CN113327063B

CN113327063B - Resource detection method, device, electronic equipment and computer readable storage medium

Info

Publication number: CN113327063B
Application number: CN202110714924.8A
Authority: CN
Inventors: 冯凯; 张毅隆
Original assignee: Beijing QIYI Century Science and Technology Co Ltd
Current assignee: Beijing QIYI Century Science and Technology Co Ltd
Priority date: 2021-06-25
Filing date: 2021-06-25
Publication date: 2023-08-18
Anticipated expiration: 2041-06-25
Also published as: CN113327063A

Abstract

The embodiment of the invention provides a resource detection method, a device, electronic equipment and a computer readable storage medium, wherein the method comprises the following steps: acquiring a first resource conforming to a preset high-risk rule; acquiring a content distribution network address mapped with a first resource; detecting whether a target address exists in a content distribution network address mapped with the first resource, wherein the target address stores the resource which is the same as the content of the first resource; under the condition that the target address is detected, determining a first service identifier corresponding to the resource identifier of the first resource according to the corresponding relation between the pre-stored resource identifier and the service identifier; according to the first service identifier, first indication information is sent to a service system to which the first resource belongs; the first indication information is used for indicating that the first resource is at risk of being leaked. Therefore, the embodiment of the invention can realize the detection of the high-risk resources in the content distribution network, thereby reducing the risk of leakage of the high-risk resources in the content distribution network.

Description

Resource detection method, device, electronic equipment and computer readable storage medium

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for detecting resources, an electronic device, and a computer readable storage medium.

Background

As business of companies increases, detection, management and risk level control of high-risk resource files become more and more important, and once the high-risk resource files (i.e., resource files which cannot be known by the vast users) are exposed to the external network, significant adverse effects will be caused.

The detection of high-risk resources at present mainly aims at an externally issued installation package. The method mainly comprises the steps of detecting whether a resource file in an externally issued installation package is replaced or not, wherein resources or resource paths exist in the externally issued installation package, so that risk detection is carried out on the externally issued resource file, and the fact that resources in the installation package are not tampered is guaranteed.

When each business party manages high-risk resource files, part of the files are required to be accessible in an intranet, but are not externally accessible, and the externally-used files are stored in a content delivery network (Content Delivery Network, CDN).

For the high-risk resource file to be deleted, after notifying the content distribution network of deletion, the service party does not determine whether the content distribution network completely deletes the corresponding high-risk resource file, so that the part of high-risk resource file has a risk of being leaked.

Therefore, in the prior art, high-risk resource detection can only be performed on the externally issued installation package, and high-risk resources in the content distribution network cannot be detected, so that the risk of leakage of the high-risk resources in the content distribution network is caused.

Disclosure of Invention

An object of an embodiment of the present invention is to provide a method, an apparatus, an electronic device, and a computer readable storage medium for detecting a high-risk resource in a content distribution network, so as to reduce a risk of leakage of the high-risk resource in the content distribution network. The specific technical scheme is as follows:

in a first aspect of the present invention, there is provided a resource detection method, including:

acquiring a first resource conforming to a preset high-risk rule;

acquiring a content distribution network address mapped with the first resource, wherein the content distribution network address mapped with the first resource is an address of a resource which is the same as the content of the first resource and is used for storing in a content distribution network;

detecting whether a target address exists in a content distribution network address mapped with the first resource, wherein the target address stores a resource which is the same as the content of the first resource;

Under the condition that the target address is detected, determining a first service identifier corresponding to the resource identifier of the first resource according to the corresponding relation between the pre-stored resource identifier and the service identifier;

according to the first service identifier, the first indication information is sent to a service system to which the first resource belongs;

the first indication information is used for indicating that the first resource is at risk of being leaked.

In a second aspect of the present invention, there is also provided a resource detection apparatus, the apparatus including:

the first acquisition module is used for acquiring first resources conforming to preset high-risk rules;

a second obtaining module, configured to obtain a content distribution network address mapped with the first resource, where the content distribution network address mapped with the first resource is an address of a resource that is the same as the content of the first resource and is used to store the content of the first resource in a content distribution network;

the detection module is used for detecting whether a target address exists in the content distribution network address mapped with the first resource, wherein the target address stores the resource which is the same as the content of the first resource;

the service identification determining module is used for determining a first service identification corresponding to the resource identification of the first resource according to the corresponding relation between the pre-stored resource identification and the service identification under the condition that the target address is detected;

The first sending module is used for sending the first indication information to a service system to which the first resource belongs according to the first service identifier;

In yet another aspect of the present invention, there is also provided a computer readable storage medium having instructions stored therein, which when run on a computer, cause the computer to perform any of the above-described resource detection methods.

In yet another aspect of the invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform any of the above described resource detection methods.

The resource detection method provided by the embodiment of the invention can acquire the first resource conforming to the preset high-risk rule, and then acquire the content distribution network address mapped with the first resource, so as to detect whether the target address of the resource which is the same as the content of the first resource exists in the content distribution network address, and under the condition that the target address exists, determine the first service identifier corresponding to the resource identifier of the first resource according to the corresponding relation between the pre-stored resource identifier and the service identifier, so as to send the first indication information for indicating the risk of leakage of the first resource to the service system to which the first resource belongs according to the first service identifier, wherein the content distribution network address mapped with the first resource is the address of the resource which is the same as the content of the first resource in the content distribution network and is used for storing the resource which is the same as the content of the first resource.

Therefore, in the embodiment of the invention, the first resource meeting the preset high-risk rule can be obtained, then the addresses of the resources which are used for storing the same content as the first resource in the content distribution network are obtained, so that whether the resources which are the same as the first resource are stored in the addresses or not is detected, and when the resources which are the same as the first resource are stored in a certain address in the content distribution network are detected, the first indication information is sent to the service system of the first resource, so that the service side of the first resource is prompted that the first resource has the risk of being leaked, and the service side can timely know the leakage risk of the high-risk resource, so that the service side can timely solve the risk conveniently. Therefore, the embodiment of the invention can realize the detection of the high-risk resources in the content distribution network, thereby reducing the risk of leakage of the high-risk resources in the content distribution network.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.

FIG. 1 is a flow chart of steps of a method for detecting resources according to an embodiment of the present invention;

FIG. 2 is a flowchart illustrating steps of another method for detecting resources according to an embodiment of the present invention;

fig. 3 is an interaction schematic diagram of a service system, an auditing system and a content distribution network in a specific implementation of a resource detection method provided by an embodiment of the present invention;

fig. 4 is a schematic flow chart of triggering resource detection in a specific implementation of the resource detection method provided in the embodiment of the present invention;

FIG. 5 is a flowchart of detecting whether a first resource is at risk of being leaked in a specific implementation of a resource detection method according to an embodiment of the present invention;

FIG. 6 is a block diagram of a resource detection device according to an embodiment of the present invention;

FIG. 7 is a block diagram of another resource detection device according to an embodiment of the present invention;

fig. 8 is a block diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be described below with reference to the accompanying drawings in the embodiments of the present invention.

Fig. 1 is a method for detecting resources according to an embodiment of the present invention. As shown in fig. 1, the resource detection method may include the steps of:

step 101: and acquiring a first resource conforming to a preset high-risk rule.

The resources which meet the preset high-risk rule are resources which cannot be leaked to the external network, namely resources which can be accessed by the business side and cannot be accessed by other people except the personnel in the business side.

Step 102: and acquiring the content distribution network address mapped with the first resource.

The content distribution network address mapped with the first resource is an address of a resource which is used for storing the same content as the first resource in a content distribution network. In addition, the content delivery network address mapped with the first resource includes one or more addresses.

When the formats of the resources of the same content are different, the storage addresses in the content distribution network are different. For example, when the picture size and format are different for the picture of the same picture, the picture is correspondingly stored in different addresses of the content distribution network.

Therefore, when detecting the first resource, it is necessary to acquire all addresses for storing the same resource as the content of the first resource in the content distribution network, that is, acquire all the content distribution network addresses mapped with the first resource, thereby detecting whether the acquired content distribution network addresses store the same resource as the content of the first resource.

Step 103: and detecting whether a target address exists in the content distribution network address mapped with the first resource.

Wherein the target address stores a resource identical to the content of the first resource. Therefore, in step 103, it is detected whether the target address exists in the content distribution network address, that is, whether the content distribution network address mapped to the first resource stores the same resource as the content of the first resource.

Step 104: and under the condition that the target address is detected, determining a first service identifier corresponding to the resource identifier of the first resource according to the corresponding relation between the pre-stored resource identifier and the service identifier.

Step 105: and sending the first indication information to a service system to which the first resource belongs according to the first service identifier.

Further, the detection of the target address indicates that the content distribution network address mapped to the first resource stores the same resource as the content of the first resource. Therefore, in the embodiment of the invention, when the target address is detected, that is, when the content of the first resource is stored in the content distribution network, the first indication information needs to be sent to the service system of the first resource to prompt that the first resource has a risk of being leaked, so that the service party can timely know the leakage risk of the high-risk resource, and further the service party can timely solve the risk.

Therefore, in the embodiment of the invention, the service identifiers of the service systems to which each resource belongs can be stored in advance, so that the indication information for indicating that the part of the resources have leakage risks can be sent to the service system of the service according to the service identifier of the service to which the resource belongs under the condition that the leakage risk of the resource is detected, so that the service party can know the leakage risk of the high-risk resource in time, and the service party can solve the risk in time conveniently.

As can be seen from the foregoing steps 101 to 105, in the embodiment of the present invention, a first resource meeting a preset high-risk rule may be obtained, and then a content distribution network address mapped with the first resource is obtained, so as to detect whether a target address storing a resource identical to the content of the first resource exists in the content distribution network address, and in the case that the target address exists, determine, according to a correspondence between a pre-stored resource identifier and a service identifier, a first service identifier corresponding to the resource identifier of the first resource, so as to send, according to the first service identifier, first indication information for indicating that the first resource has a risk of being leaked to a service system to which the first resource belongs to, where the content distribution network address mapped with the first resource is an address storing the resource identical to the content of the first resource in the content distribution network.

Fig. 2 is a method for detecting resources according to an embodiment of the present invention. As shown in fig. 2, the resource detection method may include the steps of:

step 201: and acquiring a first resource conforming to a preset high-risk rule.

Step 202: and acquiring the content distribution network address mapped with the first resource.

The content distribution network address mapped with the first resource is an address of a resource which is used for storing the same content as the first resource in a content distribution network.

Step 203: and generating a hypertext transfer protocol request according to the first address.

Wherein the first address is one of the content delivery network addresses mapped with the first resource.

Step 204: and sending the hypertext transfer protocol request to the content distribution network.

Step 205: and receiving the response header information of the hypertext transfer protocol returned by the content distribution network.

Wherein, the hypertext transfer protocol response header information includes a code identifier.

Step 206: and under the condition that the code is identified as a first preset code, determining that the first address belongs to the target address.

Step 207: and under the condition that the code is identified as a second preset code, determining that the first address does not belong to the target address.

Wherein the target address stores a resource identical to the content of the first resource. Thus, the first address belongs to the target address, and indicates that the first address stores the same resource as the first resource in content; the first address does not belong to the target address, and indicates that the first address does not store the same resource as the first resource.

In addition, the code is identified as indication information for indicating whether or not a resource identical to the content of the first resource is stored in the first address. That is, in the embodiment of the present invention, whether the same resource as the content of the first resource is stored in the first address may be determined according to the specific content of the code identification.

As can be seen from steps 203 to 207, in the embodiment of the present invention, when detecting whether one of the content distribution network addresses mapped to the first resource stores the resource identical to the content of the first resource, an access request to the content distribution network, that is, a hypertext transfer protocol (http) request, may be generated according to the address, and then the hypertext transfer protocol request is sent to the content distribution network, so that hypertext transfer protocol response header information returned by the content distribution network may be received, where the hypertext transfer protocol response header information carries a code identifier, and then whether the address stores the resource identical to the content of the first resource may be further determined according to the code identifier.

It should be noted that, the purpose of generating the hypertext transfer protocol request according to the first address and sending the request to the content distribution network is to obtain the hypertext transfer protocol response header information returned by the content distribution network, so as to determine whether the first address stores the same resource as the content of the first resource according to the code identifier in the hypertext transfer protocol response header information, instead of accessing the resource stored in the first address, so steps 203 to 205 belong to a process of simulating manual access to the first address, so as to determine whether the first address stores the same resource as the content of the first resource.

In addition, the process of detecting whether the second address except the first address belongs to the target address in the content delivery network address mapped with the first resource is the same as the process of detecting whether the first address belongs to the target address, and will not be described herein.

Step 208: and under the condition that the target address is detected, determining a first service identifier corresponding to the resource identifier of the first resource according to the corresponding relation between the pre-stored resource identifier and the service identifier.

Step 209: and sending the first indication information to a service system to which the first resource belongs according to the first service identifier.

As can be seen from the foregoing steps 201 to 209, in the embodiment of the present invention, the first resource meeting the preset high-risk rule may be obtained, and then the addresses of the resources in the content distribution network, which are used for storing the same content as the first resource, are obtained, so that the manual access process is simulated for the addresses, to detect whether the resources with the same content as the first resource are stored in the addresses, and when detecting that the resources with the same content as the first resource are stored in a certain address in the content distribution network, the first indication information is sent to the service system of the first resource, so as to prompt the service party of the first resource that the first resource has a risk of being leaked, so that the service party can timely learn the risk of leakage of the high-risk resource, and further facilitate the service party to timely solve the risk. Therefore, the embodiment of the invention can realize the detection of the high-risk resources in the content distribution network, thereby reducing the risk of leakage of the high-risk resources in the content distribution network.

Optionally, before the detecting whether the target address exists in the content distribution network address mapped with the first resource, the method further includes:

numbering the at least one content delivery network address;

sorting the odd numbered content distribution network addresses according to the sequence from small numbers to large numbers to obtain a first arrangement sequence;

ordering the content distribution network addresses with even numbers according to the order from small numbers to large numbers to obtain a second arrangement order;

based on the first arrangement order and the second arrangement order, arranging the content distribution network addresses with odd numbers before the content distribution network addresses with even numbers to obtain a third arrangement order;

the detecting whether a target address exists in the content distribution network address mapped with the first resource includes:

and detecting whether a target address exists in the content distribution network addresses mapped with the first resource according to the third arrangement sequence.

For example, the number of the content delivery network addresses mapped with the first resource is 10, and after the 10 addresses are numbered and ordered according to the method, the third arrangement sequence of the numbers of the finally obtained addresses is as follows: 1. 3, 5, 7, 9, 2, 4, 6, 8, 10. If the address with the number of 7 stores the resource identical to the content of the first resource, the target address can be detected in the fourth detection according to the third arrangement sequence, so as to obtain a detection result of the content distribution network storing the resource identical to the content of the first resource. If the detection is performed sequentially in the order of the numbers from larger to smaller (i.e., 1, 2, 3, 4, 5, 6, 7, 8, 9, 10), it is detected that the same resource as the content of the first resource is stored in the content distribution network only when the detection is performed for the seventh time. Therefore, according to the embodiment of the invention, the detection speed can be improved by adopting the interval detection method.

Optionally, the preset high-risk rule includes that a predetermined resource risk level is greater than a preset level; before the first resource meeting the preset high-risk rule is obtained, the method further comprises:

under the condition that the change of the resource risk level is detected, acquiring the resource with the changed resource risk level;

the obtaining the first resource meeting the preset high-risk rule comprises the following steps:

and acquiring the first resource with the resource risk level larger than the preset level from the resources with the resource risk level changed.

Therefore, in the embodiment of the invention, the resource risk level of the resource can be predetermined, so that the content distribution network address mapped by the resource can be obtained under the condition that the resource risk level is greater than the preset level, and whether the resource identical to the content of the resource is stored in the content distribution network address or not can be detected.

The importance degree of the resources is divided through the resource risk level, so that detection on unimportant resources is not needed, and detection time is saved.

In addition, the resource risk level can be determined manually; or, machine learning may be used to train the collected feature information of the resource to obtain a model for outputting the risk level of the resource, so that when the risk level of the resource of a certain resource needs to be determined, the feature information of the resource may be input into the model, so as to output the risk level of the resource. The feature information may include a resource type, a type to which an object included in the resource content belongs, and a scene presented by the resource content.

In addition, the resource risk level can be stored in a service system (i.e. an intranet), and in the embodiment of the invention, the intranet storage address of the resource needs to be recorded, so that when a certain resource needs to be detected, the resource risk level of the resource can be obtained from the intranet according to the intranet address.

From the above, when the resource level changes, the embodiment of the present invention may automatically obtain the resource with the modified resource level, and further obtain the first resource with the resource risk level greater than the preset level from the resources, and check whether the first resource has a leakage risk.

For example, the original resource risk level of the resource a is X1, X1 is smaller than the preset level, but the resource risk level in the resource a is modified to X2, and X2 is larger than the preset level, so that when the high-risk rule is "the resource risk level is larger than the preset level", the resource to which the resource a belongs does not belong to the high-risk resource (i.e., the resource to which the resource a belongs can be accessed by an external network) before the resource risk level is modified, but the resource to which the resource a belongs to the high-risk resource (i.e., the resource to which the resource a belongs cannot be accessed by the external network) after the resource risk level is modified.

Specifically, for example, the resource a is a video resource, and in the period of the copyright of a video application program, the user can obtain the video resource through the video application program, but after the copyright of the video resource expires, the user cannot obtain the video resource through the video application program, so that in this case, a related technician is required to modify the resource risk level of the resource a to meet different requirements of the video resource in the period of the copyright and after the copyright expires.

Optionally, before the obtaining the first resource meeting the preset high-risk rule, the method further includes:

acquiring a resource index with changed resource risk level under the condition that the resource risk level in a pre-established resource index library is detected to be changed, wherein the resource index library comprises a resource index of at least one service party, the resource index comprises a resource identifier, a content distribution network address mapped with the resource represented by the resource identifier, a service identifier of the service party to which the resource represented by the resource identifier belongs, and the predetermined resource risk level to which the resource represented by the resource identifier belongs, and the second target service party is the service party to which the resource with changed resource risk level belongs;

and acquiring the first resource conforming to the preset high-risk rule from the resources to which the resource index with the changed resource risk level belongs.

Therefore, the resource risk level can be stored in the resource index library, so that when the resource level recorded in the resource index library changes, the resource index of the modified resource level can be automatically obtained, and further, the first resource conforming to the preset rule is obtained from the resources to which the resource index belongs.

The resource risk level is stored in the resource index library, so that the resource risk level does not need to be acquired from the intranet according to the intranet storage address of the resource, and the detection speed is further improved. Optionally, the high-risk rule includes that the creation time is within a preset time window. The time window comprises at least one time window, for example, a first time window is preset, and if the current time is in the first time window, the high-risk rule is met; if the current time is outside the first time window, the high-risk rule is not met. The method can set that a part of resources belong to high-risk resources within a certain time window and do not belong to high-risk resources outside the time window.

Optionally, the method further comprises:

and sending second indication information to the content distribution network when the target address is detected, wherein the second indication information is used for indicating the content distribution network to delete the resource stored in the content distribution network address mapped with the first resource.

After sending first indication information for indicating that the first resource has a risk of being leaked to a service system to which the first resource belongs, the service party to which the first resource belongs needs to verify and then comes out of the risk, which consumes longer time.

In addition, if the service party to which the first resource belongs after verifying finds that the resource stored in the content distribution network address mapped with the first resource does not need to be deleted, the service system may be further operated, so that the service system sends a restoration instruction to the content distribution network to restore the resource stored in the content distribution network address mapped with the first resource.

acquiring a resource index to be detected belonging to a predetermined target service party from a pre-established resource index library according to a preset inspection parameter, wherein the resource index library comprises a resource index of at least one service party, the resource index comprises a resource identifier, a content distribution network address mapped with a resource represented by the resource identifier, and a service identifier of the service party to which the resource represented by the resource identifier belongs, and the inspection parameter comprises an inspection starting time, an inspection period and inspection times;

and acquiring the first resource conforming to the preset high-risk rule from the resources to which the resource index to be detected belongs, which belong to the target service party.

It can be seen that, in the embodiment of the present invention, a resource index library is pre-established, where the resource index library includes a plurality of resource indexes, one resource index includes a resource identifier, a content distribution network address mapped with a resource represented by the resource identifier, a service identifier of a service party to which the resource represented by the resource identifier belongs, and the plurality of resource indexes included in the resource index library belong to at least one service party. Therefore, in the embodiment of the invention, the above-mentioned inspection parameters can be preset, and for single service or multiple services, the indexes in the resource index library are inspected periodically according to the inspection parameters, so as to detect whether the resources to which the indexes obtained by inspection belong have the risk of being leaked.

The mapping relationship between the resource identifier and the content distribution network address can be obtained from the service system to which the resource belongs, that is, the service system can periodically send the mapping relationship between the resource identifier and the content distribution network address stored in the service system to the resource index library for storage. In addition, each service system can also send the corresponding relation between the resource identifier and the service identifier of the service to which the resource identifier belongs to the resource index library, so that the resource index library can store indexes comprising the resource identifier, the service identifier and the content distribution network address.

In addition, under the condition that each service system sends a corresponding relation between a resource identifier and a service identifier of a service to which the resource identifier belongs to the resource index library (namely, each service system accesses the resource index library), certain resources may be omitted, a content distribution network notification mechanism may be introduced, namely, when the content distribution network detects that the resources stored in the content distribution network are accessed, the corresponding relation between the resource identifier of the accessed resource and the service identifier of the service to which the accessed resource belongs is established, and the established corresponding relation between the resource identifier and the service identifier is sent to the resource index library for storage so as to supplement the index of the omitted resources.

It should be noted that in the prior art, each business party needs to establish its own file risk inspection system. However, if each business side maintains a set of file risk inspection system, the risk files are not processed timely, so that unified management is inconvenient, and development cost is high. In the embodiment of the invention, the resource index library is constructed, namely, the resource indexes corresponding to the resources of all business parties are stored in the resource index library, so that the resources of all business parties are uniformly managed, the resource risk detection cost is saved, the detection speed is improved, and the risk problem of resource leakage can be solved in time.

The embodiment of the invention greatly reduces the exposure probability of high-risk resources, enhances the discovery capability of risk content and improves the resource safety while reducing the risk and labor cost.

Optionally, the obtaining, in a pre-established resource index library, the resource index to be detected belonging to the predetermined target service party according to the preset inspection parameter includes:

according to the patrol starting time, the patrol period and the patrol times, when the (i+1) th patrol time arrives, a first target resource index is obtained from the resource indexes belonging to the target service party stored in the resource index library, and the first target resource index is determined as the resource index to be detected;

The first target resource index comprises a resource index which is increased between the ith inspection time and the (i+1) th inspection time, or comprises a resource index which is increased between the ith inspection time and the (i+1) th inspection time and meets the preset constraint condition, wherein the preset constraint condition comprises the constraint condition of the resource creation time;

i is an integer from 1 to N-1, N representing the number of rounds.

It can be known that, in the embodiment of the present invention, for a single service or multiple services, the resource index added in the inspection period in the resource index library or the resource index added and conforming to the preset constraint condition may be inspected, so that after each inspection is completed, the resource index obtained by inspection is used as the resource index to be detected, and further, the first resource conforming to the preset high-risk rule is obtained from the resources to which the resource index to be detected belongs, and whether the first resource is leaked in the content distribution network is detected.

Namely, the embodiment of the invention can carry out incremental patrol aiming at the resource index in the patrol resource index library. The specific implementation of the incremental inspection can be described in the following cases one to three.

Case one: the first target resource index includes a resource index that increases between an i-th patrol time and an i+1th patrol time.

The step of obtaining a first target resource index from the resource indexes belonging to the target service party stored in the resource index library when the (i+1) th time of inspection arrives according to the inspection starting time, the inspection period and the inspection times, wherein the method comprises the following steps:

and according to the patrol starting time, the patrol period and the patrol times, acquiring a resource index which is increased from the ith patrol time to the (i+1) th patrol time from the resource indexes belonging to the target service party and stored in the resource index library when the (i+1) th patrol time arrives, and determining the acquired resource index as the first target resource index.

For example, the patrol start time is: 2020-04-23:20:00:00, the inspection period is 5 days, the inspection times are 3 times, and the specific inspection process can be as follows:

first patrol: patrol range 2020-04-23 20:00:00: creating a resource index which is before 2020-04-23:20:00:00 and belongs to a target business party;

second inspection: patrol range 2020-04-28 20:00:00: creating a resource index which is in 2020-04-23:00:00 to 2020-04-28:20:00:00 and belongs to a target business party;

Third inspection: patrol range 2020-05-03 20:00:00: the creation time is 2020-04-28 20:00:00 to 2020-05-03 20:00:00, and belongs to the resource index of the target business party.

In a second case, when the preset constraint condition indicates that the creation time is later than or equal to the first time, the first target resource index includes: and in the resource indexes belonging to the target service party in the resource index library, the resource indexes with the creation time being later than or equal to the first time are added between the ith inspection time and the (i+1) th inspection time.

and according to the patrol starting time, the patrol period and the patrol times, when the (i+1) th patrol time arrives, acquiring a resource index which is added between the (i) th patrol time and the (i+1) th patrol time and has the creation time which is later than or equal to the first time from the resource indexes belonging to the target service party and stored in the resource index library, and determining the acquired resource index as the first target resource index.

For example, the patrol start time is: 2020-04-23:20:00:00, the inspection period is 5 days, the inspection times are 3, and preset constraint conditions are as follows: the creation time is later than or equal to 2020-04-20:00:00, then the specific patrol process may be as follows:

first patrol, patrol range 2020-04-23:20:00:00: creating a resource index which is in 2020-04-20:00:00 to 2020-04-23:00:00 and belongs to a target business party;

second patrol, patrol range 2020-04-28 20:00:00: creating a resource index which is in 2020-04-23:00:00 to 2020-04-28:20:00:00 and belongs to a target business party;

third patrol, patrol range 2020-05-03 20:00:00: the creation time is 2020-04-28 20:00:00 to 2020-05-03 20:00:00, and belongs to the resource index of the target business party.

In a third aspect, when the preset constraint condition indicates that the creation time is earlier than or equal to the second time, the first target resource index includes: and in the resource indexes belonging to the target service party in the resource index library, the resource indexes with the creation time being earlier than or equal to the second time are added between the ith inspection time and the (i+1) th inspection time.

That is, the obtaining, according to the patrol start time, the patrol cycle, and the patrol times, a first target resource index from the resource indexes belonging to the target service party stored in the resource index library when the (i+1) -th patrol time arrives, includes:

And according to the patrol starting time, the patrol period and the patrol times, when the (i+1) th patrol time arrives, acquiring a resource index which is added between the (i) th patrol time and the (i+1) th patrol time and has the creation time which is earlier than or equal to the second time from the resource indexes belonging to the target service party and stored in the resource index library, and determining the acquired resource index as the first target resource index.

For example, the patrol start time is: 2020-04-23:20:00:00, the inspection period is 5 days, the inspection times are 3, and preset constraint conditions are as follows: the creation time is earlier than or equal to 2020-04-20:00:00, then the specific patrol process may be as follows:

first patrol, patrol range 2020-04-23:20:00:00: creating a resource index which is in front of 2020-04-20:00:00 and belongs to a target business party;

second patrol, patrol range 2020-04-28 20:00:00: no patrol object exists;

third patrol, patrol range 2020-05-03 20:00:00: no patrol object exists.

According to the patrol starting time, the patrol period and the patrol times, when the jth patrol time arrives, a second target resource index is obtained from the resource indexes belonging to the target service party stored in the resource index library, and the second target resource index is determined as the resource index to be detected;

the second target resource index comprises a resource index with the creation time before the jth inspection time, or comprises a resource index with the creation time before the jth inspection time and meeting preset constraint conditions, wherein the preset constraint conditions comprise constraint conditions of resource creation time;

j is an integer from 1 to N-1, N representing the number of rounds.

It can be known that, in the embodiment of the present invention, for a single service or multiple services, the resource index stored at each inspection time in the resource index library, or the stored resource index meeting the preset constraint condition, so that after each inspection, the resource index obtained by inspection is used as the resource index to be detected, further the first resource meeting the preset high-risk rule is obtained from the resources to which the resource indexes to be detected belong, and whether the first resource has a risk of being leaked in the content distribution network is detected.

That is, the embodiment of the invention can carry out full inspection aiming at the resource index in the inspection resource index library. The specific embodiment of the full-volume inspection can be described as the following fourth to sixth cases.

Case four: the second target resource index includes a resource index having a creation time before the jth patrol time.

The step of obtaining a second target resource index from the resource indexes belonging to the target service party stored in the resource index library when the j-th patrol time arrives according to the patrol start time, the patrol period and the patrol times, includes:

and according to the patrol starting time, the patrol period and the patrol times, when the jth patrol time arrives, acquiring a resource index with the creation time before the jth patrol time from the resource indexes belonging to the target service party stored in the resource index library, and determining the acquired resource index as the second target resource index.

first patrol, patrol range 2020-04-23:20:00:00: creating a resource index which is before 2020-04-23:20:00:00 and belongs to a target business party;

Second patrol, patrol range 2020-04-28 20:00:00: creating a resource index which is before 2020-04-28, 20:00:00 and belongs to a target business party;

third patrol, patrol range 2020-05-03 20:00:00: the creation time is before 2020-05-03 20:00:00 and belongs to the resource index of the target business party.

Case five: and when the preset constraint condition indicates that the creation time of the resource to be detected is later than or equal to the first time, the second target resource index comprises: and at the j-th inspection time, creating a resource index with the time later than or equal to the first time in the resource indexes belonging to the target service party stored in the resource index library.

and acquiring a resource index with the creation time being later than or equal to the first time from the resource indexes belonging to the target service party stored in the resource index library when the j-th inspection time arrives according to the inspection starting time, the inspection period and the inspection times, and determining the acquired resource index as the second target resource index.

second patrol, patrol range 2020-04-28 20:00:00: creating a resource index which is in 2020-04-20:00:00 to 2020-04-28-20:00:00 and belongs to a target business party;

third patrol, patrol range 2020-05-03 20:00:00: the creation time is 2020-04-20:00:00 to 2020-05-03 20:00:00, and belongs to the resource index of the target business party.

And in a sixth case, when the preset constraint condition indicates that the creation time of the resource to be detected is earlier than or equal to a second time, the second target resource is included in a j-th inspection time, and in the resource indexes belonging to the target service party stored in the resource index library, the creation time is earlier than or equal to the resource index of the second time.

And acquiring a resource index with the creation time being earlier than or equal to the second time from the resource indexes belonging to the target service party stored in the resource index library when the j-th inspection time arrives according to the inspection starting time, the inspection period and the inspection times, and determining the acquired resource index as the second target resource index.

first patrol, patrol range 2020-04-23:20:00:00: creating a resource index which is before 2020-04-20:00:00 and belongs to a target business party;

second patrol, patrol range 2020-04-28 20:00:00: creating a resource index which is before 2020-04-20:00:00 and belongs to a target business party;

third patrol, patrol range 2020-05-03 20:00:00: the creation time is 2020-04-20:00:00 preceded by a resource index belonging to the target business party.

Exemplary, a specific implementation manner of the resource detection method provided by the embodiment of the present invention may be shown in fig. 3. The specific steps are as follows:

In the first aspect, each service system may periodically send the mapping relationship between the resource identifier stored in the service system, the intranet storage address (i.e. the storage address of the resource in the service system indicated by the resource identifier), and the content distribution network address to the resource index library for storage. Each service system may also send the corresponding relationship between the resource identifier and the service identifier of the service to which the resource identifier belongs to the resource index library. As shown in fig. 3, the resource index library is provided with a creating application program interface, which is used for receiving information sent to the resource index library by each service system.

In the second aspect, under the condition that each service system sends a "corresponding relation between a resource identifier and a service identifier of a service to which the resource identifier belongs" to the resource index library (that is, each service system accesses the resource index library), some resources may be omitted, and then a content distribution network notification mechanism may be introduced, that is, when the content distribution network detects that the internally stored resources are accessed, a corresponding relation between the resource identifier of the accessed resources and the service identifier of the service to which the accessed resources belong is established, so that the established corresponding relation between the resource identifier and the service identifier is sent to the resource index library for storage, and the index of the omitted resources is supplemented.

In a third aspect, a technician determines a resource risk level through an auditing system, thereby storing the resource risk level. The method comprises the steps of manually marking the resource risk level of each resource in a setting interface of an auditing system, and automatically identifying the risk level of each resource in the setting interface of the auditing system to extract the characteristic information of the resource, so that the extracted characteristic information is input into a target model which is obtained by training by adopting a machine learning algorithm in advance, and the resource risk level is further output.

After the auditing system stores the resource risk level, the resource risk level may be sent to the resource index library, so that the resource index library may record the corresponding relationship between each resource identifier and the resource risk level.

In summary, a plurality of resource indexes are stored in the resource index library, wherein one resource index comprises a resource identifier, an intranet storage address, at least one content distribution network address, a resource risk level and a service identifier.

As shown in fig. 3, the resource index library is further provided with a query application program interface and a verification application program interface, where the query application program interface is used for querying whether a certain resource exists in the resource index library; the validation application program interface is used for the content distribution network to detect the data of the resource index library.

In addition, the resources to which each resource index stored in the resource index library belongs may be at least one of picture type resources, video type resources and audio type resources.

In a fourth aspect, as shown in fig. 4, a related technician may input a first operation in an operation interface of a resource index library to trigger one-time inspection of a resource index in the resource index library for a single service or multiple services, so as to detect whether a risk of leakage exists in a resource to which the resource index obtained by inspection belongs; or after modifying the resource risk level through the auditing system, the related technician can trigger the resource index which changes the resource risk level for single-service or multi-service one-time inspection, so as to detect whether the resource to which the resource index obtained by inspection belongs has the risk of being leaked.

The resource index in the resource index library can be manually triggered for single-service or multi-service one-time inspection, so that whether the resources to which the resource index obtained by inspection belongs have the risk of being leaked or not is detected.

In addition, related technicians can set inspection parameters (such as inspection starting time, inspection period and inspection times) in an operation interface of the file resource library, so that for single service or multiple services, the resource index in the resource file library is inspected periodically according to the inspection parameters, and further whether the resources to which the resource index obtained by inspection belongs are in risk of being leaked is detected.

If the risk of leakage of some resources is detected, the resource index library may send, to a service system to which the part of resources belong, indication information that the part of resources have the risk of leakage according to a service identifier corresponding to the resource identifier of the part of resources, so that the service system notifies the content distribution network to delete the resources identical to the content of the part of resources. And when the resource is inspected again next time and the content distribution network is not deleted, the content distribution network is continued to delete, and after the notification times reach the threshold value, alarm information can be sent to the corresponding service system.

In addition, when the resource index library detects that some resources have the risk of being leaked, the resource index library can also directly inform the content distribution network to delete the resources which are the same as the content of the part of resources so as to process the risk event as soon as possible, thereby reducing the probability of resource leakage. If the service party to which the deleted part of the resources in the content distribution network belongs is found after verification, the service party and the part of the resources can not be deleted, the service system can be operated, so that the service system sends a restoration instruction to the content distribution network to restore the deleted resources.

In addition, the related technicians also select the resource identifier of the resource to be recovered in the operation interface of the resource index system, so that the resource index library acquires the resource stored in the intranet address from the service system according to the intranet storage address corresponding to the resource identifier, and then sends the acquired resource to the content distribution network to recover the deleted resource in the content distribution network.

It should be noted that, for the process of performing the inspection according to the inspection parameters, the foregoing description may be added, and the detailed description is omitted herein.

The detection process of searching for the high-risk resource introduced into one of the patrolled resources can be shown in fig. 5.

For example, if the resource index belongs to the first resource and there are 5 content distribution network addresses mapped to the first resource, firstly judging whether the resource risk level of the first resource is greater than a preset level, if the resource risk level of the first resource is less than or equal to the preset level, ending the flow;

if the resource risk level of the first resource is greater than a preset level, detecting whether the first content distribution network address stores the resource the same as the content of the first resource, thereby determining whether the first resource has a leaked risk, namely generating a hypertext transfer protocol request according to the first content distribution network address, then sending the hypertext transfer protocol request to the content distribution network, thereby receiving hypertext transfer protocol response header information returned by the content distribution network, further determining whether the first content distribution network address stores the resource the same as the content of the first resource according to a code mark included in the hypertext transfer protocol response header information, if yes, determining that the first resource has a leaked risk, otherwise, detecting whether the third content distribution network address stores the resource the same as the content of the first resource;

Then, if the third content distribution network address stores the same resource as the first resource, determining that the first resource is at risk of being leaked, otherwise, detecting whether the fifth content distribution network address stores the same resource as the first resource;

then, if the fifth content distribution network address stores the same resource as the content of the first resource, determining that the first resource is at risk of being leaked, otherwise, detecting whether the second content distribution network address stores the same resource as the content of the first resource;

then, if the second content distribution network address stores the same resource as the first resource, determining that the first resource is at risk of being leaked, otherwise, detecting whether the fourth content distribution network address stores the same resource as the first resource;

then, if the fourth content distribution network address stores the same resource as the content of the first resource, determining that the first resource has a leakage risk, otherwise, determining that the first resource has no leakage risk.

From the above, in the embodiment of the present invention, the resource index library is constructed by delivering data (including resource identifier, content distribution network address, service identifier) through the service system, so as to uniformly manage the resources of multiple service parties; and determining the resource risk level of each resource through an auditing system and recording the resource risk level in a resource index library, so that after the resource index to be detected is obtained according to preset inspection parameters, whether each resource belongs to high-risk resources or not is determined according to the resource risk level, and whether the risk of leakage exists in the high-risk resources is detected.

And after the resource risk level changes (namely, the rule of the high-risk resources), the resource index in the resource index library can be checked at one time aiming at single service or multiple services, so that whether the resources to which the resource index obtained by checking belongs are leaked or not is detected, and each service party is convenient to process the resources with the leakage risk in time after modifying the rule for determining the high-risk resources according to the respective conditions, and the service party is not required to additionally develop.

The embodiment of the invention can carry out historical data risk inspection and subsequent increment data inspection on the high-risk data of each business party, including videos, pictures and the like. Under the condition of judging the change of the high-risk rule, the risk inspection conforming to the new high-risk rule can be carried out on the data, and adverse effects caused by exposure of the high-risk data to the external network are avoided.

Fig. 6 is a block diagram of a resource detection device according to an embodiment of the present invention. As shown in fig. 6, the resource detecting apparatus 60 may include:

the first obtaining module 601 is configured to obtain a first resource that meets a preset high-risk rule;

a second obtaining module 602, configured to obtain a content distribution network address mapped with the first resource, where the content distribution network address mapped with the first resource is an address of a resource that is the same as the content of the first resource in the content distribution network;

A detection module 603, configured to detect whether a target address exists in a content distribution network address mapped with the first resource, where the target address stores a resource that is the same as the content of the first resource;

a service identifier determining module 604, configured to determine, when the target address is detected, a first service identifier corresponding to the resource identifier of the first resource according to a correspondence between pre-stored resource identifiers and service identifiers;

a first sending module 605, configured to send the first indication information to a service system to which the first resource belongs according to the first service identifier;

Fig. 7 is a block diagram of another resource detection device according to an embodiment of the present invention. As shown in fig. 7, the resource detecting apparatus 70 may include:

a first obtaining module 701, configured to obtain a first resource according to a preset high-risk rule;

a second obtaining module 702, configured to obtain a content distribution network address mapped with the first resource, where the content distribution network address mapped with the first resource is an address of a resource that is the same as the content of the first resource in the content distribution network;

a detection module 703, configured to detect whether a target address exists in a content distribution network address mapped with the first resource, where the target address stores a resource that is the same as the content of the first resource;

a service identifier determining module 704, configured to determine, when the target address is detected, a first service identifier corresponding to the resource identifier of the first resource according to a correspondence between pre-stored resource identifiers and service identifiers;

a first sending module 705, configured to send, according to the first service identifier, the first indication information to a service system to which the first resource belongs;

Optionally, the apparatus further includes:

a third obtaining module 706, configured to obtain, in a pre-established resource index library, a resource index to be detected belonging to a predetermined target service party according to a preset inspection parameter, where the resource index library includes a resource index of at least one service party, the resource index includes a resource identifier, a content distribution network address mapped with a resource represented by the resource identifier, and a service identifier of the service party to which the resource represented by the resource identifier belongs, and the inspection parameter includes an inspection start time, an inspection period, and an inspection number;

the first obtaining module 701 is specifically configured to:

Optionally, the third obtaining module 706 is specifically configured to:

i is an integer from 1 to N-1, N representing the number of rounds.

Optionally, the third obtaining module 706 is specifically configured to: according to the patrol starting time, the patrol period and the patrol times, when the jth patrol time arrives, a second target resource index is obtained from the resource indexes belonging to the target service party stored in the resource index library, and the second target resource index is determined as the resource index to be detected;

j is an integer from 1 to N-1, N representing the number of rounds.

Optionally, the detecting module 703 is specifically configured to, when detecting whether the first address belongs to the target address:

generating a hypertext transfer protocol request according to the first address;

transmitting the hypertext transfer protocol request to the content delivery network;

receiving hypertext transfer protocol response header information returned by the content distribution network, wherein the hypertext transfer protocol response header information comprises a code identifier;

under the condition that the code mark is a first preset code, determining that the first address belongs to the target address;

determining that the first address does not belong to the target address under the condition that the code mark is a second preset code;

Optionally, the apparatus further includes:

a numbering module 707 for numbering the at least one content distribution network address;

a first ordering module 708, configured to order the odd numbered content distribution network addresses in order from the smaller number to the larger number, to obtain a first ordering order;

a second ordering module 709, configured to order the content distribution network addresses with even numbers according to the order from small numbers to large numbers, so as to obtain a second ordering sequence;

A third ordering module 710, configured to order the content distribution network addresses with odd numbers before the content distribution network addresses with even numbers based on the first ordering order and the second ordering order, to obtain a third ordering order;

the detection module 703 is specifically configured to, when detecting whether a target address exists in the content delivery network address mapped to the first resource:

Optionally, the device for presetting the high-risk rule includes that the predetermined resource risk level is greater than the preset level further includes:

a fourth obtaining module 711, configured to obtain a resource whose resource risk level changes when detecting that the resource risk level changes;

the first obtaining module 701 is specifically configured to, when obtaining a first resource that meets a preset high-risk rule:

Optionally, the apparatus further includes:

a second sending module 712, configured to send, if the target address is detected, second instruction information to the content distribution network, where the second instruction information is used to instruct the content distribution network to delete the resource stored in the content distribution network address mapped with the first resource

As can be seen from the foregoing, in the embodiment of the present invention, the first resource according to the preset high-risk rule may be obtained, and then the addresses of the resources in the content distribution network, where the resources are identical to the content of the first resource, are obtained, so that the manual access process is simulated for the addresses, to detect whether the resources identical to the content of the first resource are stored in the addresses, and when it is detected that the resources identical to the content of the first resource are stored in a certain address in the content distribution network, the first indication information is sent to the service system of the first resource, so as to prompt the service party of the first resource that the first resource has a risk of being leaked, so that the service party can timely understand the risk of leakage of the high-risk resource, and further facilitate the service party to timely solve the risk. Therefore, the embodiment of the invention can realize the detection of the high-risk resources in the content distribution network, thereby reducing the risk of leakage of the high-risk resources in the content distribution network.

The embodiment of the invention also provides an electronic device, as shown in fig. 8, which comprises a processor 81, a communication interface 82, a memory 83 and a communication bus 84, wherein the processor 81, the communication interface 82 and the memory 83 complete communication with each other through the communication bus 84.

Wherein the memory 83 is used for storing a computer program;

the processor 81 is configured to execute the program stored in the memory 83, and implement the following steps:

acquiring a first resource conforming to a preset high-risk rule;

The memory may include random access memory (Random Access Memory, RAM) or non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.

The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but also digital signal processors (Digital Signal Processing, DSP for short), application specific integrated circuits (Application Specific Integrated Circuit, ASIC for short), field-programmable gate arrays (Field-Programmable Gate Array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.

In yet another embodiment of the present invention, a computer readable storage medium is provided, in which instructions are stored, which when run on a computer, cause the computer to perform the resource detection method according to any of the above embodiments.

In yet another embodiment of the present invention, a computer program product comprising instructions, which when run on a computer, causes the computer to perform the resource detection method of any of the above embodiments is also provided.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.

It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.

The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims

1. A resource detection method, characterized in that the resource detection method comprises:

acquiring a first resource conforming to a preset high-risk rule from resources to which a resource index to be detected belongs, which belongs to the target service party;

according to the first service identifier, first indication information is sent to a service system to which the first resource belongs;

2. The method for detecting resources according to claim 1, wherein the obtaining, in a pre-established resource index library, the resource index to be detected belonging to the predetermined target service party according to the pre-set inspection parameter includes:

i is an integer from 1 to N-1, N representing the number of rounds.

3. The method for detecting resources according to claim 1, wherein the obtaining, in a pre-established resource index library, the resource index to be detected belonging to the predetermined target service party according to the pre-set inspection parameter includes:

j is an integer from 1 to N-1, N representing the number of rounds.

4. The resource detection method according to claim 1, wherein the process of detecting whether the first address belongs to the target address comprises:

5. The method of claim 1, wherein the detecting whether a destination address exists in the content delivery network address mapped to the first resource is preceded by the step of:

numbering the at least one content delivery network address;

6. The resource detection method according to claim 1, wherein the preset high-risk rule includes that a predetermined resource risk level is greater than a preset level;

before the first resource meeting the preset high-risk rule is obtained, the method further comprises:

7. A resource detection apparatus, the apparatus comprising:

a third obtaining module, configured to obtain, in a pre-established resource index library, a resource index to be detected belonging to a predetermined target service party according to a preset inspection parameter, where the resource index library includes a resource index of at least one service party, the resource index includes a resource identifier, a content distribution network address mapped with a resource represented by the resource identifier, and a service identifier of the service party to which the resource represented by the resource identifier belongs, and the inspection parameter includes an inspection start time, an inspection period, and an inspection number;

the first acquisition module is used for acquiring a first resource conforming to a preset high-risk rule from resources to which the resource index to be detected belongs, which belongs to the target service party;

the first sending module is used for sending first indication information to a service system to which the first resource belongs according to the first service identifier;

8. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;

a memory for storing a computer program;

a processor for implementing the resource detection method of any one of claims 1-6 when executing a program stored on a memory.

9. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the resource detection method according to any of claims 1-6.