Nothing Special   »   [go: up one dir, main page]

CN114386035A - Method and device for detecting threat data and electronic equipment - Google Patents

Method and device for detecting threat data and electronic equipment Download PDF

Info

Publication number
CN114386035A
CN114386035A CN202111672632.9A CN202111672632A CN114386035A CN 114386035 A CN114386035 A CN 114386035A CN 202111672632 A CN202111672632 A CN 202111672632A CN 114386035 A CN114386035 A CN 114386035A
Authority
CN
China
Prior art keywords
data
stored
data type
service data
alarm rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111672632.9A
Other languages
Chinese (zh)
Inventor
谢警
苏建辉
刘学
张艳芳
张美娟
李华健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN202111672632.9A priority Critical patent/CN114386035A/en
Publication of CN114386035A publication Critical patent/CN114386035A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/32Monitoring with visual or acoustical indication of the functioning of the machine
    • G06F11/324Display of status information
    • G06F11/327Alarm or error message display
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/906Clustering; Classification

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computational Linguistics (AREA)
  • Quality & Reliability (AREA)
  • Storage Device Security (AREA)

Abstract

A method, a device and an electronic device for detecting threat data are provided, wherein the method comprises the following steps: receiving business data to be stored, analyzing the data type of the business data to be stored, matching the data type with the data category name in a data storage directory, determining the data category name corresponding to the data type, obtaining an alarm rule corresponding to the data category name, detecting whether the business data to be stored accords with the alarm rule, and sending alarm information to a designated mailbox associated with a server when the business data to be stored accords with the alarm rule. By the method, the service data to be stored containing the error codes or the threat codes can be detected, the stored service data can be detected, and the safety of the service data nodes in the stored service data is further improved.

Description

Method and device for detecting threat data and electronic equipment
Technical Field
The present application relates to the field of computer security technologies, and in particular, to a method and an apparatus for detecting threat data, and an electronic device.
Background
With the development of network technology, more and more service data are stored in a network, a relational database cannot bear a large amount of service data, the relational database stores the service data and the incidence relation between the service data in a table form, when the service data are stored, a real-time distributed storage, search and analysis Engine (ES) component is adopted, the ES component extracts the service data from a message queue of a distributed message system and sends the service data to a data processing node in the ES component, and the data processing node processes the service data and then stores the service data into the service data node.
When the ES component is used for storing the business data, when the business data A contains error codes or threat codes, the ES component still stores the business data A into the business data node, so that a large amount of business data containing the error codes or the threat codes exist in the business data node, and the safety of the business data stored by the business data node is low.
Disclosure of Invention
The application provides a method, a device and electronic equipment for detecting threat data, which are used for determining whether error codes or threat codes exist in the service data to be stored by detecting the service data to be stored, and also can be used for detecting whether error codes or threat codes exist in the service data stored in a service data node, and when the error codes or the threat codes exist, related personnel can be notified in a mail mode, so that the safety of the service data stored in the service data node is ensured.
In a first aspect, the present application provides a method of detecting threat data, the method comprising:
receiving service data to be stored, and analyzing the data type of the service data to be stored;
matching the data type with a data type name in a data storage directory to determine the data type name corresponding to the data type;
acquiring an alarm rule corresponding to the data category name, and detecting whether the service data to be stored conforms to the alarm rule;
and when the data to be stored is determined to accord with the alarm rule, sending alarm information to a specified mailbox associated with the server.
In one possible design, matching the data type with a data category name in a data storage directory to determine the data category name corresponding to the data type includes:
obtaining all data category names in the data type names, and detecting whether the data types are in all the data category names;
and when the data type name is determined to contain the data type, determining the data type name corresponding to the data type.
In one possible design, when it is determined that the data to be stored conforms to the alarm rule, the method includes:
extracting a code to be detected in the data to be stored, and determining that the data to be stored accords with an alarm rule when the code to be detected is consistent with the code in the blacklist; or
And extracting key words in the service data to be stored, and determining that the data to be stored accords with an alarm rule when determining that the key words are in a preset key word list.
In one possible design, sending the alert message to a designated mailbox associated with the server includes:
acquiring identification information of the data to be stored and a designated mailbox associated with the server;
and outputting warning information based on the identification information and the detection result, and sending the warning information to a specified mailbox associated with the server.
In a second aspect, the present application provides an apparatus for detecting threat data, the apparatus comprising:
the receiving module is used for receiving the service data to be stored and analyzing the data type of the service data to be stored;
the matching module is used for matching the data type with the data type name in the data storage directory and determining the data type name corresponding to the data type;
the detection module is used for obtaining an alarm rule corresponding to the data category name and detecting whether the service data to be stored conforms to the alarm rule;
and the determining module is used for sending warning information to a specified mailbox associated with the server when the data to be stored is determined to accord with the warning rule.
In a possible design, the matching module is specifically configured to obtain all data category names in the data type names, detect whether the data type is in all data category names, and determine the data category name corresponding to the data type when determining that the data category name includes the data type.
In a possible design, the determining module is specifically configured to extract a code to be detected in the data to be stored, determine that the data to be stored conforms to an alarm rule when the code to be detected is determined to be consistent with a code in a blacklist, or extract a keyword in the service data to be stored, and determine that the data to be stored conforms to the alarm rule when the keyword is determined to be in a preset keyword list.
In a possible design, the determining module is further configured to obtain identification information of the data to be stored and a designated mailbox associated with a server, output warning information based on the identification information and the detection result, and send the warning information to the designated mailbox associated with the server.
In a third aspect, the present application provides an electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the above-described method steps for detecting threat data when executing the computer program stored on the memory.
In a fourth aspect, a computer-readable storage medium has stored therein a computer program which, when being executed by a processor, carries out the above-mentioned method steps of detecting threat data.
For each of the first to fourth aspects and possible technical effects of each aspect, please refer to the above description of the possible technical effects for the first aspect or each possible solution in the first aspect, and no repeated description is given here.
Drawings
FIG. 1 is a flow chart of method steps provided herein for detecting threat data;
FIG. 2 is a schematic diagram of an apparatus for detecting threat data according to the present application;
fig. 3 is a schematic structural diagram of an electronic device provided in the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clear, the present application will be further described in detail with reference to the accompanying drawings. The particular methods of operation in the method embodiments may also be applied to apparatus embodiments or system embodiments. It should be noted that "a plurality" is understood as "at least two" in the description of the present application. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. A is connected with B and can represent: a and B are directly connected and A and B are connected through C. In addition, in the description of the present application, the terms "first," "second," and the like are used for descriptive purposes only and are not intended to indicate or imply relative importance nor order to be construed.
In the prior art, when an ES component stores service data to be stored, and when the service data a contains an error code or a threat code, the ES component still stores the service data a into a service data node, so that a large amount of service data containing the error code or the threat code exists in the service data node, and the security of the service data node for storing the service data is low.
In order to solve the above-described problem, an embodiment of the present application provides a method for detecting threat data, so as to detect error data or threat data included in service data to be stored or stored service data, and improve security of service data stored by a service data node. The method and the device in the embodiment of the application are based on the same technical concept, and because the principles of the problems solved by the method and the device are similar, the device and the embodiment of the method can be mutually referred, and repeated parts are not repeated.
The embodiments of the present application will be described in detail below with reference to the accompanying drawings.
Referring to fig. 1, the present application provides a method for detecting threat data, which can improve the security of a service data node storing service data, and the implementation process of the method is as follows:
step S1: and receiving the service data to be stored, and analyzing the data type of the service data to be stored.
In order to detect error codes and threat codes contained in service data to be stored or stored service data and improve the security of the service data stored in a service data node, the embodiment of the application explains the detection of the service data to be stored because the processes of detecting the service data to be stored and the stored service data are consistent, and the specific process of detecting the service data to be stored is as follows:
when the service data node receives the service data to be stored, the service data in the service data node is stored according to different classes of the service data, in order to quickly locate a storage unit in which the service data to be stored should be stored in a certain class, the data type in the service data to be stored needs to be analyzed, the data type in the service data to be stored can be a code, a field, a table, a document and the like, and because the number of the data types in different formats is too many, too much description is not made here.
Step S2: and matching the data type with the data type name in the data storage directory to determine the data type name corresponding to the data type.
After the data type of the service data to be stored is obtained, in order to determine the data category name in the storage directory to which the service data to be stored belongs, all data category names in the data storage directory need to be obtained, and the data category names in the data storage directory are shown in table 1:
data storage directory Data category name
1.1 Text
1.2 Image of a person
1.3 Video
1.4 Code
...... ......
TABLE 1
In table 1, the data category names have diversity, the data category names in table 1 are classified according to the attributes of the data, and may also be classified according to the properties of the data, the data storage directory is identification information corresponding to the data category names, and the identification information in table 1 is a number: 1.1, 1.2, 1.3, 1.4, the identification information may be replaced by other words, address information, etc., and the relationship between other data category names and the data storage directory may refer to table 1, which is not set forth herein.
After explaining the data category name corresponding to the data storage directory, matching the data type described in the above step with all the data category names in the data storage directory to obtain the data category name consistent with the data type, and determining the data category name to which the data type belongs after determining the data category name corresponding to the data type.
Through the above description, the data category name to which the data type of the service data to be stored belongs is determined, which is beneficial to classified storage of the service data to be stored.
Step S3: and acquiring an alarm rule corresponding to the data category name, and detecting whether the service data to be stored conforms to the alarm rule.
After the data category name of the data to be stored is determined in the above description, because the alarm rules corresponding to each category name are different, and there is an association relationship between the data category name and the alarm rule, the alarm rule associated with the data category name can be determined according to the data category name to which the service data to be stored belongs.
After obtaining the alarm rule corresponding to the service data to be stored, detecting the service data to be stored based on the alarm rule, wherein the specific detection process is as follows:
the first method is as follows: extracting a code to be detected corresponding to the service data to be stored, and matching the code to be detected with codes in a blacklist, wherein all the codes in the blacklist are determined error codes or threat codes.
The second method comprises the following steps: extracting keywords in the service data to be stored, and matching the keywords with a preset keyword list, wherein all the preset keyword list are keywords prohibited from appearing.
It should be noted that, the first and second manners only exemplify the case that the service data to be stored is a code or a document, and the data type of other service data to be stored refers to any one of the first and second manners, where the detection manner is whether data extracted from the service data to be stored is in preset data, and the data may be a code, a text, a sound, a video, and the like, and will not be described herein too much.
By the method, different detection modes are provided based on different data types of the service data to be stored, the same alarm rule corresponding to all the service data to be stored is avoided, the service data to be stored can be detected from different dimensions, and the safety of the service data stored on the service data node is further improved.
Step S4: and when the data to be stored is determined to accord with the alarm rule, sending alarm information to a specified mailbox associated with the server.
In the above description, different modes are adopted for detection based on different data types of the service data to be stored, and when the service data to be stored is detected in the above described modes, when a code to be detected in the service data to be stored matches a consistent code in a blacklist, it is determined that the service data to be stored contains an error code or a threat code; when the matching of the codes to be detected in the business data to be stored in the blacklist does not lead to consistent codes, determining that the business data to be stored is in a normal state, wherein the business data to be stored does not contain error codes or threat codes;
when the above-described manner is adopted to detect the service data to be stored, after extracting the keywords from the service data to be stored, and after matching the keywords in the keyword list to obtain consistent keywords, determining that the service data to be stored contains error codes or threat codes; and when the key words are not matched with the consistent key words in the key word list, determining that the service data to be stored contains error codes or threat codes.
When the business data to be stored is determined to trigger the alarm rule, the identification information of the business data to be stored and the specified mailbox associated with the server are obtained, the warning information is generated based on the identification information and the detection result of the business data to be stored, and the generated warning information is sent to the specified mailbox associated with the server.
The above description is about the process of detecting the service data to be stored, and the method described above can also be used for determining whether the service data stored in the service data node is in a normal state, and since the process of detecting the stored service data is consistent with the process described above, so as to avoid a lot of repetition, it is not described here too much.
By the method, the service data to be stored is detected based on the alarm rules corresponding to different data types of the service data to be stored, so that the service data to be stored with error data or threat data can be detected, the stored service can be detected by the method, and the safety of the stored service data in the service data node is improved.
Based on the same inventive concept, an embodiment of the present application further provides an apparatus for detecting threat data, where the apparatus is configured to implement a function of a method for detecting threat data, and with reference to fig. 2, the apparatus includes:
a receiving module 201, configured to receive service data to be stored, and analyze a data type of the service data to be stored;
the matching module 202 is configured to match the data type with a data type name in a data storage directory, and determine a data type name corresponding to the data type;
the detection module 203 is configured to obtain an alarm rule corresponding to the data category name, and detect whether the service data to be stored conforms to the alarm rule;
and the determining module 204 is configured to send warning information to a designated mailbox associated with the server when it is determined that the data to be stored meets the warning rule.
In a possible design, the matching module 202 is specifically configured to obtain all data category names in the data type names, detect whether the data type is in all data category names, and determine the data category name corresponding to the data type when determining that the data category name includes the data type.
In a possible design, the determining module 204 is specifically configured to extract a code to be detected in the data to be stored, determine that the data to be stored conforms to an alarm rule when the code to be detected is determined to be consistent with a code in a blacklist, or extract a keyword in the service data to be stored, and determine that the data to be stored conforms to the alarm rule when the keyword is determined to be in a preset keyword list.
In a possible design, the determining module 204 is further configured to obtain identification information of the data to be stored and a designated mailbox associated with a server, output warning information based on the identification information and the detection result, and send the warning information to the designated mailbox associated with the server.
Based on the same inventive concept, an embodiment of the present application further provides an electronic device, where the electronic device may implement the function of the foregoing apparatus for detecting threat data, and with reference to fig. 3, the electronic device includes:
at least one processor 301 and a memory 302 connected to the at least one processor 301, in this embodiment, a specific connection medium between the processor 301 and the memory 302 is not limited in this application, and fig. 3 illustrates an example where the processor 301 and the memory 302 are connected through a bus 300. The bus 300 is shown in fig. 3 by a thick line, and the connection between other components is merely illustrative and not limited thereto. The bus 300 may be divided into an address bus, a data bus, a control bus, etc., and is shown with only one thick line in fig. 3 for ease of illustration, but does not represent only one bus or type of bus. Alternatively, the processor 301 may also be referred to as a controller, without limitation to name a few.
In the embodiment of the present application, the memory 302 stores instructions executable by the at least one processor 301, and the at least one processor 301 may execute the instructions stored in the memory 302 to perform a method for detecting threat data as discussed above. The processor 301 may implement the functions of the various modules in the apparatus shown in fig. 2.
The processor 301 is a control center of the apparatus, and may connect various parts of the entire control device by using various interfaces and lines, and perform various functions of the apparatus and process data by operating or executing instructions stored in the memory 302 and calling up data stored in the memory 302, thereby performing overall monitoring of the apparatus.
In one possible design, processor 301 may include one or more processing units, and processor 301 may integrate an application processor that primarily handles operating systems, user interfaces, application programs, and the like, and a modem processor that primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 301. In some embodiments, the processor 301 and the memory 302 may be implemented on the same chip, or in some embodiments, they may be implemented separately on separate chips.
The processor 301 may be a general-purpose processor, such as a Central Processing Unit (CPU), digital signal processor, application specific integrated circuit, field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like, that may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method for detecting threat data disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor.
Memory 302, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 302 may include at least one type of storage medium, and may include, for example, a flash Memory, a hard disk, a multimedia card, a card-type Memory, a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Programmable Read Only Memory (PROM), a Read Only Memory (ROM), a charge Erasable Programmable Read Only Memory (EEPROM), a magnetic Memory, a magnetic disk, an optical disk, and so on. The memory 302 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 302 in the embodiments of the present application may also be circuitry or any other device capable of performing a storage function for storing program instructions and/or data.
The processor 301 is programmed to solidify code corresponding to a method for detecting threat data described in the foregoing embodiments into a chip, so that the chip can execute a step for detecting threat data according to the embodiment shown in fig. 1 when running. How to program the processor 301 is well known to those skilled in the art and will not be described herein.
Based on the same inventive concept, the present application also provides a storage medium storing computer instructions, which when executed on a computer, cause the computer to perform the method for detecting threat data discussed above.
In some possible embodiments, the present application provides that the various aspects of a method of detecting threat data may also be implemented in the form of a program product comprising program code for causing a control apparatus to perform the steps of a method of detecting threat data according to various exemplary embodiments of the present application described above in this specification, when the program product is run on an apparatus.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (10)

1. A method of detecting threat data, comprising:
receiving service data to be stored, and analyzing the data type of the service data to be stored;
matching the data type with a data type name in a data storage directory to determine the data type name corresponding to the data type;
acquiring an alarm rule corresponding to the data category name, and detecting whether the service data to be stored conforms to the alarm rule;
and when the data to be stored is determined to accord with the alarm rule, sending alarm information to a specified mailbox associated with the server.
2. The method of claim 1, wherein matching the data type with a data class name in a data storage directory to determine a data class name corresponding to the data type comprises:
obtaining all data category names in the data type names, and detecting whether the data types are in all the data category names;
and when the data type name is determined to contain the data type, determining the data type name corresponding to the data type.
3. The method of claim 1, wherein determining that the data to be stored meets an alarm rule comprises:
extracting a code to be detected in the data to be stored, and determining that the data to be stored accords with an alarm rule when the code to be detected is consistent with the code in the blacklist; or
And extracting key words in the service data to be stored, and determining that the data to be stored accords with an alarm rule when determining that the key words are in a preset key word list.
4. The method of claim 1, wherein sending the alert message to a designated mailbox associated with the server comprises:
acquiring identification information of the data to be stored and a designated mailbox associated with the server;
and outputting warning information based on the identification information and the detection result, and sending the warning information to a specified mailbox associated with the server.
5. An apparatus for detecting threat data, comprising:
the receiving module is used for receiving the service data to be stored and analyzing the data type of the service data to be stored;
the matching module is used for matching the data type with the data type name in the data storage directory and determining the data type name corresponding to the data type;
the detection module is used for obtaining an alarm rule corresponding to the data category name and detecting whether the service data to be stored conforms to the alarm rule;
and the determining module is used for sending warning information to a specified mailbox associated with the server when the data to be stored is determined to accord with the warning rule.
6. The apparatus according to claim 5, wherein the matching module is specifically configured to obtain all data category names in the data type names, detect whether the data type is in all data category names, and determine the data category name corresponding to the data type when determining that the data category name includes the data type.
7. The apparatus according to claim 5, wherein the determining module is specifically configured to extract a code to be detected from the data to be stored, determine that the data to be stored conforms to an alarm rule when the code to be detected is determined to be consistent with a code in a blacklist, or extract a keyword from the service data to be stored, and determine that the data to be stored conforms to the alarm rule when the keyword is determined to be in a preset keyword list.
8. The apparatus of claim 5, wherein the determining module is further configured to obtain identification information of the data to be stored and a designated mailbox associated with a server, output warning information based on the identification information and the detection result, and send the warning information to the designated mailbox associated with the server.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the method steps of any one of claims 1-4 when executing the computer program stored on the memory.
10. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of claims 1-4.
CN202111672632.9A 2021-12-31 2021-12-31 Method and device for detecting threat data and electronic equipment Pending CN114386035A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111672632.9A CN114386035A (en) 2021-12-31 2021-12-31 Method and device for detecting threat data and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111672632.9A CN114386035A (en) 2021-12-31 2021-12-31 Method and device for detecting threat data and electronic equipment

Publications (1)

Publication Number Publication Date
CN114386035A true CN114386035A (en) 2022-04-22

Family

ID=81199106

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111672632.9A Pending CN114386035A (en) 2021-12-31 2021-12-31 Method and device for detecting threat data and electronic equipment

Country Status (1)

Country Link
CN (1) CN114386035A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114911699A (en) * 2022-05-06 2022-08-16 建信金融科技有限责任公司 Data processing method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110515912A (en) * 2019-07-18 2019-11-29 湖南星汉数智科技有限公司 Log processing method, device, computer installation and computer readable storage medium
CN111385148A (en) * 2020-03-06 2020-07-07 深圳鼎盛电脑科技有限公司 Service alarm method, device, computer equipment and storage medium
CN113468025A (en) * 2021-07-28 2021-10-01 浙江大华技术股份有限公司 Data warning method, system, device and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110515912A (en) * 2019-07-18 2019-11-29 湖南星汉数智科技有限公司 Log processing method, device, computer installation and computer readable storage medium
CN111385148A (en) * 2020-03-06 2020-07-07 深圳鼎盛电脑科技有限公司 Service alarm method, device, computer equipment and storage medium
CN113468025A (en) * 2021-07-28 2021-10-01 浙江大华技术股份有限公司 Data warning method, system, device and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114911699A (en) * 2022-05-06 2022-08-16 建信金融科技有限责任公司 Data processing method

Similar Documents

Publication Publication Date Title
CN111262730B (en) Method and device for processing alarm information
US11968162B1 (en) Message content cleansing
WO2019148712A1 (en) Phishing website detection method, device, computer equipment and storage medium
CN105630656B (en) System robustness analysis method and device based on log model
CN114153962A (en) Data matching method and device and electronic equipment
US20230205755A1 (en) Methods and systems for improved search for data loss prevention
CN111092880A (en) Network traffic data extraction method and device
CN111338692A (en) Vulnerability classification method and device based on vulnerability codes and electronic equipment
CN110019762B (en) Problem positioning method, storage medium and server
CN110929110B (en) Electronic document detection method, device, equipment and storage medium
CN115955355A (en) Method and device for outputting attack event knowledge graph
CN114386035A (en) Method and device for detecting threat data and electronic equipment
CN114461864A (en) Alarm tracing method and device
CN112488562B (en) Service realization method and device
CN115204889A (en) Text processing method and device, computer equipment and storage medium
CN113886373A (en) Data processing method and device and electronic equipment
CN115809466B (en) Security requirement generation method and device based on STRIDE model, electronic equipment and medium
CN112612679A (en) System running state monitoring method and device, computer equipment and storage medium
CN110598115A (en) Sensitive webpage identification method and system based on artificial intelligence multi-engine
CN111143203B (en) Machine learning method, privacy code determination method, device and electronic equipment
CN116340127A (en) Interface testing method and device
CN113535458A (en) Abnormal false alarm processing method and device, storage medium and terminal
CN111914252A (en) File security detection method and device and electronic equipment
CN114818645B (en) Automatic report generation method, device, equipment and medium based on data body
CN113076451A (en) Abnormal behavior recognition and risk model library establishing method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination