[go: up one dir, main page]

CN112711772B - Audit system, method and storage medium for function execution in service - Google Patents

Audit system, method and storage medium for function execution in service Download PDF

Info

Publication number
CN112711772B
CN112711772B CN202011619719.5A CN202011619719A CN112711772B CN 112711772 B CN112711772 B CN 112711772B CN 202011619719 A CN202011619719 A CN 202011619719A CN 112711772 B CN112711772 B CN 112711772B
Authority
CN
China
Prior art keywords
audit
information
record
function
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011619719.5A
Other languages
Chinese (zh)
Other versions
CN112711772A (en
Inventor
李青
刘晓元
朱代鑫
李鹏飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced Institute of Information Technology AIIT of Peking University
Hangzhou Weiming Information Technology Co Ltd
Original Assignee
Advanced Institute of Information Technology AIIT of Peking University
Hangzhou Weiming Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced Institute of Information Technology AIIT of Peking University, Hangzhou Weiming Information Technology Co Ltd filed Critical Advanced Institute of Information Technology AIIT of Peking University
Priority to CN202011619719.5A priority Critical patent/CN112711772B/en
Publication of CN112711772A publication Critical patent/CN112711772A/en
Application granted granted Critical
Publication of CN112711772B publication Critical patent/CN112711772B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application discloses an audit system, method and storage medium for function execution in service, the system comprises: an operation audit SDK, an operation audit background center, a cache and a database; the operation audit background center is respectively in communication connection with the operation audit SDK, the cache and the database, and the operation audit SDK comprises an operation interceptor, an operation analyzer, an information transmitter and an exception handler; the operation interceptor, the operation analyzer, the information transmitter and the exception handler are sequentially in communication connection. Therefore, by adopting the embodiment of the application, the functions in service can be effectively protected, and the data loss caused by malicious triggering of the functions is further prevented, so that the safety of the data is improved.

Description

一种服务中功能执行时的审计系统、方法及存储介质An audit system, method and storage medium for function execution in a service

技术领域Technical Field

本发明涉及计算机软件技术领域,特别涉及一种服务中功能执行时的审计系统、方法及存储介质。The present invention relates to the field of computer software technology, and in particular to an audit system, method and storage medium for executing functions in a service.

背景技术Background technique

在涉及到敏感数据的系统中,为了安全起见,需要记录在系统中发生过的操作内容,检测异常行为,保护系统中的数据安全。例如在医疗领域、病人相关数据大部分属于敏感数据或者隐私数据,任何查看,修改数据等操作,都需要严格记录审计,并在异常情况(跨地点操作,高频操作)时,进行操作阻断并将相关信息提供给管理员。In systems involving sensitive data, for security reasons, it is necessary to record the operations that have occurred in the system, detect abnormal behaviors, and protect the data security in the system. For example, in the medical field, most patient-related data is sensitive data or private data. Any operations such as viewing and modifying data need to be strictly recorded and audited. In abnormal situations (cross-location operations, high-frequency operations), operations are blocked and relevant information is provided to administrators.

现有的审计方案中,常见加入操作审计的方式可以是在系统的业务系统中直接内嵌相关功能,这种内嵌方式能够精准进行操作的记录和审计,保证数据的安全,但会引入一定的代码耦合度,当需要相关操作的系统和项目增多时,每个项目都需要各自编码和维护相关功能,维护成本较高。另一种方式是将操作审计的功能从各个项目中独立出来并使用一套适用于多项目的通用审计模块。它解决了代码耦合的问题,并可以在多个项目使用相同的系统进审计,降低了维护成本。但当不同项目在不同场景下对于操作审计的方式存在不同的需求时,其通用的审计规则并不能保证针对不同需求时都能正常进行相应的处理,也无法保证在各个具体场景下所需信息的精准性。In the existing audit scheme, a common way to add operation audit is to directly embed relevant functions in the business system of the system. This embedding method can accurately record and audit operations and ensure data security, but it will introduce a certain degree of code coupling. When the number of systems and projects that require related operations increases, each project needs to encode and maintain related functions, which has high maintenance costs. Another way is to separate the operation audit function from each project and use a set of general audit modules applicable to multiple projects. It solves the problem of code coupling and can use the same system for auditing in multiple projects, reducing maintenance costs. However, when different projects have different requirements for the operation audit method in different scenarios, its general audit rules cannot guarantee that the corresponding processing can be carried out normally for different requirements, nor can it guarantee the accuracy of the required information in each specific scenario.

发明内容Summary of the invention

本申请实施例提供了一种服务中功能执行时的审计系统、方法及存储介质。为了对披露的实施例的一些方面有一个基本的理解,下面给出了简单的概括。该概括部分不是泛泛评述,也不是要确定关键/重要组成元素或描绘这些实施例的保护范围。其唯一目的是用简单的形式呈现一些概念,以此作为后面的详细说明的序言。The embodiments of the present application provide an audit system, method and storage medium for the execution of functions in a service. In order to have a basic understanding of some aspects of the disclosed embodiments, a simple summary is given below. This summary is not a general review, nor is it intended to identify key/important components or describe the scope of protection of these embodiments. Its only purpose is to present some concepts in a simple form as a preface to the detailed description that follows.

第一方面,本申请实施例提供了一种服务中功能执行时的审计系统,该系统包括:In a first aspect, an embodiment of the present application provides an audit system for executing a function in a service, the system comprising:

操作审计SDK、操作审计后台中心、缓存以及数据库;其中,Operation audit SDK, operation audit backend center, cache and database; among them,

操作审计后台中心分别与操作审计SDK、缓存以及数据库通信连接。The operation audit backend center is connected to the operation audit SDK, cache and database respectively.

可选的,操作审计SDK包括操作拦截器、操作解析器、信息发送器以及异常处理器;其中,Optionally, the operation audit SDK includes an operation interceptor, an operation parser, an information sender, and an exception handler;

操作拦截器、操作解析器、信息发送器以及异常处理器依次通信连接。The operation interceptor, the operation parser, the information sender and the exception handler are connected in communication in sequence.

可选的,异常处理器与操作拦截器通信连接。Optionally, the exception handler is in communication with the operation interceptor.

可选的,操作审计后台中心包括信息接收器、记录存储器、异常检测器以及信息展示的显示器;其中,Optionally, the operation audit backend center includes an information receiver, a record storage, an anomaly detector, and a display for information display; wherein,

信息接收器分别与信息发送器、异常检测器以及记录存储器通信连接;The information receiver is communicatively connected with the information transmitter, the anomaly detector and the record storage device respectively;

异常检测器与缓存通信连接;The anomaly detector is communicatively connected to the cache;

记录存储器、数据库以及信息展示平台依次通信连接。The record storage, database and information display platform are communicatively connected in sequence.

可选的,操作审计SDK,用于接入需要审计的服务,拦截针对服务的触发操作生成拦截信息,并根据预设自定义配置文件中的审计规则针对拦截信息进行解析后发送至操作审计后台中心;Optional, operation audit SDK, used to access the service that needs to be audited, intercept the triggering operation of the service to generate interception information, and parse the interception information according to the audit rules in the preset custom configuration file and send it to the operation audit backend center;

操作审计后台中心,用于针对操作审计SDK发送的拦截信息进行异常检测生成检测结果,以及将检测结果保存并反馈至操作审计SDK;The operation audit backend center is used to perform anomaly detection on the intercepted information sent by the operation audit SDK, generate detection results, and save and feed back the detection results to the operation audit SDK;

缓存,用于保存拦截信息;Cache, used to save interception information;

数据库,用于保存预警信息。Database, used to store warning information.

第二方面,本申请实施例提供了一种服务中功能执行时的审计方法,应用于操作拦截器,方法包括:In a second aspect, an embodiment of the present application provides an audit method for executing a function in a service, which is applied to an operation interceptor, and the method includes:

当监测到被审计的服务中指定功能被触发后执行时,针对触发的指定功能进行拦截后生成拦截信息;其中,拦截信息中至少包括触发的指定功能中的方法参数和返回值;When it is monitored that a specified function in the audited service is triggered and executed, interception information is generated after intercepting the triggered specified function; wherein the interception information at least includes the method parameters and return values in the triggered specified function;

将拦截信息发送至操作解析器。Send the intercept information to the action resolver.

第三方面,本申请实施例提供了一种服务中功能执行时的审计方法,应用于操作解析器,方法包括:In a third aspect, an embodiment of the present application provides an audit method for executing a function in a service, which is applied to an operation parser, and the method includes:

接收操作拦截器针对操作解析器发送的拦截信息;Receive interception information sent by the operation interceptor to the operation parser;

获取预先配置的配置文件中包含的审计规则;Get the audit rules contained in the pre-configured profile;

基于审计规则将拦截信息进行解析与整合,生成操作记录;Analyze and integrate interception information based on audit rules to generate operation records;

将操作记录发送至信息发送器,并基于信息发送器将操作记录发送至信息接收器;Sending the operation record to the information sender, and sending the operation record to the information receiver based on the information sender;

基于信息接收器将操作记录发送至记录存储器;sending the operation record to the record storage based on the information receiver;

基于记录存储器将操作信息发送至数据库进行保存。The operation information is sent to the database for storage based on the record storage.

第四方面,本申请实施例提供了一种服务中功能执行时的审计方法,应用于异常检测器,方法包括:In a fourth aspect, an embodiment of the present application provides an audit method for executing a function in a service, which is applied to an anomaly detector, and the method includes:

基于信息接收器接收操作记录;receiving the operation record based on the information receiver;

获取历史操作记录;Get historical operation records;

将操作记录和历史操作记录进行对比检测,生成检测结果;Compare and test the operation records with historical operation records to generate test results;

当检测结果显示为异常操作时生成异常信息,并将异常信息发送至异常处理器。When the detection result shows an abnormal operation, abnormal information is generated and sent to the abnormality handler.

第五方面,本申请实施例提供了一种服务中功能执行时的审计方法,应用于异常处理器,方法包括:In a fifth aspect, an embodiment of the present application provides an audit method for executing a function in a service, which is applied to an exception handler, and the method includes:

当接收到来自异常检测器发送的异常信息时,针对触发的指定功能对应的指定配置文件所提供的异常处理设置进行异常处理。When the exception information sent from the exception detector is received, the exception handling is performed according to the exception handling settings provided by the specified configuration file corresponding to the triggered specified function.

第六方面,本申请实施例提供一种计算机存储介质,计算机存储介质存储有多条指令,指令适于由处理器加载并执行上述的方法步骤。In a sixth aspect, an embodiment of the present application provides a computer storage medium, which stores a plurality of instructions, and the instructions are suitable for being loaded by a processor and executing the above-mentioned method steps.

本申请实施例提供的技术方案可以包括以下有益效果:The technical solution provided by the embodiments of the present application may have the following beneficial effects:

在本申请实施例提供的审计系统中,操作拦截器会将用户触发的功能操作进行拦截,生成拦截信息,并将拦截信息发送至操作解析器,操作解析器会根据配置文件中配置的审计规则实例将捕获的信息进行解析与整合,生成操作记录,然后将生成的详细且完整的操作记录根据规则实例通过记录存储器存储到数据库或是发送至异常检测器,异常检测器接收到操作记录后于存放历史操作记录进行对比检测其是否为异常操作或功能冻结,若判定为异常操作则将信息发送至异常处理器,根据审计规则实例进行指定的预警反馈,通过操作拦截器返回至具体项目。由于本申请以一种无代码侵入性的方式将操作审计功能加入至多项目中,并提供根据具体要求配置具体审计规则的使用方式,从而降低了系统中操作审计代码的耦合度的同时又保证了各项目能够按需定义审计具体规则,进一步保证了审计的精确性。In the audit system provided in the embodiment of the present application, the operation interceptor will intercept the functional operation triggered by the user, generate interception information, and send the interception information to the operation parser. The operation parser will parse and integrate the captured information according to the audit rule instance configured in the configuration file, generate an operation record, and then store the generated detailed and complete operation record in the database through the record storage according to the rule instance or send it to the anomaly detector. After receiving the operation record, the anomaly detector compares it with the stored historical operation record to detect whether it is an abnormal operation or functional freezing. If it is determined to be an abnormal operation, the information is sent to the exception handler, and the specified early warning feedback is performed according to the audit rule instance, and returned to the specific project through the operation interceptor. Because the present application adds the operation audit function to multiple projects in a non-code invasive manner, and provides a method of configuring specific audit rules according to specific requirements, it reduces the coupling degree of the operation audit code in the system while ensuring that each project can define specific audit rules as needed, further ensuring the accuracy of the audit.

应当理解的是,以上的一般描述和后文的细节描述仅是示例性和解释性的,并不能限制本发明。It is to be understood that the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本发明的实施例,并与说明书一起用于解释本发明的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and, together with the description, serve to explain the principles of the invention.

图1示出了本发明的操作审计系统的总体结构示意图;FIG1 shows a schematic diagram of the overall structure of the operation audit system of the present invention;

图2是本申请实施例提供的一种服务中功能执行时的审计系统示意图;2 is a schematic diagram of an audit system when a function is executed in a service provided in an embodiment of the present application;

图3是本申请实施例提供的一种服务中功能执行时的审计方法的方法示意图;3 is a schematic diagram of an audit method for executing a function in a service provided by an embodiment of the present application;

图4是本申请实施例提供的另一种服务中功能执行时的审计方法的方法示意图;4 is a schematic diagram of a method for auditing the execution of a function in another service provided by an embodiment of the present application;

图5是本申请实施例提供的另一种服务中功能执行时的审计方法的方法示意图;5 is a schematic diagram of a method for auditing the execution of a function in another service provided by an embodiment of the present application;

图6是本申请实施例提供的另一种服务中功能执行时的审计方法的方法示意图;6 is a schematic diagram of another method for auditing a function during execution of a service provided by an embodiment of the present application;

图7是本申请实施例提供的一种服务中功能执行时的审计系统部署示意图。FIG. 7 is a schematic diagram of the deployment of an audit system during the execution of a function in a service provided in an embodiment of the present application.

具体实施方式Detailed ways

以下描述和附图充分地示出本发明的具体实施方案,以使本领域的技术人员能够实践它们。The following description and the drawings sufficiently illustrate specific embodiments of the invention to enable those skilled in the art to practice them.

应当明确,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。It should be clear that the described embodiments are only part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本发明相一致的所有实施方式。相反,它们仅是如所附权利要求书中所详述的、本发明的一些方面相一致的系统和方法的例子。When the following description refers to the drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Instead, they are only examples of systems and methods consistent with some aspects of the present invention as detailed in the attached claims.

在本发明的描述中,需要理解的是,术语“第一”、“第二”等仅用于描述目的,而不能理解为指示或暗示相对重要性。对于本领域的普通技术人员而言,可以具体情况理解上述术语在本发明中的具体含义。此外,在本发明的描述中,除非另有说明,“多个”是指两个或两个以上。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。字符“/”一般表示前后关联对象是一种“或”的关系。In the description of the present invention, it should be understood that the terms "first", "second", etc. are only used for descriptive purposes and cannot be understood as indicating or implying relative importance. For those of ordinary skill in the art, the specific meanings of the above terms in the present invention can be understood according to specific circumstances. In addition, in the description of the present invention, unless otherwise specified, "plurality" refers to two or more. "And/or" describes the association relationship of associated objects, indicating that three relationships may exist. For example, A and/or B can represent: A exists alone, A and B exist at the same time, and B exists alone. The character "/" generally indicates that the previously associated objects are in an "or" relationship.

请参见图1,图1示出了本发明的操作审计系统的总体结构示意图,当被审计的服务中有指定的功能操作被执行时,操作拦截器会将该操作进行拦截,并将拦截信息发送至操作解析器,操作解析器会根据配置文件中配置的审计规则实例将捕获的信息进行解析与整合,将生成的详细且完整的操作记录根据规则实例通过记录存储器存储到数据库或是发送至异常检测器,异常检测器接收到操作记录后于存放历史操作记录至缓存进行对比检测其是否为异常操作或功能冻结,若判定为异常操作则将信息发送至异常处理器,根据审计规则实例进行指定的预警反馈,通过操作拦截器返回至具体项目。Please refer to Figure 1, which shows a schematic diagram of the overall structure of the operation audit system of the present invention. When a specified functional operation is executed in the audited service, the operation interceptor will intercept the operation and send the interception information to the operation parser. The operation parser will parse and integrate the captured information according to the audit rule instance configured in the configuration file, and store the generated detailed and complete operation records in the database through the record storage according to the rule instance or send them to the anomaly detector. After receiving the operation record, the anomaly detector stores the historical operation record in the cache for comparison to detect whether it is an abnormal operation or function freeze. If it is determined to be an abnormal operation, the information will be sent to the exception handler, and the specified early warning feedback will be performed according to the audit rule instance, and returned to the specific project through the operation interceptor.

请参见图2,图2是本申请实施例提供的一种服务中功能执行时的审计系统示意图,该系统包括:操作审计SDK、操作审计后台中心、缓存以及数据库;其中,操作审计后台中心分别与操作审计SDK、缓存以及数据库通信连接。Please refer to Figure 2, which is a schematic diagram of an audit system when a function is executed in a service provided in an embodiment of the present application. The system includes: an operation audit SDK, an operation audit backend center, a cache, and a database; wherein the operation audit backend center is respectively communicated with the operation audit SDK, the cache, and the database.

具体的,操作审计SDK包括操作拦截器、操作解析器、信息发送器以及异常处理器;其中,操作拦截器、操作解析器、信息发送器以及异常处理器依次通信连接。Specifically, the operation audit SDK includes an operation interceptor, an operation parser, an information transmitter, and an exception handler; wherein the operation interceptor, the operation parser, the information transmitter, and the exception handler are communicatively connected in sequence.

进一步的,异常处理器与操作拦截器通信连接。Furthermore, the exception handler is in communication connection with the operation interceptor.

具体的,操作审计后台中心包括信息接收器、记录存储器、异常检测器以及信息展示的显示器;其中,信息接收器分别与信息发送器、异常检测器以及记录存储器通信连接;异常检测器与缓存通信连接;记录存储器、数据库以及信息展示平台依次通信连接。Specifically, the operation audit backend center includes an information receiver, a record storage, an anomaly detector and a display for information display; wherein the information receiver is respectively communicated with the information transmitter, the anomaly detector and the record storage; the anomaly detector is communicated with the cache; the record storage, the database and the information display platform are communicated with each other in sequence.

具体的,操作审计SDK,用于接入需要审计的服务,拦截针对服务的触发操作生成拦截信息,并根据预设自定义配置文件中的审计规则针对拦截信息进行解析后发送至操作审计后台中心;操作审计后台中心,用于针对操作审计SDK发送的拦截信息进行异常检测生成检测结果,以及将检测结果保存并反馈至操作审计SDK;缓存,用于保存拦截信息;数据库,用于保存预警信息。Specifically, the operation audit SDK is used to access the services that need to be audited, intercept the triggering operations of the services to generate interception information, and parse the interception information according to the audit rules in the preset custom configuration file and send it to the operation audit backend center; the operation audit backend center is used to perform anomaly detection on the interception information sent by the operation audit SDK to generate detection results, and save the detection results and feed them back to the operation audit SDK; the cache is used to save the interception information; the database is used to save the warning information.

在本申请实施例提供的审计系统中,操作拦截器会将用户触发的功能操作进行拦截,生成拦截信息,并将拦截信息发送至操作解析器,操作解析器会根据配置文件中配置的审计规则实例将捕获的信息进行解析与整合,生成操作记录,然后将生成的详细且完整的操作记录根据规则实例通过记录存储器存储到数据库或是发送至异常检测器,异常检测器接收到操作记录后于存放历史操作记录进行对比检测其是否为异常操作或功能冻结,若判定为异常操作则将信息发送至异常处理器,根据审计规则实例进行指定的预警反馈,通过操作拦截器返回至具体项目。由于本申请以一种无代码侵入性的方式将操作审计功能加入至多项目中,并提供根据具体要求配置具体审计规则的使用方式,从而降低了系统中操作审计代码的耦合度的同时又保证了各项目能够按需定义审计具体规则,进一步保证了审计的精确性。In the audit system provided in the embodiment of the present application, the operation interceptor will intercept the functional operation triggered by the user, generate interception information, and send the interception information to the operation parser. The operation parser will parse and integrate the captured information according to the audit rule instance configured in the configuration file, generate an operation record, and then store the generated detailed and complete operation record in the database through the record storage according to the rule instance or send it to the anomaly detector. After receiving the operation record, the anomaly detector compares it with the stored historical operation record to detect whether it is an abnormal operation or functional freezing. If it is determined to be an abnormal operation, the information is sent to the exception handler, and the specified early warning feedback is performed according to the audit rule instance, and returned to the specific project through the operation interceptor. Because the present application adds the operation audit function to multiple projects in a non-code invasive manner, and provides a method of configuring specific audit rules according to specific requirements, it reduces the coupling degree of the operation audit code in the system while ensuring that each project can define specific audit rules as needed, further ensuring the accuracy of the audit.

下面将结合附图3-附图7,对本申请实施例提供的服务中功能执行时的审计方法进行详细介绍。该方法可依赖于计算机程序实现,可运行于基于冯诺依曼体系的服务中功能执行时的审计装置上。该计算机程序可集成在应用中,也可作为独立的工具类应用运行。The following will introduce in detail the audit method for the execution of functions in the service provided by the embodiment of the present application in conjunction with Figures 3 to 7. The method can be implemented by relying on a computer program and can be run on an audit device for the execution of functions in the service based on the von Neumann system. The computer program can be integrated into an application or run as an independent tool application.

请参见图3,为本申请实施例提供了一种服务中功能执行时的审计方法的流程示意图,应用于操作拦截器。如图3所示,本申请实施例的方法可以包括以下步骤:Please refer to Figure 3, which is a flowchart of an audit method for executing a function in a service provided in an embodiment of the present application, which is applied to an operation interceptor. As shown in Figure 3, the method of the embodiment of the present application may include the following steps:

S101,当监测到被审计的服务中指定功能被触发后执行时,针对触发的指定功能进行拦截后生成拦截信息;其中,拦截信息中至少包括触发的指定功能中的方法参数和返回值;S101, when it is monitored that a designated function in the audited service is triggered and executed, intercept the triggered designated function and generate interception information; wherein the interception information at least includes method parameters and return values in the triggered designated function;

S102,将拦截信息发送至操作解析器。S102, sending the interception information to the operation parser.

在一种可能的实现方式中,用户触发服务中的功能后,被操作拦截器检测到后进行拦截,拦截正在执行的程序中被审计标记的操作部分,获取执行的方法中参数、返回值以及其他相关信息发送至操作解析器。In one possible implementation, after a user triggers a function in a service, it is detected and intercepted by an operation interceptor, which intercepts the audit-marked operation part in the executing program, obtains the parameters, return values and other relevant information in the executed method, and sends them to the operation parser.

在本申请实施例提供的审计系统中,操作拦截器会将用户触发的功能操作进行拦截,生成拦截信息,并将拦截信息发送至操作解析器,操作解析器会根据配置文件中配置的审计规则实例将捕获的信息进行解析与整合,生成操作记录,然后将生成的详细且完整的操作记录根据规则实例通过记录存储器存储到数据库或是发送至异常检测器,异常检测器接收到操作记录后于存放历史操作记录进行对比检测其是否为异常操作或功能冻结,若判定为异常操作则将信息发送至异常处理器,根据审计规则实例进行指定的预警反馈,通过操作拦截器返回至具体项目。由于本申请以一种无代码侵入性的方式将操作审计功能加入至多项目中,并提供根据具体要求配置具体审计规则的使用方式,从而降低了系统中操作审计代码的耦合度的同时又保证了各项目能够按需定义审计具体规则,进一步保证了审计的精确性。In the audit system provided in the embodiment of the present application, the operation interceptor will intercept the functional operation triggered by the user, generate interception information, and send the interception information to the operation parser. The operation parser will parse and integrate the captured information according to the audit rule instance configured in the configuration file, generate an operation record, and then store the generated detailed and complete operation record in the database through the record storage according to the rule instance or send it to the anomaly detector. After receiving the operation record, the anomaly detector compares it with the stored historical operation record to detect whether it is an abnormal operation or functional freezing. If it is determined to be an abnormal operation, the information is sent to the exception handler, and the specified early warning feedback is performed according to the audit rule instance, and returned to the specific project through the operation interceptor. Because the present application adds the operation audit function to multiple projects in a non-code invasive manner, and provides a method of configuring specific audit rules according to specific requirements, it reduces the coupling degree of the operation audit code in the system while ensuring that each project can define specific audit rules as needed, further ensuring the accuracy of the audit.

请参见图4,为本申请实施例提供了一种服务中功能执行时的审计方法的流程示意图,应用于操作解析器。如图4所示,本申请实施例的方法可以包括以下步骤:Please refer to Figure 4, which is a flowchart of an audit method for executing a function in a service provided in an embodiment of the present application, and is applied to an operation parser. As shown in Figure 4, the method of the embodiment of the present application may include the following steps:

S201,接收操作拦截器针对操作解析器发送的拦截信息;S201, receiving interception information sent by the operation interceptor to the operation parser;

S202,获取预先配置的配置文件中包含的审计规则;S202, obtaining audit rules contained in a pre-configured configuration file;

S203,基于审计规则将拦截信息进行解析与整合,生成操作记录;S203, analyzing and integrating the interception information based on the audit rules to generate an operation record;

S204,将操作记录发送至信息发送器,并基于信息发送器将操作记录发送至信息接收器;S204, sending the operation record to the information transmitter, and sending the operation record to the information receiver based on the information transmitter;

S205,基于信息接收器将操作记录发送至记录存储器;S205, sending the operation record to the record storage based on the information receiver;

S206,基于记录存储器将操作信息发送至数据库进行保存。S206: Send the operation information to a database for storage based on the record storage.

在一种可能的实现方式中,根据操作拦截器接收到的映射名读取项目中审计配置信息中指定的审计规则,并根据该规则把拦截的信息进行解析整合,提取拦截信息中指定的有效信息,并将该信息与审计规则中的操作标签等信息进行整合,生成一个详细且完整的操作记录,根据操作记录的审计类型进行异常检测或记录存储。In one possible implementation, the audit rules specified in the audit configuration information of the project are read according to the mapping name received by the operation interceptor, and the intercepted information is parsed and integrated according to the rules, and the valid information specified in the intercepted information is extracted, and the information is integrated with the operation label and other information in the audit rules to generate a detailed and complete operation record, and anomaly detection or record storage is performed according to the audit type of the operation record.

具体的,当被审计的服务中有指定的操作被执行时,操作拦截器会将该操作进行拦截,并将拦截信息发送至操作解析器,操作解析器会根据配置文件中配置的审计规则实例将捕获的信息进行解析与整合,将生成的详细且完整的操作记录根据规则实例通过记录存储器存储到数据库或是发送至异常检测器,异常检测器接收到操作记录后于存放历史操作记录进行对比检测其是否为异常操作或功能冻结,若判定为异常操作则将信息发送至异常处理器,根据审计规则实例进行指定的预警反馈,通过操作拦截器返回至具体项目。Specifically, when a specified operation is executed in the audited service, the operation interceptor will intercept the operation and send the interception information to the operation parser. The operation parser will parse and integrate the captured information according to the audit rule instance configured in the configuration file, and store the generated detailed and complete operation record in the database through the record storage according to the rule instance or send it to the anomaly detector. After receiving the operation record, the anomaly detector will compare it with the stored historical operation record to detect whether it is an abnormal operation or function freezing. If it is determined to be an abnormal operation, the information will be sent to the exception handler, and the specified early warning feedback will be performed according to the audit rule instance, and returned to the specific project through the operation interceptor.

在本申请实施例提供的审计系统中,操作拦截器会将用户触发的功能操作进行拦截,生成拦截信息,并将拦截信息发送至操作解析器,操作解析器会根据配置文件中配置的审计规则实例将捕获的信息进行解析与整合,生成操作记录,然后将生成的详细且完整的操作记录根据规则实例通过记录存储器存储到数据库或是发送至异常检测器,异常检测器接收到操作记录后于存放历史操作记录进行对比检测其是否为异常操作或功能冻结,若判定为异常操作则将信息发送至异常处理器,根据审计规则实例进行指定的预警反馈,通过操作拦截器返回至具体项目。由于本申请以一种无代码侵入性的方式将操作审计功能加入至多项目中,并提供根据具体要求配置具体审计规则的使用方式,从而降低了系统中操作审计代码的耦合度的同时又保证了各项目能够按需定义审计具体规则,进一步保证了审计的精确性。In the audit system provided in the embodiment of the present application, the operation interceptor will intercept the functional operation triggered by the user, generate interception information, and send the interception information to the operation parser. The operation parser will parse and integrate the captured information according to the audit rule instance configured in the configuration file, generate an operation record, and then store the generated detailed and complete operation record in the database through the record storage according to the rule instance or send it to the anomaly detector. After receiving the operation record, the anomaly detector compares it with the stored historical operation record to detect whether it is an abnormal operation or functional freezing. If it is determined to be an abnormal operation, the information is sent to the exception handler, and the specified early warning feedback is performed according to the audit rule instance, and returned to the specific project through the operation interceptor. Because the present application adds the operation audit function to multiple projects in a non-code invasive manner, and provides a method of configuring specific audit rules according to specific requirements, it reduces the coupling degree of the operation audit code in the system while ensuring that each project can define specific audit rules as needed, further ensuring the accuracy of the audit.

请参见图5,为本申请实施例提供了一种服务中功能执行时的审计方法的流程示意图,应用于异常检测器。如图5所示,本申请实施例的方法可以包括以下步骤:Please refer to Figure 5, which is a flowchart of an audit method for executing a function in a service provided in an embodiment of the present application, which is applied to an anomaly detector. As shown in Figure 5, the method of the embodiment of the present application may include the following steps:

S301,基于信息接收器接收操作记录;S301, receiving an operation record based on an information receiver;

S302,获取历史操作记录;S302, obtaining historical operation records;

S303,将操作记录和历史操作记录进行对比检测,生成检测结果;S303, performing a comparison test on the operation record and the historical operation record to generate a test result;

S304,当检测结果显示为异常操作时生成异常信息,并将异常信息发送至异常处理器。S304, when the detection result shows an abnormal operation, abnormal information is generated and sent to the abnormality handler.

在一种可能的实现方式中,异常检测器将需要进行异常检测的操作记录与内存中存放的历史操作记录进行比对,判断该操作是否为超频操作、异地登录违规操作、恶意频繁爬取信息操作等,检测出异常则将信息发送给异常处理器。将判定正常的操作进行解析,根据该操作中原先配置信息解析出的的规则,截取出主要部分以及时间戳存储至内存中。异常检测器每隔一定时间会抽取内存中存储的一部分操作缓存记录进行检测,将该操作记录已超过本操作审计规定的最长单位时间的过期数据进行清除,使缓存操作记录中不会存在过多过期数据。In one possible implementation, the anomaly detector compares the operation records that need to be detected for anomalies with the historical operation records stored in the memory to determine whether the operation is an overclocking operation, an illegal operation of logging in from a different location, a malicious and frequent crawling operation, etc. If an anomaly is detected, the information is sent to the anomaly handler. The normal operation is parsed, and the main part and the timestamp are intercepted and stored in the memory according to the rules parsed from the original configuration information in the operation. The anomaly detector extracts a portion of the operation cache records stored in the memory for detection at regular intervals, and clears the expired data of the operation record that has exceeded the longest unit time specified in the operation audit, so that there will not be too much expired data in the cache operation record.

异常处理器当接收到异常检测器的异常通知时,根据该操作记录中的指定配置文件提供的异常处理设置进行指定的异常处理,例如:打印日志信息、返回自定义异常信息、向管理员发送通知邮件、发送用户消息通知等。When the exception handler receives an exception notification from the exception detector, it performs specified exception processing according to the exception handling settings provided by the specified configuration file in the operation record, such as: printing log information, returning custom exception information, sending notification emails to administrators, sending user message notifications, etc.

在本申请实施例提供的审计系统中,操作拦截器会将用户触发的功能操作进行拦截,生成拦截信息,并将拦截信息发送至操作解析器,操作解析器会根据配置文件中配置的审计规则实例将捕获的信息进行解析与整合,生成操作记录,然后将生成的详细且完整的操作记录根据规则实例通过记录存储器存储到数据库或是发送至异常检测器,异常检测器接收到操作记录后于存放历史操作记录进行对比检测其是否为异常操作或功能冻结,若判定为异常操作则将信息发送至异常处理器,根据审计规则实例进行指定的预警反馈,通过操作拦截器返回至具体项目。由于本申请以一种无代码侵入性的方式将操作审计功能加入至多项目中,并提供根据具体要求配置具体审计规则的使用方式,从而降低了系统中操作审计代码的耦合度的同时又保证了各项目能够按需定义审计具体规则,进一步保证了审计的精确性。In the audit system provided in the embodiment of the present application, the operation interceptor will intercept the functional operation triggered by the user, generate interception information, and send the interception information to the operation parser. The operation parser will parse and integrate the captured information according to the audit rule instance configured in the configuration file, generate an operation record, and then store the generated detailed and complete operation record in the database through the record storage according to the rule instance or send it to the anomaly detector. After receiving the operation record, the anomaly detector compares it with the stored historical operation record to detect whether it is an abnormal operation or functional freezing. If it is determined to be an abnormal operation, the information is sent to the exception handler, and the specified early warning feedback is performed according to the audit rule instance, and returned to the specific project through the operation interceptor. Because the present application adds the operation audit function to multiple projects in a non-code invasive manner, and provides a method of configuring specific audit rules according to specific requirements, it reduces the coupling degree of the operation audit code in the system while ensuring that each project can define specific audit rules as needed, further ensuring the accuracy of the audit.

请参见图6,为本申请实施例提供了一种服务中功能执行时的审计方法的流程示意图,应用于异常处理器。如图6所示,本申请实施例的方法可以包括以下步骤:Please refer to Figure 6, which is a flowchart of an audit method for executing a function in a service provided in an embodiment of the present application, which is applied to an exception handler. As shown in Figure 6, the method of the embodiment of the present application may include the following steps:

S401,当接收到来自异常检测器发送的异常信息时,针对触发的指定功能对应的指定配置文件所提供的异常处理设置进行异常处理。S401, when receiving exception information sent from an exception detector, performing exception handling on the exception handling settings provided by the specified configuration file corresponding to the triggered specified function.

在一种可能的实现方式中,当接收到异常检测器的异常通知时,根据该操作记录中的指定配置文件提供的异常处理设置进行指定的异常处理,例如:打印日志信息、返回自定义异常信息、向管理员发送通知邮件、发送用户消息通知等。In one possible implementation, when an exception notification is received from an exception detector, specified exception handling is performed according to the exception handling settings provided by the specified configuration file in the operation record, for example: printing log information, returning custom exception information, sending a notification email to an administrator, sending a user message notification, etc.

进一步地,还包括记录存储器,记录存储器通过接收到的操作记录以及异常检测结果整理出操作预警情况等信息存储至数据库,供管理员快速的锁定各类异常、违规操作或是检测潜在问题。Furthermore, it also includes a record storage device, which organizes the received operation records and abnormal detection results into operation warning information and stores it in a database, so that the administrator can quickly lock various abnormalities, illegal operations or detect potential problems.

例如图7所示,操作审计后台中心,其中包含了信息接收器、异常检测器、记录存储器以及信息展示。主要用于接收操作审计SDK发送的信息并进行异常检测以及记录存储,最后返回结果。For example, as shown in Figure 7, the operation audit backend center includes information receivers, anomaly detectors, record storage, and information display. It is mainly used to receive information sent by the operation audit SDK, perform anomaly detection, record storage, and finally return the results.

操作审计SDK,其中包含了操作拦截器、操作解析器、信息发送器以及异常处理器。用于接入需要操作审计的项目,拦截信息并将信息根据自定义配置文件中的操作审计需求进行解析并发送至操作审计后台中心,最后将操作审计后台中心返回的信息反馈至项目。The operation audit SDK includes an operation interceptor, an operation parser, an information sender, and an exception handler. It is used to access projects that require operation audits, intercept information, parse the information according to the operation audit requirements in the custom configuration file, and send it to the operation audit backend center. Finally, the information returned by the operation audit backend center is fed back to the project.

需要说明的是,本方案可在每个平台部署操作审计SDK。SDK为软件开发工具包。It should be noted that this solution can deploy the operation audit SDK on each platform. SDK is a software development kit.

在本申请实施例提供的审计系统中,操作拦截器会将用户触发的功能操作进行拦截,生成拦截信息,并将拦截信息发送至操作解析器,操作解析器会根据配置文件中配置的审计规则实例将捕获的信息进行解析与整合,生成操作记录,然后将生成的详细且完整的操作记录根据规则实例通过记录存储器存储到数据库或是发送至异常检测器,异常检测器接收到操作记录后于存放历史操作记录进行对比检测其是否为异常操作或功能冻结,若判定为异常操作则将信息发送至异常处理器,根据审计规则实例进行指定的预警反馈,通过操作拦截器返回至具体项目。由于本申请以一种无代码侵入性的方式将操作审计功能加入至多项目中,并提供根据具体要求配置具体审计规则的使用方式,从而降低了系统中操作审计代码的耦合度的同时又保证了各项目能够按需定义审计具体规则,进一步保证了审计的精确性。In the audit system provided in the embodiment of the present application, the operation interceptor will intercept the functional operation triggered by the user, generate interception information, and send the interception information to the operation parser. The operation parser will parse and integrate the captured information according to the audit rule instance configured in the configuration file, generate an operation record, and then store the generated detailed and complete operation record in the database through the record storage according to the rule instance or send it to the anomaly detector. After receiving the operation record, the anomaly detector compares it with the stored historical operation record to detect whether it is an abnormal operation or functional freezing. If it is determined to be an abnormal operation, the information is sent to the exception handler, and the specified early warning feedback is performed according to the audit rule instance, and returned to the specific project through the operation interceptor. Because the present application adds the operation audit function to multiple projects in a non-code invasive manner, and provides a method of configuring specific audit rules according to specific requirements, it reduces the coupling degree of the operation audit code in the system while ensuring that each project can define specific audit rules as needed, further ensuring the accuracy of the audit.

本发明还提供一种计算机可读介质,其上存储有程序指令,该程序指令被处理器执行时实现上述各个方法实施例提供的服务中功能执行时的审计方法。The present invention also provides a computer-readable medium on which program instructions are stored. When the program instructions are executed by a processor, an audit method for the execution of functions in the services provided by the above-mentioned various method embodiments is implemented.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,的程序可存储于计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,的存储介质可为磁碟、光盘、只读存储记忆体或随机存储记忆体等。Those skilled in the art can understand that all or part of the processes in the above-mentioned embodiments can be implemented by instructing the relevant hardware through a computer program, and the program can be stored in a computer-readable storage medium. When the program is executed, it can include the processes of the embodiments of the above-mentioned methods. The storage medium can be a disk, an optical disk, a read-only storage memory, or a random access memory, etc.

以上所揭露的仅为本申请较佳实施例而已,当然不能以此来限定本申请之权利范围,因此依本申请权利要求所作的等同变化,仍属本申请所涵盖的范围。The above disclosure is only the preferred embodiment of the present application, which certainly cannot be used to limit the scope of rights of the present application. Therefore, equivalent changes made according to the claims of the present application are still within the scope covered by the present application.

Claims (9)

1.一种服务中功能执行时的审计系统,其特征在于,所述系统包括:1. An audit system for the execution of a function in a service, characterized in that the system comprises: 操作审计SDK、操作审计后台中心、缓存以及数据库;其中,Operation audit SDK, operation audit backend center, cache and database; among them, 所述操作审计后台中心分别与所述操作审计SDK、所述缓存以及所述数据库通信连接;其中,The operation audit backend center is respectively connected to the operation audit SDK, the cache and the database; wherein, 所述操作审计SDK,用于接入需要审计的服务,拦截针对所述服务的触发操作生成拦截信息,并根据预设自定义配置文件中的审计规则针对所述拦截信息进行解析后发送至操作审计后台中心;The operation audit SDK is used to access the service that needs to be audited, intercept the trigger operation of the service to generate interception information, and parse the interception information according to the audit rules in the preset custom configuration file and send it to the operation audit backend center; 所述操作审计后台中心,用于针对所述操作审计SDK发送的拦截信息进行异常检测生成检测结果,以及将所述检测结果保存并反馈至所述操作审计SDK;The operation audit backend center is used to perform anomaly detection on the intercepted information sent by the operation audit SDK to generate a detection result, and save the detection result and feed it back to the operation audit SDK; 所述缓存,用于保存所述拦截信息;The cache is used to store the interception information; 所述数据库,用于保存预警信息。The database is used to store early warning information. 2.根据权利要求1所述的一种服务中功能执行时的审计系统,其特征在于,2. The audit system for executing a function in a service according to claim 1, characterized in that: 所述操作审计SDK包括操作拦截器、操作解析器、信息发送器以及异常处理器;其中,The operation audit SDK includes an operation interceptor, an operation parser, an information sender and an exception handler; wherein, 所述操作拦截器、操作解析器、信息发送器以及异常处理器依次通信连接。The operation interceptor, operation parser, information transmitter and exception handler are sequentially connected in communication. 3.根据权利要求2所述的一种服务中功能执行时的审计系统,其特征在于,3. The audit system for executing a function in a service according to claim 2, characterized in that: 所述异常处理器与所述操作拦截器通信连接。The exception handler is communicatively connected with the operation interceptor. 4.根据权利要求3所述的一种服务中功能执行时的审计系统,其特征在于,4. The audit system for executing a function in a service according to claim 3, characterized in that: 所述操作审计后台中心包括信息接收器、记录存储器、异常检测器以及信息展示的显示器;其中,The operation audit background center includes an information receiver, a record storage, an anomaly detector and a display for information display; wherein, 所述信息接收器分别与所述信息发送器、异常检测器以及记录存储器通信连接;The information receiver is communicatively connected to the information transmitter, the anomaly detector and the record storage device respectively; 所述异常检测器与所述缓存通信连接;The anomaly detector is communicatively connected to the cache; 所述记录存储器、所述数据库以及所述信息展示的显示器依次通信连接。The record storage, the database and the display for displaying information are communicatively connected in sequence. 5.一种使用权利要求1-4任一项所述的系统所实现的服务中功能执行时的审计方法,其特征在于,应用于操作拦截器,所述方法包括:5. An audit method for the execution of a function in a service implemented by the system according to any one of claims 1 to 4, characterized in that it is applied to an operation interceptor, and the method comprises: 当监测到被审计的服务中指定功能被触发后执行时,针对所述触发的指定功能进行拦截后生成拦截信息;其中,所述拦截信息中至少包括所述触发的指定功能中的方法参数和返回值;When it is monitored that a specified function in the audited service is triggered and executed, interception information is generated after intercepting the triggered specified function; wherein the interception information at least includes method parameters and return values in the triggered specified function; 将所述拦截信息发送至操作解析器。The interception information is sent to the operation parser. 6.一种使用权利要求4所述的系统所实现的服务中功能执行时的审计方法,其特征在于,应用于操作解析器,所述方法包括:6. An audit method for the execution of a function in a service implemented by the system of claim 4, characterized in that it is applied to an operation parser, and the method comprises: 接收所述操作拦截器针对所述操作解析器发送的拦截信息;Receiving interception information sent by the operation interceptor to the operation parser; 获取预先配置的配置文件中包含的审计规则;Get the audit rules contained in the pre-configured profile; 基于所述审计规则将所述拦截信息进行解析与整合,生成操作记录;Parsing and integrating the interception information based on the audit rules to generate an operation record; 将所述操作记录发送至所述信息发送器,并基于所述信息发送器将所述操作记录发送至信息接收器;Sending the operation record to the information transmitter, and sending the operation record to the information receiver based on the information transmitter; 基于所述信息接收器将所述操作记录发送至记录存储器;sending the operation record to a record storage based on the information receiver; 基于所述记录存储器将所述操作记录发送至数据库进行保存。The operation record is sent to a database for storage based on the record storage. 7.一种使用权利要求4所述的系统所实现的服务中功能执行时的审计方法,其特征在于,应用于异常检测器,所述方法包括:7. An audit method for the execution of a function in a service implemented by the system of claim 4, characterized in that the method is applied to an anomaly detector, the method comprising: 基于所述信息接收器接收操作记录;receiving an operation record based on the information receiver; 获取历史操作记录;Get historical operation records; 将所述操作记录和所述历史操作记录进行对比检测,生成检测结果;Compare and test the operation record with the historical operation record to generate a test result; 当所述检测结果显示为异常操作时生成异常信息,并将所述异常信息发送至异常处理器。When the detection result shows an abnormal operation, abnormal information is generated and sent to an abnormality processor. 8.一种使用权利要求4所述的系统所实现的服务中功能执行时的审计方法,其特征在于,应用于异常处理器,所述方法包括:8. An audit method for executing a function in a service implemented by the system of claim 4, characterized in that the method is applied to an exception handler, and comprises: 当接收到来自所述异常检测器发送的异常信息时,针对所述触发的指定功能对应的指定配置文件所提供的异常处理设置进行异常处理。When the exception information sent from the exception detector is received, the exception handling is performed on the exception handling settings provided by the specified configuration file corresponding to the triggered specified function. 9.一种计算机存储介质,其特征在于,所述计算机存储介质存储有多条指令,所述指令适于由处理器加载并执行如权利要求5-8任意一项所述的方法。9. A computer storage medium, characterized in that the computer storage medium stores a plurality of instructions, wherein the instructions are suitable for being loaded by a processor and executing the method according to any one of claims 5 to 8.
CN202011619719.5A 2020-12-30 2020-12-30 Audit system, method and storage medium for function execution in service Active CN112711772B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011619719.5A CN112711772B (en) 2020-12-30 2020-12-30 Audit system, method and storage medium for function execution in service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011619719.5A CN112711772B (en) 2020-12-30 2020-12-30 Audit system, method and storage medium for function execution in service

Publications (2)

Publication Number Publication Date
CN112711772A CN112711772A (en) 2021-04-27
CN112711772B true CN112711772B (en) 2024-07-16

Family

ID=75547508

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011619719.5A Active CN112711772B (en) 2020-12-30 2020-12-30 Audit system, method and storage medium for function execution in service

Country Status (1)

Country Link
CN (1) CN112711772B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114661693A (en) * 2022-02-21 2022-06-24 哪吒港航智慧科技(上海)有限公司 Implementation method, storage medium, electronic device and system for data auditing
CN115185969A (en) * 2022-07-14 2022-10-14 浪潮云信息技术股份公司 An operation log recording method and system for realizing dynamic configuration

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR19990027327A (en) * 1997-09-29 1999-04-15 정선종 Real-time analyzer and analysis method of audit data
CN111666205A (en) * 2020-04-24 2020-09-15 杭州传化智能制造科技有限公司 Data auditing method, system, computer equipment and storage medium

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006036991A2 (en) * 2004-09-24 2006-04-06 Encomia, L.P. A method and system for building audit rule sets for electronic auditing of documents
US7877781B2 (en) * 2005-12-29 2011-01-25 Nextlabs, Inc. Enforcing universal access control in an information management system
CN101639879B (en) * 2008-07-28 2012-06-20 成都市华为赛门铁克科技有限公司 Database security monitoring method, device and system
US8775389B2 (en) * 2011-03-06 2014-07-08 International Business Machines Corporation Implementing continuous control monitoring for audit purposes using a complex event processing environment
EP2807560B1 (en) * 2012-01-24 2019-12-04 SSH Communications Security Oyj Privileged access auditing
US11354301B2 (en) * 2017-11-13 2022-06-07 LendingClub Bank, National Association Multi-system operation audit log
CN110109678B (en) * 2019-05-08 2023-07-04 广东电网有限责任公司 Code audit rule base generation method, device, equipment and medium
CN110532301B (en) * 2019-08-30 2023-08-22 广西电网有限责任公司南宁供电局 Audit method, system and readable storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR19990027327A (en) * 1997-09-29 1999-04-15 정선종 Real-time analyzer and analysis method of audit data
CN111666205A (en) * 2020-04-24 2020-09-15 杭州传化智能制造科技有限公司 Data auditing method, system, computer equipment and storage medium

Also Published As

Publication number Publication date
CN112711772A (en) 2021-04-27

Similar Documents

Publication Publication Date Title
CN110472414B (en) System vulnerability detection method, device, terminal equipment and medium
US9659175B2 (en) Methods and apparatus for identifying and removing malicious applications
US8095979B2 (en) Analysis of event information to perform contextual audit
US20220294810A1 (en) Asset Remediation Trend Map Generation and Utilization for Threat Mitigation
JP6523582B2 (en) INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING PROGRAM
US11184368B2 (en) Systems and methods for reporting computer security incidents
WO2008083890A1 (en) Method, system and program product for alerting an information technology support organization of a security event
US9654491B2 (en) Network filtering apparatus and filtering method
CN111726358A (en) Attack path analysis method and device, computer equipment and storage medium
US11790091B2 (en) Monitoring information-security coverage to identify an exploitable weakness in the information-securing coverage
KR101768079B1 (en) System and method for improvement invasion detection
CN112711772B (en) Audit system, method and storage medium for function execution in service
KR102541888B1 (en) Image-based malicious code analysis method and apparatus and artificial intelligence-based endpoint detection and response system using the same
US7716527B2 (en) Repair system
CN108810018A (en) Mobile application detection cloud platform
JP7078562B2 (en) Computer system, analysis method of impact of incident on business system, and analysis equipment
CN112788601A (en) Mobile terminal information safety protection system and method based on big data
CN113824748B (en) Asset characteristic active detection countermeasure method, device, electronic equipment and medium
WO2021144978A1 (en) Attack estimation device, attack estimation method, and attack estimation program
KR102805293B1 (en) Attack detection apparatus and method based on attack chain
JP7023433B2 (en) Incident Response Efficiency System, Incident Response Efficiency Method and Incident Response Efficiency Program
Wilbert et al. Comparison of File Integrity Monitoring (FIM) techniques for small business networks
CN118627079A (en) A power information data protection system based on RASP
WO2023219909A1 (en) Instruction monitoring for dynamic cloud workload reallocation based on ransomware attacks
JP2023004707A (en) Process monitoring device and process monitoring method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant