Method, device, computer equipment and storage medium for preventing repeated access request | |
| CN117040912A (en) | Network security operation and maintenance management method and system based on data analysis | |
| CN113923039B (en) | Attack equipment identification method and device, electronic equipment and readable storage medium | |
| CN111741004B (en) | Network security situation awareness method and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |