[go: up one dir, main page]

CN116126808A - Behavior log recording method, device, computer equipment and storage medium - Google Patents

Behavior log recording method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN116126808A
CN116126808A CN202310165576.2A CN202310165576A CN116126808A CN 116126808 A CN116126808 A CN 116126808A CN 202310165576 A CN202310165576 A CN 202310165576A CN 116126808 A CN116126808 A CN 116126808A
Authority
CN
China
Prior art keywords
behavior
behavior data
data
sensitive
log
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310165576.2A
Other languages
Chinese (zh)
Inventor
蒿兴旺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An E Wallet Electronic Commerce Co Ltd
Original Assignee
Ping An E Wallet Electronic Commerce Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An E Wallet Electronic Commerce Co Ltd filed Critical Ping An E Wallet Electronic Commerce Co Ltd
Priority to CN202310165576.2A priority Critical patent/CN116126808A/en
Publication of CN116126808A publication Critical patent/CN116126808A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/1805Append-only file systems, e.g. using logs or journals to store data
    • G06F16/1815Journaling file systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/546Message passing systems or structures, e.g. queues
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

本发明涉及一种行为日志记录方法方法、装置、计算机设备和存储介质,所述方法包括:监控应用程序执行操作行为,获取根据所述操作行为生成的行为数据;将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据;若所述行为数据是敏感行为数据,则将所述行为数据保存到预置缓存区域中,所述预置存储区域中保存有多条敏感行为;向行为日志管理器发送异步请求消息,所述异步请求消息用于请求向所述日志管理器发送所述敏感行为数据;接收到所述日志管理器的响应消息后,将所述敏感行为数据发送至消息队列;将所述敏感行为数据从所述消息队列中取出写入所述日志管理器。上述方法可以更好的支持了安全稽核的存储需求。

Figure 202310165576

The present invention relates to a behavior log recording method, device, computer equipment and storage medium. The method includes: monitoring the operation behavior of an application program, acquiring behavior data generated according to the operation behavior; inputting the behavior data into a pre-configured analysis model to determine whether the behavioral data is sensitive behavioral data; if the behavioral data is sensitive behavioral data, then save the behavioral data in the preset cache area, and there are multiple records stored in the preset storage area Sensitive behavior; send an asynchronous request message to the behavior log manager, and the asynchronous request message is used to request to send the sensitive behavior data to the log manager; after receiving the response message from the log manager, send the sensitive The behavior data is sent to the message queue; the sensitive behavior data is taken out from the message queue and written into the log manager. The above method can better support the storage requirements of security audit.

Figure 202310165576

Description

行为日志记录方法、装置、计算机设备和存储介质Behavior log recording method, device, computer equipment and storage medium

技术领域technical field

本发明涉及测试领域,特别是涉及行为日志记录方法、装置、计算机设备和存储介质。The invention relates to the testing field, in particular to a behavior log recording method, device, computer equipment and storage medium.

背景技术Background technique

作为常规开发的业务应用系统,提供给用户一系列的操作界面,用以完成特定的功能。在这些主要功能之下,安全或审计会提出另一些需求,比如需要记录下每个用户的行为,在什么时间做了什么动作,用以后期安全稽核或优化。As a conventionally developed business application system, it provides users with a series of operation interfaces to complete specific functions. Under these main functions, security or auditing will raise other requirements, such as the need to record the behavior of each user, when and what action was taken, for later security audit or optimization.

常规方案就是在用户操作某些功能时,将这些行为作为日志打印到当前服务器中。倒也能完成需求,但是这种打印方式的文件分散在各个服务器中,不利于收集统计。如果安全提出要将行为日志记录到其他存储系统中,难免又要进行一系列的改造开发,不利于拓展。The general solution is to print these behaviors as logs to the current server when the user operates certain functions. It can meet the requirements, but the files of this printing method are scattered in various servers, which is not conducive to collecting statistics. If security proposes to record behavior logs in other storage systems, it is inevitable to carry out a series of transformation and development, which is not conducive to expansion.

发明内容Contents of the invention

基于此,有必要提供一种行为日志记录方法、装置、计算机设备和存储介质。Based on this, it is necessary to provide a behavior log recording method, device, computer equipment and storage medium.

一种行为日志记录方法,包括:A behavioral logging method comprising:

监控应用程序执行操作行为,获取根据所述操作行为生成的行为数据,其中,所述行为数据包括用户标识、操作行为事件、时间戳和操作时间值之一或组合;Monitor the application program to perform operation behavior, and obtain behavior data generated according to the operation behavior, wherein the behavior data includes one or a combination of user identification, operation behavior event, time stamp and operation time value;

将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据;Input the behavior data into a pre-configured analysis model to determine whether the behavior data is sensitive behavior data;

若所述行为数据是敏感行为数据,则将所述行为数据保存到预置缓存区域中,所述预置存储区域中保存有多条敏感行为;If the behavior data is sensitive behavior data, storing the behavior data in a preset cache area, where multiple sensitive behaviors are stored in the preset storage area;

向行为日志管理器发送异步请求消息,所述异步请求消息用于请求向所述日志管理器发送所述敏感行为数据;sending an asynchronous request message to the behavior log manager, where the asynchronous request message is used to request sending the sensitive behavior data to the log manager;

接收到所述日志管理器的响应消息后,将所述敏感行为数据发送至消息队列;After receiving the response message from the log manager, sending the sensitive behavior data to a message queue;

将所述敏感行为数据从所述消息队列中取出写入所述日志管理器。The sensitive behavior data is taken out from the message queue and written into the log manager.

在其中一个实施例中,所述获取根据所述操作行为生成的行为数据,包括:In one of the embodiments, the acquisition of the behavior data generated according to the operation behavior includes:

获取不同埋点对象基于预设埋点参数实时上报的行为数据;Obtain the behavior data reported by different buried point objects in real time based on preset buried point parameters;

其中,所述不同埋点对象包括:浏览器展示的H5页面、小程序、APP客户端、PC客户端中至少一项;所述预设埋点参数包括:不同属性字段、属性筛选条件中至少一项。Wherein, the different buried point objects include: at least one of the H5 pages displayed by the browser, applets, APP clients, and PC clients; the preset buried point parameters include: at least one of different attribute fields and attribute screening conditions one item.

在其中一个实施例中,所述将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据,包括:In one of the embodiments, inputting the behavior data into a pre-configured analysis model to determine whether the behavior data is sensitive behavior data includes:

提取所述行为数据的时间戳、操作时间值和操作行为事件;Extracting the time stamp, operation time value and operation behavior event of the behavior data;

对所述时间戳、所述操作时间值和所述操作行为事件进行特征提取,获得所述行为数据的特征向量;performing feature extraction on the timestamp, the operation time value, and the operation behavior event to obtain a feature vector of the behavior data;

调用分析模型对所述特征向量进行标签预测,得到所述行为数据的标签,其中,所述分析模型通过对携带标签的行为数据进行模型训练生成;Calling the analysis model to perform label prediction on the feature vector to obtain the label of the behavior data, wherein the analysis model is generated by performing model training on the behavior data carrying the label;

根据所述行为数据的标签判断所述行为数据是否为敏感行为数据。Judging whether the behavior data is sensitive behavior data according to the label of the behavior data.

在其中一个实施例中,所述根据所述行为数据的标签判断所述行为数据是否为敏感行为数据,包括:In one of the embodiments, the judging whether the behavior data is sensitive behavior data according to the label of the behavior data includes:

根据预先设置的标签与在预设的时间段内的所述行为数据是所述标签的频次和/或数量之间的对应关系,判断所述行为数据是否为敏感行为数据。Whether the behavior data is sensitive behavior data is determined according to the correspondence between the preset tags and the frequency and/or quantity of the behavior data being the tags within a preset time period.

在其中一个实施例中,所述消息队列包括不同的主题队列,所述不同的主题队列对应不同操作行为事件的行为数据;In one of the embodiments, the message queue includes different topic queues, and the different topic queues correspond to behavior data of different operation behavior events;

所述将所述敏感行为数据发送至消息队列,包括:The sending the sensitive behavior data to the message queue includes:

向所述消息队列中与所述操作行为事件类型对应的主题队列发送所述敏感行为数据。Sending the sensitive behavior data to the topic queue corresponding to the operation behavior event type in the message queue.

在其中一个实施例中,在将所述敏感行为数据从所述消息队列中取出写入所述日志管理器之后,还包括:In one of the embodiments, after taking out the sensitive behavior data from the message queue and writing it into the log manager, it further includes:

根据操作行为事件确定所述所述行为数据所属的类别组;determining the category group to which the behavior data belongs according to the operation behavior event;

从预设时间段内存储的所述敏感行为数据中解析出用户标识,确定属于同一用户标识所对应的行为数据;Analyzing the user identifier from the sensitive behavior data stored within the preset time period, and determining the behavior data corresponding to the same user identifier;

根据属于同一用户的行为数据的操作行为事件和类别组确定所述用户的操作行为序列。The operation behavior sequence of the user is determined according to the operation behavior events and category groups belonging to the behavior data of the same user.

在其中一个实施例中,所述根据属于同一用户的行为数据的操作行为事件和类别组确定所述用户的操作行为序列,包括:In one of the embodiments, the determining the operation behavior sequence of the user according to the operation behavior events and category groups belonging to the behavior data of the same user includes:

基于时间戳的先后顺序,根据属于同一用户的日志记录的操作行为事件和类别组确定初始序列;Based on the sequence of timestamps, the initial sequence is determined according to the operational behavior events and category groups of log records belonging to the same user;

根据操作时间值将所述初始序列切分成子序列,并将所述至少一个子序列确定为所述用户的操作行为序列。The initial sequence is divided into subsequences according to the operation time value, and the at least one subsequence is determined as the user's operation behavior sequence.

一种行为日志记录装置,所述测试装置包括:A kind of behavior logging device, described testing device comprises:

数据获取单元,用于监控应用程序执行操作行为,获取根据所述操作行为生成的行为数据,其中,所述行为数据包括用户标识、操作行为事件、时间戳和操作时间值之一或组合;The data acquisition unit is configured to monitor the execution of the application program, and acquire the behavior data generated according to the operation behavior, wherein the behavior data includes one or a combination of user identification, operation behavior event, time stamp and operation time value;

数据分析单元,用于将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据;A data analysis unit, configured to input the behavior data into a pre-configured analysis model to determine whether the behavior data is sensitive behavior data;

数据缓存单元,用于若所述行为数据是敏感行为数据,则将所述行为数据保存到预置缓存区域中,所述预置存储区域中保存有多条敏感行为;A data cache unit, configured to store the behavior data in a preset cache area if the behavior data is sensitive behavior data, where multiple sensitive behaviors are stored in the preset storage area;

传输请求单元,用于向行为日志管理器发送异步请求消息,所述异步请求消息用于请求向所述日志管理器发送所述敏感行为数据;A transmission request unit, configured to send an asynchronous request message to the behavior log manager, where the asynchronous request message is used to request to send the sensitive behavior data to the log manager;

数据传输单元,用于接收到所述日志管理器的响应消息后,将所述敏感行为数据发送至消息队列;A data transmission unit, configured to send the sensitive behavior data to a message queue after receiving the response message from the log manager;

数据缓存单元,用于将所述敏感行为数据从所述消息队列中取出写入所述日志管理器。A data cache unit, configured to take out the sensitive behavior data from the message queue and write it into the log manager.

一种计算机设备,包括存储器和处理器,所述存储器中存储有计算机可读指令,所述计算机可读指令被所述处理器执行时,使得所述处理器执行上述所述行为日志记录方法的步骤。A computer device, comprising a memory and a processor, wherein computer-readable instructions are stored in the memory, and when the computer-readable instructions are executed by the processor, the processor executes the above-mentioned behavior log recording method step.

一种存储有计算机可读指令的存储介质,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行上述所述行为日志记录方法的步骤。A storage medium storing computer-readable instructions. When the computer-readable instructions are executed by one or more processors, the one or more processors execute the steps of the above-mentioned behavior logging method.

上述行为日志记录方法、装置、计算机设备和存储介质,通过监控应用程序执行操作行为,获取根据所述操作行为生成的行为数据,其中,所述行为数据包括用户标识、操作行为事件、时间戳和操作时间值之一或组合;将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据;若所述行为数据是敏感行为数据,则将所述行为数据保存到预置缓存区域中,所述预置存储区域中保存有多条敏感行为;向行为日志管理器发送异步请求消息,所述异步请求消息用于请求向所述日志管理器发送所述敏感行为数据;接收到所述日志管理器的响应消息后,将所述敏感行为数据发送至消息队列;将所述敏感行为数据从所述消息队列中取出写入所述日志管理器。因此,不必担心行为收集器会影响用户操作,完全解耦的模型设计,使行为收集器最小影响用户操作;统一的MQ推送收集器,避免了原有的打印日志的方式将行为日志分散在各业务服务器中,现在交由MQ统一收集,统一推送;后端的存储接口层,支持用户通过配置的方式来支持更多存储器,更好的支持了安全稽核的存储需求。The above-mentioned behavior log recording method, device, computer equipment, and storage medium obtain behavior data generated according to the operation behavior by monitoring the operation behavior of the application program, wherein the behavior data includes user identification, operation behavior events, time stamps and One or a combination of operation time values; input the behavior data into the pre-configured analysis model to judge whether the behavior data is sensitive behavior data; if the behavior data is sensitive behavior data, then save the behavior data to the preset In the cache area, there are multiple sensitive behaviors stored in the preset storage area; an asynchronous request message is sent to the behavior log manager, and the asynchronous request message is used to request to send the sensitive behavior data to the log manager; After receiving the response message from the log manager, sending the sensitive behavior data to a message queue; taking out the sensitive behavior data from the message queue and writing it into the log manager. Therefore, there is no need to worry that the behavior collector will affect user operations. The completely decoupled model design minimizes the impact of the behavior collector on user operations; the unified MQ push collector avoids the original way of printing logs and disperses behavior logs in various In the business server, it is now handed over to MQ for unified collection and unified push; the back-end storage interface layer supports users to support more storage through configuration, and better supports the storage requirements of security audits.

附图说明Description of drawings

图1是本发明一实施例中行为日志记录方法的一应用环境示意图;Fig. 1 is a schematic diagram of an application environment of a behavior log recording method in an embodiment of the present invention;

图2是本发明一实施例中行为日志记录方法的一流程示意图;Fig. 2 is a schematic flow chart of a behavior log recording method in an embodiment of the present invention;

图3是本发明一实施例中行为日志记录装置的一结构示意图;Fig. 3 is a schematic structural diagram of a behavior log recording device in an embodiment of the present invention;

图4是本发明一实施例中计算机设备的一结构示意图;Fig. 4 is a schematic structural diagram of computer equipment in an embodiment of the present invention;

图5是本发明一实施例中计算机设备的另一结构示意图。Fig. 5 is another structural schematic diagram of a computer device in an embodiment of the present invention.

具体实施方式Detailed ways

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

本发明实施例提供的行为日志记录方法,可应用在如图1的应用环境中,其中,客户端通过网络与服务端进行通信。服务端可以通过客户端监控应用程序执行操作行为,获取根据所述操作行为生成的行为数据,其中,所述行为数据包括用户标识、操作行为事件、时间戳和操作时间值之一或组合;将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据;若所述行为数据是敏感行为数据,则将所述行为数据保存到预置缓存区域中,所述预置存储区域中保存有多条敏感行为;向行为日志管理器发送异步请求消息,所述异步请求消息用于请求向所述日志管理器发送所述敏感行为数据;接收到所述日志管理器的响应消息后,将所述敏感行为数据发送至消息队列;将所述敏感行为数据从所述消息队列中取出写入所述日志管理器(服务端),在本发明中,针对保险业务下等复杂保险实体,可利用实体对齐优化问答引擎的方案,先是通过语义匹配度进行粗排序,再通过实体对齐方式进行排序调整,选取靠前的匹配问题对应得到答案进行回应,能有效地避免模型的泛化能力缺陷,极大高效提升实体匹配的效果,提升问答引擎的效果。其中,客户端可以但不限于各种个人计算机、笔记本电脑、智能手机、平板电脑和便携式可穿戴设备。服务端可以用独立的服务器或者是多个服务器组成的服务器集群来实现。下面通过具体的实施例对本发明进行详细的描述。The behavior log recording method provided by the embodiment of the present invention can be applied in the application environment as shown in FIG. 1 , wherein the client communicates with the server through the network. The server can monitor the operation behavior of the application program through the client, and obtain the behavior data generated according to the operation behavior, wherein the behavior data includes one or a combination of user identification, operation behavior event, time stamp and operation time value; The behavior data is input into a pre-configured analysis model to determine whether the behavior data is sensitive behavior data; if the behavior data is sensitive behavior data, the behavior data is saved in a preset cache area, and the preset There are multiple sensitive behaviors stored in the storage area; an asynchronous request message is sent to the behavior log manager, and the asynchronous request message is used to request to send the sensitive behavior data to the log manager; a response from the log manager is received After the message, the sensitive behavior data is sent to the message queue; the sensitive behavior data is taken out from the message queue and written to the log manager (server). For insurance entities, you can use entity alignment to optimize the Q&A engine solution. First, perform rough sorting based on semantic matching, and then adjust the sorting through entity alignment. Select the top matching questions to respond to the answers you get, which can effectively avoid the generalization of the model. It can greatly improve the effect of entity matching and the effect of question answering engine. Among them, the clients can be but not limited to various personal computers, notebook computers, smart phones, tablet computers and portable wearable devices. The server can be implemented by an independent server or a server cluster composed of multiple servers. The present invention will be described in detail below through specific examples.

请参阅图2所示,图2为本发明实施例提供的行为日志记录方法的一个流程示意图,包括如下步骤:Please refer to FIG. 2, which is a schematic flowchart of a behavior log recording method provided by an embodiment of the present invention, including the following steps:

S10、监控应用程序执行操作行为,获取根据所述操作行为生成的行为数据,其中,所述行为数据包括用户标识、操作行为事件、时间戳和操作时间值之一或组合;S10. Monitor the application program to perform an operation behavior, and obtain behavior data generated according to the operation behavior, wherein the behavior data includes one or a combination of a user identifier, an operation behavior event, a time stamp, and an operation time value;

其中,应用程序指的是可进行购物、支付、转账、贷款等涉及用户个人财物的活动的应用程序,例如:支付宝、微信、手机银行等,用户可根据实际需求在终端中添加需要进行监控的应用程序。终端可通过回调函数实时监控各个应用程序正在执行的操作行为,当用户在应用程序上进行购物、支付、转账、贷款等操作时,点击操作按钮生成操作指令,应用程序根据操作指令可执行相应的操作行为,并同时调用回调函数向终端的操作系统传递执行信息。Among them, the application program refers to the application program that can carry out activities involving the user's personal property such as shopping, payment, transfer, and loan, such as: Alipay, WeChat, mobile banking, etc., and the user can add in the terminal according to actual needs. application. The terminal can monitor the operation behavior of each application program in real time through the callback function. When the user performs operations such as shopping, payment, transfer, and loan on the application program, click the operation button to generate an operation instruction, and the application program can execute the corresponding operation according to the operation instruction. Operation behavior, and at the same time call the callback function to pass the execution information to the operating system of the terminal.

当终端的操作系统接收到应用程序传递的执行信息,可根据执行信息获取正在执行操作行为的应用程序标识,并根据应用程序标识向该目标应用程序传递采集指令,从而采集该应用程序根据正在执行的操作行为生成的行为数据,其中,应用程序标识可为应用程序名称、应用程序编号等。行为数据可包括执行操作行为的相关账号信息、操作内容、与操作内容对应的操作时间、地址信息等,其中,账号信息可包括账号ID(identification,身份标识)、账号名称等。When the operating system of the terminal receives the execution information transmitted by the application program, it can obtain the application program identification that is executing the operation behavior according to the execution information, and transmit the collection instruction to the target application program according to the application program identification program, so as to collect the information of the application program that is executing The behavior data generated by the operation behavior of , where the application identifier can be the application name, application number, etc. Behavior data may include relevant account information for performing the operation behavior, operation content, operation time corresponding to the operation content, address information, etc., wherein the account information may include account ID (identification, identity mark), account name, etc.

在一些实施例中,S10可以包括:获取不同埋点对象基于预设埋点参数实时上报的行为数据;In some embodiments, S10 may include: acquiring behavior data reported in real time by different buried point objects based on preset buried point parameters;

其中,所述不同埋点对象包括:浏览器展示的H5页面、小程序、APP客户端、PC客户端中至少一项;所述预设埋点参数包括:不同属性字段、属性筛选条件中至少一项。Wherein, the different buried point objects include: at least one of the H5 pages displayed by the browser, applets, APP clients, and PC clients; the preset buried point parameters include: at least one of different attribute fields and attribute screening conditions one item.

具体地,埋点指的是在某个地方设置一段埋点代码,以便系统通过这段埋点代码去获取日志记录。比如要记录用户修改某系统信息的操作过程,该修改是通过点击“保存”按钮来提交修改信息的,那么就需要在该“保存”按钮的点击操作实现代码里加一段埋点代码,设置需要捕获的数据,系统就会自动接受这些数据并保存在系统里面,从而实现查询。Specifically, burying refers to setting a piece of burying code somewhere so that the system can obtain log records through this burying code. For example, to record the operation process of the user modifying a certain system information, the modification is to submit the modification information by clicking the "Save" button, then it is necessary to add a buried point code in the "Save" button click operation implementation code, and the settings need to be captured The system will automatically accept the data and save it in the system, so as to realize the query.

其中,埋点代码是由嵌入到浏览器端/应用程序客户端的收集用户行为数据的程序代码和后端用于监测用户行为数据收集结果是否异常的程序代码组成。通过埋点代码可以获取到埋点代码捕获的用于用户行为信息分析的数据。例如,可以通过在网页内嵌套JavaScript脚本,当用户访问网页时,触发统计脚本获取访问数据,后端Java程序判断数据结构是否异常。Among them, the buried point code is composed of the program code embedded in the browser/application client to collect user behavior data and the program code used to monitor whether the user behavior data collection results are abnormal at the back end. The data captured by the embedded code for user behavior information analysis can be obtained through the embedded code. For example, by nesting a JavaScript script in a web page, when a user visits a web page, a statistical script is triggered to obtain access data, and the back-end Java program judges whether the data structure is abnormal.

在不同埋点对象上进行埋点时,还需要预先设置相应的埋点参数,本发明实施例的预设埋点参数可以包括不同属性字段、属性筛选条件中至少一项。不同属性字段可以包含埋点名称字段、用户标识字段、设备标识字段、时间戳字段、埋点页面名称等等。当不同埋点对象上产生的用户行为满足属性筛选条件时,可以触发埋点对象上报对应用户行为日志,当然筛选条件还可作为描述事物特征的维度。属性筛选条件按类型可以分为公共属性和扩展属性,公共属性主要针对默认埋点数据采集,通常集成于大数据SDK(softwaredevelopment kit,软件开发工具包)。扩展属性主要针对特定行为的自定义埋点数据采集。When burying points on different burying objects, it is also necessary to preset corresponding burying point parameters. The preset burying point parameters in this embodiment of the present invention may include at least one of different attribute fields and attribute filter conditions. Different attribute fields can include buried point name field, user identification field, device identification field, timestamp field, buried point page name, and so on. When the user behaviors generated on different tracking objects meet the attribute filtering conditions, the tracking objects can be triggered to report the corresponding user behavior logs. Of course, the filtering conditions can also be used as a dimension to describe the characteristics of things. Attribute filter conditions can be divided into public attributes and extended attributes by type. The public attributes are mainly for the default buried point data collection, and are usually integrated in the big data SDK (software development kit, software development kit). Extended attributes are mainly for custom buried point data collection for specific behaviors.

S20、将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据;S20. Input the behavior data into a preconfigured analysis model, and judge whether the behavior data is sensitive behavior data;

其中,可预先建立敏感行为集,并设置敏感行为集包括的操作内容,例如,可设定敏感行为集中包括支付、转账、贷款、还款等操作内容。终端可检测行为数据中的操作内容是否属于预先建立的敏感行为集,从而判断操作行为是否为敏感行为,若操作内容属于预设的敏感行为集,则判定操作行为为敏感行为。Among them, the sensitive behavior set can be established in advance, and the operation content included in the sensitive behavior set can be set. For example, the sensitive behavior set can be set to include payment, transfer, loan, repayment and other operation content. The terminal can detect whether the operation content in the behavior data belongs to the pre-established sensitive behavior set, thereby judging whether the operation behavior is a sensitive behavior, and if the operation content belongs to the preset sensitive behavior set, it determines that the operation behavior is a sensitive behavior.

在一些实施例中,所述将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据,包括:In some embodiments, the inputting the behavior data into a pre-configured analysis model to determine whether the behavior data is sensitive behavior data includes:

S201提取所述行为数据的时间戳、操作时间值和操作行为事件;S201 extracting the timestamp of the behavior data, the operation time value and the operation behavior event;

S202对所述时间戳、所述操作时间值和所述操作行为事件进行特征提取,获得所述行为数据的特征向量;S202 Perform feature extraction on the timestamp, the operation time value, and the operation behavior event to obtain a feature vector of the behavior data;

S203调用分析模型对所述特征向量进行标签预测,得到所述行为数据的标签,其中,所述分析模型通过对携带标签的行为数据进行模型训练生成;S203 calling the analysis model to perform label prediction on the feature vector to obtain the label of the behavior data, wherein the analysis model is generated by performing model training on the behavior data carrying the label;

S204根据所述行为数据的标签判断所述行为数据是否为敏感行为数据。S204 Determine whether the behavior data is sensitive behavior data according to the label of the behavior data.

其中,时间戳用于表示日志记录的产生时刻,如时间戳1表示日志记录1在时间戳1产生,时间戳2表示日志记录2在时间戳2产生,以此类推。可以约定时间戳的格式(如年、月、日、时、分、秒等的格式),并采用该格式在数据结构中记录时间戳,对此时间戳的格式不做限制,可以根据实际需要配置。Wherein, the timestamp is used to indicate the generation time of the log record, for example, timestamp 1 indicates that log record 1 is generated at timestamp 1, timestamp 2 indicates that log record 2 is generated at timestamp 2, and so on. You can agree on the format of the timestamp (such as the format of year, month, day, hour, minute, second, etc.), and use this format to record the timestamp in the data structure. There is no restriction on the format of the timestamp, and it can be used according to actual needs configuration.

操作时间值用于表示操作行为事件的操作时间值,例如,日志记录1中的3秒,表示针对用户信息1的登录操作,共使用了3秒的时间。日志记录2中的6秒,表示针对用户信息1的搜索操作,共使用了6秒的时间,以此类推。The operation time value is used to represent the operation time value of the operation behavior event, for example, 3 seconds in the log record 1 indicates that the login operation for user information 1 took a total of 3 seconds. The 6 seconds in log record 2 indicates that the search operation for user information 1 took a total of 6 seconds, and so on.

其中,所述模型通过对携带标签的行为日志样本进行模型训练生成。也Wherein, the model is generated by performing model training on behavior log samples carrying labels. also

可理解,分析模型,是基于海量行为日志样本中记录的输入操作,在输入操作及其对应的标签之间建立了映射关系。It can be understood that the analysis model is based on the input operations recorded in a large number of behavior log samples, and a mapping relationship is established between the input operations and their corresponding labels.

由此,基于模型,便能够根据所建立的输入操作及其对应的标签之间的映射关系,对输入操作的特征向量进行标签预测,从而预测得到输入操作对应的标签。例如,如果输入操作的特征向量与映射关系中某个特征向量极为相似甚至一致,则与该某个特征向量具有映射关系的标签可视为输入操作对应的标签,由此完成标签预测。Therefore, based on the model, it is possible to predict the label of the feature vector of the input operation according to the established mapping relationship between the input operation and its corresponding label, so as to predict the label corresponding to the input operation. For example, if the feature vector of the input operation is very similar or even consistent with a certain feature vector in the mapping relationship, then the label that has a mapping relationship with the certain feature vector can be regarded as the label corresponding to the input operation, thereby completing label prediction.

进一步地,标签包括合法标签和非法标签,合法标签用于表征输入操作中的合法操作,非法标签用于表征输入操作中的非法操作。Further, the tags include legal tags and illegal tags, where the legal tags are used to represent legal operations in the input operations, and the illegal tags are used to represent illegal operations in the input operations.

更进一步地,标签通过数字、字母、二者的组合、或者其他字符串唯一地标识。例如,合法标签标识为1,非法标签标识为0。Furthermore, the tag is uniquely identified by numbers, letters, a combination of the two, or other character strings. For example, a legal label is identified as 1, and an illegal label is identified as 0.

在一些实施例中,S204可以包括:In some embodiments, S204 may include:

根据预先设置的标签与在预设的时间段内的所述行为数据是所述标签的频次和/或数量之间的对应关系,判断所述行为数据是否为敏感行为数据。Whether the behavior data is sensitive behavior data is determined according to the correspondence between the preset tags and the frequency and/or quantity of the behavior data being the tags within a preset time period.

S30、若所述行为数据是敏感行为数据,则将所述行为数据保存到预置缓存区域中,所述预置存储区域中保存有多条敏感行为;S30. If the behavior data is sensitive behavior data, save the behavior data in a preset cache area, where multiple sensitive behaviors are stored in the preset storage area;

其中,所述预置缓存区域可以为客户端的本地内存中的存储空间。在将日志数据保存到预置缓存区域中之前,可以在客户端的本地内存中申请一部分存储空间作为所述预置缓存区域。Wherein, the preset cache area may be a storage space in the local memory of the client. Before saving the log data in the preset cache area, a part of storage space may be applied for in the local memory of the client as the preset cache area.

S40、向行为日志管理器发送异步请求消息,所述异步请求消息用于请求向所述日志管理器发送所述敏感行为数据;S40. Send an asynchronous request message to the behavior log manager, where the asynchronous request message is used to request sending the sensitive behavior data to the log manager;

其中,在当前应用系统中,启动一个异步线程,异步线程实时监控当前内存中是否有行为日志记录,如果有,则及时拉取,拉取到行为日志后,通过MQ客户端工具将其推送到存储器层,推送完成后则删除原内存中的行为日志记录。Among them, in the current application system, an asynchronous thread is started, and the asynchronous thread monitors whether there is a behavior log record in the current memory in real time. If there is, it will be pulled in time. After pulling the behavior log, it will be pushed to the At the storage layer, after the push is completed, the behavior log records in the original memory will be deleted.

S50、接收到所述日志管理器的响应消息后,将所述敏感行为数据发送至消息队列;S50. After receiving the response message from the log manager, send the sensitive behavior data to a message queue;

其中,通过异步线程和MQ的使用,使用户行为日志记录的动作与用户操作的行为完全解耦,所以记录用户行为的动作并不会影响用户的操作。Among them, through the use of asynchronous threads and MQ, the actions of user behavior logging are completely decoupled from the behavior of user operations, so the actions of recording user behavior will not affect user operations.

在一些实施例中,S50可以包括:所述将所述敏感行为数据发送至消息队列,包括:In some embodiments, S50 may include: the sending the sensitive behavior data to a message queue includes:

向所述消息队列中与所述操作行为事件类型对应的主题队列发送所述敏感行为数据。Sending the sensitive behavior data to the topic queue corresponding to the operation behavior event type in the message queue.

S60、将所述敏感行为数据从所述消息队列中取出写入所述日志管理器。S60. Take the sensitive behavior data from the message queue and write it into the log manager.

在一些实施例中,S60之后,还可以包括:In some embodiments, after S60, it may also include:

S70根据操作行为事件确定所述所述行为数据所属的类别组;S70 Determine the category group to which the behavior data belongs according to the operation behavior event;

S80从预设时间段内存储的所述敏感行为数据中解析出用户标识,确定属于同一用户标识所对应的行为数据;S80: Parsing out user identifiers from the sensitive behavior data stored within a preset period of time, and determining behavior data corresponding to the same user identifier;

S90根据属于同一用户的行为数据的操作行为事件和类别组确定所述用户的操作行为序列。S90 Determine the user's operation behavior sequence according to the operation behavior events and category groups belonging to the same user's behavior data.

在一些实施例中,S90可以包括:7、如权利要求6所述的行为日志记录方法,其特征在于,所述根据属于同一用户的行为数据的操作行为事件和类别组确定所述用户的操作行为序列,包括:In some embodiments, S90 may include: 7. The behavior log recording method according to claim 6, wherein the user's operation is determined according to the operation behavior events and category groups belonging to the behavior data of the same user Behavior sequence, including:

S91基于时间戳的先后顺序,根据属于同一用户的日志记录的操作行为事件和类别组确定初始序列;S91 determines the initial sequence based on the order of time stamps, according to the operational behavior events and category groups recorded in logs belonging to the same user;

S92根据操作时间值将所述初始序列切分成子序列,并将所述至少一个子序列确定为所述用户的操作行为序列。S92 Divide the initial sequence into subsequences according to the operation time value, and determine the at least one subsequence as the user's operation behavior sequence.

从上述方案可以看出,当用户进行系统操作时,拦截器会拦截到用户的操作行为,行为分析器会分析用户的当前行为是否需要记录,如果需要记录则对当前操作行为进行标记,并组装成一个完整的记录(主要字段:用户账号、操作动作、操作时间);行为统计器将该记录存储到当前应用内存中传输层传输层的主要作用就是将当前应用系统中的用户操作记录从内存中通过传输器推送到存储层,这里完全是异步解耦的。在当前应用系统中,启动一个异步线程,异步线程实时监控当前内存中是否有行为日志记录,如果有,则及时拉取,拉取到行为日志后,通过MQ客户端工具将其推送到存储器层,推送完成后则删除原内存中的行为日志记录。通过异步线程和MQ的使用,使用户行为日志记录的动作与用户操作的行为完全解耦,所以记录用户行为的动作并不会影响用户的操作。存储层主要就是接收推送过来的用户行为日志,将其保存下来。提供统一存储接口,后端适配各种存储器。异步日志推送器将用户行为日志推送到MQ后,MQ将其推送到统一存储接口层,存储接口层会根据用户的存储配置类型,将消息保存到不同的存储器中。存储器可以是本地文件系统、ES存储引擎、DB数据库等类型。It can be seen from the above scheme that when the user performs system operations, the interceptor will intercept the user's operation behavior, and the behavior analyzer will analyze whether the user's current behavior needs to be recorded. If it needs to be recorded, it will mark the current operation behavior and assemble into a complete record (main fields: user account, operation action, operation time); the behavior statistic device stores the record in the current application memory. It is pushed to the storage layer through the transmitter, which is completely asynchronous and decoupled. In the current application system, start an asynchronous thread, and the asynchronous thread monitors whether there is a behavior log record in the current memory in real time. If there is, it will pull it in time. After pulling the behavior log, push it to the storage layer through the MQ client tool , after the push is completed, the behavior log records in the original memory will be deleted. Through the use of asynchronous threads and MQ, the user behavior logging action is completely decoupled from the user operation behavior, so the action of recording user behavior will not affect the user's operation. The storage layer is mainly to receive the pushed user behavior logs and save them. Provides a unified storage interface, and the backend adapts to various storages. After the asynchronous log pusher pushes the user behavior log to MQ, MQ will push it to the unified storage interface layer, and the storage interface layer will save the message in different storages according to the user's storage configuration type. Storage can be local file system, ES storage engine, DB database and other types.

可见,在上述方案中,不必担心行为收集器会影响用户操作,完全解耦的模型设计,使行为收集器最小影响用户操作;统一的MQ推送收集器,避免了原有的打印日志的方式将行为日志分散在各业务服务器中,现在交由MQ统一收集,统一推送;后端的存储接口层,支持用户通过配置的方式来支持更多存储器,更好的支持了安全稽核的存储需求。It can be seen that in the above scheme, there is no need to worry that the behavior collector will affect user operations. The completely decoupled model design minimizes the impact of the behavior collector on user operations; the unified MQ push collector avoids the original way of printing logs. Behavior logs are scattered in various business servers, and now they are collected and pushed by MQ in a unified manner; the back-end storage interface layer supports users to support more storage through configuration, and better supports the storage requirements of security audits.

应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本发明实施例的实施过程构成任何限定。It should be understood that the sequence numbers of the steps in the above embodiments do not mean the order of execution, and the execution order of each process should be determined by its functions and internal logic, and should not constitute any limitation to the implementation process of the embodiment of the present invention.

在一实施例中,提供一种行为日志记录装置,该行为日志记录装置与上述实施例中行为日志记录方法一一对应。如图3所示,该行为日志记录装置包括数据获取单元101、数据分析单元102、数据缓存单元103、传输请求单元104、数据传输单元105和数据缓存单元106。各功能模块详细说明如下:In one embodiment, a behavior log recording device is provided, and the behavior log recording device corresponds to the behavior log recording method in the above-mentioned embodiments one by one. As shown in FIG. 3 , the behavior logging device includes a data acquisition unit 101 , a data analysis unit 102 , a data cache unit 103 , a transmission request unit 104 , a data transmission unit 105 and a data cache unit 106 . The detailed description of each functional module is as follows:

数据获取单元101,用于监控应用程序执行操作行为,获取根据所述操作行为生成的行为数据,其中,所述行为数据包括用户标识、操作行为事件、时间戳和操作时间值之一或组合;The data acquisition unit 101 is configured to monitor the operation behavior of the application program, and acquire behavior data generated according to the operation behavior, wherein the behavior data includes one or a combination of a user identifier, an operation behavior event, a time stamp, and an operation time value;

数据分析单元102,用于将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据;A data analysis unit 102, configured to input the behavior data into a preconfigured analysis model to determine whether the behavior data is sensitive behavior data;

数据缓存单元103,用于若所述行为数据是敏感行为数据,则将所述行为数据保存到预置缓存区域中,所述预置存储区域中保存有多条敏感行为;A data cache unit 103, configured to store the behavior data in a preset cache area if the behavior data is sensitive behavior data, where multiple sensitive behaviors are stored in the preset storage area;

传输请求单元104,用于向行为日志管理器发送异步请求消息,所述异步请求消息用于请求向所述日志管理器发送所述敏感行为数据;A transmission request unit 104, configured to send an asynchronous request message to the behavior log manager, where the asynchronous request message is used to request to send the sensitive behavior data to the log manager;

数据传输单元105,用于接收到所述日志管理器的响应消息后,将所述敏感行为数据发送至消息队列;The data transmission unit 105 is configured to send the sensitive behavior data to a message queue after receiving the response message from the log manager;

数据缓存单元106,用于将所述敏感行为数据从所述消息队列中取出写入所述日志管理器。The data cache unit 106 is configured to take the sensitive behavior data from the message queue and write it into the log manager.

在一些实施例中,数据获取单元101具体用于:In some embodiments, the data acquisition unit 101 is specifically used for:

获取不同埋点对象基于预设埋点参数实时上报的行为数据;Obtain the behavior data reported by different buried point objects in real time based on preset buried point parameters;

其中,所述不同埋点对象包括:浏览器展示的H5页面、小程序、APP客户端、PC客户端中至少一项;所述预设埋点参数包括:不同属性字段、属性筛选条件中至少一项。Wherein, the different buried point objects include: at least one of the H5 pages displayed by the browser, applets, APP clients, and PC clients; the preset buried point parameters include: at least one of different attribute fields and attribute screening conditions one item.

在一些实施例中,数据分析单元102具体用于:In some embodiments, the data analysis unit 102 is specifically used for:

提取所述行为数据的时间戳、操作时间值和操作行为事件;Extracting the time stamp, operation time value and operation behavior event of the behavior data;

对所述时间戳、所述操作时间值和所述操作行为事件进行特征提取,获得所述行为数据的特征向量;performing feature extraction on the timestamp, the operation time value, and the operation behavior event to obtain a feature vector of the behavior data;

调用分析模型对所述特征向量进行标签预测,得到所述行为数据的标签,其中,所述分析模型通过对携带标签的行为数据进行模型训练生成;Calling the analysis model to perform label prediction on the feature vector to obtain the label of the behavior data, wherein the analysis model is generated by performing model training on the behavior data carrying the label;

根据所述行为数据的标签判断所述行为数据是否为敏感行为数据。Judging whether the behavior data is sensitive behavior data according to the label of the behavior data.

在一些实施例中,传输请求单元104具体用于:根据预先设置的标签与在预设的时间段内的所述行为数据是所述标签的频次和/或数量之间的对应关系,判断所述行为数据是否为敏感行为数据。In some embodiments, the transmission request unit 104 is specifically configured to: according to the correspondence between the preset tag and the frequency and/or quantity of the tag in the behavior data within the preset time period, determine the Whether the above behavioral data is sensitive behavioral data.

在一些实施例中,所述消息队列包括不同的主题队列,所述不同的主题队列对应不同操作行为事件的行为数据;In some embodiments, the message queue includes different topic queues, and the different topic queues correspond to behavior data of different operation behavior events;

传数据传输单元105具体用于:所述将所述敏感行为数据发送至消息队列,包括:The data transmission unit 105 is specifically configured to: send the sensitive behavior data to the message queue, including:

向所述消息队列中与所述操作行为事件类型对应的主题队列发送所述敏感行为数据。Sending the sensitive behavior data to the topic queue corresponding to the operation behavior event type in the message queue.

在一些实施例中,数据缓存单元106具体用于:In some embodiments, the data cache unit 106 is specifically used for:

根据操作行为事件确定所述所述行为数据所属的类别组;determining the category group to which the behavior data belongs according to the operation behavior event;

从预设时间段内存储的所述敏感行为数据中解析出用户标识,确定属于同一用户标识所对应的行为数据;Analyzing the user identifier from the sensitive behavior data stored within the preset time period, and determining the behavior data corresponding to the same user identifier;

根据属于同一用户的行为数据的操作行为事件和类别组确定所述用户的操作行为序列。The operation behavior sequence of the user is determined according to the operation behavior events and category groups belonging to the behavior data of the same user.

关于行为日志记录装置的具体限定可以参见上文中对于智能问答处方法的限定,在此不再赘述。上述行为日志记录装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。For the specific limitations of the behavior log recording device, please refer to the above-mentioned limitations on the smart Q&A method, and details will not be repeated here. Each module in the above-mentioned behavior log recording device can be fully or partially realized by software, hardware and a combination thereof. The above-mentioned modules can be embedded in or independent of the processor in the computer device in the form of hardware, and can also be stored in the memory of the computer device in the form of software, so that the processor can invoke and execute the corresponding operations of the above-mentioned modules.

在一个实施例中,提供了一种计算机设备,该计算机设备可以是服务端,其内部结构图可以如图4所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口和数据库。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性和/或易失性存储介质、内存储器。该非易失性存储介质存储有操作系统、计算机程序和数据库。该内存储器为非易失性存储介质中的操作系统和计算机程序的运行提供环境。该计算机设备的网络接口用于与外部的客户端通过网络连接通信。该计算机程序被处理器执行时以实现一种行为日志记录方法服务端侧的功能或步骤。In one embodiment, a computer device is provided. The computer device may be a server, and its internal structure may be as shown in FIG. 4 . The computer device includes a processor, memory, network interface and database connected by a system bus. Wherein, the processor of the computer device is used to provide calculation and control capabilities. The memory of the computer device includes non-volatile and/or volatile storage media and internal memory. The non-volatile storage medium stores an operating system, computer programs and databases. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used to communicate with external clients via a network connection. When the computer program is executed by the processor, the functions or steps at the server side of a behavior logging method are realized.

在一个实施例中,提供了一种计算机设备,该计算机设备可以是客户端,其内部结构图可以如图5所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口、显示屏和输入装置。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统和计算机程序。该内存储器为非易失性存储介质中的操作系统和计算机程序的运行提供环境。该计算机设备的网络接口用于与外部服务器通过网络连接通信。该计算机程序被处理器执行时以实现一种行为日志记录方法客户端侧的功能或步骤In one embodiment, a computer device is provided. The computer device may be a client, and its internal structure may be as shown in FIG. 5 . The computer device includes a processor, a memory, a network interface, a display screen and an input device connected through a system bus. Wherein, the processor of the computer device is used to provide calculation and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and computer programs. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used to communicate with the external server through the network connection. When the computer program is executed by the processor, the functions or steps on the client side of a behavior logging method are realized

在一个实施例中,提供了一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现以下步骤:In one embodiment, a computer device is provided, including a memory, a processor, and a computer program stored on the memory and operable on the processor. When the processor executes the computer program, the following steps are implemented:

监控应用程序执行操作行为,获取根据所述操作行为生成的行为数据,其中,所述行为数据包括用户标识、操作行为事件、时间戳和操作时间值之一或组合;Monitor the application program to perform operation behavior, and obtain behavior data generated according to the operation behavior, wherein the behavior data includes one or a combination of user identification, operation behavior event, time stamp and operation time value;

将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据;Input the behavior data into a pre-configured analysis model to determine whether the behavior data is sensitive behavior data;

若所述行为数据是敏感行为数据,则将所述行为数据保存到预置缓存区域中,所述预置存储区域中保存有多条敏感行为;If the behavior data is sensitive behavior data, storing the behavior data in a preset cache area, where multiple sensitive behaviors are stored in the preset storage area;

向行为日志管理器发送异步请求消息,所述异步请求消息用于请求向所述日志管理器发送所述敏感行为数据;sending an asynchronous request message to the behavior log manager, where the asynchronous request message is used to request sending the sensitive behavior data to the log manager;

接收到所述日志管理器的响应消息后,将所述敏感行为数据发送至消息队列;After receiving the response message from the log manager, sending the sensitive behavior data to a message queue;

将所述敏感行为数据从所述消息队列中取出写入所述日志管理器。The sensitive behavior data is taken out from the message queue and written into the log manager.

在一个实施例中,提供了一种计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现以下步骤:In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented:

监控应用程序执行操作行为,获取根据所述操作行为生成的行为数据,其中,所述行为数据包括用户标识、操作行为事件、时间戳和操作时间值之一或组合;Monitor the application program to perform operation behavior, and obtain behavior data generated according to the operation behavior, wherein the behavior data includes one or a combination of user identification, operation behavior event, time stamp and operation time value;

将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据;Input the behavior data into a pre-configured analysis model to determine whether the behavior data is sensitive behavior data;

若所述行为数据是敏感行为数据,则将所述行为数据保存到预置缓存区域中,所述预置存储区域中保存有多条敏感行为;If the behavior data is sensitive behavior data, storing the behavior data in a preset cache area, where multiple sensitive behaviors are stored in the preset storage area;

向行为日志管理器发送异步请求消息,所述异步请求消息用于请求向所述日志管理器发送所述敏感行为数据;sending an asynchronous request message to the behavior log manager, where the asynchronous request message is used to request sending the sensitive behavior data to the log manager;

接收到所述日志管理器的响应消息后,将所述敏感行为数据发送至消息队列;After receiving the response message from the log manager, sending the sensitive behavior data to a message queue;

将所述敏感行为数据从所述消息队列中取出写入所述日志管理器。The sensitive behavior data is taken out from the message queue and written into the log manager.

需要说明的是,上述关于计算机可读存储介质或计算机设备所能实现的功能或步骤,可对应参阅前述方法实施例中,服务端侧以及客户端侧的相关描述,为避免重复,这里不再一一描述。It should be noted that, for the functions or steps that can be realized by the computer-readable storage medium or the computer device, you can refer to the relevant descriptions on the server side and the client side in the foregoing method embodiments. To avoid repetition, no more Describe them one by one.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,该计算机程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,前述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)等非易失性存储介质,或随机存储记忆体(Random Access Memory,RAM)等。Those of ordinary skill in the art can understand that realizing all or part of the processes in the methods of the above embodiments can be completed by instructing related hardware through a computer program, and the computer program can be stored in a computer-readable storage medium. During execution, it may include the processes of the embodiments of the above-mentioned methods. Wherein, the aforementioned storage medium may be a nonvolatile storage medium such as a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM).

以上所述实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above-mentioned embodiments can be combined arbitrarily. To make the description concise, all possible combinations of the technical features in the above-mentioned embodiments are not described. However, as long as there is no contradiction in the combination of these technical features, should be considered as within the scope of this specification.

以上所述实施例仅表达了本发明的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对本发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干变形和改进,这些都属于本发明的保护范围。因此,本发明专利的保护范围应以所附权利要求为准。The above-mentioned embodiments only express several implementation modes of the present invention, and the descriptions thereof are relatively specific and detailed, but should not be construed as limiting the patent scope of the present invention. It should be noted that those skilled in the art can make several modifications and improvements without departing from the concept of the present invention, and these all belong to the protection scope of the present invention. Therefore, the protection scope of the patent for the present invention should be based on the appended claims.

Claims (10)

1.一种行为日志记录方法,其特征在于,包括:1. A behavior logging method, characterized in that, comprising: 监控应用程序执行操作行为,获取根据所述操作行为生成的行为数据,其中,所述行为数据包括用户标识、操作行为事件、时间戳和操作时间值之一或组合;Monitor the application program to perform operation behavior, and obtain behavior data generated according to the operation behavior, wherein the behavior data includes one or a combination of user identification, operation behavior event, time stamp and operation time value; 将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据;Input the behavior data into a pre-configured analysis model to determine whether the behavior data is sensitive behavior data; 若所述行为数据是敏感行为数据,则将所述行为数据保存到预置缓存区域中,所述预置存储区域中保存有多条敏感行为;If the behavior data is sensitive behavior data, storing the behavior data in a preset cache area, where multiple sensitive behaviors are stored in the preset storage area; 向行为日志管理器发送异步请求消息,所述异步请求消息用于请求向所述日志管理器发送所述敏感行为数据;sending an asynchronous request message to the behavior log manager, where the asynchronous request message is used to request sending the sensitive behavior data to the log manager; 接收到所述日志管理器的响应消息后,将所述敏感行为数据发送至消息队列;After receiving the response message from the log manager, sending the sensitive behavior data to a message queue; 将所述敏感行为数据从所述消息队列中取出写入所述日志管理器。The sensitive behavior data is taken out from the message queue and written into the log manager. 2.如权利要求1所述的行为日志记录方法,其特征在于,所述获取根据所述操作行为生成的行为数据,包括:2. The behavior log recording method according to claim 1, wherein said obtaining the behavior data generated according to said operation behavior comprises: 获取不同埋点对象基于预设埋点参数实时上报的行为数据;Obtain the behavior data reported by different buried point objects in real time based on preset buried point parameters; 其中,所述不同埋点对象包括:浏览器展示的H5页面、小程序、APP客户端、PC客户端中至少一项;所述预设埋点参数包括:不同属性字段、属性筛选条件中至少一项。Wherein, the different buried point objects include: at least one of the H5 pages displayed by the browser, applets, APP clients, and PC clients; the preset buried point parameters include: at least one of different attribute fields and attribute screening conditions one item. 3.如权利要求1所述的行为日志记录方法,其特征在于,所述将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据,包括:3. The behavior log recording method according to claim 1, wherein the input of the behavior data into a preconfigured analysis model to judge whether the behavior data is sensitive behavior data comprises: 提取所述行为数据的时间戳、操作时间值和操作行为事件;Extracting the time stamp, operation time value and operation behavior event of the behavior data; 对所述时间戳、所述操作时间值和所述操作行为事件进行特征提取,获得所述行为数据的特征向量;performing feature extraction on the timestamp, the operation time value, and the operation behavior event to obtain a feature vector of the behavior data; 调用分析模型对所述特征向量进行标签预测,得到所述行为数据的标签,其中,所述分析模型通过对携带标签的行为数据进行模型训练生成;Calling the analysis model to perform label prediction on the feature vector to obtain the label of the behavior data, wherein the analysis model is generated by performing model training on the behavior data carrying the label; 根据所述行为数据的标签判断所述行为数据是否为敏感行为数据。Judging whether the behavior data is sensitive behavior data according to the label of the behavior data. 4.如权利要求3所述的行为日志记录方法,其特征在于,所述根据所述行为数据的标签判断所述行为数据是否为敏感行为数据,包括:4. The behavior logging method according to claim 3, wherein said judging whether said behavior data is sensitive behavior data according to the label of said behavior data comprises: 根据预先设置的标签与在预设的时间段内的所述行为数据是所述标签的频次和/或数量之间的对应关系,判断所述行为数据是否为敏感行为数据。Whether the behavior data is sensitive behavior data is determined according to the correspondence between the preset tags and the frequency and/or quantity of the behavior data being the tags within a preset time period. 5.如权利要求1所述的行为日志记录方法,其特征在于,所述消息队列包括不同的主题队列,所述不同的主题队列对应不同操作行为事件的行为数据;5. The behavior logging method according to claim 1, wherein the message queue comprises different topic queues, and the different topic queues correspond to behavior data of different operational behavior events; 所述将所述敏感行为数据发送至消息队列,包括:The sending the sensitive behavior data to the message queue includes: 向所述消息队列中与所述操作行为事件类型对应的主题队列发送所述敏感行为数据。Sending the sensitive behavior data to the topic queue corresponding to the operation behavior event type in the message queue. 6.如权利要求1所述的行为日志记录方法,其特征在于,在将所述敏感行为数据从所述消息队列中取出写入所述日志管理器之后,还包括:6. The behavior log recording method according to claim 1, further comprising: 根据操作行为事件确定所述所述行为数据所属的类别组;determining the category group to which the behavior data belongs according to the operation behavior event; 从预设时间段内存储的所述敏感行为数据中解析出用户标识,确定属于同一用户标识所对应的行为数据;Analyzing the user identifier from the sensitive behavior data stored within the preset time period, and determining the behavior data corresponding to the same user identifier; 根据属于同一用户的行为数据的操作行为事件和类别组确定所述用户的操作行为序列。The operation behavior sequence of the user is determined according to the operation behavior events and category groups belonging to the behavior data of the same user. 7.如权利要求6所述的行为日志记录方法,其特征在于,所述根据属于同一用户的行为数据的操作行为事件和类别组确定所述用户的操作行为序列,包括:7. The behavior log recording method according to claim 6, wherein said determining the user's operation behavior sequence according to the operation behavior events and category groups belonging to the same user's behavior data includes: 基于时间戳的先后顺序,根据属于同一用户的日志记录的操作行为事件和类别组确定初始序列;Based on the sequence of timestamps, the initial sequence is determined according to the operational behavior events and category groups of log records belonging to the same user; 根据操作时间值将所述初始序列切分成子序列,并将所述至少一个子序列确定为所述用户的操作行为序列。The initial sequence is divided into subsequences according to the operation time value, and the at least one subsequence is determined as the user's operation behavior sequence. 8.一种行为日志记录装置,其特征在于,所述测试装置包括:8. A behavior logging device, characterized in that the testing device comprises: 数据获取单元,用于监控应用程序执行操作行为,获取根据所述操作行为生成的行为数据,其中,所述行为数据包括用户标识、操作行为事件、时间戳和操作时间值之一或组合;The data acquisition unit is configured to monitor the execution of the application program, and acquire the behavior data generated according to the operation behavior, wherein the behavior data includes one or a combination of user identification, operation behavior event, time stamp and operation time value; 数据分析单元,用于将所述行为数据输入预配置的分析模型,判断所述行为数据是否为敏感行为数据;A data analysis unit, configured to input the behavior data into a pre-configured analysis model to determine whether the behavior data is sensitive behavior data; 数据缓存单元,用于若所述行为数据是敏感行为数据,则将所述行为数据保存到预置缓存区域中,所述预置存储区域中保存有多条敏感行为;A data cache unit, configured to store the behavior data in a preset cache area if the behavior data is sensitive behavior data, where multiple sensitive behaviors are stored in the preset storage area; 传输请求单元,用于向行为日志管理器发送异步请求消息,所述异步请求消息用于请求向所述日志管理器发送所述敏感行为数据;A transmission request unit, configured to send an asynchronous request message to the behavior log manager, where the asynchronous request message is used to request to send the sensitive behavior data to the log manager; 数据传输单元,用于接收到所述日志管理器的响应消息后,将所述敏感行为数据发送至消息队列;A data transmission unit, configured to send the sensitive behavior data to a message queue after receiving the response message from the log manager; 数据缓存单元,用于将所述敏感行为数据从所述消息队列中取出写入所述日志管理器。A data cache unit, configured to take out the sensitive behavior data from the message queue and write it into the log manager. 9.一种计算机设备,包括存储器和处理器,所述存储器中存储有计算机可读指令,所述计算机可读指令被所述处理器执行时,使得所述处理器执行如权利要求1至7中任一项权利要求所述行为日志记录方法的步骤。9. A computer device comprising a memory and a processor, wherein computer readable instructions are stored in the memory, and when executed by the processor, the computer readable instructions cause the processor to perform the operations according to claims 1 to 7 The steps of the behavior log recording method according to any one of the claims. 10.一种存储有计算机可读指令的存储介质,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行如权利要求1至7中任一项权利要求所述行为日志记录方法的步骤。10. A storage medium storing computer-readable instructions, which, when executed by one or more processors, cause one or more processors to perform any one of claims 1 to 7 The steps of the behavior logging method.
CN202310165576.2A 2023-02-16 2023-02-16 Behavior log recording method, device, computer equipment and storage medium Pending CN116126808A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310165576.2A CN116126808A (en) 2023-02-16 2023-02-16 Behavior log recording method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310165576.2A CN116126808A (en) 2023-02-16 2023-02-16 Behavior log recording method, device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116126808A true CN116126808A (en) 2023-05-16

Family

ID=86306218

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310165576.2A Pending CN116126808A (en) 2023-02-16 2023-02-16 Behavior log recording method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116126808A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116560875A (en) * 2023-05-19 2023-08-08 广州经传多赢投资咨询有限公司 A log-based high-speed asynchronous buffering method, system, device and medium
CN118708435A (en) * 2024-06-24 2024-09-27 北京科杰科技有限公司 Method for automatically generating operation logs on the lake-warehouse integrated platform

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108712426A (en) * 2018-05-21 2018-10-26 携程旅游网络技术(上海)有限公司 Reptile recognition methods and system a little are buried based on user behavior
CN109635993A (en) * 2018-10-23 2019-04-16 平安科技(深圳)有限公司 Operation behavior monitoring method and device based on prediction model
CN112486935A (en) * 2019-09-12 2021-03-12 阿里巴巴集团控股有限公司 Log record processing method, device, equipment and machine-readable storage medium
CN112579412A (en) * 2020-12-10 2021-03-30 上海艾融软件股份有限公司 User behavior acquisition method, device, system and medium
US20220253574A1 (en) * 2021-01-22 2022-08-11 Jpmorgan Chase Bank, N.A. Method and system for log based predictive analytics

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108712426A (en) * 2018-05-21 2018-10-26 携程旅游网络技术(上海)有限公司 Reptile recognition methods and system a little are buried based on user behavior
CN109635993A (en) * 2018-10-23 2019-04-16 平安科技(深圳)有限公司 Operation behavior monitoring method and device based on prediction model
CN112486935A (en) * 2019-09-12 2021-03-12 阿里巴巴集团控股有限公司 Log record processing method, device, equipment and machine-readable storage medium
CN112579412A (en) * 2020-12-10 2021-03-30 上海艾融软件股份有限公司 User behavior acquisition method, device, system and medium
US20220253574A1 (en) * 2021-01-22 2022-08-11 Jpmorgan Chase Bank, N.A. Method and system for log based predictive analytics

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116560875A (en) * 2023-05-19 2023-08-08 广州经传多赢投资咨询有限公司 A log-based high-speed asynchronous buffering method, system, device and medium
CN116560875B (en) * 2023-05-19 2023-10-31 广州经传多赢投资咨询有限公司 High-speed asynchronous buffer method, system, equipment and medium based on log
CN118708435A (en) * 2024-06-24 2024-09-27 北京科杰科技有限公司 Method for automatically generating operation logs on the lake-warehouse integrated platform

Similar Documents

Publication Publication Date Title
US12032637B2 (en) Single click delta analysis
US12079672B1 (en) Providing efficient message queuing services using a redelivery monitor
CN111522922B (en) Log information query method, device, storage medium and computer equipment
US11068323B2 (en) Automatic registration of empty pointers
US20210110062A1 (en) Masking personally identifiable information from machine- generated data
US9633106B1 (en) Log data analysis
US9037555B2 (en) Asynchronous collection and correlation of trace and communications event data
US11188600B2 (en) Facilitating metric forecasting via a graphical user interface
US8589876B1 (en) Detection of central-registry events influencing dynamic pointers and app feature dependencies
CN112650688A (en) Automated regression testing method, associated device and computer program product
CN116126808A (en) Behavior log recording method, device, computer equipment and storage medium
US10915510B2 (en) Method and apparatus of collecting and reporting database application incompatibilities
US20220318319A1 (en) Focus Events
CN112347066B (en) Log processing method and device, server and computer readable storage medium
CN120687321A (en) Abnormal monitoring method, device, computer equipment and storage medium
CN114428705A (en) A method, device, device and storage medium for monitoring network data
CN115794433B (en) Data processing methods, devices, storage media and electronic equipment
CN119444286A (en) A method, device, equipment and medium for real-time data labeling
CN116846782B (en) Business anomaly observation method and device for mobile terminal of SAAS CRM system
CN119621695A (en) Log processing method and device based on ternary management system
CN120104847A (en) Application tag configuration method, device, computer equipment and storage medium
CN114625626A (en) Project management data statistical method and device
HK40100003A (en) Website security auditing method and device, electronic equipment and storage medium
CN119484231A (en) Data processing method, device, computer equipment and storage medium
CN119621813A (en) Data processing method, device, equipment, medium and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination