[go: up one dir, main page]

CN111241104B - Operation audit method, device, electronic device and computer-readable storage medium - Google Patents

Operation audit method, device, electronic device and computer-readable storage medium Download PDF

Info

Publication number
CN111241104B
CN111241104B CN202010037891.3A CN202010037891A CN111241104B CN 111241104 B CN111241104 B CN 111241104B CN 202010037891 A CN202010037891 A CN 202010037891A CN 111241104 B CN111241104 B CN 111241104B
Authority
CN
China
Prior art keywords
elements
blockchain network
log
sensitive information
original
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010037891.3A
Other languages
Chinese (zh)
Other versions
CN111241104A (en
Inventor
刘斌华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202010037891.3A priority Critical patent/CN111241104B/en
Publication of CN111241104A publication Critical patent/CN111241104A/en
Application granted granted Critical
Publication of CN111241104B publication Critical patent/CN111241104B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Strategic Management (AREA)
  • Computer Hardware Design (AREA)
  • Human Resources & Organizations (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Computing Systems (AREA)
  • Marketing (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本申请公开了一种操作审计方法、装置、系统及一种电子设备和计算机可读存储介质,该方法包括:获取目标企业的操作原始日志,并提取操作原始日志的要素;其中,要素包括标准要素和自定义要素,标准要素包括主体、客体、时间和操作类型;对操作原始日志进行散列计算得到操作原始日志对应的散列值,并保存操作原始日志与散列值的映射关系;将散列值和要素存储至母区块链网络中目标企业对应的目标子区块链网络中,以便目标子区块链网络中的监管区块链节点对目标企业进行操作审计;其中,母区块链网络中包括多个子区块链网络,每个子区块链网络之间进行数据隔离。本申请提供的操作审计方法,实现对企业进行实时的操作审计。

The present application discloses an operation audit method, device, system, electronic device and computer-readable storage medium, the method comprising: obtaining the original operation log of the target enterprise, and extracting the elements of the original operation log; wherein the elements include standard elements and custom elements, and the standard elements include subject, object, time and operation type; performing hash calculation on the original operation log to obtain the hash value corresponding to the original operation log, and saving the mapping relationship between the original operation log and the hash value; storing the hash value and the elements in the target sub-blockchain network corresponding to the target enterprise in the parent blockchain network, so that the regulatory blockchain node in the target sub-blockchain network can perform operation audit on the target enterprise; wherein the parent blockchain network includes multiple sub-blockchain networks, and data isolation is performed between each sub-blockchain network. The operation audit method provided by the present application realizes real-time operation audit of enterprises.

Description

Operation auditing method and device, electronic equipment and computer readable storage medium
Technical Field
The present application relates to the field of operation auditing technology, and more particularly, to an operation auditing method, an operation auditing device, an electronic device, and a computer readable storage medium.
Background
At present, a supervision organization does not have a direct technical means for monitoring how to use personal information of a user in an enterprise, more relies on the enterprise to conduct internal examination and internal control, and the supervision organization determines whether the enterprise is in compliance by conducting regular spot check, audit and compliance check on the enterprise, so that a very large blind point exists, namely the real-time performance of the enterprise operation audit is poor.
Therefore, how to implement real-time operation audit on enterprises is a technical problem that needs to be solved by those skilled in the art.
Disclosure of Invention
The application aims to provide an operation auditing method and device, electronic equipment and a computer readable storage medium, which realize real-time operation auditing of enterprises.
To achieve the above object, a first aspect of the present application provides an operation auditing method, including:
Acquiring an operation original log of a target enterprise, and extracting elements of the operation original log, wherein the elements comprise standard elements and custom elements, and the standard elements comprise a subject, an object, time and an operation type;
Performing hash calculation on the operation original log to obtain a hash value corresponding to the operation original log, and storing a mapping relation between the operation original log and the hash value;
Storing the hash value and the element into a target sub-blockchain network corresponding to the target enterprise in a master blockchain network so as to enable a supervision blockchain node in the target sub-blockchain network to perform operation audit on the target enterprise, wherein the master blockchain network comprises a plurality of sub-blockchain networks, and each sub-blockchain network performs data isolation.
To achieve the above object, a second aspect of the present application provides an operation auditing apparatus, comprising:
The system comprises an extraction module, a storage module and a storage module, wherein the extraction module is used for obtaining an operation original log of a target enterprise and extracting elements of the operation original log, wherein the elements comprise standard elements and custom elements, and the standard elements comprise a subject, an object, time and an operation type;
the calculation module is used for carrying out hash calculation on the operation original log to obtain a hash value corresponding to the operation original log, and storing the mapping relation between the operation original log and the hash value;
And the storage module is used for storing the hash value and the element into a target sub-blockchain network corresponding to the target enterprise in a master blockchain network so as to enable a supervision blockchain node in the target sub-blockchain network to perform operation audit on the target enterprise, wherein the master blockchain network comprises a plurality of sub-blockchain networks, and each sub-blockchain network performs data isolation.
To achieve the above object, a third aspect of the present application provides an electronic device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the operation auditing method when executing the computer program.
To achieve the above object, a fourth aspect of the present application provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the operation audit method as described above.
According to the scheme, the operation auditing method comprises the steps of obtaining an operation original log of a target enterprise, extracting elements of the operation original log, wherein the elements comprise standard elements and custom elements, the standard elements comprise a main body, an object, time and operation types, performing hash calculation on the operation original log to obtain a hash value corresponding to the operation original log, storing a mapping relation between the operation original log and the hash value, and storing the hash value and the elements into a target sub-blockchain network corresponding to the target enterprise in a parent blockchain network so that a supervision blockchain node in the target sub-blockchain network can conduct operation auditing on the target enterprise, wherein the parent blockchain network comprises a plurality of sub-blockchain networks, and data isolation is conducted among the sub-blockchain networks.
The operation auditing method provided by the application utilizes the blockchain network to store the operation information, namely the elements extracted from the operation original log and the hash value of the operation original log. In the parent blockchain network, each sub-blockchain network stores the operation information of an enterprise, and only the hash value is uploaded to the sub-blockchain network instead of directly uploading the operation original log, so that the safety of the operation information is ensured. And data isolation is carried out between each sub-blockchain network, so that the operation information of different enterprises is mutually isolated in the parent blockchain network, and the safety of the operation information of the enterprises is ensured. The supervision mechanism for performing operation audit on the target enterprise is added into the target sub-blockchain network corresponding to the target enterprise as a blockchain link point, the operation audit is performed by acquiring elements from the target sub-blockchain network in real time, and an operation original log can be queried in a server of the target enterprise based on a hash value stored in the target sub-blockchain network when required. Therefore, the operation auditing method provided by the application ensures timeliness and non-falsifiability of enterprise operation information by utilizing the characteristics of shared account book, non-falsifiability and timely synchronization of the blockchain, opens a system barrier from the enterprise to a supervision organization, and realizes real-time operation auditing of the enterprise. The application also discloses an operation auditing device, electronic equipment and a computer readable storage medium, and the technical effects can be realized.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application as claimed.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. The accompanying drawings are included to provide a further understanding of the disclosure, and are incorporated in and constitute a part of this specification, illustrate the disclosure and together with the description serve to explain, but do not limit the disclosure. In the drawings:
FIG. 1 is a block diagram of an operation audit system according to an embodiment of the present application;
FIG. 2 is a flow chart of an operation audit method provided by an embodiment of the present application;
FIG. 3 is a flow chart of another method of auditing operations provided by an embodiment of the present application;
FIG. 4 is a flow chart of yet another method of operational auditing provided by an embodiment of the present application;
FIG. 5 is a block diagram of an operation auditing apparatus according to an embodiment of the present application;
fig. 6 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In order to facilitate understanding of the operation auditing method provided by the present application, a system in which the present application is used is described below. Referring to fig. 1, an architecture diagram of an operation audit system provided by an embodiment of the present application is shown in fig. 1, where the architecture diagram includes a log source 100 of a target enterprise, a server 200 of the target enterprise, and a parent blockchain network, where the parent blockchain network includes a plurality of sub-blockchain networks, and each enterprise corresponds to one sub-blockchain network, that is, one sub-blockchain network is used to store operation information of one enterprise, and data isolation is performed between each sub-blockchain network, so that operation information of different enterprises is isolated from each other in the parent blockchain network, and security of operation information of the enterprises is ensured. Wherein the sub-blockchain network corresponding to the target enterprise is the target sub-blockchain network 300.
The number of log sources is not limited herein, i.e., the log source 100 may include a plurality of log sources, each of which may be understood as a memory for storing logs, such as a kafka queue or database, etc. Each log source may maintain one system-generated operation original log, or may maintain a plurality of system-generated operation original logs, which are collectively referred to as operation original logs in the subsequent embodiments, without being limited thereto.
The server 200 is a server of an enterprise internal audit system, and includes a plurality of log source plug-ins, where the plurality of log source plug-ins may be stored in the server 200 in a cluster manner, and each log source plug-in is configured to obtain an operation original log in its corresponding log source and transmit the operation original log to the server 200, so that as the types of the log sources 100 increase, the cluster may be expanded.
The server 200 further includes a plurality of mark extraction plugins, where the plurality of mark extraction plugins may be stored in the server 200 in a cluster manner, and each mark extraction plugin is configured to extract an element from an operation original log of a corresponding log type, and it is understood that, as the log type increases, the cluster storing the mark extraction plugins is also an expandable cluster.
In addition, in order to extract information closer to the service, the server 200 may further include a plurality of element extension plug-ins for extracting extension fields of each element in the management system corresponding to each element. The management system is used for recording basic information of each element, for example, the subject management system may include an HR system and the like, and the object management system may include a resource management system and the like.
The target sub-blockchain network 300 includes a supervisory blockchain node 31 for operational auditing of the target enterprise, i.e., the supervisory authority utilizes the supervisory blockchain node 31 to conduct operational auditing of the target enterprise. Of course, the target sub-blockchain network 300 further includes other blockchain nodes, the server 200 may store the element extracted from the operation original log and the hash value corresponding to the operation original log into the target sub-blockchain network 300 by using the blockchain node 32, and the supervisory blockchain node 31 may obtain the element from the target sub-blockchain network 300 to perform operation audit, and may also obtain the hash value from the target sub-blockchain network 300 when necessary, so as to query the operation original log in the server 200 to perform operation audit.
The embodiment of the application discloses an operation auditing method which realizes real-time operation auditing of enterprises.
Referring to fig. 2, a flowchart of an operation auditing method according to an embodiment of the present application, as shown in fig. 2, includes:
s101, a server acquires an operation original log of a target enterprise from a log source;
In this step, the server obtains the operation original log from the log source, preferably, this step includes obtaining the operation original log from the log source by using the log source plug-in. The operation original logs herein may include internet application logs, instant messaging logs, data block logs, attack/scan logs, file transfer logs, remote control logs, mail logs, and the like, and the internet application logs may include HTTP (chinese full name: hypertext transfer protocol; english full name: hyper Text TransferProtocol) application logs, entertainment software logs, and C/S (chinese full name: client/Server; english full name: client/Server) architecture-based application software usage logs, and the like. The HTTP application log is a log for monitoring content information of access to an internet web page, recording keyword information set by a user, information aiming at HTTPUP, and recording all DNS (chinese full name: domain name system, english full name: domain NAME SYSTEM) protocol requests, and monitoring content information of access to an internet web page includes publishing and browsing based on the HTTP protocol. The instant messaging log is a log for recording the use information of various instant messaging software, namely virtual identity information, the database log is a log for recording the operation and user information of various data blocks, the attack/scan log is a behavioral log for recording DDOS attack (Chinese full name: distributed denial of service attack, english full name: distributed denial ofservice attack) and port scanning, the file transfer log comprises various downloading tools, an FTP Protocol (Chinese full name: file transfer Protocol), an SMB (Chinese full name: FILE TRANSFER Protocol), a file transfer information carried out by an SMB (Chinese full name: server information block, english full name: SERVERMESSAGE BLOCK) Protocol, and also comprises information for point-to-point file transfer and file name of the instant chat software, the remote control log is a log for recording the use condition of various remote control software or protocols, including TELNET Protocol (Chinese full name: remote terminal Protocol), WINDOWS remote desktop and SSH (Chinese full name: secure Shell Protocol, english full name: secure Shell), the mail log is a SMTP Protocol (Chinese full name: simple mail transfer Protocol ), POP (POP full name: 3, full name: 3-mail Protocol, english Version 3, text, and the like, and the text of the text, the text and the like.
The server comprises a plurality of log source plug-ins, and each log source plug-in is used for acquiring an operation original log from one log source, namely the server acquires the operation original log from a plurality of log sources by using the plurality of log source plug-ins. Specifically, the method comprises the steps of obtaining an operation original log in a kafka queue by using a kafka source plug-in, and/or obtaining an operation original log in a database by using a data plug-in, and/or obtaining a reported operation original log through an interface by using a reporting interface plug-in.
In a specific implementation, for the original log of operations stored in the kafka queue, the original log of operations may be read into the server by the kafka source plug-in, and for the original log of operations stored in the database, the original log of operations may be read from the database by the data plug-in. The server can also comprise a reporting interface plug-in, and the reporting interface plug-in can be utilized to report the operation original log to the server through an interface.
The kafka source plug-in, the data plug-in and the reporting interface plug-in described above may be stored in a server in clusters that are scalable as the log source variety increases.
S102, extracting elements of the operation original log by a server, wherein the elements comprise standard elements and custom elements, and the standard elements comprise a subject, an object, time and an operation type;
Preferably, the step of extracting the elements of the operation original log by the server comprises the steps of determining the log type of the operation original log and extracting the elements of the operation original log by using a mark extraction plug-in corresponding to the log type.
In the log source plug-in, the original log is marked with a basic label, for example, a server indicates which system the original log is generated by, a service indicates which service interface the original log is generated by, and the labels can be obtained by the original system of the original log or by simply reading and analyzing the original log. The server may determine the log type of the original log of each operation according to the above tag, where the log type may include a structured type, an sql type, a text type, and the like, and the structured day type, such as json structure, xml structure, and the like, which are not specifically limited herein.
The server comprises a plurality of mark extraction plug-ins, and each mark extraction plug-in is used for extracting elements from the operation original log of the corresponding log type, namely the server extracts the elements of the operation original log of different log types by using different mark extraction plug-ins. The elements herein may include subject, object, time and operation type, i.e. standard elements in this step, and may also include other user-defined elements.
The plurality of tag-extraction plugins may be stored in the server in a collection, which is scalable. The server may provide a mapping table to indicate which tag extraction plug-ins may be processed by the operation source logs of different log types, such as shown in table 1:
TABLE 1
Log type Mark extraction insert
Structured type Mark extraction plug-in A
Type sql Mark extraction plug-in B
Text type Mark extraction plug-in C
It will be appreciated that the log types of the operation original logs generated by different service interfaces of the same system may be different, so that for the operation original logs of the same system, multiple mark extraction plugins may be simultaneously used for element extraction. Table 1 can be extended to table 2:
TABLE 2
server service Log type Mark extraction insert
ServerA Service1 Type sql Mark extraction plug-in B
ServerA Service2 Structured type Mark extraction plug-in A
ServerB Service3 Type sql Mark extraction plug-in B
ServerC Service4 Text type Mark extraction plug-in C
Specifically, the step of extracting the element of the operation original log by using the mark extraction plug-in corresponding to the log type may include performing structural analysis on the operation original log, extracting the element of the operation original log from an analysis result, and/or performing analysis on sql statements in the operation original log by using a druid library, extracting the element of the operation original log from the analysis result, and/or extracting the element of the operation original log by using a regular expression.
In a specific implementation, if the log type is a json or xml structured type, the structure may be parsed to obtain each element of the original log. If the log type is the sql type, that is, the operation original log contains the sql statement, the sql statement can be analyzed through druid library, and then each element of the operation original log is obtained. Because of the specific labels and keywords in structured and sql type of operation raw logs, elements can be extracted by identifying the labels and keywords. druid is an open-source, distributed, column-stored system suitable for real-time data analysis, and can summarize the underlying statistical indicators, i.e., the elements in this embodiment, can be represented by a field. If the log type is text type, each element of the original log can be obtained by adopting a regular expression mode.
Note that, the mark extraction plug-in this step is not specifically limited to the embodiment, and may be implemented by Java code, python script, or the like, for example.
The original operation log extracted above may include standard elements and custom elements, where the standard elements are four elements of operation audit, including subject, object, time and operation type. The four elements can be extracted from each operation raw log, which define a standard story/event for each operation raw log, i.e. what person (subject) does what type of operation on what object at what time. The subject represents an executor of the operation, and the object represents an object on which the operation is actually performed, such as a server host, a service, a product configuration, and the like. The following examples are presented for operation:
(1) The system administrator queries information of a user. In the operation, the host is a system administrator, the object is a user ID, and the operation type is query;
(2) The system administrator modifies the configuration of a fund. In the operation, the host is a system administrator, the object is an ID of the fund, and the operation type is modification;
(3) An employee logs into a machine. In the operation, the host is employee ID, the object is the IP address of the machine, and the operation type is login;
It should be noted that the guest elements in one operation original log may be multiple and multiple types. For example, one employee deployed service S on machine a, machine B, and machine C, respectively, and then the objects include machine a, machine B, and machine C, and service S, which has a total of 4 objects.
For the guest elements, the parameters in the request message recorded in the operation original log may be extracted. For example, for an operation original log "a system administrator inquires about user information by user ID", the ID of the user may be extracted from the parameters in the request message as an object. Of course, the parameters in the response message recorded in the operation original log may also be extracted. For example, for the operation original log "a system administrator initiates a range query", the response message returns an information list of 10 users, and the IDs of the users in the response message may be used as objects. That is, the step may include extracting, by using the tag extraction plug-in corresponding to the log type, the object of the operation original log according to the request packet and the response packet in the operation original log.
The extracted object element includes at least an object type (type) and an object name (name). For example, the object is a user ID, type is a userId, and name is zhangsan. It should be noted that, in order to facilitate operation audit across multiple log types, naming needs to be uniformly specified for the same object type. For example, for system a, the type of user ID is userId, while in system B, the type of user ID is user_account, which may be unified as userId in this embodiment.
Of course, in addition to the standard elements described above, elements of other business concern may be extracted in the tag extraction plug-in as custom elements. For example, for an original log of operations to record configuration online activities, additional care may be taken about the amount configured, so that the amount can be extracted as a custom element. Of course, the user may set other custom elements, which are not specifically limited herein.
Because different systems and even different operations in the same system can have different log formats, the element for standardizing the original log of the operation can provide data support for subsequent operation audit. For example, for an important user, it is necessary to determine whether someone has operated him in all systems. Through the extraction of the object elements in the step, unified standard query can be carried out on the heterogeneous logs to obtain results. Similarly, the method has similar meaning for the main body and the operation type, and the time element can know the time of the operation and the operation sequence of the restoration.
S103, the server performs hash calculation on the operation original log to obtain a hash value corresponding to the operation original log, and stores the mapping relation between the operation original log and the hash value;
in this step, hash calculation is performed on each operation original log to obtain a hash value corresponding to each operation original log, and specific forms of the hash values are not limited herein, and for example, the hash values may include hash values. And in the subsequent step, only uploading the hash value of the operation original log to the target sub-blockchain network, ensuring the safety of the operation original log, acquiring the hash value from the target sub-blockchain network when the operation original log is required by a supervision mechanism, and determining the operation original log corresponding to the hash value based on the mapping relation in the server.
S104, the server stores the hash value and the element into a target sub-blockchain network corresponding to the target enterprise in a parent blockchain network;
In this step, the server uploads the hash values of all the operation original logs of the target enterprise and the elements extracted from the operation original logs to the target sub-blockchain network corresponding to the target enterprise in the parent blockchain network. The master block chain network comprises a plurality of sub block chain networks, each enterprise corresponds to one sub block chain network, namely one sub block chain network is used for storing operation information of one enterprise, and data isolation is carried out among the sub block chain networks, so that the operation information of different enterprises are mutually isolated in the master block chain network, and the safety of the operation information of the enterprises is ensured.
S105, performing operation audit on the target enterprise by using the supervision block chain nodes in the target sub-block chain network.
In a specific implementation, the target sub-blockchain network includes a supervisory blockchain node for operating auditing of the target enterprise, i.e., the supervisory authority utilizes the supervisory blockchain node to operate auditing of the target enterprise. The supervision block chain node can acquire elements from the target sub-block chain network to perform operation audit, and can acquire hash values if needed, and inquire operation original logs corresponding to the hash values in a server based on the mapping relation between the operation original logs and the hash values to perform operation audit.
The operation auditing method provided by the embodiment of the application utilizes the blockchain network to store the operation information, namely the elements extracted from the operation original log and the hash value of the operation original log. In the parent blockchain network, each sub-blockchain network stores the operation information of an enterprise, and only the hash value is uploaded to the sub-blockchain network instead of directly uploading the operation original log, so that the safety of the operation information is ensured. And data isolation is carried out between each sub-blockchain network, so that the operation information of different enterprises is mutually isolated in the parent blockchain network, and the safety of the operation information of the enterprises is ensured. The supervision mechanism for performing operation audit on the target enterprise is added into the target sub-blockchain network corresponding to the target enterprise as a blockchain link point, the operation audit is performed by acquiring elements from the target sub-blockchain network in real time, and an operation original log can be queried in a server of the target enterprise based on a hash value stored in the target sub-blockchain network when required. Therefore, the operation auditing method provided by the embodiment of the application ensures timeliness and non-falsifiability of enterprise operation information by utilizing the characteristics of shared account book, non-falsifiability and timely synchronization of the blockchain, opens up a system barrier from the enterprise to a supervision organization, and realizes real-time operation auditing of the enterprise.
The embodiment of the application discloses an operation auditing method, which further describes and optimizes a technical scheme relative to the previous embodiment. The embodiment will be described with a server as an execution body, and specifically:
referring to fig. 3, a flowchart of another operation auditing method provided by an embodiment of the present application, as shown in fig. 3, includes:
S201, acquiring an operation original log of a target enterprise, and extracting elements of the operation original log, wherein the elements comprise standard elements and custom elements, and the standard elements comprise a subject, an object, time and an operation type;
S202, determining sensitive information in the elements, and preprocessing the sensitive information, wherein the sensitive information comprises user sensitive information and/or system sensitive information of the target enterprise;
The execution subject of this embodiment is a server of an enterprise internal auditing system. Before the operation information is uploaded to the target sub-blockchain network, sensitive information in the operation information needs to be preprocessed in order to ensure the security of the data. It will be appreciated that the entire content of the operation information may be divided into user information related to the user operation and system information unrelated to the user operation, and the user information may be divided into user sensitive information and non-user sensitive information. The sensitive information in this step may include the above-mentioned user sensitive information, such as user identity information, etc., and may further include system information unrelated to user operation, that is, system sensitive information of the target enterprise, such as an IP address, an internal database name, an internal system name, etc., inside the target enterprise.
The specific preprocessing mode is not limited here, and only the plaintext that other devices in the access target sub-blockchain network cannot acquire sensitive information needs to be ensured. For example, for the system sensitive information, the system sensitive information in the element may be removed, or the masking processing may be performed on the system sensitive information. For user sensitive information, it may be encrypted. The specific encryption method is not limited herein, and a symmetric encryption or an asymmetric encryption method may be employed. For the symmetric encryption mode, a shared key is distributed between a target enterprise and each supervision organization in advance, the target enterprise encrypts user sensitive information by using the shared key and then uploads the encrypted information to a target sub-blockchain network, and the supervision organization reads data on the target sub-blockchain network and decrypts the data, so that the encryption and decryption speed is high. For an asymmetric encryption mode, a public key is distributed to a target enterprise for encryption, and a supervision organization uses a private key for decryption.
S203, carrying out hash calculation on the operation original log to obtain a hash value corresponding to the operation original log, and storing a mapping relation between the operation original log and the hash value;
in this step, hash calculation is performed on each operation original log to obtain a hash value corresponding to each operation original log, and specific forms of the hash values are not limited herein, and for example, the hash values may include hash values. And in the subsequent step, only uploading the hash value of the operation original log to the target sub-blockchain network, ensuring the safety of the operation original log, acquiring the hash value from the target sub-blockchain network when the operation original log is required by a supervision mechanism, and determining the operation original log corresponding to the hash value based on the mapping relation in the server.
And S204, storing the hash value and the preprocessed elements into a target sub-blockchain network corresponding to the target enterprise in a master blockchain network so that a supervision blockchain node in the target sub-blockchain network carries out operation audit on the target enterprise, wherein the master blockchain network comprises a plurality of sub-blockchain networks, and each sub-blockchain network carries out data isolation.
In the step, the server uploads the hash values of all operation original logs of the target enterprise and the elements extracted from the operation original logs to a target sub-blockchain network corresponding to the target enterprise in the parent blockchain network, and timeliness and non-tamper modification of enterprise operation information are ensured by utilizing the characteristics of sharing account book, non-tamper and timely synchronization of the blockchain. The target sub-blockchain network comprises a supervision blockchain node for performing operation audit on the target enterprise, namely, the supervision organization performs operation audit on the target enterprise by using the supervision blockchain node. The supervision block chain node can acquire elements from the target sub-block chain network to perform operation audit, and can acquire hash values if needed, and inquire operation original logs corresponding to the hash values in a server based on the mapping relation between the operation original logs and the hash values to perform operation audit.
Therefore, according to the operation auditing method provided by the embodiment, data isolation is performed among the sub-block chain networks corresponding to different enterprises, and the security of enterprise data is higher. In the sub-block chain network, only the hash value of the operation original log is uploaded, the operation original log is not uploaded, and the security of the operation original log of an enterprise is ensured. And the sensitive information to be uplink is preprocessed, so that other devices in the access sub-blockchain network can not acquire the plaintext of the sensitive information, and the security is high.
The embodiment of the application discloses an operation auditing method, which further describes and optimizes a technical scheme relative to the first embodiment. The embodiment will be described with a server as an execution body, and specifically:
Referring to fig. 4, a flowchart of still another operation auditing method according to an embodiment of the present application, as shown in fig. 4, includes:
S301, acquiring an operation original log of a target enterprise, and extracting elements of the operation original log, wherein the elements comprise standard elements and custom elements, and the standard elements comprise a subject, an object, time and an operation type;
s302, acquiring element expansion standards from the supervision block link points, and determining expansion fields corresponding to each element based on the element expansion standards;
In this step, the regulatory agency defines the extension field that each element must extend, i.e., defines element extension criteria, which are published through the regulatory blockchain node into the entire target sub-blockchain network. The server determines an extension field corresponding to each element based on the element extension criteria. In element expansion, for heterogeneous logs with different sources, the same expansion plug-in can be adopted, and each expansion plug-in is distinguished according to different elements. More important marks close to the business can be expanded for the operation original log through the expansion plug-in, so that the operation audit supports more powerful standardized audit.
In particular implementations, the principal mark extension plugin extracts basic information by invoking a principal management system, where the principal management system may include a company's HR system or an organizational architecture system, depending on the individual company's IT system differences. For example, the true identity of the principal, including the true name, identification card, or equivalent identification, may be extended, as well as the principal's position at the company, subscription unit, etc. The object tag extension plugin extracts basic information by calling an object management system, such as a company's resource management system, depending on the individual company IT system distinction. For example, the true identity of the object, including the true name, identification card or equivalent identification, may be extended, as well as the properties of the object, e.g., when the information of the fund purchased by the user is queried by an internal employee, the relevant rules should be formulated, and the relevant properties of the expanded fund are filled into the expanded fields.
Preferably, the extension field of the operation type comprises a category, and the determining the extension field corresponding to each element based on the element extension standard comprises obtaining an operation type classification standard from the supervision blockchain node and determining the category of the operation type based on the operation type classification standard. In a specific implementation, servers of different enterprises define different URL names or interface names for operation types, which are too poorly readable to regulatory authorities. Therefore, the supervision organization can define operation type classification standards which are convenient for audit, the server establishes the corresponding relation between each supported operation type and the category, for example, the category corresponding to "/api/fk_ frozen" is "risk control-frozen fund", and Chinese annotation marks can be added for operation types which cannot be classified.
S303, determining an operation abstract field of the operation original log based on a standard report format according to each element and an extension field corresponding to each element;
In a specific implementation, the server adds the extracted elements to a standard reporting format, where the standard reporting format is for example:
it is to be understood that "user" is a subject, "operation_type" is an operation type, "time" is a time, and "object" is an object. If the element extracted in the previous step further includes a custom element, other operation abstract fields may be allocated to the custom element in the standard report format. In the target sub-blockchain network, elements extracted from the operation original log are stored based on a standard report format, namely, each element is subjected to standardized processing, and a supervision organization audits the operation information in a unified format, so that the efficiency is high.
And S304, storing the hash value and the operation abstract field into a target sub-blockchain network corresponding to the target enterprise in a parent blockchain network so as to enable a supervision blockchain node in the target sub-blockchain network to perform operation audit on the target enterprise, wherein the parent blockchain network comprises a plurality of sub-blockchain networks, and each sub-blockchain network performs data isolation.
Therefore, according to the operation auditing method provided by the embodiment, the unified element marks are extracted from the operation original logs which are collected by various systems and are not formatted, so that the original logs which are completely different originally can query key information by adopting the same method, and more important and service-proximate expansion information is expanded for each element by element expansion based on the element expansion standard defined by the supervision mechanism, thereby improving the operation auditing efficiency.
For ease of understanding, the present application is described in connection with an application scenario. In connection with fig. 1, the nodes of the target sub-blockchain network 300 include enterprise a and its associated enterprises, departments, and multiple regulatory authorities. And the different block chain sub-networks are used for data isolation, so that the data of different enterprises can be isolated from each other.
And collecting operation original logs through an audit system built in the enterprise by each sub-company and each sub-department of the enterprise A, wherein the audit system extracts four-element information, namely a subject, an object, an operation type and time, and expands the four-element information. In performing the four-element expansion, it is required that the necessary field required by the regulatory agency must be expanded. The subject has to extend his true identity, in the company's position, subscription units, etc. The object has to extend its true identity, properties, etc. The classification identification is required to be added according to the operation type classification standard defined by the regulatory body for the operation types, and the Chinese annotation mark is required to be added for the operation types which cannot be classified.
The hash processing is performed on the operation original log, and only the hash value of the operation original log is uploaded to the target sub-blockchain network 300. An audit system within the enterprise should maintain a mapping of the original log of operations to the hash value. When the supervision authorities require the inquiry, the corresponding operation original log can be inquired through the hash value.
In the extracted elements, the system information in the enterprise irrelevant to the user operation is removed or masked, so that the leakage of the enterprise relevant information is prevented. And carrying out encryption processing on the user sensitive information. The hash values of all the operation original logs of the enterprise a and the elements extracted from the operation original logs and subjected to the above processing are uploaded into the target sub-blockchain network 300. The supervision organization can obtain the elements from the target sub-blockchain network 300 to perform operation audit, and can also obtain the hash value if necessary, and query the operation original log corresponding to the hash value in the server based on the mapping relation between the operation original log and the hash value to perform operation audit.
An operation auditing device provided by the embodiment of the present application is described below, and an operation auditing device described below and an operation auditing method described above may be referred to each other.
Referring to fig. 5, a block diagram of an operation auditing apparatus according to an embodiment of the present application, as shown in fig. 5, includes:
The extraction module 501 is used for obtaining an operation original log of a target enterprise and extracting elements of the operation original log, wherein the elements comprise standard elements and custom elements, and the standard elements comprise a subject, an object, time and an operation type;
the calculation module 502 is configured to perform hash calculation on the operation original log to obtain a hash value corresponding to the operation original log, and store a mapping relationship between the operation original log and the hash value;
and a storage module 503, configured to store the hash value and the element in a target sub-blockchain network corresponding to the target enterprise in a parent blockchain network, so that a supervision blockchain node in the target sub-blockchain network performs operation audit on the target enterprise, where the parent blockchain network includes a plurality of sub-blockchain networks, and each sub-blockchain network performs data isolation.
The operation auditing device provided by the embodiment of the application utilizes the blockchain network to store the operation information, namely the elements extracted from the operation original log and the hash value of the operation original log. In the parent blockchain network, each sub-blockchain network stores the operation information of an enterprise, and only the hash value is uploaded to the sub-blockchain network instead of directly uploading the operation original log, so that the safety of the operation information is ensured. And data isolation is carried out between each sub-blockchain network, so that the operation information of different enterprises is mutually isolated in the parent blockchain network, and the safety of the operation information of the enterprises is ensured. The supervision mechanism for performing operation audit on the target enterprise is added into the target sub-blockchain network corresponding to the target enterprise as a blockchain link point, the operation audit is performed by acquiring elements from the target sub-blockchain network in real time, and an operation original log can be queried in a server of the target enterprise based on a hash value stored in the target sub-blockchain network when required. Therefore, the operation auditing device provided by the embodiment of the application ensures timeliness and non-falsifiability of enterprise operation information by utilizing the characteristics of shared account book, non-falsifiability and timely synchronization of the blockchain, opens up a system barrier from the enterprise to a supervision organization, and realizes real-time operation auditing of the enterprise.
On the basis of the above embodiment, as a preferred implementation manner, the method further includes:
the preprocessing module is used for determining sensitive information in the elements and preprocessing the sensitive information, wherein the sensitive information comprises user sensitive information and/or system sensitive information of the target enterprise.
On the basis of the above embodiment, as a preferred implementation manner, the preprocessing module is specifically a module for removing the system sensitive information in the element or masking the system sensitive information.
On the basis of the above embodiment, as a preferred implementation manner, the preprocessing module is specifically a module for encrypting the user sensitive information.
Based on the above embodiment, as a preferred implementation manner, the storage module 503 includes:
the first determining unit is used for determining an operation abstract field of the operation original log based on a standard report format according to the element;
And the storage unit is used for storing the hash value and the operation abstract field into a target sub-blockchain network corresponding to the target enterprise in the parent blockchain network.
On the basis of the above embodiment, as a preferred implementation manner, the method further includes:
The determining module is used for acquiring element expansion standards from the supervision block link points and determining expansion fields corresponding to each element based on the element expansion standards;
Correspondingly, the first determining unit is specifically a unit for determining an operation abstract field of the operation original log based on a standard report format according to each element and an extension field corresponding to each element.
On the basis of the above embodiment, as a preferred implementation manner, the extension field of the operation type includes a category, and the determining module includes:
and the second determining unit is used for acquiring operation type classification standards from the supervision block chain node and determining the category of the operation type based on the operation type classification standards.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
The present application also provides an electronic device, referring to fig. 6, and a block diagram of an electronic device 60 provided in an embodiment of the present application, as shown in fig. 6, may include a processor 61 and a memory 62.
Processor 61 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The processor 61 may be implemented in at least one hardware form of DSP (DIGITAL SIGNAL Processing), FPGA (Field-Programmable gate array), PLA (Programmable Logic Array ). The processor 61 may also include a main processor, which is a processor for processing data in a wake-up state, also called a CPU (Central Processing Unit ), and a coprocessor, which is a low-power processor for processing data in a standby state. In some embodiments, the processor 61 may integrate a GPU (Graphics Processing Unit, image processor) for rendering and drawing of content required to be displayed by the display screen. In some embodiments, the processor 61 may also include an AI (ARTIFICIAL INTELLIGENCE ) processor for processing computing operations related to machine learning.
Memory 62 may include one or more computer-readable storage media, which may be non-transitory. Memory 62 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 62 is at least used for storing a computer program 621, which, when loaded and executed by the processor 61, can implement relevant steps in the operation auditing method performed by the electronic device side as disclosed in any of the foregoing embodiments. In addition, the resources stored by the memory 62 may also include an operating system 622, data 623, and the like, and the storage manner may be transient storage or permanent storage. Wherein the operating system 622 may include Windows, unix, linux, etc.
In some embodiments, the electronic device 60 may further include a display 63, an input-output interface 64, a communication interface 65, a sensor 66, a power supply 67, and a communication bus 68.
Of course, the structure of the electronic device shown in fig. 6 is not limited to the electronic device in the embodiment of the present application, and the electronic device may include more or fewer components than those shown in fig. 6 or may combine some components in practical applications.
In another exemplary embodiment, a computer readable storage medium is also provided that includes program instructions that, when executed by a processor, implement the steps of the operation audit method performed by any of the embodiments servers described above.
In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section. It should be noted that it will be apparent to those skilled in the art that various modifications and adaptations of the application can be made without departing from the principles of the application and these modifications and adaptations are intended to be within the scope of the application as defined in the following claims.
It should also be noted that in this specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.

Claims (12)

1.一种操作审计方法,其特征在于,包括:1. An operation audit method, characterized by comprising: 获取目标企业的操作原始日志,并提取所述操作原始日志的要素;其中,所述要素包括标准要素和自定义要素,所述标准要素包括主体、客体、时间和操作类型;Obtaining the original operation log of the target enterprise, and extracting elements of the original operation log; wherein the elements include standard elements and custom elements, and the standard elements include subject, object, time and operation type; 对所述操作原始日志进行散列计算得到所述操作原始日志对应的散列值,并保存所述操作原始日志与所述散列值的映射关系;Performing a hash calculation on the original operation log to obtain a hash value corresponding to the original operation log, and saving a mapping relationship between the original operation log and the hash value; 从目标子区块链网络中的监管区块链节点获取要素扩展标准,基于所述要素扩展标准确定每个所述要素对应的扩展字段;Obtaining an element extension standard from a regulatory blockchain node in the target sub-blockchain network, and determining an extension field corresponding to each element based on the element extension standard; 根据每个所述要素和每个所述要素对应的扩展字段基于标准上报格式确定所述操作原始日志的操作摘要字段;Determine the operation summary field of the original operation log based on a standard reporting format according to each of the elements and the extended fields corresponding to each of the elements; 将所述散列值和所述操作摘要字段存储至母区块链网络中所述目标企业对应的目标子区块链网络中,以便所述监管区块链节点对所述目标企业进行操作审计;其中,所述母区块链网络中包括多个子区块链网络,每个所述子区块链网络之间进行数据隔离,每个子区块链网络用于存储一个企业的操作信息。The hash value and the operation summary field are stored in the target child blockchain network corresponding to the target enterprise in the parent blockchain network, so that the regulatory blockchain node can perform an operation audit on the target enterprise; wherein the parent blockchain network includes multiple child blockchain networks, each of which is data isolated, and each child blockchain network is used to store the operation information of an enterprise. 2.根据权利要求1所述操作审计方法,其特征在于,所述提取所述操作原始日志的要素之后,还包括:2. The operation audit method according to claim 1, characterized in that after extracting the elements of the original operation log, it also includes: 在所述要素中确定敏感信息,并对所述敏感信息进行预处理操作;其中,所述敏感信息包括用户敏感信息和/或所述目标企业的系统敏感信息。Sensitive information is determined in the elements, and a preprocessing operation is performed on the sensitive information; wherein the sensitive information includes user sensitive information and/or system sensitive information of the target enterprise. 3.根据权利要求2所述操作审计方法,其特征在于,对所述敏感信息进行预处理操作,包括:3. The operation audit method according to claim 2, characterized in that the pre-processing operation on the sensitive information comprises: 去除所述要素中的所述系统敏感信息或对所述系统敏感信息进行掩码化处理。The system sensitive information in the element is removed or the system sensitive information is masked. 4.根据权利要求2所述操作审计方法,其特征在于,对所述敏感信息进行预处理操作,包括:4. The operation audit method according to claim 2, characterized in that the pre-processing operation on the sensitive information comprises: 对所述用户敏感信息进行加密处理。The user sensitive information is encrypted. 5.根据权利要求1所述操作审计方法,其特征在于,所述操作类型的扩展字段包括类别;所述基于所述要素扩展标准确定每个所述要素对应的扩展字段,包括:5. The operation audit method according to claim 1, characterized in that the extended field of the operation type includes a category; the determining the extended field corresponding to each element based on the element extension standard comprises: 从所述监管区块链节点获取操作类型分类标准,基于所述操作类型分类标准确定所述操作类型的类别。An operation type classification standard is obtained from the regulatory blockchain node, and a category of the operation type is determined based on the operation type classification standard. 6.一种操作审计装置,其特征在于,包括:6. An operation audit device, characterized by comprising: 提取模块,用于获取目标企业的操作原始日志,并提取所述操作原始日志的要素;其中,所述要素包括标准要素和自定义要素,所述标准要素包括主体、客体、时间和操作类型;An extraction module, used to obtain the original operation log of the target enterprise and extract elements of the original operation log; wherein the elements include standard elements and custom elements, and the standard elements include subject, object, time and operation type; 计算模块,用于对所述操作原始日志进行散列计算得到所述操作原始日志对应的散列值,并保存所述操作原始日志与所述散列值的映射关系;A calculation module, used for performing hash calculation on the original operation log to obtain a hash value corresponding to the original operation log, and saving a mapping relationship between the original operation log and the hash value; 存储模块,用于将所述散列值和所述要素存储至母区块链网络中所述目标企业对应的目标子区块链网络中,以便所述目标子区块链网络中的监管区块链节点对所述目标企业进行操作审计;其中,所述母区块链网络中包括多个子区块链网络,每个所述子区块链网络之间进行数据隔离,每个子区块链网络用于存储一个企业的操作信息;A storage module, used to store the hash value and the elements in a target sub-blockchain network corresponding to the target enterprise in the parent blockchain network, so that the regulatory blockchain node in the target sub-blockchain network can perform an operation audit on the target enterprise; wherein the parent blockchain network includes multiple sub-blockchain networks, each of which is data isolated, and each sub-blockchain network is used to store the operation information of an enterprise; 所述存储模块包括:The storage module comprises: 第一确定单元,用于根据所述要素基于标准上报格式确定所述操作原始日志的操作摘要字段;A first determining unit, configured to determine an operation summary field of the operation original log based on the elements and in a standard reporting format; 存储单元,用于将所述散列值和所述操作摘要字段存储至母区块链网络中所述目标企业对应的目标子区块链网络中;A storage unit, used to store the hash value and the operation summary field in a target child blockchain network corresponding to the target enterprise in the parent blockchain network; 所述装置还包括:确定模块,用于从所述监管区块链节点获取要素扩展标准,基于所述要素扩展标准确定每个所述要素对应的扩展字段;The device further includes: a determination module, configured to obtain an element extension standard from the regulatory blockchain node, and determine an extension field corresponding to each element based on the element extension standard; 相应的,所述第一确定单元具体为根据每个所述要素和每个所述要素对应的扩展字段基于标准上报格式确定所述操作原始日志的操作摘要字段的单元。Correspondingly, the first determining unit is specifically a unit that determines the operation summary field of the original operation log based on a standard reporting format according to each of the elements and the extended field corresponding to each of the elements. 7.根据权利要求6所述的装置,其特征在于,还包括:7. The device according to claim 6, further comprising: 预处理模块,用于在所述要素中确定敏感信息,并对所述敏感信息进行预处理操作;其中,所述敏感信息包括用户敏感信息和/或所述目标企业的系统敏感信息。A preprocessing module is used to determine sensitive information in the elements and perform preprocessing operations on the sensitive information; wherein the sensitive information includes user sensitive information and/or system sensitive information of the target enterprise. 8.根据权利要求7所述的装置,其特征在于,所述预处理模块具体为去除所述要素中的所述系统敏感信息或对所述系统敏感信息进行掩码化处理的模块。8. The device according to claim 7 is characterized in that the pre-processing module is specifically a module for removing the system sensitive information in the elements or performing masking processing on the system sensitive information. 9.根据权利要求7所述的装置,其特征在于,所述预处理模块具体为对所述用户敏感信息进行加密处理的模块。9. The device according to claim 7 is characterized in that the pre-processing module is specifically a module for encrypting the user sensitive information. 10.根据权利要求6所述的装置,其特征在于,所述操作类型的扩展字段包括类别;所述确定模块包括:10. The device according to claim 6, wherein the extended field of the operation type includes a category; and the determination module includes: 第二确定单元,用于从所述监管区块链节点获取操作类型分类标准,基于所述操作类型分类标准确定所述操作类型的类别。The second determination unit is used to obtain the operation type classification standard from the regulatory blockchain node, and determine the category of the operation type based on the operation type classification standard. 11.一种电子设备,其特征在于,包括:11. An electronic device, comprising: 存储器,用于存储计算机程序;Memory for storing computer programs; 处理器,用于执行所述计算机程序时实现如权利要求1至5任一项所述操作审计方法的步骤。A processor, configured to implement the steps of the operation audit method as claimed in any one of claims 1 to 5 when executing the computer program. 12.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至5任一项所述操作审计方法的步骤。12. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the operation audit method according to any one of claims 1 to 5 are implemented.
CN202010037891.3A 2020-01-14 2020-01-14 Operation audit method, device, electronic device and computer-readable storage medium Active CN111241104B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010037891.3A CN111241104B (en) 2020-01-14 2020-01-14 Operation audit method, device, electronic device and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010037891.3A CN111241104B (en) 2020-01-14 2020-01-14 Operation audit method, device, electronic device and computer-readable storage medium

Publications (2)

Publication Number Publication Date
CN111241104A CN111241104A (en) 2020-06-05
CN111241104B true CN111241104B (en) 2024-12-20

Family

ID=70871031

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010037891.3A Active CN111241104B (en) 2020-01-14 2020-01-14 Operation audit method, device, electronic device and computer-readable storage medium

Country Status (1)

Country Link
CN (1) CN111241104B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112347119A (en) * 2020-09-18 2021-02-09 杭州安恒信息安全技术有限公司 Data storage method and device applied to auditing system and computer equipment
CN113139181A (en) * 2021-04-30 2021-07-20 成都卫士通信息产业股份有限公司 Security audit method, device, equipment and readable storage medium
CN113254964A (en) * 2021-06-02 2021-08-13 杭州趣链科技有限公司 Log security certificate storage method and device, electronic equipment and storage medium
CN113779125B (en) * 2021-08-17 2025-04-29 华中科技大学 Construction safety information management method and system
CN113886901B (en) * 2021-09-23 2025-05-27 安徽中科晶格技术有限公司 Blockchain-based traceability method, device and equipment in isolated network
CN114756902A (en) * 2022-04-11 2022-07-15 敏于行(北京)科技有限公司 Security audit method and device for efficient trusted structured database
CN115865475A (en) * 2022-11-29 2023-03-28 阳光保险集团股份有限公司 Method, device and storage medium for determining abnormal situation of web application
CN116015840B (en) * 2022-12-23 2024-01-30 星环信息科技(上海)股份有限公司 Data operation auditing method, system, equipment and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110417918A (en) * 2019-08-29 2019-11-05 腾讯科技(深圳)有限公司 A kind of distributed storage method of archive information, device and electronic equipment and medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190266146A1 (en) * 2016-11-10 2019-08-29 Saavha, Inc. Secure auditing system based on verified hash algorithm
CN108833514A (en) * 2018-06-01 2018-11-16 众安信息技术服务有限公司 Audit log processing method, device and Log Audit System based on block chain
CN108932189B (en) * 2018-06-30 2021-09-07 平安科技(深圳)有限公司 Method and device for saving server log
CN109190410B (en) * 2018-09-26 2020-05-19 华中科技大学 Log behavior auditing method based on block chain in cloud storage environment
CN110084059A (en) * 2019-03-21 2019-08-02 深圳壹账通智能科技有限公司 A kind of method, apparatus and computer equipment of banking system data configuration block chain
CN110535872B (en) * 2019-09-12 2021-06-01 腾讯科技(深圳)有限公司 Method and apparatus for processing data requests in a blockchain network

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110417918A (en) * 2019-08-29 2019-11-05 腾讯科技(深圳)有限公司 A kind of distributed storage method of archive information, device and electronic equipment and medium

Also Published As

Publication number Publication date
CN111241104A (en) 2020-06-05

Similar Documents

Publication Publication Date Title
CN111241104B (en) Operation audit method, device, electronic device and computer-readable storage medium
US12225025B2 (en) Enhanced cloud infrastructure security through runtime visibility into deployed software
US11757945B2 (en) Collaborative database and reputation management in adversarial information environments
CN112347165B (en) Log processing method and device, server and computer readable storage medium
US20240171614A1 (en) System and method for internet activity and health forecasting and internet noise analysis
US11968239B2 (en) System and method for detection and mitigation of data source compromises in adversarial information environments
US10659335B1 (en) Contextual analyses of network traffic
JP2016519384A (en) Method for processing data, tangible machine readable recordable storage medium and device, and method for querying features extracted from a data record, tangible machine readable recordable storage medium and device
US12063242B2 (en) Vulnerability scanning of a remote file system
CN111314301A (en) Website access control method and device based on DNS (Domain name Server) analysis
CN113507461B (en) Network monitoring system and network monitoring method based on big data
WO2015141665A1 (en) Website information extraction device, system, website information extraction method, and website information extraction program
WO2022257226A1 (en) Cyberspace mapping-based honeypot recognition method and apparatus, device, and medium
CN111274276A (en) Operation auditing method and device, electronic equipment and computer-readable storage medium
US20200382539A1 (en) Network embeddings model for personal identifiable information protection
JP2015179416A (en) Blacklist expansion device, blacklist expansion method, and blacklist expansion program
CN116738369A (en) Traffic data classification method, device, equipment and storage medium
US10462180B1 (en) System and method for mitigating phishing attacks against a secured computing device
CN113906405A (en) Modifying data items
US20170063880A1 (en) Methods, systems, and computer readable media for conducting malicious message detection without revealing message content
EP3547733A1 (en) System and method for anonymous data exchange between server and client
US20240064163A1 (en) System and method for risk-based observability of a computing platform
WO2024263997A1 (en) System and method for internet activity and health forecasting and internet noise analysis
US11789743B2 (en) Host operating system identification using transport layer probe metadata and machine learning
CN113778709B (en) Interface calling method, device, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40024815

Country of ref document: HK

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant