Nothing Special   »   [go: up one dir, main page]

CN113553182A - Configuration method, device, equipment, medium and program product of terminal control strategy - Google Patents

Configuration method, device, equipment, medium and program product of terminal control strategy Download PDF

Info

Publication number
CN113553182A
CN113553182A CN202110829251.0A CN202110829251A CN113553182A CN 113553182 A CN113553182 A CN 113553182A CN 202110829251 A CN202110829251 A CN 202110829251A CN 113553182 A CN113553182 A CN 113553182A
Authority
CN
China
Prior art keywords
terminal
target
target terminal
control strategy
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110829251.0A
Other languages
Chinese (zh)
Inventor
严晓娇
王贵智
祝萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
ICBC Technology Co Ltd
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
ICBC Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC, ICBC Technology Co Ltd filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110829251.0A priority Critical patent/CN113553182A/en
Publication of CN113553182A publication Critical patent/CN113553182A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5016Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals the resource being the memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The disclosure provides a configuration method of a terminal control strategy, which can be applied to the technical field of information security. The configuration method of the end control strategy comprises the following steps: collecting operation data of a plurality of target terminals; extracting the characteristics of the operation data to obtain at least one characteristic of each target terminal; clustering a plurality of target terminals according to at least one characteristic to obtain a plurality of clusters including at least one target terminal; and configuring corresponding control strategies for each target terminal of the plurality of class clusters. The present disclosure also provides a configuration apparatus, a device, a storage medium, and a program product of a terminal control policy.

Description

Configuration method, device, equipment, medium and program product of terminal control strategy
Technical Field
The present disclosure relates to the field of information security, and in particular, to information security technologies in the field of finance, and more particularly, to a method, an apparatus, a device, a medium, and a program product for configuring a terminal control policy.
Background
With the deep development of informatization construction, mobile terminal equipment becomes an essential component for forming an enterprise network. In order to protect the information security of the terminal and protect the terminal from the network virus, the terminal is generally uniformly and securely managed by a plurality of security software. However, the number of terminals is large, and the use condition of each terminal is different. Therefore, all terminals are managed in a unified mode through the safety software, management difficulty is high, and certain safety risks exist.
Disclosure of Invention
In view of the above, the present disclosure provides a method, an apparatus, a device, a medium, and a program product for configuring a terminal control policy.
According to a first aspect of the present disclosure, a method for configuring a terminal control policy is provided, including: collecting operation data of a plurality of target terminals; extracting the characteristics of the operating data to obtain at least one characteristic of each target terminal; clustering the target terminals according to the at least one characteristic to obtain a plurality of clusters including at least one target terminal; and configuring corresponding control strategies for each target terminal of the plurality of class clusters.
According to an embodiment of the present disclosure, the acquiring operation data of a plurality of target terminals includes: and acquiring real-time operation data of a plurality of target terminals according to a preset period, and respectively configuring control strategies for the plurality of target terminals in real time according to the real-time operation data.
According to the embodiment of the disclosure, the operation data includes at least one of operation data of a CPU, operation data of a memory, and operation data of a terminal operating system.
According to an embodiment of the present disclosure, the characteristics include at least one of a usage rate of a CPU, a usage rate of a memory, a boot state, and a network access state in a plurality of preset time periods.
According to an embodiment of the present disclosure, the configuring a corresponding control policy for each target terminal of the plurality of class clusters respectively includes: and under the condition that the network access state of each target terminal of the cluster is determined to be intranet access, configuring a corresponding control strategy for each target terminal of the cluster respectively.
According to an embodiment of the present disclosure, the configuring a corresponding control policy for each target terminal of the plurality of class clusters further includes: and determining a target time period according to the starting state of each target terminal of the class cluster, the utilization rate of a CPU (Central processing Unit) and the utilization rate of a memory, so that the target terminals execute the control strategy in the target time period.
According to an embodiment of the present disclosure, the method further comprises: collecting risk data of the target terminal in the process of executing the control strategy by the target terminal; and updating the control strategy according to the risk data.
A second aspect of the present disclosure provides a configuration apparatus of a terminal control policy, including: the acquisition module is used for acquiring the operating data of a plurality of target terminals; the extraction module is used for extracting the characteristics of the operating data to obtain at least one characteristic of each target terminal; the clustering module is used for clustering the target terminals according to the at least one characteristic to obtain a plurality of clusters comprising at least one target terminal; and the configuration module is used for configuring corresponding control strategies for each target terminal of the plurality of clusters.
According to the embodiment of the disclosure, the acquisition module is further configured to acquire real-time operation data of a plurality of target terminals according to a preset period, so as to respectively configure control strategies for the plurality of target terminals in real time according to the real-time operation data.
According to an embodiment of the disclosure, the feature comprises a network access status, and the configuration module comprises: a first determining unit, configured to configure a corresponding control policy for each target terminal of the class cluster respectively when it is determined that the network access state of each target terminal of the class cluster is intranet access.
According to an embodiment of the present disclosure, the configuration module includes: and the second determining unit is used for determining a target time period according to the starting state of each target terminal of the class cluster, the utilization rate of the CPU and the utilization rate of the memory, so that the target terminals execute the control strategy in the target time period.
According to an embodiment of the present disclosure, the apparatus further comprises: the collection module is used for collecting the risk data of the target terminal in the process of executing the control strategy by the target terminal; and the updating module is used for updating the control strategy according to the risk data.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the above-described configuration method of the terminal control policy.
The fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions, which, when executed by a processor, cause the processor to perform the above-mentioned configuration method of the terminal control policy.
The fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the configuration method of the terminal control policy described above.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario diagram of a configuration method, apparatus, device, medium, and program product of a terminal control policy according to an embodiment of the present disclosure;
fig. 2 schematically illustrates an application schematic diagram of a configuration method of a terminal control policy according to an embodiment of the present disclosure;
fig. 3 schematically shows a flowchart of a configuration method of a terminal control policy according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow chart for configuring a control strategy according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow diagram for configuring a control strategy according to another embodiment of the present disclosure;
fig. 6 schematically shows a flowchart of a configuration method of a terminal control policy according to another embodiment of the present disclosure;
fig. 7 is a block diagram schematically illustrating a configuration apparatus of a terminal control policy according to an embodiment of the present disclosure;
FIG. 8 schematically illustrates a block diagram of a configuration module according to an embodiment of the disclosure;
FIG. 9 schematically illustrates a block diagram of a configuration module according to another embodiment of the present disclosure;
fig. 10 is a block diagram schematically illustrating a configuration apparatus of a terminal control policy according to another embodiment of the present disclosure; and
fig. 11 schematically shows a block diagram of an electronic device adapted to implement a configuration method of a terminal control policy according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
It should be noted that the method and apparatus for configuring a terminal control policy provided by the present disclosure may be used in the field of information security, specifically, may be an information security technology applied in the financial field, and may also be used in an information security technology in any field other than the financial field.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, necessary security measures are taken, and the customs of the public order is not violated.
The embodiment of the disclosure provides a configuration method of a terminal control strategy, which includes: collecting operation data of a plurality of target terminals; extracting the characteristics of the operation data to obtain at least one characteristic of each target terminal; clustering a plurality of target terminals according to at least one characteristic to obtain a plurality of clusters including at least one target terminal; and configuring corresponding control strategies for each target terminal of the plurality of class clusters.
Fig. 1 schematically illustrates an application scenario diagram of a configuration method of a terminal control policy according to an embodiment of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the configuration method of the terminal control policy provided by the embodiment of the present disclosure may be generally executed by the server 105. Accordingly, the configuration device of the terminal control policy provided by the embodiment of the present disclosure may be generally disposed in the server 105. The configuration method of the terminal control policy provided by the embodiment of the present disclosure may also be executed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the configuration apparatus of the terminal control policy provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Fig. 2 schematically illustrates an application schematic diagram of a configuration method of a terminal control policy according to an embodiment of the present disclosure.
In general, an enterprise network may include a plurality of terminal devices. The terminal equipment is used as a basic component of an enterprise network and is also a weak link in information security management. The terminal is very easy to become a short board of enterprise network security, and further the whole network security of the enterprise is influenced. However, since the operating states of the terminal devices are different, if all the terminal devices in the enterprise network are uniformly and safely managed, the problem of poor management effect is caused by differences among the terminal devices.
The disclosure provides a configuration method of a terminal control strategy, which configures a differentiated terminal control strategy for each terminal.
As shown in fig. 2, the terminal devices are grouped based on the operation characteristics of the terminal devices to obtain a plurality of terminal device groups 201, 202, 203, 204, 205. Based on the operating characteristics that the terminal devices in each group have, the terminal control system 206 configures a corresponding terminal control policy for each group of terminal devices. Under the control of the corresponding terminal control strategy, not only can each terminal device effectively execute the safety control strategy, but also the original operation plan of the terminal device can be ensured not to be influenced.
It should be understood that the number of terminal devices and the number of packets in fig. 2 are merely illustrative. There may be any number of terminal devices, and any number of terminal devices may be grouped into any number of groups, as desired for implementation.
The following describes a configuration method of a terminal control policy of the disclosed embodiment in detail with reference to fig. 3 to 6 based on the scenario described in fig. 1 and the principle described in fig. 2.
Fig. 3 schematically shows a flowchart of a configuration method of a terminal control policy according to an embodiment of the present disclosure.
As shown in fig. 3, the configuration method of the terminal control policy of this embodiment includes operations S310 to S340.
In operation S310, operation data of a plurality of target terminals is collected.
The terminal may be a personal computer terminal used internally by the enterprise for personal office and business operations. For example, Personal Computers (PCs), notebook computers (laptop), smart phones, tablet computers, and the like.
The operation data comprises at least one of operation data of a CPU, operation data of a memory and operation data of a terminal operating system. The operating data may characterize an operating state of the terminal device, for example, the terminal device is in an idle state or in a busy state. The operational data may be collected in log data generated during use of the terminal. The operation data may be real-time operation data of the terminal device, or historical operation data of the terminal device.
For example, the collecting of the real-time operation data of the plurality of target terminals may be collecting the real-time operation data of the plurality of target terminals according to a preset period, so as to respectively configure the control strategies for the plurality of target terminals in real time according to the real-time operation data. The preset period may be one day, one week or one month. Those skilled in the art can set an appropriate period length according to the actual security requirement and the update frequency of the terminal device, and the embodiment of the present disclosure does not limit the period length.
In the case that the preset period is one day, the current day operation data of the target terminal can be collected at 12 pm every day, and a control strategy is configured for the target terminal according to the operation data.
For another example, the historical operation data of a plurality of target terminals may be collected, and the historical operation data of the target terminals in a specific time may be collected. For example, the specific time is friday, and historical operating data of each friday in the past is collected in the log data. And configuring a control strategy for the target terminal according to historical operating data of a plurality of fridays.
In operation S320, feature extraction is performed on the operation data to obtain at least one feature of each target terminal.
And extracting characteristics of the operation data, wherein the characteristics extracted from the operation data of the CPU, the operation data of the memory and the operation data of the terminal operating system comprise at least one of the utilization rate of the CPU, the utilization rate of the memory, the starting state and the network access state in a plurality of preset time periods.
For example, the at least one characteristic may include CPU usage, memory usage, power-on status, and network access status for each hour of the day.
In operation S330, a plurality of target terminals are clustered according to at least one characteristic, and a plurality of cluster classes including at least one target terminal are obtained.
And according to the characteristics of each target terminal, carrying out clustering analysis on the plurality of target terminals through a clustering algorithm to obtain a plurality of clusters. The target terminals of each class cluster have the same characteristics.
For example, the operation time interval of each target terminal in the cluster class 1 is 8:00-18:00, and the shutdown time interval is 18:00-8: 00. Wherein, 12:00-13:00 in the running time is idle time, and the utilization rate of the CPU and the memory is smaller.
The operation time interval of each target terminal in the class cluster 2 is 0:00-24:00, and the time interval is independent of the machine. Wherein, in the running time, the idle time is 22:00-7: 00.
The operation time interval of each target terminal in the cluster 3 is 8:00-18:00, and the shutdown time interval is 18:00-8: 00. Wherein, in 17:00-18:00, the network access state of the terminal is Virtual Private Network (VPN) access.
In operation S340, a corresponding control policy is configured for each target terminal of the plurality of class clusters.
The control policy of the terminal may also be referred to as a terminal policy. The terminal strategy refers to operations such as scanning, patch pushing, virus searching and killing and the like of each terminal in the jurisdiction area according to a certain rule.
In the embodiment of the disclosure, the operation data of the target terminal is collected, and then the clustering analysis is performed on the plurality of target terminals according to the characteristics, included in the operation data, for representing the terminal operation state, so as to obtain a plurality of clusters. Target terminals of different clusters have different operation states, and target terminals of each cluster have the same operation state. And configuring a terminal control strategy adapted to the operation characteristics of the target terminal, so that the terminal equipment can still normally execute the original task under the safety control.
Because the number of the terminals is large, a plurality of target terminals are clustered through the operation characteristics to obtain a plurality of clusters. And at least one target terminal in each class cluster is processed in batch, so that the resource consumption generated when the target terminal is safely scanned is reduced.
According to the embodiment of the disclosure, the target terminals are managed in groups according to different operation characteristics of the target terminals, and differentiated terminal control strategies are configured for the target terminals, so that the control strategies are adapted to the operation characteristics, and the management requirements of office terminals of different types and different purposes are met. In addition, the clustering result is updated regularly according to the real-time operation data of the terminal, so that the configured terminal control strategy can be adapted to the change of the terminal operation state. On the premise of meeting the requirement of terminal safety management and control, the influence on users is reduced.
FIG. 4 schematically illustrates a flow chart for configuring a control strategy according to an embodiment of the present disclosure.
As shown in fig. 4, an example method of configuring a corresponding control policy for each target terminal of a plurality of class clusters, respectively, may include operation S411.
In operation S411, in a case that the network access status of each target terminal of the class cluster is determined to be intranet access, a corresponding control policy is configured for each target terminal of the class cluster.
In the disclosed embodiments, the network access state includes intranet access and private virtual network access (VPN). In general, when a terminal device is located in a designated office area, the terminal device accesses a network through an office intranet. And under the condition that the terminal equipment is positioned in the non-office area, the terminal equipment is accessed to the network through the VPN.
In the case that the network access state of the target terminal is VPN access, the target terminal may not receive a complete terminal control policy due to the network state. Such as the latest system upgrade patches, and bug fix files, among others.
In the case where the network access state of the target terminal is VPN access, the target terminal may not be able to successfully execute the terminal control policy due to the network state. For example, when executing the terminal control policy, the target terminal needs to access internal resources and connect internal devices to successfully execute operations such as system upgrade and virus library upgrade.
Therefore, when the network access state of each target terminal of the class cluster is determined to be intranet access, a corresponding control strategy is configured for each target terminal of the class cluster respectively, so as to ensure that each target terminal can successfully execute the terminal control strategy.
When the network access state of each target terminal of the cluster is determined to be the VPN access, the corresponding control policy can be configured for each target terminal of the cluster when the network access state of the target terminal is changed from the VPN access to the intranet access. The operation data of the target terminal may be collected according to the preset period and a next period, so as to determine the network access state of the target terminal again. Or a plurality of time nodes for confirming the network access state of the target terminal can be set to determine the network access state of the target terminal again.
For example, the preset period is one day. And waiting for collecting the operation data of the target terminal in 7-month-11 days to determine the network access state of the target terminal again under the condition that the network access state of the target terminal is determined to be VPN access in 7-month-10 days. For another example, the preset period is one day, and when it is determined that the network access state of the target terminal is VPN access on days 7, 10, an hour is taken as a time point to determine the network access state of the target terminal again. And under the condition that the network access state of the target terminal is changed from VPN access to intranet access, respectively configuring a corresponding control strategy for each target terminal of the cluster. And under the condition that the network access state of the target terminal is still determined to be VPN access, continuously determining the network access state of the target terminal at each time node until the time of collecting the operation data of the target terminal in 7 months and 11 days.
By the embodiment of the disclosure, whether to execute the operation of configuring the terminal control strategy is determined according to the network access state of the target terminal, thereby ensuring that the terminal control strategy can be successfully executed. In addition, unnecessary operation for configuring the terminal control strategy is reduced, and resource consumption generated in the terminal management process is reduced.
FIG. 5 schematically shows a flow diagram for configuring a control strategy according to another embodiment of the present disclosure.
As shown in fig. 5, another exemplary method for configuring a corresponding control policy for each target terminal of a plurality of class clusters includes operation S511.
In operation S511, a target time period is determined according to the power-on state of each target terminal of the class cluster, the usage rate of the CPU, and the usage rate of the memory, so that the plurality of target terminals execute the control policy in the target time period.
In the embodiment of the disclosure, the idle period of the target terminal in the power-on state is determined according to the power-on state of the target terminal, the utilization rate of the CPU and the utilization rate of the memory. And under the condition that the target terminal is in a starting state and the utilization rate of the CPU and the utilization rate of the memory are both smaller than the preset values, determining that the target terminal is in an idle period at the moment. When the target terminal executes the terminal control policy, for example, when security scanning is executed, the operation may occupy higher terminal computing resources such as a CPU and a memory. At this time, if the office worker is performing important work through the target terminal, the work efficiency is seriously affected. In idle time, the target terminal occupies less resources, and at the moment, operations such as security scanning and system upgrading are executed, so that the operations such as security scanning and system upgrading can be quickly completed while the originally-performed task of the target terminal is not influenced.
For example, in the above embodiment, the operation time period of each target terminal in the class cluster 1 is 8:00 to 18:00, and the shutdown time is 18:00 to 8: 00. Wherein, the idle time is 12:00-13:00 in the running time. At this time, the utilization rate of the CPU and the memory is low. The target time period is determined to be 12:00-13: 00. The terminal device may thus be configured to execute a control strategy for a period of 12:00-13: 00.
The specific idle periods listed in the present embodiment are merely exemplary. In addition, under the condition that the utilization rate of the CPU and the utilization rate of the memory are both smaller than preset values, the target terminal can be determined to be in the idle period at the moment. The specific value of the preset value can be adaptively set by those skilled in the art, and the embodiment of the present disclosure does not limit the preset value.
Fig. 6 schematically shows a flowchart of a configuration method of a terminal control policy according to another embodiment of the present disclosure.
As shown in fig. 6, the configuration method of the terminal control policy of this embodiment includes operations S610 to S660.
In operation S610, operational data of a plurality of target terminals is collected.
In operation S620, feature extraction is performed on the operation data to obtain at least one feature of each target terminal.
In operation S630, a plurality of target terminals are clustered according to the at least one characteristic, resulting in a plurality of cluster classes including at least one target terminal.
In operation S640, a corresponding control policy is configured for each target terminal of the plurality of class clusters.
Operations S610 to S640 are the same as the embodiments of operations S310 to S340, and are not described herein again.
In operation S650, risk data of the target terminal is collected during the execution of the control policy by the target terminal.
In operation S650, the control policy is updated according to the risk data.
In the embodiment of the present disclosure, some risk data may be generated in the process of executing the control policy by the target terminal. The risk data comprises dangerous behavior operation of the target terminal, virus data, operating system risk data and the like. The risk data is collected to update the control strategy, so that the virus library, the patch set and the document security protection software included in the terminal control strategy can be ensured to be in a relatively safe version.
By the embodiment of the disclosure, the virus library, the patch set and the document safety protection software included in the terminal control strategy are maintained and updated regularly according to the terminal operation data, so that the control strategy is ensured to be adjusted in time according to the terminal operation data, and the real-time performance and the effectiveness of the control strategy are ensured. When the virus library, the patch set and the protection software version fall behind, the problem of low safety coefficient of the terminal control strategy is caused.
The disclosure provides a configuration method of a terminal control strategy. And grouping the terminal equipment according to the operation characteristics of the terminal equipment through a clustering algorithm. Different control strategies are configured for different groups of terminal equipment, so that the problem of insufficient safety protection capability caused by single terminal control strategy is avoided. And updating the grouping mode periodically to make the terminal control strategy adapted to the change of the operation state of the terminal. In addition, the control strategy adapted to the operation characteristics of the target terminal can reduce resource consumption generated during strategy execution, optimize the problem of unsuccessful execution of the terminal control strategy, and improve the use experience of a user corresponding to the terminal equipment.
Based on the configuration method of the terminal control strategy, the disclosure also provides a configuration device of the terminal control strategy. The apparatus will be described in detail below with reference to fig. 7.
Fig. 7 schematically shows a block diagram of a configuration apparatus of a terminal control policy according to an embodiment of the present disclosure.
As shown in fig. 7, the configuration apparatus 700 of the terminal control policy of this embodiment includes an acquisition module 710, an extraction module 720, a clustering module 730, and a configuration module 740.
The collecting module 710 is used for collecting operation data of a plurality of target terminals. In an embodiment, the acquisition module 710 may be configured to perform the operation S310 described above, which is not described herein again.
The extraction module 720 is configured to perform feature extraction on the operation data to obtain at least one feature of each target terminal. In an embodiment, the extracting module 720 may be configured to perform the operation S320 described above, which is not described herein again.
The clustering module 730 is configured to cluster the plurality of target terminals according to the at least one characteristic to obtain a plurality of clusters including at least one target terminal. In an embodiment, the clustering module 730 can be configured to perform the operation S330 described above, which is not described herein again.
The configuring module 740 is configured to configure a corresponding control policy for each target terminal of the plurality of class clusters. In an embodiment, the configuration module 740 may be configured to perform the operation S340 described above, which is not described herein again.
According to an embodiment of the present disclosure, the collecting module 710 is further configured to collect real-time operation data of the plurality of target terminals according to a preset period, so as to respectively configure the control strategies for the plurality of target terminals in real time according to the real-time operation data.
Fig. 8 schematically shows a block diagram of a configuration module according to an embodiment of the present disclosure.
As shown in fig. 8, the configuration module 710 of this embodiment includes:
a first determining unit 7101, configured to configure a corresponding control policy for each target terminal of the class cluster respectively, when the network access status of each target terminal of the class cluster is determined to be intranet access.
Fig. 9 schematically shows a block diagram of a configuration module according to another embodiment of the present disclosure.
As shown in fig. 9, the configuration module 710 of this embodiment includes:
a second determining unit 7102, configured to determine a target time period according to a boot state of each target terminal of the class cluster, a usage rate of the CPU, and a usage rate of the memory, so that the plurality of target terminals execute the control policy in the target time period.
Fig. 10 schematically shows a block diagram of a configuration apparatus of a terminal control policy according to another embodiment of the present disclosure.
As shown in fig. 10, the configuration apparatus 700 of the terminal control policy of this embodiment includes an acquisition module 710, an extraction module 720, a clustering module 730, a configuration module 740, a collection module 750, and an update module 760.
A collecting module 750, configured to collect risk data of the target terminal during the execution of the control policy by the target terminal
An update module 760 for updating the control strategy based on the risk data.
According to an embodiment of the present disclosure, any plurality of the acquisition module 710, the extraction module 720, the clustering module 730, and the configuration module 740 may be combined into one module to be implemented, or any one of the modules may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the acquisition module 710, the extraction module 720, the clustering module 730, and the configuration module 740 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or may be implemented in any one of three implementations of software, hardware, and firmware, or in a suitable combination of any of them. Alternatively, at least one of the acquisition module 710, the extraction module 720, the clustering module 730, and the configuration module 740 may be at least partially implemented as a computer program module that, when executed, may perform a corresponding function.
Fig. 11 schematically shows a block diagram of an electronic device adapted to implement a configuration method of a terminal control policy according to an embodiment of the present disclosure.
As shown in fig. 11, an electronic device 800 according to an embodiment of the present disclosure includes a processor 801 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. The processor 801 may include, for example, a general purpose microprocessor (e.g., CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., Application Specific Integrated Circuit (ASIC)), among others. The processor 801 may also include onboard memory for caching purposes. The processor 801 may include a single processing unit or multiple processing units for performing different actions of the method flows according to embodiments of the present disclosure.
In the RAM 803, various programs and data necessary for the operation of the electronic apparatus 800 are stored. The processor 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. The processor 801 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 802 and/or RAM 803. Note that the programs may also be stored in one or more memories other than the ROM 802 and RAM 803. The processor 801 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 800 may also include input/output (I/O) interface 805, input/output (I/O) interface 805 also connected to bus 804, according to an embodiment of the present disclosure. Electronic device 800 may also include one or more of the following components connected to I/O interface 805: an input portion 806 including a keyboard, a mouse, and the like; an output section 807 including a signal such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 808 including a hard disk and the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the I/O interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted on the storage section 808 as necessary.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 802 and/or RAM 803 described above and/or one or more memories other than the ROM 802 and RAM 803.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated in the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the item recommendation method provided by the embodiment of the disclosure.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 801. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via communication section 809, and/or installed from removable media 811. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 809 and/or installed from the removable medium 811. The computer program, when executed by the processor 801, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (15)

1. A configuration method of a terminal control strategy comprises the following steps:
collecting operation data of a plurality of target terminals;
extracting the characteristics of the operating data to obtain at least one characteristic of each target terminal;
clustering the target terminals according to the at least one characteristic to obtain a plurality of clusters including at least one target terminal; and
and respectively configuring corresponding control strategies for each target terminal of the plurality of class clusters.
2. The method of claim 1, wherein the collecting operational data of a plurality of target terminals comprises:
and acquiring real-time operation data of a plurality of target terminals according to a preset period, and respectively configuring control strategies for the plurality of target terminals in real time according to the real-time operation data.
3. The method of claim 1, wherein the operational data comprises at least one of operational data of a CPU, operational data of a memory, operational data of a terminal operating system.
4. The method of any of claims 1-3, wherein the characteristics include at least one of CPU usage, memory usage, power-on status, and network access status for a plurality of predetermined periods of time.
5. The method of claim 4, wherein the configuring the corresponding control policy for each target terminal of the plurality of class clusters respectively comprises:
and under the condition that the network access state of each target terminal of the cluster is determined to be intranet access, configuring a corresponding control strategy for each target terminal of the cluster respectively.
6. The method of claim 4, wherein the configuring the corresponding control policy for each target terminal of the plurality of clusters respectively further comprises:
and determining a target time period according to the starting state of each target terminal of the class cluster, the utilization rate of a CPU (Central processing Unit) and the utilization rate of a memory, so that the target terminals execute the control strategy in the target time period.
7. The method of claim 1, further comprising:
collecting risk data of the target terminal in the process of executing the control strategy by the target terminal;
and updating the control strategy according to the risk data.
8. A configuration device of a terminal control strategy comprises:
the acquisition module is used for acquiring the operating data of a plurality of target terminals;
the extraction module is used for extracting the characteristics of the operating data to obtain at least one characteristic of each target terminal;
the clustering module is used for clustering the target terminals according to the at least one characteristic to obtain a plurality of clusters comprising at least one target terminal; and
and the configuration module is used for configuring corresponding control strategies for each target terminal of the plurality of clusters.
9. The apparatus of claim 8, wherein the collecting module is further configured to collect real-time operation data of a plurality of target terminals according to a preset period, so as to respectively configure a control policy for the plurality of target terminals in real time according to the real-time operation data.
10. The apparatus of claim 8, wherein the characteristic comprises a network access status, the configuration module comprising:
a first determining unit, configured to configure a corresponding control policy for each target terminal of the class cluster respectively when it is determined that the network access state of each target terminal of the class cluster is intranet access.
11. The apparatus of claim 8, wherein the configuration module comprises:
and the second determining unit is used for determining a target time period according to the starting state of each target terminal of the class cluster, the utilization rate of the CPU and the utilization rate of the memory, so that the target terminals execute the control strategy in the target time period.
12. The apparatus of claim 8, further comprising:
the collection module is used for collecting the risk data of the target terminal in the process of executing the control strategy by the target terminal;
and the updating module is used for updating the control strategy according to the risk data.
13. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-7.
14. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 7.
15. A computer program product comprising a computer program which, when executed by a processor, implements a method according to any one of claims 1 to 7.
CN202110829251.0A 2021-07-22 2021-07-22 Configuration method, device, equipment, medium and program product of terminal control strategy Pending CN113553182A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110829251.0A CN113553182A (en) 2021-07-22 2021-07-22 Configuration method, device, equipment, medium and program product of terminal control strategy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110829251.0A CN113553182A (en) 2021-07-22 2021-07-22 Configuration method, device, equipment, medium and program product of terminal control strategy

Publications (1)

Publication Number Publication Date
CN113553182A true CN113553182A (en) 2021-10-26

Family

ID=78104122

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110829251.0A Pending CN113553182A (en) 2021-07-22 2021-07-22 Configuration method, device, equipment, medium and program product of terminal control strategy

Country Status (1)

Country Link
CN (1) CN113553182A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321350A (en) * 2008-07-24 2008-12-10 北京立通无限科技有限公司 Method ,device and system for automatically updating application software of mobile terminal
JP2008310390A (en) * 2007-06-12 2008-12-25 Omron Corp Program development support device for safety controller
CN105848190A (en) * 2016-05-24 2016-08-10 北京小米移动软件有限公司 OTA upgrading method and apparatus
CN110266510A (en) * 2018-03-21 2019-09-20 腾讯科技(深圳)有限公司 Network control strategy generation method and device, network control method, storage medium
CN111010387A (en) * 2019-12-10 2020-04-14 杭州安恒信息技术股份有限公司 Illegal replacement detection method, device, equipment and medium for Internet of things equipment
CN111666351A (en) * 2020-05-29 2020-09-15 北京睿知图远科技有限公司 Fuzzy clustering system based on user behavior data
CN111935189A (en) * 2020-10-12 2020-11-13 中国航空油料集团有限公司 Industrial control terminal strategy control system and industrial control terminal strategy control method
CN112328289A (en) * 2020-11-26 2021-02-05 新华三信息技术有限公司 Firmware upgrading method, device, equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008310390A (en) * 2007-06-12 2008-12-25 Omron Corp Program development support device for safety controller
CN101321350A (en) * 2008-07-24 2008-12-10 北京立通无限科技有限公司 Method ,device and system for automatically updating application software of mobile terminal
CN105848190A (en) * 2016-05-24 2016-08-10 北京小米移动软件有限公司 OTA upgrading method and apparatus
CN110266510A (en) * 2018-03-21 2019-09-20 腾讯科技(深圳)有限公司 Network control strategy generation method and device, network control method, storage medium
CN111010387A (en) * 2019-12-10 2020-04-14 杭州安恒信息技术股份有限公司 Illegal replacement detection method, device, equipment and medium for Internet of things equipment
CN111666351A (en) * 2020-05-29 2020-09-15 北京睿知图远科技有限公司 Fuzzy clustering system based on user behavior data
CN111935189A (en) * 2020-10-12 2020-11-13 中国航空油料集团有限公司 Industrial control terminal strategy control system and industrial control terminal strategy control method
CN112328289A (en) * 2020-11-26 2021-02-05 新华三信息技术有限公司 Firmware upgrading method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
US10546134B2 (en) Methods and systems for providing recommendations to address security vulnerabilities in a network of computing systems
US10523580B2 (en) Automatic cloud provisioning based on related internet news and social network trends
US20210120029A1 (en) Modeling Application Dependencies to Identify Operational Risk
US11818152B2 (en) Modeling topic-based message-oriented middleware within a security system
CN109901918B (en) Method and device for processing overtime task
CN111427701A (en) Workflow engine system and business processing method
WO2018027226A1 (en) Detection mitigation and remediation of cyberattacks employing an advanced cyber-decision platform
CN110011875A (en) Dial testing method, device, equipment and computer readable storage medium
US20220035658A1 (en) Migration evaluation system and method
CN113760677A (en) Abnormal link analysis method, device, equipment and storage medium
CN114185734B (en) Method and device for monitoring clusters and electronic equipment
CN113191889A (en) Wind control configuration method, configuration system, electronic device and readable storage medium
CN113553182A (en) Configuration method, device, equipment, medium and program product of terminal control strategy
WO2011056706A1 (en) Systems and methods for dynamic historical browsing
CN114374657B (en) Data processing method and device
CN116360937A (en) Task scheduling method, device, equipment and storage medium
CN115550141A (en) Event processing method and device, electronic equipment and readable storage medium
CN115033574A (en) Information generation method, information generation device, electronic device, and storage medium
CN115080434A (en) Case execution method, device, equipment and medium
CN114780361A (en) Log generation method, device, computer system and readable storage medium
CN114816477A (en) Server upgrading method, device, equipment, medium and program product
CN113656812A (en) Data management system and method based on big data technology
CN112913215A (en) Method and system for managing operations associated with objects on an IOT enabled device
CN112241332A (en) Interface compensation method and device
CN111949472A (en) Method and device for recording application logs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20211026