Nothing Special   »   [go: up one dir, main page]

CN118673500A - Intelligent terminal-based risk detection and assessment system and method - Google Patents

Intelligent terminal-based risk detection and assessment system and method Download PDF

Info

Publication number
CN118673500A
CN118673500A CN202410758045.9A CN202410758045A CN118673500A CN 118673500 A CN118673500 A CN 118673500A CN 202410758045 A CN202410758045 A CN 202410758045A CN 118673500 A CN118673500 A CN 118673500A
Authority
CN
China
Prior art keywords
data
system operation
parameters
risk
operation data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410758045.9A
Other languages
Chinese (zh)
Inventor
李杨
刘晓峻
肖碧波
彭书瑞
朱佳
付荣
李晶
朱国威
胡为民
张继新
邓辉
赵凌楚
彭潇潼
蒋承骥
曹一凡
张艳珍
赵娴真
周建宇
卢兴宇
周明康
袁媛
皮梦婷
谭茗铎
谢黎
杜仙
王捷
刘畅
田里
周亮
冯浩
邱爽
洪薇
洪健
姚强
吴涛
陈朝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei Yangzhong Jushi Information Technology Co ltd
Yichang Power Supply Co of State Grid Hubei Electric Power Co Ltd
Original Assignee
Hubei Yangzhong Jushi Information Technology Co ltd
Yichang Power Supply Co of State Grid Hubei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei Yangzhong Jushi Information Technology Co ltd, Yichang Power Supply Co of State Grid Hubei Electric Power Co Ltd filed Critical Hubei Yangzhong Jushi Information Technology Co ltd
Priority to CN202410758045.9A priority Critical patent/CN118673500A/en
Publication of CN118673500A publication Critical patent/CN118673500A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3438Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3476Data logging
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/243Classification techniques relating to the number of classes
    • G06F18/2433Single-class perspective, e.g. one-against-all classification; Novelty detection; Outlier detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Quality & Reliability (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明属于智能终端技术领域,具体涉及一种基于智能终端的风险检测和评估的系统及方法。该发明,可以实现对智能终端的实时监控和风险检测,及时发现潜在的安全问题,避免损失,通过多维度的数据分析和参数计算,可以更精准地评估智能终端的安全风险,通过多层次的数据收集和分析,可以更精准地识别智能终端的潜在风险,减少误报率,结合应用软件数据、用户行为数据和系统日志数据进行综合分析,能够全面了解风险来源和影响因素,不同的风险等级对应不同的防护措施,可以为用户提供个性化的安全建议和解决方案,通过早期发现和处理风险,可以显著提高智能终端的整体安全性,保护用户隐私和数据安全。

The present invention belongs to the field of smart terminal technology, and specifically relates to a system and method for risk detection and assessment based on smart terminals. The invention can realize real-time monitoring and risk detection of smart terminals, timely discover potential security issues, and avoid losses. Through multi-dimensional data analysis and parameter calculation, the security risks of smart terminals can be more accurately assessed. Through multi-level data collection and analysis, the potential risks of smart terminals can be more accurately identified, and the false alarm rate can be reduced. Combined with application software data, user behavior data, and system log data for comprehensive analysis, it can fully understand the source of risks and influencing factors. Different risk levels correspond to different protective measures, and personalized security suggestions and solutions can be provided to users. Through early detection and handling of risks, the overall security of smart terminals can be significantly improved, and user privacy and data security can be protected.

Description

一种基于智能终端的风险检测和评估的系统及方法A system and method for risk detection and assessment based on intelligent terminal

技术领域Technical Field

本发明属于智能终端技术领域,具体涉及一种基于智能终端的风险检测和评估的系统及方法。The present invention belongs to the technical field of intelligent terminals, and in particular relates to a system and method for risk detection and assessment based on intelligent terminals.

背景技术Background Art

随着信息技术的快速发展,智能终端设备如智能手机、平板电脑、车载终端等已广泛应用于人们的日常生活和工作中。这些智能终端设备为人们提供了便捷的通讯、娱乐、支付等功能,同时也承载了用户的个人信息、财产等重要数据。然而,与此同时,智能终端在日常使用过程中产生的大量本地运行数据也带来了潜在的安全风险。这些运行数据包括系统性能数据、应用使用数据、网络连接数据等,这些数据中可能隐藏着系统异常、应用风险以及用户行为异常等安全隐患。With the rapid development of information technology, smart terminal devices such as smart phones, tablet computers, and car terminals have been widely used in people's daily lives and work. These smart terminal devices provide people with convenient communication, entertainment, payment and other functions, and also carry important data such as users' personal information and property. However, at the same time, the large amount of local operation data generated by smart terminals during daily use also brings potential security risks. These operation data include system performance data, application usage data, network connection data, etc. These data may hide security risks such as system anomalies, application risks, and abnormal user behavior.

现有技术对于智能终端的安全风险评估往往过于简单和片面,缺乏对多维数据的综合处理和深入挖掘,仅基于某些单一指标或参数进行判定,忽略了智能终端安全风险的复杂性和多样性。这种简单的风险评估方式不仅无法准确反映智能终端的真实安全状况,还可能导致用户对于安全风险的认识不足,从而增加了智能终端遭受攻击或数据泄露的风险。The existing technologies for security risk assessment of smart terminals are often too simple and one-sided, lacking comprehensive processing and in-depth mining of multi-dimensional data, and only based on certain single indicators or parameters for judgment, ignoring the complexity and diversity of smart terminal security risks. This simple risk assessment method not only fails to accurately reflect the real security status of smart terminals, but may also lead to users' lack of understanding of security risks, thereby increasing the risk of smart terminals being attacked or data leaked.

发明内容Summary of the invention

本发明的目的是提供一种基于智能终端的风险检测和评估的方法,能够通过系统化的数据收集、分析和评估,为智能终端提供了一套全面且有效的安全风险检测和评估机制,有助于提升智能终端的整体安全性。The purpose of the present invention is to provide a risk detection and assessment method based on smart terminals, which can provide a comprehensive and effective security risk detection and assessment mechanism for smart terminals through systematic data collection, analysis and evaluation, thereby helping to improve the overall security of smart terminals.

本发明采取的技术方案具体如下:The technical solution adopted by the present invention is as follows:

一种基于智能终端的风险检测和评估的方法,包括:A method for risk detection and assessment based on an intelligent terminal, comprising:

获取智能终端的本地运行数据,并从本地运行数据提取每次智能终端运行时的系统运行数据;Acquire local operation data of the smart terminal, and extract system operation data each time the smart terminal is operated from the local operation data;

判断系统运行数据是否位于标准系统运行评估区间内,若不在,则标记为异常系统运行数据;Determine whether the system operation data is within the standard system operation evaluation range. If not, mark it as abnormal system operation data.

根据异常系统运行数据获取系统运行相似参数;Obtain similar system operation parameters based on abnormal system operation data;

判断系统运行相似参数是否位于标准系统运行相似评估区间内,若不在,则标记为风险智能终端;Determine whether the system operation similarity parameters are within the standard system operation similarity assessment range. If not, mark it as a risky intelligent terminal;

获取风险智能终端中异常系统运行数据所对应的应用软件数据、用户行为数据以及系统日志数据;Obtain application software data, user behavior data, and system log data corresponding to abnormal system operation data in risk intelligent terminals;

根据应用软件数据、用户行为数据以及系统日志数据计算偏差相关参数;Calculate deviation-related parameters based on application software data, user behavior data, and system log data;

根据偏差相关参数和系统运行相似参数判断智能终端的安全风险等级。The security risk level of the smart terminal is determined based on deviation-related parameters and similar system operation parameters.

在一种优选方案中,所述获取智能终端的本地运行数据,并从本地运行数据提取每次智能终端运行时的系统运行数据的步骤,包括:In a preferred solution, the step of obtaining local operation data of the smart terminal and extracting system operation data each time the smart terminal is operated from the local operation data includes:

获取智能终端的数据采集频率;Obtain the data collection frequency of the smart terminal;

根据数据采集频率确定采集间隔,并根据采集间隔建立多个采集节点;Determine the collection interval according to the data collection frequency, and establish multiple collection nodes according to the collection interval;

采集每个采集节点内的本地运行数据;Collect local operation data in each collection node;

从本地运行数据提取每次智能终端运行时的系统运行数据。Extract the system operation data of each intelligent terminal operation from the local operation data.

在一种优选方案中,所述判断系统运行数据是否位于标准系统运行评估区间内,若不在,则标记为异常系统运行数据的步骤,包括:In a preferred solution, the step of determining whether the system operation data is within the standard system operation evaluation interval, and if not, marking it as abnormal system operation data, comprises:

获取标准系统运行评估区间;Obtain the standard system operation evaluation interval;

判断系统运行数据是否位于标准系统运行评估区间内;Determine whether the system operation data is within the standard system operation evaluation range;

若系统运行数据位于标准系统运行评估区间内,则表明系统运行数据正常;If the system operation data is within the standard system operation evaluation range, it means that the system operation data is normal;

若系统运行数据不位于标准系统运行评估区间内,则表明系统运行数据异常,并标记为异常系统运行数据。If the system operation data is not within the standard system operation evaluation range, it indicates that the system operation data is abnormal and is marked as abnormal system operation data.

在一种优选方案中,所述根据异常系统运行数据获取系统运行相似参数的步骤,包括:In a preferred embodiment, the step of obtaining system operation similar parameters according to abnormal system operation data includes:

获取异常系统运行数据对应的本地运行数据中的系统运行数据,并标记为本地系统数据;Obtaining system operation data from local operation data corresponding to abnormal system operation data, and marking it as local system data;

获取异常系统运行数据对应的云端运行数据中的系统运行数据,并标记为云端系统数据;Obtaining system operation data in the cloud operation data corresponding to the abnormal system operation data, and marking it as cloud system data;

获取系统运行相似函数;Get the system to run similar functions;

根据本地系统数据获取对应的本地系统参数;Obtain corresponding local system parameters according to local system data;

根据云端运行数据获取对应的云端系统参数;Obtain corresponding cloud system parameters based on cloud operation data;

将本地系统参数和云端系统参数输入至系统运行相似函数中,并将输出结果标记为系统运行相似参数。The local system parameters and the cloud system parameters are input into the system operation similarity function, and the output results are marked as the system operation similarity parameters.

在一种优选方案中,所述判断系统运行相似参数是否位于标准系统运行相似评估区间内,若不在,则标记为风险智能终端的步骤,包括:In a preferred solution, the step of determining whether the system operation similarity parameter is within the standard system operation similarity evaluation interval, and if not, marking it as a risky intelligent terminal, comprises:

获取标准系统运行相似评估区间;Obtain similar evaluation intervals for standard system operation;

判断系统运行相似参数是否位于标准系统运行相似评估区间内;Determine whether the system operation similarity parameters are within the standard system operation similarity evaluation range;

若系统运行相似参数位于标准系统运行相似评估区间内,则判定智能终端安全;If the system operation similarity parameters are within the standard system operation similarity assessment range, the smart terminal is determined to be safe;

若系统运行相似参数不位于标准系统运行相似评估区间内,则判定智能终端存在安全风险,并标记为风险智能终端。If the system operation similarity parameters are not within the standard system operation similarity assessment range, the smart terminal is judged to have a security risk and is marked as a risky smart terminal.

在一种优选方案中,所述根据应用软件数据、用户行为数据以及系统日志数据计算偏差相关参数的步骤,包括:In a preferred embodiment, the step of calculating deviation-related parameters based on application software data, user behavior data, and system log data includes:

构建计算周期;Build the computing cycle;

根据计算周期获取参数采集的时间长度;Obtain the time length of parameter collection according to the calculation cycle;

根据时间长度,从应用软件数据、用户行为数据以及系统日志数据中分别获取应用软件参数、用户行为参数以及系统日志参数;According to the time length, application software parameters, user behavior parameters and system log parameters are obtained from the application software data, user behavior data and system log data respectively;

获取偏差相关函数;Get the deviation correlation function;

将应用软件参数、用户行为参数以及系统日志参数输入至偏差相关函数中,并将输出结果标记为偏差相关参数。Application software parameters, user behavior parameters, and system log parameters are input into the deviation-related function, and the output results are marked as deviation-related parameters.

在一种优选方案中,所述根据偏差相关参数和系统运行相似参数判断智能终端的安全风险等级的步骤,包括:In a preferred solution, the step of determining the security risk level of the smart terminal according to the deviation-related parameters and the system operation similarity parameters includes:

根据偏差相关参数和系统运行相似参数计算安全风险参数;Calculate safety risk parameters based on deviation-related parameters and system operation similarity parameters;

获取安全风险等级表,其中,安全风险等级表包括多个安全风险区间以及每个安全风险区间对应的安全风险等级;Obtaining a security risk level table, wherein the security risk level table includes a plurality of security risk intervals and a security risk level corresponding to each security risk interval;

根据安全风险参数获取对应的目标安全风险区间;Obtain the corresponding target security risk interval according to the security risk parameters;

根据目标安全风险区间从安全风险等级表中获取对应的安全风险等级。Obtain the corresponding security risk level from the security risk level table according to the target security risk range.

在一种优选方案中,所述根据偏差相关参数和系统运行相似参数计算安全风险参数的步骤,包括:In a preferred embodiment, the step of calculating the safety risk parameter based on the deviation-related parameter and the system operation similarity parameter comprises:

获取安全风险函数;Obtaining security risk function;

将偏差相关参数和系统运行相似参数输入至安全风险函数中,并将输出结果标记为安全风险参数。Deviation-related parameters and system operation-similar parameters are input into the safety risk function, and the output results are marked as safety risk parameters.

本发明还提供了,一种基于智能终端的风险检测和评估的系统,用于上述基于智能终端的风险检测和评估的方法,包括:The present invention also provides a system for risk detection and assessment based on a smart terminal, which is used in the above-mentioned method for risk detection and assessment based on a smart terminal, comprising:

数据采集模块,用于获取智能终端的本地运行数据,并从本地运行数据提取每次智能终端运行时的系统运行数据;A data collection module is used to obtain local operation data of the smart terminal and extract system operation data each time the smart terminal is operated from the local operation data;

异常判断模块,用于判断系统运行数据是否位于标准系统运行评估区间内,若不在,则标记为异常系统运行数据;The abnormality judgment module is used to judge whether the system operation data is within the standard system operation evaluation range. If not, it is marked as abnormal system operation data;

相似模块,用于根据异常系统运行数据获取系统运行相似参数;A similar module is used to obtain system operation similar parameters based on abnormal system operation data;

风险判断模块,用于判断系统运行相似参数是否位于标准系统运行相似评估区间内,若不在,则标记为风险智能终端;The risk judgment module is used to judge whether the system operation similarity parameters are within the standard system operation similarity assessment range. If not, it is marked as a risk intelligent terminal;

风险数据模块,用于获取风险智能终端中异常系统运行数据所对应的应用软件数据、用户行为数据以及系统日志数据;The risk data module is used to obtain application software data, user behavior data and system log data corresponding to abnormal system operation data in the risk intelligent terminal;

偏差模块,用于根据应用软件数据、用户行为数据以及系统日志数据计算偏差相关参数;Deviation module, used to calculate deviation-related parameters based on application software data, user behavior data and system log data;

风险评估模块,用于根据偏差相关参数和系统运行相似参数判断智能终端的安全风险等级。The risk assessment module is used to determine the security risk level of the smart terminal based on deviation-related parameters and system operation similar parameters.

以及,一种基于智能终端的风险检测和评估的终端,包括:And, a terminal for risk detection and assessment based on an intelligent terminal, comprising:

一个或多个处理器;one or more processors;

存储装置,其上存储有一个或多个程序;a storage device having one or more programs stored thereon;

当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现所述的基于智能终端的风险检测和评估的方法。When the one or more programs are executed by the one or more processors, the one or more processors implement the risk detection and assessment method based on the smart terminal.

本发明取得的技术效果为:The technical effects achieved by the present invention are:

本发明,可以实现对智能终端的实时监控和风险检测,及时发现潜在的安全问题,避免损失,通过多维度的数据分析和参数计算,可以更精准地评估智能终端的安全风险,通过多层次的数据收集和分析,可以更精准地识别智能终端的潜在风险,减少误报率,结合应用软件数据、用户行为数据和系统日志数据进行综合分析,能够全面了解风险来源和影响因素,不同的风险等级对应不同的防护措施,可以为用户提供个性化的安全建议和解决方案,通过早期发现和处理风险,可以显著提高智能终端的整体安全性,保护用户隐私和数据安全。The present invention can realize real-time monitoring and risk detection of smart terminals, timely discover potential security issues and avoid losses. Through multi-dimensional data analysis and parameter calculation, the security risks of smart terminals can be evaluated more accurately. Through multi-level data collection and analysis, the potential risks of smart terminals can be identified more accurately and the false alarm rate can be reduced. By combining application software data, user behavior data and system log data for comprehensive analysis, the sources of risks and influencing factors can be fully understood. Different risk levels correspond to different protective measures, and personalized security suggestions and solutions can be provided to users. By discovering and handling risks at an early stage, the overall security of smart terminals can be significantly improved, and user privacy and data security can be protected.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是本发明所提供的方法流程图;FIG1 is a flow chart of the method provided by the present invention;

图2是本发明所提供的系统模块图。FIG. 2 is a system module diagram provided by the present invention.

具体实施方式DETAILED DESCRIPTION

为使本发明的上述目的、特征和优点能够更加明显易懂,下面结合说明书附图对本发明的具体实施方式做详细的说明。In order to make the above-mentioned objects, features and advantages of the present invention more obvious and easy to understand, the specific implementation methods of the present invention are described in detail below in conjunction with the accompanying drawings.

在下面的描述中阐述了很多具体细节以便于充分理解本发明,但是本发明还可以采用其他不同于在此描述的其它方式来实施,本领域技术人员可以在不违背本发明内涵的情况下做类似推广,因此本发明不受下面公开的具体实施例的限制。In the following description, many specific details are set forth to facilitate a full understanding of the present invention, but the present invention may also be implemented in other ways different from those described herein, and those skilled in the art may make similar generalizations without violating the connotation of the present invention. Therefore, the present invention is not limited to the specific embodiments disclosed below.

其次,此处所称的“一个实施例”或“实施例”是指可包含于本发明至少一个实现方式中的特定特征、结构或特性。在本说明书中不同地方出现的“在一个较佳的实施方式中”并非均指同一个实施例,也不是单独的或选择性的与其他实施例互相排斥的实施例。Secondly, the term "one embodiment" or "embodiment" as used herein refers to a specific feature, structure or characteristic that may be included in at least one implementation of the present invention. The term "in a preferred embodiment" that appears in different places in this specification does not refer to the same embodiment, nor is it a separate or selective embodiment that is mutually exclusive with other embodiments.

再其次,本发明结合示意图进行详细描述,在详述本发明实施例时,为便于说明,所述示意图只是示例,其在此不应限制本发明保护的范围。Secondly, the present invention is described in detail in conjunction with schematic diagrams. When describing the embodiments of the present invention in detail, for the convenience of explanation, the schematic diagrams are only examples and should not limit the scope of protection of the present invention.

请参阅附图1所示,提供了一种基于智能终端的风险检测和评估的方法,包括:Please refer to FIG. 1 , which provides a method for risk detection and assessment based on a smart terminal, including:

S1、获取智能终端的本地运行数据,并从本地运行数据提取每次智能终端运行时的系统运行数据;S1. Obtain local operation data of the smart terminal, and extract system operation data each time the smart terminal is running from the local operation data;

S2、判断系统运行数据是否位于标准系统运行评估区间内,若不在,则标记为异常系统运行数据;S2, determining whether the system operation data is within the standard system operation evaluation range, and if not, marking it as abnormal system operation data;

S3、根据异常系统运行数据获取系统运行相似参数;S3. Acquire similar system operation parameters according to abnormal system operation data;

S4、判断系统运行相似参数是否位于标准系统运行相似评估区间内,若不在,则标记为风险智能终端;S4. Determine whether the system operation similarity parameters are within the standard system operation similarity assessment range. If not, mark it as a risk intelligent terminal;

S5、获取风险智能终端中异常系统运行数据所对应的应用软件数据、用户行为数据以及系统日志数据;S5. Obtain application software data, user behavior data, and system log data corresponding to abnormal system operation data in the risk intelligent terminal;

S6、根据应用软件数据、用户行为数据以及系统日志数据计算偏差相关参数;S6. Calculate deviation-related parameters based on application software data, user behavior data, and system log data;

S7、根据偏差相关参数和系统运行相似参数判断智能终端的安全风险等级。S7. Determine the security risk level of the smart terminal based on the deviation-related parameters and system operation similar parameters.

如上述步骤S1至S7中,智能终端在日常使用过程中会产生大量本地运行数据,包括系统性能数据、应用使用数据、网络连接数据等,通过提取每次智能终端运行时的系统运行数据,可以形成一个数据集,用于后续的分析,将获取的系统运行数据与预先设定的标准区间进行比较,如果数据不在正常范围内,则标记为异常数据,例如,CPU使用率、内存使用率等超过某个阈值时,可以认为是异常情况,从异常系统运行数据中提取出一些关键参数,这些参数可以反映系统运行的特征,例如,提取异常情况发生时的具体应用、网络请求特征等,将提取的系统运行相似参数与标准评估区间进行比较,如果不在正常范围内,则标记为风险智能终端,例如,一个特定应用在短时间内网络访问频繁更换,可能表明该应用存在风险,收集更多详细的运行数据,包括应用的具体行为,如访问的API接口、用户操作记录、系统日志等,以便进行更深入的分析,计算各种数据的偏差相关参数,这些参数可以帮助识别系统运行中的异常模式,例如,用户行为突然改变,如频繁安装和卸载应用,可能表明终端存在安全风险,结合所有收集到的数据,通过算法计算智能终端的安全风险等级,不同的风险等级可以对应不同的安全措施,风险等级可以分为低、中、高等不同级别,用于表明终端的安全状况例如,根据风险等级,可以建议用户进行系统更新、卸载可疑应用、甚至进行系统重置等,假设,有一款智能手机在运行过程中出现异常,系统运行数据(如CPU使用率)超出正常范围,被标记为异常数据,提取该异常情况下的系统运行相似参数(如某个应用的异常网络请求),发现该参数也不在正常范围内,进一步标记该智能手机为风险智能终端,获取该终端的详细数据,包括应用的访问记录、用户的操作行为和系统日志,计算偏差相关参数(如用户短时间内频繁下载多个应用,且这些应用都有类似的异常行为),综合所有参数,判断该终端的风险等级为高风险,建议用户进行系统更新,并卸载存在风险的应用,可以实现对智能终端的实时监控和风险检测,及时发现潜在的安全问题,避免损失,通过多维度的数据分析和参数计算,可以更精准地评估智能终端的安全风险,通过多层次的数据收集和分析,可以更精准地识别智能终端的潜在风险,减少误报率,结合应用软件数据、用户行为数据和系统日志数据进行综合分析,能够全面了解风险来源和影响因素,不同的风险等级对应不同的防护措施,可以为用户提供个性化的安全建议和解决方案,通过早期发现和处理风险,可以显著提高智能终端的整体安全性,保护用户隐私和数据安全。As in the above steps S1 to S7, the smart terminal will generate a large amount of local operation data during daily use, including system performance data, application usage data, network connection data, etc. By extracting the system operation data each time the smart terminal is running, a data set can be formed for subsequent analysis, and the obtained system operation data is compared with the pre-set standard interval. If the data is not within the normal range, it is marked as abnormal data. For example, when the CPU usage rate, memory usage rate, etc. exceed a certain threshold, it can be considered an abnormal situation. Some key parameters are extracted from the abnormal system operation data. These parameters can reflect the characteristics of the system operation. For example, the specific application and network request characteristics when the abnormal situation occurs are extracted, and the extracted system operation similar parameters are compared with the standard evaluation. If it is not within the normal range, it is marked as a risky smart terminal. For example, if a specific application frequently changes its network access in a short period of time, it may indicate that the application is risky. Collect more detailed operation data, including the specific behavior of the application, such as the accessed API interface, user operation records, system logs, etc., for more in-depth analysis, and calculate the deviation-related parameters of various data. These parameters can help identify abnormal patterns in system operation. For example, sudden changes in user behavior, such as frequent installation and uninstallation of applications, may indicate that the terminal has security risks. Combined with all the collected data, the security risk level of the smart terminal is calculated through an algorithm. Different risk levels can correspond to different security measures. The risk level can be divided into low, medium, and high levels for Indicates the security status of the terminal. For example, based on the risk level, users can be advised to update the system, uninstall suspicious applications, or even reset the system. Suppose a smartphone has an abnormality during operation, and the system operation data (such as CPU usage) exceeds the normal range and is marked as abnormal data. The system operation similar parameters under the abnormal situation (such as the abnormal network request of a certain application) are extracted. It is found that the parameter is also not within the normal range. The smartphone is further marked as a risky smart terminal. The detailed data of the terminal is obtained, including the access records of the application, the user's operation behavior and the system log. The deviation-related parameters are calculated (such as the user frequently downloads multiple applications in a short period of time, and these applications have similar abnormal behaviors). Combining all parameters, the risk level of the terminal is determined to be High risk. Users are advised to update their systems and uninstall risky applications. This can achieve real-time monitoring and risk detection of smart terminals, timely discover potential security issues and avoid losses. Through multi-dimensional data analysis and parameter calculation, the security risks of smart terminals can be more accurately assessed. Through multi-level data collection and analysis, the potential risks of smart terminals can be more accurately identified and the false alarm rate can be reduced. Comprehensive analysis based on application software data, user behavior data and system log data can fully understand the sources of risks and influencing factors. Different risk levels correspond to different protection measures, which can provide users with personalized security recommendations and solutions. By discovering and handling risks at an early stage, the overall security of smart terminals can be significantly improved, and user privacy and data security can be protected.

所述获取智能终端的本地运行数据,并从本地运行数据提取每次智能终端运行时的系统运行数据的步骤,包括:The step of obtaining local operation data of the smart terminal and extracting system operation data each time the smart terminal is running from the local operation data includes:

S101、获取智能终端的数据采集频率;S101, obtaining the data collection frequency of the smart terminal;

S102、根据数据采集频率确定采集间隔,并根据采集间隔建立多个采集节点;S102, determining a collection interval according to a data collection frequency, and establishing a plurality of collection nodes according to the collection interval;

S103、采集每个采集节点内的本地运行数据;S103, collecting local operation data in each collection node;

S104、从本地运行数据提取每次智能终端运行时的系统运行数据。S104: Extracting system operation data each time the smart terminal is operated from the local operation data.

如上述步骤S101至S104中,确定智能终端的数据采集频率,即每隔多长时间采集一次数据,数据采集频率可以根据系统需求和资源情况进行配置,例如每秒一次、每分钟一次等,根据确定的数据采集频率,计算数据采集的时间间隔,在整个运行周期内,根据计算的采集间隔,建立多个数据采集节点,每个采集节点是一个预定的时间点,用于定时触发数据采集过程,在每个采集节点上,采集智能终端的本地运行数据,本地运行数据包括系统性能指标(如CPU使用率、内存使用情况)、硬件状态(如电池电量)、网络活动等,从采集到的本地运行数据中提取出每次智能终端运行时的系统运行数据,这些系统运行数据反映智能终端在每个采集节点上的具体运行状态,用于后续的风险检测和评估,通过设置合理的数据采集频率和采集间隔,可以精细化监控智能终端的运行状态,频繁采集可以提供更细粒度的数据,帮助更准确地识别异常情况,定时采集数据能够实时监控终端状态,并在出现异常时及时响应,这种实时性有助于快速发现和处理安全风险,减少潜在危害,合理的数据采集频率和间隔可以在保证监控效果的同时,减少对系统资源的占用,有助于平衡数据采集的全面性与系统性能之间的关系,避免因过度采集导致系统负担过重,通过建立多个采集节点,确保数据采集的连续性和完整性,完整的运行数据能够更全面地反映系统的运行状态,提高风险评估的准确性,采集和提取的系统运行数据为后续的风险检测和评估提供了基础数据支持。As in the above steps S101 to S104, the data collection frequency of the smart terminal is determined, that is, how often data is collected. The data collection frequency can be configured according to system requirements and resource conditions, such as once per second, once per minute, etc. According to the determined data collection frequency, the time interval for data collection is calculated. During the entire operation cycle, multiple data collection nodes are established according to the calculated collection interval. Each collection node is a predetermined time point for timing triggering the data collection process. At each collection node, local operation data of the smart terminal is collected. The local operation data includes system performance indicators (such as CPU usage, memory usage), hardware status (such as battery power), network activity, etc. The system operation data of each time the smart terminal is running is extracted from the collected local operation data. These system operation data reflect the specific operation status of the smart terminal at each collection node. Subsequent risk detection and assessment can fine-tune the monitoring of the operating status of smart terminals by setting a reasonable data collection frequency and interval. Frequent collection can provide more fine-grained data to help identify abnormal situations more accurately. Regular data collection can monitor the terminal status in real time and respond promptly when abnormalities occur. This real-time nature helps to quickly discover and deal with security risks and reduce potential hazards. Reasonable data collection frequency and interval can reduce the occupation of system resources while ensuring monitoring effects, help balance the relationship between the comprehensiveness of data collection and system performance, and avoid excessive burden on the system due to excessive collection. By establishing multiple collection nodes, the continuity and integrity of data collection can be ensured. Complete operating data can more comprehensively reflect the operating status of the system and improve the accuracy of risk assessment. The collected and extracted system operation data provides basic data support for subsequent risk detection and assessment.

所述判断系统运行数据是否位于标准系统运行评估区间内,若不在,则标记为异常系统运行数据的步骤,包括:The step of determining whether the system operation data is within the standard system operation evaluation interval, and if not, marking it as abnormal system operation data, comprises:

S201、获取标准系统运行评估区间;S201, obtaining a standard system operation evaluation interval;

S202、判断系统运行数据是否位于标准系统运行评估区间内;S202, determining whether the system operation data is within the standard system operation evaluation range;

若系统运行数据位于标准系统运行评估区间内,则表明系统运行数据正常;If the system operation data is within the standard system operation evaluation range, it means that the system operation data is normal;

若系统运行数据不位于标准系统运行评估区间内,则表明系统运行数据异常,并标记为异常系统运行数据。If the system operation data is not within the standard system operation evaluation range, it indicates that the system operation data is abnormal and is marked as abnormal system operation data.

如上述步骤S201至S202中,从预定义的标准库或通过历史数据分析获得系统运行的评估标准区间,该区间通常基于智能终端系统在正常情况下的运行指标范围设定,例如CPU使用率在10%-50%之间、内存使用在20%-70%之间等,比较当前系统运行数据与标准系统运行评估区间,如果系统运行数据在这个区间内,则认为系统运行正常,如果系统运行数据超出这个区间,则认为系统运行异常,对于判断为异常的系统运行数据,进行标记,以便后续处理,标记的数据会被记录下来,用于进一步分析和处理,通过预先定义的标准系统运行评估区间,能够有效区分正常与异常的系统运行状态,标准区间基于历史数据和经验值设定,确保评估的准确性和可靠性,通过简单的区间比较,可以快速判断系统运行数据的正常或异常状态,简化了异常检测的复杂度,提高了检测效率,实时判断系统运行数据,能够在异常情况发生时立即进行标记和处理,提高了对潜在风险的响应速度,减少安全隐患,标记的异常系统运行数据为后续分析提供了基础,可以用于进一步分析异常原因、采取纠正措施以及优化系统运行,标准系统运行评估区间可以根据实际情况和历史数据动态调整,使得评估标准能够适应不同环境和条件下的系统运行情况,提高适用性。As in the above steps S201 to S202, the evaluation standard interval of system operation is obtained from a predefined standard library or through historical data analysis. The interval is usually set based on the operating indicator range of the intelligent terminal system under normal circumstances, such as CPU usage between 10%-50%, memory usage between 20%-70%, etc. The current system operation data is compared with the standard system operation evaluation interval. If the system operation data is within this interval, it is considered that the system is operating normally. If the system operation data exceeds this interval, it is considered that the system is operating abnormally. The system operation data judged to be abnormal is marked for subsequent processing. The marked data will be recorded for further analysis and processing. The predefined standard system operation evaluation interval can effectively distinguish Normal and abnormal system operation status, the standard interval is set based on historical data and experience values to ensure the accuracy and reliability of the evaluation. Through simple interval comparison, the normal or abnormal state of the system operation data can be quickly judged, which simplifies the complexity of anomaly detection, improves detection efficiency, and judges the system operation data in real time. It can mark and process abnormal situations immediately when they occur, improves the response speed to potential risks, and reduces safety hazards. The marked abnormal system operation data provides a basis for subsequent analysis, which can be used to further analyze the causes of abnormalities, take corrective measures, and optimize system operation. The standard system operation evaluation interval can be dynamically adjusted according to actual conditions and historical data, so that the evaluation standards can adapt to the system operation conditions under different environments and conditions, and improve applicability.

所述根据异常系统运行数据获取系统运行相似参数的步骤,包括:The step of obtaining system operation similar parameters according to abnormal system operation data includes:

S301、获取异常系统运行数据对应的本地运行数据中的系统运行数据,并标记为本地系统数据;S301, obtaining system operation data in local operation data corresponding to abnormal system operation data, and marking it as local system data;

S302、获取异常系统运行数据对应的云端运行数据中的系统运行数据,并标记为云端系统数据;S302, obtaining system operation data in the cloud operation data corresponding to the abnormal system operation data, and marking it as cloud system data;

S303、获取系统运行相似函数;S303, obtaining a system operation similarity function;

S304、根据本地系统数据获取对应的本地系统参数;S304, acquiring corresponding local system parameters according to local system data;

S305、根据云端运行数据获取对应的云端系统参数;S305, obtaining corresponding cloud system parameters according to cloud operation data;

S306、将本地系统参数和云端系统参数输入至系统运行相似函数中,并将输出结果标记为系统运行相似参数。S306: Input the local system parameters and the cloud system parameters into the system operation similarity function, and mark the output result as the system operation similarity parameter.

如上述步骤S301至S306中,从本地运行数据中提取与异常系统运行数据对应的系统运行数据,并将其标记为本地系统数据,这些数据包括在异常事件发生时智能终端的具体运行状态,如CPU使用率、内存占用等,从云端存储的数据中提取与异常系统运行数据对应的系统运行数据,并将其标记为云端系统数据,云端系统数据可能包括通过云端监控和分析平台收集到的同类设备或相似环境下的系统运行数据,定义一个系统运行相似函数,用于计算本地系统数据与云端系统数据之间的相似度,相似函数可以基于多种算法,例如欧氏距离、余弦相似度等,系统运行相似函数的表达式为式中,S表示为系统运行相似参数,i表示为本地运行参数的编号与云端运行参数的编号,n表示为本地运行参数的总数与云端运行参数的总数,Li表示为第i个本地运行参数,Ci表示为第i个云端运行参数,根据本地系统数据,提取相应的系统参数,这些参数反映了本地系统的运行特性,例如,在异常事件发生时的CPU使用率、内存占用、网络流量等具体指标,根据云端系统数据,提取相应的系统参数,这些参数反映了云端系统的运行特性,云端系统参数可以是从相似设备或环境中提取的运行特性数据,将本地系统参数和云端系统参数输入至系统运行相似函数中,系统运行相似函数计算两个参数集之间的相似度,并将输出结果标记为系统运行相似参数,通过结合本地和云端数据,提供了更全面的系统运行状态评估,这种综合评估能够更准确地反映异常情况的实际原因和影响,通过使用系统运行相似函数,可以量化本地系统数据和云端系统数据之间的相似度,精确的相似度计算有助于识别异常模式,提升检测精度,本地和云端数据的结合使得,智能终端的系统能够进行更广泛的数据对比和分析,这种对比分析有助于发现隐藏的系统问题和潜在的风险,通过分析相似参数,可以识别出需要调整和优化的系统部分,动态调整系统配置和策略,有助于提高整体的稳定性和性能,基于相似参数的分析,可以预测智能终端的系统潜在的故障和问题,能够提前采取措施,减少智能终端的系统宕机和数据损失的风险。As in the above steps S301 to S306, system operation data corresponding to the abnormal system operation data is extracted from the local operation data and marked as local system data. These data include the specific operation status of the smart terminal when the abnormal event occurs, such as CPU usage, memory usage, etc. System operation data corresponding to the abnormal system operation data is extracted from the data stored in the cloud and marked as cloud system data. The cloud system data may include system operation data of similar devices or similar environments collected through the cloud monitoring and analysis platform. A system operation similarity function is defined to calculate the similarity between the local system data and the cloud system data. The similarity function can be based on a variety of algorithms, such as Euclidean distance, cosine similarity, etc. The expression of the system operation similarity function is: Wherein, S represents the system operation similarity parameter, i represents the number of the local operation parameter and the number of the cloud operation parameter, n represents the total number of local operation parameters and the total number of cloud operation parameters, Li represents the ith local operation parameter, Ci represents the ith cloud operation parameter, and the corresponding system parameters are extracted according to the local system data. These parameters reflect the operation characteristics of the local system, such as specific indicators such as CPU usage, memory usage, and network traffic when an abnormal event occurs. According to the cloud system data, the corresponding system parameters are extracted. These parameters reflect the operation characteristics of the cloud system. The cloud system parameters can be operation characteristic data extracted from similar devices or environments. The local system parameters and the cloud system parameters are input into the system operation similarity function. The system operation similarity function calculates the similarity between the two parameter sets and marks the output results as system operation similarity parameters. By combining local and cloud data, a more comprehensive system operation status evaluation is provided. This comprehensive evaluation can be more accurate. Accurately reflect the actual cause and impact of abnormal situations. By using the system to run similar functions, the similarity between local system data and cloud system data can be quantified. Accurate similarity calculation helps to identify abnormal patterns and improve detection accuracy. The combination of local and cloud data enables the smart terminal system to conduct more extensive data comparison and analysis. This comparative analysis helps to discover hidden system problems and potential risks. By analyzing similar parameters, the system parts that need to be adjusted and optimized can be identified, and the system configuration and strategy can be dynamically adjusted to help improve overall stability and performance. Based on the analysis of similar parameters, potential system failures and problems of smart terminals can be predicted, and measures can be taken in advance to reduce the risk of system downtime and data loss of smart terminals.

所述判断系统运行相似参数是否位于标准系统运行相似评估区间内,若不在,则标记为风险智能终端的步骤,包括:The step of determining whether the system operation similarity parameter is within the standard system operation similarity evaluation interval, and if not, marking it as a risk intelligent terminal, comprises:

S401、获取标准系统运行相似评估区间;S401, obtaining a similarity evaluation interval for standard system operation;

S402、判断系统运行相似参数是否位于标准系统运行相似评估区间内;S402, determining whether the system operation similarity parameter is within the standard system operation similarity evaluation range;

若系统运行相似参数位于标准系统运行相似评估区间内,则判定智能终端安全;If the system operation similarity parameters are within the standard system operation similarity assessment range, the smart terminal is determined to be safe;

若系统运行相似参数不位于标准系统运行相似评估区间内,则判定智能终端存在安全风险,并标记为风险智能终端。If the system operation similarity parameters are not within the standard system operation similarity assessment range, the smart terminal is judged to have a security risk and is marked as a risky smart terminal.

如上述步骤S401至S402中,从历史数据、行业标准或预设的安全标准中获得标准系统运行相似评估区间,该区间定义了系统运行相似参数的正常范围,通常基于统计分析和实际经验设定,将计算得到的系统运行相似参数与标准系统运行相似评估区间进行比较,如果系统运行相似参数在这个标准区间内,则表示智能终端的运行状态与预期相似,判定其安全,如果系统运行相似参数超出这个标准区间,则表示智能终端的运行状态异常,存在潜在的安全风险,对于判断为不安全的智能终端进行标记,记录相关信息,以便后续处理和分析,标记的终端可能需要进一步的安全检查、问题排查和处理措施,使用标准系统运行相似评估区间,可以准确地判断智能终端的运行状态是否正常,能够有效区分正常波动与异常情况,提高检测的准确性,通过实时判断和标记异常终端,能够迅速识别潜在的安全风险,快速响应有助于及时采取措施,减少安全隐患和损失,采用标准系统运行相似评估区间,提供了一种标准化的风险评估方法,可以应用于不同类型的智能终端,具有广泛的适用性,通过自动化的评估和标记过程,减少了人工干预,提高了管理效率,能够更及时和准确地处理大量智能终端的安全状态,标准区间可以根据实际运行情况和历史数据进行动态调整和优化,通过不断优化评估标准,能够提高风险检测和评估的精准度。As in the above steps S401 to S402, a standard system operation similarity assessment interval is obtained from historical data, industry standards or preset safety standards. The interval defines the normal range of system operation similarity parameters, which are usually set based on statistical analysis and actual experience. The calculated system operation similarity parameters are compared with the standard system operation similarity assessment interval. If the system operation similarity parameters are within this standard interval, it means that the operating state of the smart terminal is similar to expectations and it is determined to be safe. If the system operation similarity parameters exceed this standard interval, it means that the operating state of the smart terminal is abnormal and there is a potential safety risk. The smart terminal judged to be unsafe is marked and the relevant information is recorded for subsequent processing and analysis. The marked terminal may require further safety inspections, troubleshooting and treatment measures. Standard The system runs a similar evaluation interval, which can accurately determine whether the operating status of the smart terminal is normal, effectively distinguish normal fluctuations from abnormal situations, and improve the accuracy of detection. By real-time judgment and marking of abnormal terminals, potential security risks can be quickly identified. Rapid response helps to take timely measures to reduce security risks and losses. The use of standard system operation similar evaluation intervals provides a standardized risk assessment method that can be applied to different types of smart terminals and has a wide range of applicability. Through automated evaluation and marking processes, manual intervention is reduced, management efficiency is improved, and the security status of a large number of smart terminals can be handled more promptly and accurately. The standard interval can be dynamically adjusted and optimized according to actual operating conditions and historical data. By continuously optimizing the evaluation standards, the accuracy of risk detection and assessment can be improved.

所述根据应用软件数据、用户行为数据以及系统日志数据计算偏差相关参数的步骤,包括:The step of calculating deviation-related parameters based on application software data, user behavior data, and system log data includes:

S601、构建计算周期;S601, constructing a calculation cycle;

S602、根据计算周期获取参数采集的时间长度;S602, obtaining the time length of parameter collection according to the calculation cycle;

S603、根据时间长度,从应用软件数据、用户行为数据以及系统日志数据中分别获取应用软件参数、用户行为参数以及系统日志参数;S603, obtaining application software parameters, user behavior parameters and system log parameters from the application software data, user behavior data and system log data respectively according to the time length;

S604、获取偏差相关函数;S604, obtaining a deviation-related function;

S605、将应用软件参数、用户行为参数以及系统日志参数输入至偏差相关函数中,并将输出结果标记为偏差相关参数。S605: Input application software parameters, user behavior parameters, and system log parameters into a deviation-related function, and mark the output result as a deviation-related parameter.

如上述步骤S601至S605中,确定一个计算周期,用于定期评估和计算偏差相关参数,计算周期的长度可以根据具体应用需求和智能终端系统特点设定,例如每天、每小时或每分钟,根据确定的计算周期,定义每次数据采集的时间长度,时间长度决定了在一个周期内采集数据的时间范围,例如一个小时的计算周期对应一小时的数据采集长度,根据时间长度,从应用软件数据、用户行为数据和系统日志数据中提取相应的参数,应用软件参数:包括应用使用频率、资源占用情况、异常崩溃记录等,用户行为参数:包括用户的操作记录、访问的网络资源、输入输出行为等,系统日志参数:包括系统事件日志、错误日志、安全日志等,定义一个偏差相关函数,用于计算应用软件参数、用户行为参数和系统日志参数之间的偏差,偏差相关函数可以基于统计方法、机器学习算法等,用于量化异常程度,偏差相关函数的表达式为式中,G表示为偏差相关参数,a表示为应用软件参数、用户行为参数以及系统日志参数的编号,m表示为应用软件参数、用户行为参数以及系统日志参数的总数,Xa表示为第a个应用软件参数,Ya表示为第a个用户行为参数,Za表示为第a个系统日志参数,将获取到的应用软件参数、用户行为参数和系统日志参数输入偏差相关函数,偏差相关函数处理这些输入,将输出结果标记为偏差相关参数,用于后续的风险评估和决策,通过结合应用软件数据、用户行为数据和系统日志数据,提供了多维度的信息覆盖,能够更准确地反映智能终端的实际运行状态,偏差相关函数能够有效地检测参数之间的异常偏差,识别潜在的安全风险,有助于及时发现和处理异常情况,提升智能终端系统安全性,计算周期和参数采集时间长度可以根据实际需求动态调整,适应不同应用场景,使得智能终端系统能够灵活应对各种变化,提高了智能终端系统的鲁棒性,定期计算和分析偏差相关参数,有助于识别智能终端系统性能瓶颈和优化方向,可以提升用户体验,减少资源浪费,基于偏差相关参数的分析,可以进行预测性维护,提前识别和解决潜在问题,能够减少智能终端系统故障和停机时间,提高智能终端系统稳定性。As in the above steps S601 to S605, a calculation cycle is determined for periodically evaluating and calculating deviation-related parameters. The length of the calculation cycle can be set according to specific application requirements and characteristics of the intelligent terminal system, such as every day, every hour or every minute. According to the determined calculation cycle, the time length of each data collection is defined. The time length determines the time range for collecting data within a cycle. For example, a one-hour calculation cycle corresponds to a one-hour data collection length. According to the time length, corresponding parameters are extracted from application software data, user behavior data and system log data. Application software parameters include application usage frequency, resource usage, abnormal crash records, etc. User behavior parameters include user operation records, accessed network resources, input and output behaviors, etc. System log parameters include system event logs, error logs, security logs, etc. A deviation-related function is defined to calculate the deviation between application software parameters, user behavior parameters and system log parameters. The deviation-related function can be based on statistical methods, machine learning algorithms, etc., and is used to quantify the degree of abnormality. The expression of the deviation-related function is: Where G represents the deviation-related parameter, a represents the number of application software parameters, user behavior parameters, and system log parameters, m represents the total number of application software parameters, user behavior parameters, and system log parameters, Xa represents the a-th application software parameter, Ya represents the a-th user behavior parameter, and Z a represents the ath system log parameter. The obtained application software parameters, user behavior parameters and system log parameters are input into the deviation-related function. The deviation-related function processes these inputs and marks the output results as deviation-related parameters for subsequent risk assessment and decision-making. By combining application software data, user behavior data and system log data, multi-dimensional information coverage is provided, which can more accurately reflect the actual operation status of the smart terminal. The deviation-related function can effectively detect abnormal deviations between parameters and identify potential security risks, which is helpful to timely discover and handle abnormal situations and improve the security of the smart terminal system. The calculation cycle and parameter collection time length can be dynamically adjusted according to actual needs to adapt to different application scenarios, so that the smart terminal system can flexibly respond to various changes and improve the robustness of the smart terminal system. Regular calculation and analysis of deviation-related parameters can help identify performance bottlenecks and optimization directions of the smart terminal system, improve user experience, and reduce resource waste. Based on the analysis of deviation-related parameters, predictive maintenance can be performed to identify and solve potential problems in advance, which can reduce smart terminal system failures and downtime and improve the stability of the smart terminal system.

所述根据偏差相关参数和系统运行相似参数判断智能终端的安全风险等级的步骤,包括:The step of determining the security risk level of the smart terminal according to the deviation-related parameters and the system operation similar parameters includes:

S701、根据偏差相关参数和系统运行相似参数计算安全风险参数;S701. Calculate safety risk parameters based on deviation-related parameters and system operation similarity parameters;

S702、获取安全风险等级表,其中,安全风险等级表包括多个安全风险区间以及每个安全风险区间对应的安全风险等级;S702, obtaining a security risk level table, wherein the security risk level table includes a plurality of security risk intervals and a security risk level corresponding to each security risk interval;

S703、根据安全风险参数获取对应的目标安全风险区间;S703, obtaining a corresponding target security risk interval according to the security risk parameter;

S704、根据目标安全风险区间从安全风险等级表中获取对应的安全风险等级。S704. Obtain the corresponding security risk level from the security risk level table according to the target security risk range.

如上述步骤S701至S704中,结合偏差相关参数和系统运行相似参数,通过预定义的公式或算法计算出安全风险参数,该参数综合反映了智能终端当前的安全状态,从预先设定的安全风险等级表中获取多个安全风险区间及其对应的安全风险等级,安全风险等级表可以基于历史数据、行业标准或专家经验设定,涵盖从低风险到高风险的多个等级,将计算得到的安全风险参数与安全风险等级表中的区间进行匹配,确定安全风险参数所在的区间,即目标安全风险区间,根据目标安全风险区间,从安全风险等级表中提取对应的安全风险等级,安全风险等级用于最终评估智能终端的安全状态,并决定是否需要进一步的安全措施,结合偏差相关参数和系统运行相似参数,提供了一个全面的安全风险评估方法,能够更准确地反映智能终端的实际安全状态,通过使用预设的安全风险等级表,实现了风险评估的标准化和系统化,有助于在不同场景和设备间进行一致的风险判断,根据安全风险等级表,可以明确地分级风险,提供清晰的风险评估结果,有助于快速决策和采取相应的安全措施,安全风险等级表可以根据实际情况和数据分析结果进行动态调整,能够提高评估方法的灵活性和准确性,适应不断变化的安全环境,通过自动化计算和匹配,可以减少人工干预,实现智能终端的自动化安全风险管理,提高了工作效率,减少了人为错误。As in the above steps S701 to S704, the security risk parameter is calculated by combining the deviation-related parameters and the system operation similar parameters through a predefined formula or algorithm. The parameter comprehensively reflects the current security status of the smart terminal. Multiple security risk intervals and their corresponding security risk levels are obtained from a pre-set security risk level table. The security risk level table can be set based on historical data, industry standards or expert experience, covering multiple levels from low risk to high risk. The calculated security risk parameter is matched with the interval in the security risk level table to determine the interval where the security risk parameter is located, that is, the target security risk interval. According to the target security risk interval, the corresponding security risk level is extracted from the security risk level table. The security risk level is used to finally evaluate the security status of the smart terminal and determine whether further Security measures, combined with deviation-related parameters and system operation similar parameters, provide a comprehensive security risk assessment method that can more accurately reflect the actual security status of smart terminals. By using a preset security risk level table, standardization and systematization of risk assessment is achieved, which helps to make consistent risk judgments across different scenarios and devices. According to the security risk level table, risks can be clearly classified and clear risk assessment results can be provided, which helps to make quick decisions and take corresponding security measures. The security risk level table can be dynamically adjusted according to actual conditions and data analysis results, which can improve the flexibility and accuracy of the assessment method and adapt to the ever-changing security environment. Through automated calculation and matching, human intervention can be reduced, and automated security risk management of smart terminals can be achieved, which improves work efficiency and reduces human errors.

所述根据偏差相关参数和系统运行相似参数计算安全风险参数的步骤,包括:The step of calculating the safety risk parameter according to the deviation related parameter and the system operation similar parameter comprises:

S7011、获取安全风险函数;S7011. Obtain security risk function;

S7012、将偏差相关参数和系统运行相似参数输入至安全风险函数中,并将输出结果标记为安全风险参数。S7012. Input the deviation-related parameters and system operation similar parameters into the safety risk function, and mark the output results as safety risk parameters.

如上述步骤S7011至S7012中,定义或获取一个安全风险函数,该函数用于结合偏差相关参数和系统运行相似参数来计算整体的安全风险,安全风险函数可以基于多种方法设计,如线性组合、加权平均、机器学习模型等,安全风险函数的表达式为F=S/G,式中,F表示为安全风险参数,将偏差相关参数和系统运行相似参数输入到安全风险函数中进行计算,将计算结果标记为安全风险参数,以便后续步骤使用,安全风险函数通过结合偏差相关参数和系统运行相似参数,综合考虑了多个维度的风险因素,能够更全面地反映智能终端的安全状态,避免单一参数评估的局限性,安全风险函数可以根据具体应用需求和实际情况进行定制和调整,允许不同的应用场景使用不同的函数模型,以适应特定的安全评估需求,通过使用合理设计的安全风险函数,可以提高安全风险评估的准确性,能够更准确地识别潜在的安全风险,减少误判和漏判的概率,提升了整体评估效率。As in the above steps S7011 to S7012, a security risk function is defined or obtained, and the function is used to combine deviation-related parameters and system operation similar parameters to calculate the overall security risk. The security risk function can be designed based on a variety of methods, such as linear combination, weighted average, machine learning model, etc. The expression of the security risk function is F=S/G, where F represents the security risk parameter. The deviation-related parameters and system operation similar parameters are input into the security risk function for calculation, and the calculation result is marked as the security risk parameter for use in subsequent steps. The security risk function combines the deviation-related parameters and system operation similar parameters to comprehensively consider risk factors in multiple dimensions, and can more comprehensively reflect the security status of the smart terminal and avoid the limitations of a single parameter evaluation. The security risk function can be customized and adjusted according to specific application requirements and actual conditions, allowing different application scenarios to use different function models to adapt to specific security assessment requirements. By using a reasonably designed security risk function, the accuracy of security risk assessment can be improved, potential security risks can be more accurately identified, the probability of misjudgment and missed judgment can be reduced, and the overall assessment efficiency can be improved.

请参阅附图2所示,本发明还提供了,一种基于智能终端的风险检测和评估的系统,用于上述基于智能终端的风险检测和评估的方法,包括:As shown in FIG. 2 , the present invention further provides a system for risk detection and assessment based on a smart terminal, which is used in the above-mentioned method for risk detection and assessment based on a smart terminal, comprising:

数据采集模块,用于获取智能终端的本地运行数据,并从本地运行数据提取每次智能终端运行时的系统运行数据;A data collection module is used to obtain local operation data of the smart terminal and extract system operation data each time the smart terminal is operated from the local operation data;

异常判断模块,用于判断系统运行数据是否位于标准系统运行评估区间内,若不在,则标记为异常系统运行数据;The abnormality judgment module is used to judge whether the system operation data is within the standard system operation evaluation range. If not, it is marked as abnormal system operation data;

相似模块,用于根据异常系统运行数据获取系统运行相似参数;A similar module is used to obtain system operation similar parameters based on abnormal system operation data;

风险判断模块,用于判断系统运行相似参数是否位于标准系统运行相似评估区间内,若不在,则标记为风险智能终端;The risk judgment module is used to judge whether the system operation similarity parameters are within the standard system operation similarity assessment range. If not, it is marked as a risk intelligent terminal;

风险数据模块,用于获取风险智能终端中异常系统运行数据所对应的应用软件数据、用户行为数据以及系统日志数据;The risk data module is used to obtain application software data, user behavior data and system log data corresponding to abnormal system operation data in the risk intelligent terminal;

偏差模块,用于根据应用软件数据、用户行为数据以及系统日志数据计算偏差相关参数;Deviation module, used to calculate deviation-related parameters based on application software data, user behavior data and system log data;

风险评估模块,用于根据偏差相关参数和系统运行相似参数判断智能终端的安全风险等级。The risk assessment module is used to determine the security risk level of the smart terminal based on deviation-related parameters and system operation similar parameters.

上述,数据采集模块通过设定的采集频率和采集间隔,建立多个采集节点,从而定期收集每次智能终端运行时的系统运行数据,异常判断模块将采集到的系统运行数据与预先设定的标准系统运行评估区间进行比较,如果系统运行数据不在标准区间内,则标记为异常系统运行数据,并记录下来以便后续处理,相似模块根据异常系统运行数据,提取相关的本地系统数据和云端系统数据,通过计算系统运行相似参数,评估异常系统数据与正常系统数据之间的相似度,风险判断模块将系统运行相似参数与标准系统运行相似评估区间进行比较,如果相似参数不在标准区间内,则标记该智能终端为风险智能终端,风险数据模块收集风险智能终端中对应的异常系统运行数据,获取相关的应用软件数据、用户行为数据和系统日志数据,偏差模块根据收集到的应用软件数据、用户行为数据和系统日志数据,计算偏差相关参数,偏差相关参数用于量化智能终端在不同维度上的异常程度,风险评估模块结合偏差相关参数和系统运行相似参数,使用安全风险函数计算整体的安全风险参数,根据预先设定的安全风险等级表,确定智能终端的安全风险等级,实现了对智能终端各类数据的全面收集,确保了风险评估的基础数据的完整性和准确性,多维度的数据覆盖(系统运行数据、应用软件数据、用户行为数据、系统日志数据)使得风险评估更加全面,通过标准系统运行评估区间实现对异常数据的精准检测,快速识别异常数据,及时标记和处理,有效提高了系统的安全性,利用系统运行相似参数评估数据之间的相似性,识别潜在的异常模式,提高了检测的准确性,有效减少了误报和漏报,能够动态判断智能终端的风险状态,及时发现和标记风险终端,提高了系统的实时响应能力和安全管理效率,通过对异常数据的深入分析,计算偏差相关参数,提供了智能终端安全状态的详细分析,有助于定位具体的安全问题,指导后续的安全措施,通过结合偏差相关参数和系统运行相似参数,综合评估智能终端的安全风险,使用安全风险函数和风险等级表,实现了标准化和系统化的风险评估,确保评估结果的准确性和一致性。As mentioned above, the data collection module establishes multiple collection nodes by setting the collection frequency and collection interval, so as to regularly collect the system operation data of each smart terminal operation. The abnormal judgment module compares the collected system operation data with the pre-set standard system operation evaluation interval. If the system operation data is not within the standard interval, it is marked as abnormal system operation data and recorded for subsequent processing. The similarity module extracts relevant local system data and cloud system data based on the abnormal system operation data, and evaluates the similarity between the abnormal system data and the normal system data by calculating the system operation similarity parameters. The risk judgment module compares the system operation similarity parameters with the standard system operation similarity evaluation interval. If the similarity parameters are not within the standard interval, the smart terminal is marked as a risk smart terminal. The risk data module collects the corresponding abnormal system operation data in the risk smart terminal and obtains the relevant application software data, user behavior data and system log data. The deviation module calculates the deviation related parameters based on the collected application software data, user behavior data and system log data. The deviation related parameters are used to quantify the abnormality of the smart terminal in different dimensions. The risk assessment module combines the deviation related parameters and the system operation similarity parameters and uses the security risk function to calculate the whole The system uses the security risk parameters of the system to determine the security risk level of the smart terminal according to the pre-set security risk level table, realizes the comprehensive collection of various types of data of the smart terminal, ensures the integrity and accuracy of the basic data for risk assessment, and covers multiple dimensions of data (system operation data, application software data, user behavior data, system log data) to make risk assessment more comprehensive. It realizes accurate detection of abnormal data through the standard system operation evaluation interval, quickly identifies abnormal data, and marks and processes it in time, effectively improving the security of the system. It uses the similarity between the evaluation data of similar system operation parameters to identify potential abnormal patterns, improves the accuracy of detection, effectively reduces false positives and false negatives, can dynamically judge the risk status of the smart terminal, and timely discover and mark the risk terminal, which improves the real-time response capability and security management efficiency of the system. Through in-depth analysis of abnormal data and calculation of deviation-related parameters, it provides a detailed analysis of the security status of the smart terminal, which helps to locate specific security issues and guide subsequent security measures. By combining deviation-related parameters and system operation similar parameters, it comprehensively evaluates the security risks of smart terminals. Using security risk functions and risk level tables, it realizes standardized and systematic risk assessment and ensures the accuracy and consistency of the assessment results.

以及,一种基于智能终端的风险检测和评估的终端,包括:And, a terminal for risk detection and assessment based on an intelligent terminal, comprising:

一个或多个处理器;one or more processors;

存储装置,其上存储有一个或多个程序;a storage device having one or more programs stored thereon;

当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现所述的基于智能终端的风险检测和评估的方法。When the one or more programs are executed by the one or more processors, the one or more processors implement the risk detection and assessment method based on the smart terminal.

以上所述仅是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。本发明中未具体描述和解释说明的结构、装置以及操作方法,如无特别说明和限定,均按照本领域的常规手段进行实施。The above is only a preferred embodiment of the present invention. It should be noted that, for those skilled in the art, several improvements and modifications can be made without departing from the principles of the present invention, and these improvements and modifications should also be considered as the protection scope of the present invention. The structures, devices and operating methods not specifically described and explained in the present invention shall be implemented according to the conventional means in the art unless otherwise specified and limited.

Claims (10)

1.一种基于智能终端的风险检测和评估的方法,其特征在于,包括:1. A method for risk detection and assessment based on an intelligent terminal, characterized by comprising: 获取智能终端的本地运行数据,并从本地运行数据提取每次智能终端运行时的系统运行数据;Acquire local operation data of the smart terminal, and extract system operation data each time the smart terminal is operated from the local operation data; 判断系统运行数据是否位于标准系统运行评估区间内,若不在,则标记为异常系统运行数据;Determine whether the system operation data is within the standard system operation evaluation range. If not, mark it as abnormal system operation data. 根据异常系统运行数据获取系统运行相似参数;Obtain similar system operation parameters based on abnormal system operation data; 判断系统运行相似参数是否位于标准系统运行相似评估区间内,若不在,则标记为风险智能终端;Determine whether the system operation similarity parameters are within the standard system operation similarity assessment range. If not, mark it as a risky intelligent terminal; 获取风险智能终端中异常系统运行数据所对应的应用软件数据、用户行为数据以及系统日志数据;Obtain application software data, user behavior data, and system log data corresponding to abnormal system operation data in risk intelligent terminals; 根据应用软件数据、用户行为数据以及系统日志数据计算偏差相关参数;Calculate deviation-related parameters based on application software data, user behavior data, and system log data; 根据偏差相关参数和系统运行相似参数判断智能终端的安全风险等级。The security risk level of the smart terminal is determined based on deviation-related parameters and similar system operation parameters. 2.根据权利要求1所述的基于智能终端的风险检测和评估的方法,其特征在于,所述获取智能终端的本地运行数据,并从本地运行数据提取每次智能终端运行时的系统运行数据的步骤,包括:2. The method for risk detection and assessment based on smart terminals according to claim 1, characterized in that the step of obtaining local operation data of the smart terminal and extracting system operation data each time the smart terminal is running from the local operation data comprises: 获取智能终端的数据采集频率;Obtain the data collection frequency of the smart terminal; 根据数据采集频率确定采集间隔,并根据采集间隔建立多个采集节点;Determine the collection interval according to the data collection frequency, and establish multiple collection nodes according to the collection interval; 采集每个采集节点内的本地运行数据;Collect local operation data in each collection node; 从本地运行数据提取每次智能终端运行时的系统运行数据。Extract the system operation data of each intelligent terminal operation from the local operation data. 3.根据权利要求1所述的基于智能终端的风险检测和评估的方法,其特征在于,所述判断系统运行数据是否位于标准系统运行评估区间内,若不在,则标记为异常系统运行数据的步骤,包括:3. The method for risk detection and assessment based on intelligent terminals according to claim 1, characterized in that the step of determining whether the system operation data is within the standard system operation assessment interval, and if not, marking it as abnormal system operation data, comprises: 获取标准系统运行评估区间;Obtain the standard system operation evaluation interval; 判断系统运行数据是否位于标准系统运行评估区间内;Determine whether the system operation data is within the standard system operation evaluation range; 若系统运行数据位于标准系统运行评估区间内,则表明系统运行数据正常;If the system operation data is within the standard system operation evaluation range, it means that the system operation data is normal; 若系统运行数据不位于标准系统运行评估区间内,则表明系统运行数据异常,并标记为异常系统运行数据。If the system operation data is not within the standard system operation evaluation range, it indicates that the system operation data is abnormal and is marked as abnormal system operation data. 4.根据权利要求1所述的基于智能终端的风险检测和评估的方法,其特征在于,所述根据异常系统运行数据获取系统运行相似参数的步骤,包括:4. The method for risk detection and assessment based on intelligent terminals according to claim 1, characterized in that the step of obtaining system operation similar parameters according to abnormal system operation data comprises: 获取异常系统运行数据对应的本地运行数据中的系统运行数据,并标记为本地系统数据;Obtaining system operation data from local operation data corresponding to abnormal system operation data, and marking it as local system data; 获取异常系统运行数据对应的云端运行数据中的系统运行数据,并标记为云端系统数据;Obtaining system operation data in the cloud operation data corresponding to the abnormal system operation data, and marking it as cloud system data; 获取系统运行相似函数;Get the system to run similar functions; 根据本地系统数据获取对应的本地系统参数;Obtain corresponding local system parameters according to local system data; 根据云端运行数据获取对应的云端系统参数;Obtain corresponding cloud system parameters based on cloud operation data; 将本地系统参数和云端系统参数输入至系统运行相似函数中,并将输出结果标记为系统运行相似参数。The local system parameters and the cloud system parameters are input into the system operation similarity function, and the output results are marked as the system operation similarity parameters. 5.根据权利要求1所述的基于智能终端的风险检测和评估的方法,其特征在于,所述判断系统运行相似参数是否位于标准系统运行相似评估区间内,若不在,则标记为风险智能终端的步骤,包括:5. The method for risk detection and assessment based on intelligent terminals according to claim 1, characterized in that the step of judging whether the system operation similarity parameters are within the standard system operation similarity assessment interval, and if not, marking as a risk intelligent terminal, comprises: 获取标准系统运行相似评估区间;Obtain similar evaluation intervals for standard system operation; 判断系统运行相似参数是否位于标准系统运行相似评估区间内;Determine whether the system operation similarity parameters are within the standard system operation similarity evaluation range; 若系统运行相似参数位于标准系统运行相似评估区间内,则判定智能终端安全;If the system operation similarity parameters are within the standard system operation similarity assessment range, the smart terminal is determined to be safe; 若系统运行相似参数不位于标准系统运行相似评估区间内,则判定智能终端存在安全风险,并标记为风险智能终端。If the system operation similarity parameters are not within the standard system operation similarity assessment range, the smart terminal is judged to have a security risk and is marked as a risky smart terminal. 6.根据权利要求1所述的基于智能终端的风险检测和评估的方法,其特征在于,所述根据应用软件数据、用户行为数据以及系统日志数据计算偏差相关参数的步骤,包括:6. The method for risk detection and assessment based on intelligent terminals according to claim 1, characterized in that the step of calculating deviation-related parameters based on application software data, user behavior data and system log data comprises: 构建计算周期;Build the computing cycle; 根据计算周期获取参数采集的时间长度;Obtain the time length of parameter collection according to the calculation cycle; 根据时间长度,从应用软件数据、用户行为数据以及系统日志数据中分别获取应用软件参数、用户行为参数以及系统日志参数;According to the time length, application software parameters, user behavior parameters and system log parameters are obtained from the application software data, user behavior data and system log data respectively; 获取偏差相关函数;Get the deviation correlation function; 将应用软件参数、用户行为参数以及系统日志参数输入至偏差相关函数中,并将输出结果标记为偏差相关参数。Application software parameters, user behavior parameters, and system log parameters are input into the deviation-related function, and the output results are marked as deviation-related parameters. 7.根据权利要求1所述的基于智能终端的风险检测和评估的方法,其特征在于,所述根据偏差相关参数和系统运行相似参数判断智能终端的安全风险等级的步骤,包括:7. The method for risk detection and assessment based on smart terminals according to claim 1, characterized in that the step of judging the security risk level of the smart terminal according to the deviation-related parameters and the system operation similarity parameters comprises: 根据偏差相关参数和系统运行相似参数计算安全风险参数;Calculate safety risk parameters based on deviation-related parameters and system operation similarity parameters; 获取安全风险等级表,其中,安全风险等级表包括多个安全风险区间以及每个安全风险区间对应的安全风险等级;Obtaining a security risk level table, wherein the security risk level table includes a plurality of security risk intervals and a security risk level corresponding to each security risk interval; 根据安全风险参数获取对应的目标安全风险区间;Obtain the corresponding target security risk interval according to the security risk parameters; 根据目标安全风险区间从安全风险等级表中获取对应的安全风险等级。Obtain the corresponding security risk level from the security risk level table according to the target security risk range. 8.根据权利要求7所述的基于智能终端的风险检测和评估的方法,其特征在于,所述根据偏差相关参数和系统运行相似参数计算安全风险参数的步骤,包括:8. The method for risk detection and assessment based on intelligent terminals according to claim 7, characterized in that the step of calculating the security risk parameters according to the deviation-related parameters and the system operation similarity parameters comprises: 获取安全风险函数;Obtaining security risk function; 将偏差相关参数和系统运行相似参数输入至安全风险函数中,并将输出结果标记为安全风险参数。Deviation-related parameters and system operation-similar parameters are input into the safety risk function, and the output results are marked as safety risk parameters. 9.一种基于智能终端的风险检测和评估的系统,应用于权利要求1至8任意一项所述的基于智能终端的风险检测和评估的方法,其特征在于,包括:9. A system for risk detection and assessment based on a smart terminal, applied to the method for risk detection and assessment based on a smart terminal according to any one of claims 1 to 8, characterized in that it comprises: 数据采集模块,用于获取智能终端的本地运行数据,并从本地运行数据提取每次智能终端运行时的系统运行数据;A data collection module is used to obtain local operation data of the smart terminal and extract system operation data each time the smart terminal is operated from the local operation data; 异常判断模块,用于判断系统运行数据是否位于标准系统运行评估区间内,若不在,则标记为异常系统运行数据;The abnormality judgment module is used to judge whether the system operation data is within the standard system operation evaluation range. If not, it is marked as abnormal system operation data; 相似模块,用于根据异常系统运行数据获取系统运行相似参数;A similar module is used to obtain system operation similar parameters based on abnormal system operation data; 风险判断模块,用于判断系统运行相似参数是否位于标准系统运行相似评估区间内,若不在,则标记为风险智能终端;The risk judgment module is used to judge whether the system operation similarity parameters are within the standard system operation similarity assessment range. If not, it is marked as a risk intelligent terminal; 风险数据模块,用于获取风险智能终端中异常系统运行数据所对应的应用软件数据、用户行为数据以及系统日志数据;The risk data module is used to obtain application software data, user behavior data and system log data corresponding to abnormal system operation data in the risk intelligent terminal; 偏差模块,用于根据应用软件数据、用户行为数据以及系统日志数据计算偏差相关参数;Deviation module, used to calculate deviation-related parameters based on application software data, user behavior data and system log data; 风险评估模块,用于根据偏差相关参数和系统运行相似参数判断智能终端的安全风险等级。The risk assessment module is used to determine the security risk level of the smart terminal based on deviation-related parameters and system operation similar parameters. 10.一种基于智能终端的风险检测和评估的终端,其特征在于,包括:10. A terminal for risk detection and assessment based on an intelligent terminal, characterized by comprising: 一个或多个处理器;one or more processors; 存储装置,其上存储有一个或多个程序;a storage device having one or more programs stored thereon; 当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现执行权利要求1-8中任意一项所述的基于智能终端的风险检测和评估的方法。When the one or more programs are executed by the one or more processors, the one or more processors implement the method for risk detection and assessment based on a smart terminal as described in any one of claims 1 to 8.
CN202410758045.9A 2024-06-13 2024-06-13 Intelligent terminal-based risk detection and assessment system and method Pending CN118673500A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410758045.9A CN118673500A (en) 2024-06-13 2024-06-13 Intelligent terminal-based risk detection and assessment system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410758045.9A CN118673500A (en) 2024-06-13 2024-06-13 Intelligent terminal-based risk detection and assessment system and method

Publications (1)

Publication Number Publication Date
CN118673500A true CN118673500A (en) 2024-09-20

Family

ID=92729227

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410758045.9A Pending CN118673500A (en) 2024-06-13 2024-06-13 Intelligent terminal-based risk detection and assessment system and method

Country Status (1)

Country Link
CN (1) CN118673500A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119090616A (en) * 2024-11-06 2024-12-06 无锡锡商银行股份有限公司 Intelligent digital bank monitoring system based on risk control

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112257069A (en) * 2020-10-20 2021-01-22 福建奇点时空数字科技有限公司 Server security event auditing method based on flow data analysis
CN115563622A (en) * 2022-09-29 2023-01-03 国网山西省电力公司 Method, device and system for detecting operating environment
US20230350904A1 (en) * 2020-09-22 2023-11-02 Zhijia Technology (Beijing) Co., Ltd. Risk analysis system and method
CN117235743A (en) * 2023-11-13 2023-12-15 北京华源芯电科技有限公司 Intelligent power management method and system based on security risk
CN117544366A (en) * 2023-11-16 2024-02-09 贵州电网有限责任公司 Information risk assessment method suitable for security defense of power distribution network
CN117540372A (en) * 2023-11-22 2024-02-09 西藏朗杰信息科技有限公司 Database intrusion detection and response system for intelligent learning

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230350904A1 (en) * 2020-09-22 2023-11-02 Zhijia Technology (Beijing) Co., Ltd. Risk analysis system and method
CN112257069A (en) * 2020-10-20 2021-01-22 福建奇点时空数字科技有限公司 Server security event auditing method based on flow data analysis
CN115563622A (en) * 2022-09-29 2023-01-03 国网山西省电力公司 Method, device and system for detecting operating environment
CN117235743A (en) * 2023-11-13 2023-12-15 北京华源芯电科技有限公司 Intelligent power management method and system based on security risk
CN117544366A (en) * 2023-11-16 2024-02-09 贵州电网有限责任公司 Information risk assessment method suitable for security defense of power distribution network
CN117540372A (en) * 2023-11-22 2024-02-09 西藏朗杰信息科技有限公司 Database intrusion detection and response system for intelligent learning

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119090616A (en) * 2024-11-06 2024-12-06 无锡锡商银行股份有限公司 Intelligent digital bank monitoring system based on risk control

Similar Documents

Publication Publication Date Title
CN111143102B (en) Abnormal data detection method and device, storage medium and electronic equipment
CN116559598B (en) Smart distribution network fault positioning method and system
CN107426022A (en) Security incident monitoring method and device, electronic equipment, storage medium
CN114514141A (en) Charging station monitoring method and device
CN112884199B (en) Hydropower station equipment fault prediction method, hydropower station equipment fault prediction device, computer equipment and storage medium
KR102410151B1 (en) Method, apparatus and computer-readable medium for machine learning based observation level measurement using server system log and risk calculation using thereof
CN110247725A (en) The line fault investigation method, apparatus and terminal device of OTN network
CN113671909A (en) Safety monitoring system and method for steel industrial control equipment
CN118673500A (en) Intelligent terminal-based risk detection and assessment system and method
CN111176953A (en) Anomaly detection and model training method thereof, computer equipment and storage medium
CN113992602B (en) Cable monitoring data uploading method, device, equipment and storage medium
CN108111328B (en) Exception handling method and device
CN116366374A (en) Security assessment method, system and medium for power grid network management based on big data
CN116502166B (en) Method, device, equipment and medium for predicting faults of target equipment
CN113807211A (en) Equipment running state early warning method, computer equipment and storage medium
KR102150622B1 (en) System and method for intelligent equipment abnormal symptom proactive detection
CN115114124A (en) Host risk assessment method and assessment device
CN118487872A (en) Nuclear power industry-oriented network abnormal behavior detection and analysis method
KR101288535B1 (en) Method for monitoring communication system and apparatus therefor
CN112307271A (en) A safety monitoring method and device for remote control business of distribution automation system
CN116717729A (en) Hierarchical control system and method for monitoring gas safety
JP2020035297A (en) Apparatus state monitor and program
CN118828514B (en) A smart terminal security risk assessment system and method
WO2024001666A1 (en) Network risk assessment method and related apparatus
CN117951624B (en) A method for determining abnormal state of a device cluster, an electronic device and a storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination