[go: up one dir, main page]

CN104618410B - Resource supplying method and apparatus - Google Patents

Resource supplying method and apparatus Download PDF

Info

Publication number
CN104618410B
CN104618410B CN201310538414.5A CN201310538414A CN104618410B CN 104618410 B CN104618410 B CN 104618410B CN 201310538414 A CN201310538414 A CN 201310538414A CN 104618410 B CN104618410 B CN 104618410B
Authority
CN
China
Prior art keywords
resource
subscription
resources
subscribers
subscribed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310538414.5A
Other languages
Chinese (zh)
Other versions
CN104618410A (en
Inventor
周小会
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Beijing Co Ltd
Original Assignee
Tencent Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Beijing Co Ltd filed Critical Tencent Technology Beijing Co Ltd
Priority to CN201310538414.5A priority Critical patent/CN104618410B/en
Publication of CN104618410A publication Critical patent/CN104618410A/en
Application granted granted Critical
Publication of CN104618410B publication Critical patent/CN104618410B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/0273Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP]
    • H04L41/0293Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using web services for network management, e.g. simple object access protocol [SOAP] for accessing web services by means of a binding identification of the management service or element
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of resource supplying method and apparatus.Wherein, this method comprises: obtaining the corresponding subscription ID collection of Log Types and resource ID collection, wherein, subscribing to ID collection includes multiple subscription ID for identifying multiple subscribers, resource ID collection includes multiple resource IDs for identifying multiple and different resources, wherein, multiple and different resources is the union for the resource relevant to Log Types that multiple subscribers respectively subscribe to;Whole resources that resource ID collection indicates are obtained from Resource Server;Find out resource ordered by each of multiple subscribers from whole resources of acquisition, and according to subscribe to ID collection by each of multiple subscribers found out ordered by resource be sent to corresponding subscriber in multiple subscribers.The present invention solve dispersion resource subscription and push mode caused by the excessive technical problem of Resource Server pressure.

Description

Resource pushing method and device
Technical Field
The invention relates to the field of internet application, in particular to a resource pushing method and device.
Background
Due to the complexity of internet applications, operators usually need to build a management system for security operation outside the operated products, so as to analyze and attack threat factors of operation security, such as malicious behaviors of users appearing in operation.
The conventional security attack method is to receive a transfer log of a production system by using a log receiver, analyze a log message, for example, analyze a URL in the content of the log message or account information input by a user, and transmit the analyzed content to a policy process for analysis and attack. However, besides the information content carried by the log, the policy process usually requires other resources, such as accumulated data of user behavior, which are important bases for analyzing and attacking the policy.
In a conventional security hit manner, the resources are usually bound to the policies, that is, the resources required by each policy are usually accumulated and counted locally in the policy, and each policy produces and maintains the resources required by itself, which may cause duplication of resource production of each policy, and result in high maintenance cost and poor resource interactivity of the entire security management system.
In order to solve the problem, one of the feasible solutions is to perform unified management on the resources, and each policy subscribes to the resource required by each policy, and pushes the resource required by each policy to each policy when receiving the log message. In order to implement the resource subscription and push mechanism, a conventional scheme employs a relatively decentralized resource subscription and push manner as shown in fig. 1. As shown in fig. 1, an independent resource subscription pushing mechanism is designed for each policy process, and is used to obtain, after receiving a log message from a log receiver, a resource required by the policy process through the independent resource subscription pushing mechanism, and push the obtained resource to the policy process. This approach is likely to result in repeated requests and acquisitions of resources, thereby placing a large load on the resource server as the requested party.
No effective solution to this problem has been proposed.
Disclosure of Invention
The embodiment of the invention provides a resource pushing method and a resource pushing device, which at least solve the technical problem of overlarge pressure on a resource server caused by a scattered resource subscribing and pushing mode.
According to an aspect of the embodiments of the present invention, there is provided a resource pushing method for pushing resources subscribed by multiple subscribers to the multiple subscribers respectively according to received log messages, where the multiple subscribers are preset to be associated with log types of the log messages, where the method includes: acquiring a subscription ID set and a resource ID set corresponding to the log type, wherein the subscription ID set comprises a plurality of subscription IDs for identifying the plurality of subscribers, and the resource ID set comprises a plurality of resource IDs for identifying a plurality of different resources, wherein the plurality of different resources are a union of the resources subscribed by the plurality of subscribers and related to the log type; acquiring all resources indicated by the resource ID set from a resource server; and searching out the resources subscribed by each of the plurality of subscribers from the acquired resources, and sending the searched resources subscribed by each of the plurality of subscribers to the corresponding subscriber of the plurality of subscribers according to the subscription ID set.
According to another aspect of the embodiments of the present invention, there is also provided a resource pushing apparatus for pushing resources subscribed by multiple subscribers to the multiple subscribers respectively according to received log messages, where the multiple subscribers are preset to be associated with log types of the log messages, and the apparatus includes: a first obtaining unit, configured to obtain a subscription ID set and a resource ID set corresponding to the log type, where the subscription ID set includes a plurality of subscription IDs used for identifying the multiple subscribers, and the resource ID set includes a plurality of resource IDs used for identifying a plurality of different resources, where the plurality of different resources are a union of resources subscribed by the multiple subscribers and related to the log type; a second obtaining unit, configured to obtain all resources indicated by the resource ID set from a resource server; a searching unit, configured to search for a resource subscribed by each of the multiple subscribers from the obtained all resources; and a sending unit, configured to send the resource subscribed by each of the found multiple subscribers to a corresponding subscriber of the multiple subscribers according to the subscription ID set.
In the embodiment of the invention, a mode of requesting and acquiring resources required by a plurality of subscribers in a centralized manner and distributing the acquired resources to the plurality of subscribers is adopted, so that the purpose of requesting and acquiring the same resource only once is achieved, the processing pressure of a resource server is reduced, and the technical problem of overlarge pressure of the resource server caused by a scattered resource subscribing and pushing mode is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a schematic diagram of a resource pushing method according to the prior art;
FIG. 2 is a schematic diagram of an alternative resource pushing method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an alternative resource pushing method according to an embodiment of the invention;
FIG. 4 is a schematic diagram of yet another alternative resource pushing method according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of yet another alternative resource pushing method according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of yet another alternative resource pushing method according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of yet another alternative resource pushing method according to an embodiment of the invention;
FIG. 8 is a schematic diagram of yet another alternative resource pushing method according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of yet another alternative resource pushing method according to an embodiment of the present invention;
FIG. 10 is a schematic diagram of yet another alternative resource pushing method according to an embodiment of the invention;
FIG. 11 is a schematic diagram of yet another alternative resource pushing method according to an embodiment of the invention;
FIG. 12 is a schematic diagram of yet another alternative resource pushing method according to an embodiment of the invention;
FIG. 13 is a schematic diagram of an alternative resource pushing apparatus according to an embodiment of the invention;
FIG. 14 is a schematic diagram of an alternative resource pushing arrangement according to an embodiment of the present invention;
FIG. 15 is a schematic diagram of yet another alternative resource pushing apparatus according to an embodiment of the invention;
FIG. 16 is a schematic diagram of yet another alternative resource pushing apparatus according to an embodiment of the invention;
FIG. 17 is a schematic diagram of yet another alternative resource pushing apparatus in accordance with an embodiment of the present invention;
FIG. 18 is a schematic diagram of yet another alternative resource pushing apparatus in accordance with an embodiment of the present invention;
FIG. 19 is a schematic diagram of yet another alternative resource pushing apparatus in accordance with an embodiment of the present invention;
FIG. 20 is a schematic diagram of yet another alternative resource pushing apparatus in accordance with an embodiment of the present invention;
FIG. 21 is a schematic diagram of yet another alternative resource pushing apparatus according to an embodiment of the present invention;
FIG. 22 is a schematic diagram of yet another alternative resource pushing apparatus in accordance with an embodiment of the present invention;
FIG. 23 is a schematic diagram of yet another alternative resource pushing apparatus in accordance with an embodiment of the present invention;
FIG. 24 is a schematic diagram of an alternative resource service system in accordance with an embodiment of the present invention;
FIG. 25 is a flow diagram of the logical layers of an alternative resource servicing system according to an embodiment of the present invention;
fig. 26 is a schematic diagram of an alternative resource pushing method according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
It should be clear that one of the problems to be solved by the present technical solution is to provide a method to enable the pushing of a resource to a subscriber subscribing to the resource. Generally speaking, for a network security system that performs relevant policy analysis based on log messages, the pushing is performed in response to the received log messages, or each time a log message is received, it is necessary to perform pushing of relevant resources on one or more subscribers that are preset to be associated with the log message or a log type to which the log message belongs, so that the subscribers can perform further policy-related processing operations according to the pushed resources.
Under the above scenario, the related resource that needs to be sent to the subscriber in each pushing process represents a resource related to the received log message or the log type to which the log message belongs, and the subscriber can generate a security policy related to the log type according to the received resource after receiving the subscribed resource. For example, for a policy analysis system corresponding to an online application product, if a log message belonging to a log type of a user log record is received, one of the security policies related to the log type may be represented as determining whether the user log behavior belongs to a malicious behavior, and the resource related to the log type may be a history log of the user in a past history period and belonging to the log type of the user log record, or a consumption record of the user in the online application, or a specific determination method provided by a certain resource server, that is, the resource may be a history log or log data, or an attribute data, or a temporary data or an accumulated count data, such as a user behavior statistic, a user log record in a history period, Or a probability value generated by the above determining method, etc., even in some embodiments of the present invention, the resource may also be a program block or a process module in the security policy, and after the resources are pushed to the subscriber, the subscriber may generate a complete security policy according to the resources.
On the other hand, in some embodiments of the present invention, the above-mentioned subscriber may also represent a policy process for performing subsequent processing according to the pushed resource, but the present invention is not limited to this, and may also represent other types of resource interfaces, so as to respond to the pushing of the resource subscribed to in advance by the resource interface based on the log message. It should be noted that, in the resource service system as a possible implementation environment of the present invention, the resource service system may be configured to process a plurality of different log types, where there may be a plurality of subscribers associated with each log type, and these subscribers associated with the same log type may respectively represent different security policies, that is, each log type may correspond to a plurality of different security policies.
To implement the above resource subscription and push mechanism, the conventional scheme adopts a relatively decentralized resource subscription and push manner as shown in fig. 1. As shown in fig. 1, an independent resource subscription pushing mechanism is designed for each policy process, and is used to obtain, after receiving a log message from a log receiver, a resource required by the policy process through the independent resource subscription pushing mechanism, and push the obtained resource to the policy process. This approach is likely to result in repeated requests and acquisitions of resources, thereby placing a large load on the resource server as the requested party.
Different from the conventional scheme, in the embodiment of the invention, a mode of performing centralized request and acquisition on resources required by a plurality of subscribers and distributing the acquired resources to the plurality of subscribers is adopted, so that the purpose of performing request and acquisition on the same resource only once is achieved, the processing pressure of a resource server is reduced, and the technical problem of overlarge pressure on the resource server caused by a scattered resource subscription and pushing mode is solved.
Specifically, according to an embodiment of the present invention, there is provided a resource pushing method for pushing resources subscribed by multiple subscribers to multiple subscribers respectively according to received log messages, where the multiple subscribers are preset to be associated with log types of the log messages, and the resources subscribed by the multiple subscribers respectively are used for generating security policies related to the log types, where as shown in fig. 2, the method includes:
s202: acquiring a subscription ID set and a resource ID set corresponding to the log type, wherein the subscription ID set comprises a plurality of subscription IDs for identifying a plurality of subscribers, and the resource ID set comprises a plurality of resource IDs for identifying a plurality of different resources, wherein the plurality of different resources are the union of the resources which are respectively subscribed by the plurality of subscribers and are related to the log type;
s204: acquiring all resources indicated by the resource ID set from the resource server;
s206: and searching out the resource subscribed by each of the plurality of subscribers from all the acquired resources, and sending the resource subscribed by each of the plurality of subscribers to the corresponding subscriber of the plurality of subscribers according to the subscription ID set.
According to the resource pushing method provided in the embodiment of the present invention, in step S202, a subscription ID set and a resource ID set corresponding to a log type to which a received log message belongs may be locally obtained in a processing device for implementing the present invention, for example, in the embodiment of the present invention, the subscription ID set and the resource ID set may be stored in a lookup table, where a name or a certain attribute of the lookup table corresponds to the log type.
In an embodiment of the present invention, the subscription ID set may include a plurality of subscription IDs for identifying a plurality of subscribers, and the resource ID set may include a plurality of resource IDs for identifying a plurality of different resources, where the plurality of different resources are a union of log-type-related resources to which the plurality of subscribers respectively subscribe.
For example, in one embodiment, three subscribers having common subscription IDs of 001, 002 and 003 respectively subscribe to a log type in advance, where based on the log type, the resource IDs of the resources subscribed by the first subscriber are a and B, the resource IDs of the resources subscribed by the second subscriber are B and C, and the resource IDs of the resources subscribed by the third subscriber are a and C, then the subscription ID set obtained accordingly is: [001, 002, 003], resource ID set is: further, all the resources indicated by the resource ID set, that is, three resources with resource IDs of A, B and C, respectively, may be acquired in step S204.
With the above embodiment, it is readily understood that each resource in the resource ID set is acquired from the resource server 1 time, respectively. However, in the conventional scheme, to implement the resource pushing task, the pushing process corresponding to the subscriber with subscription ID 001 needs to acquire the resources with resource IDs a and B from the resource server, the pushing process corresponding to the subscriber with subscription ID 002 needs to acquire the resources with resource IDs B and C from the resource server, and the pushing process corresponding to the subscriber with subscription ID 003 needs to acquire the resources with resource IDs a and C from the resource server, that is, each resource in the resource ID set is acquired from the resource server 2 times. That is to say, in the above embodiments, the processing pressure of the resource server is reduced by half by the technical solution of the present invention.
Of course, this is only an example for explaining the implementation of the technical solution of the present invention and the implementation of the effect thereof, and does not mean to constitute any limitation to the present invention, and the technical effect achieved in the above embodiments should not be understood as the technical effect necessarily achieved by the present invention, and further, the disclosure of the present invention will be explained.
In this embodiment of the present invention, there may be multiple manners of acquiring the subscription ID set and the resource ID set in step S202, where as a preferable manner, the subscription ID set and the resource ID set may be maintained locally on a processing device for implementing the present invention, so that on one hand, the subscription ID set and the resource ID set may be read and preloaded by using a push process, and temporary processing on the subscription ID set and the resource ID set after each log message is received is avoided, and on the other hand, since the hard code corresponding to the method of acquiring the subscription ID set and the resource ID set is removed from the method of pushing the resource in this embodiment, this embodiment facilitates maintenance and update of the subscription ID set and the resource ID set.
More specifically, the above-described maintenance of the resource ID set for the subscription ID set can be achieved in the following manner. Optionally, as shown in fig. 3, before step S202, the resource pushing method may further include:
s302: acquiring a subscription list corresponding to any subscriber, wherein the subscription list comprises a subscription ID of any subscriber and a resource ID of each resource subscribed by any subscriber;
s304: and updating the subscription ID and/or the resource ID in the subscription list to a subscription ID set and/or a resource ID set according to the acquired subscription list.
The specific manner of updating the subscription ID and/or the resource ID according to the subscription list in step S304 may be multiple, for example, as shown in fig. 4, as an optional manner, in an embodiment of the present invention, step S304 may include:
s402: judging whether the subscription ID in the subscription list exists in a subscription ID set before updating or not;
s404: and if the subscription ID in the subscription list does not exist in the subscription ID set before updating, adding the subscription ID in the subscription list into the subscription ID set before updating to form an updated subscription ID set, and adding the resource ID in the subscription list which is different from each resource ID in the resource ID set into the resource ID set before updating to form an updated resource ID set.
Further alternatively, as shown in fig. 5, after the determination result is obtained in step S402, step S304 may further include:
s502: if the subscription ID in the subscription list exists in the subscription ID set before updating, the resource ID of each resource subscribed by any subscriber is found out in the resource ID set before updating;
s504: and judging whether the resource identified by the searched resource ID is subscribed by other subscribers except any subscriber in the plurality of subscribers, and if not, deleting the searched resource ID from the resource ID set before updating to form an updated resource ID set.
Through the method, the subscription ID set and the resource ID set can be updated. In addition to the foregoing embodiments, there may be other feasible manners to update the subscription ID set and the resource ID set, for example, optionally, as shown in fig. 6, in an embodiment of the present invention, step S304 may also include:
s602: judging whether the subscription ID in the subscription list exists in a subscription ID set before updating or not, if not, adding the subscription ID in the subscription list into the subscription ID set before updating to form an updated subscription ID set;
s604: and acquiring a union set of the resource IDs included in the subscription list corresponding to each subscription ID in the subscription ID set to form an updated resource ID set.
Based on the above description, the present invention will describe in detail the specific manner of acquiring all the resources indicated by the resource ID set in step S204 through some embodiments below.
According to the resource pushing method provided by the embodiment of the present invention, in step S204, all resources indicated by the resource ID set may be obtained from the resource server. In general, in view of the resource obtaining operation required in step S204 according to the resource ID, in some embodiments of the present invention, the resource ID includes a resource address and a resource sub-identifier, where different resource addresses correspond to different resource servers, and the resource sub-identifier is used to distinguish different resources stored on the same resource server, where optionally, as shown in fig. 7, step S204 may specifically include:
s702: and accessing the resource server corresponding to each resource address in the resource ID set, and acquiring the corresponding resource from the accessed resource server according to the resource sub-identifier.
In order to further reduce the processing pressure of the resource server, all resources provided by the same resource server can be acquired in one request and the corresponding query operation. As shown in fig. 8, in step S702, acquiring a corresponding resource from an accessed resource server according to a resource sub-identifier may include:
s802: searching all resource sub-identifications contained in the resource ID including the resource address corresponding to the accessed resource server in the resource ID set;
s804: and acquiring the resources indicated by all the resource sub-identifications from the accessed resource servers.
In the above scenario, corresponding to the aforementioned manner of processing the subscription list related to the subscriber to implement the pre-configuration of the subscription ID and the resource ID, optionally, as shown in fig. 9, in the embodiment of the present invention, before step S202, the resource pushing method may further include:
s902: acquiring a registration form corresponding to any resource, wherein the registration form comprises relevant information of at least one of the following resources of any resource: the resource management system comprises a resource address, a resource sub-identifier, a related log type, a resource name and a resource description, wherein the resource address is the address of a resource server where any resource is located, and the resource sub-address is a port number for accessing any resource on the resource server where any resource is located.
In the above scenario, a merged lookup table corresponding to the log type may be further obtained according to the subscription list and the registration list, where the merged lookup table records the subscription ID set on one hand, and may record a resource address set on the other hand, and in the merged lookup table, each resource address in the resource address set correspondingly records a plurality of resource sub-identifiers.
Further, in the embodiment of the present invention, the registration form may also be received by a resource management front desk, where a provider of the registration form may be a producer of the resource, or may be content that is directly input or edited on an operation interface provided by the resource management front desk by a production or maintenance person of the resource, and the like, and then related information of the resource produced by the producer of the resource and stored on the resource server may be registered in the resource management front desk, and the resource management front desk may maintain the related information of the resource, or forward the information to a subscriber of the resource, so as to serve as a reference when the subscriber subscribes the resource, for example, when generating the subscription form.
Through the mode, the resource producer can only take charge of the production and registration of the resource without considering the association with the subscriber, so that the aim of decoupling the resource production from the subscriber is fulfilled. It should be noted that, in some embodiments of the present invention, the producer of the resource may also be located on the resource server, which is not limited in the present invention.
On the other hand, the resource management foreground may be further configured to receive the aforementioned subscription list, and similarly, the provider of the subscription list may be a subscriber, or content directly input or edited on an operation interface provided by the resource management foreground by a production or maintenance person of the resource, or the like. As an optional implementation manner, both the subscription list and the registration list can be compiled and maintained through the resource management foreground, so that the resource management foreground becomes a unique interface for managers of the management system, and the maintenance cost of the whole management system is further reduced.
Through the above description, the present invention provides a specific embodiment of acquiring all the resources indicated by the resource ID set from the resource server described in step S202, but this is not the only implementation manner of the present invention. For example, in some embodiments of the present invention, all the resources subscribed by the multiple subscribers are stored in one resource server, the resource ID may not include the address of the resource server, and the corresponding resource is accessed and acquired through other manners, such as a manner of establishing a connection.
On the other hand, the above embodiment is proposed as a distribution form of common resources on a computer network, and is not meant to limit the present invention, for example, in some embodiments of the present invention, a resource management server may be further provided between a processing device for implementing the present invention and a plurality of resource servers providing different resources, so as to respond to a resource acquisition request issued by the processing device, and further, the resource management server acquires all resources required by the processing device according to a storage structure table stored locally thereof, for example, in a distributed file system, the resource management server may be a data warehouse server, and the storage structure table may be metadata or a name structure table, etc.
Based on the above description, the present invention will describe in detail a specific pushing manner of the resource subscribed by one of the multiple subscribers in the total resources acquired in step S206 by the following embodiments.
According to the resource pushing method provided by the embodiment of the present invention, in step S206, the resource subscribed by each of the multiple subscribers can be found from all the obtained resources, and the resource subscribed by each of the found multiple subscribers is sent to the corresponding subscriber of the multiple subscribers according to the subscription ID set.
Specifically, as shown in fig. 10, as a possible implementation, the step S204 may include:
s1002: acquiring resources identified by each resource ID in the resource ID set from the resource server, and storing the acquired resources identified by each resource ID in a storage area;
s1004: recording the identification of the storage position of the resource identified by each resource ID in the storage area into a position index;
the step of finding out the resource subscribed by each of the multiple subscribers from all the acquired resources in step S206 may include:
s1006: searching all resource IDs included in a subscription list corresponding to each of a plurality of subscribers;
s1008: and acquiring the resources stored in the storage area from the storage positions corresponding to all the resource IDs according to the position indexes.
Further, as shown in fig. 11, the step of sending the resource subscribed by each of the plurality of found subscribers to the corresponding subscriber of the plurality of subscribers according to the subscription ID set in step S206 may include:
s1102: packaging one or more resources subscribed by each of the plurality of searched subscribers into a resource package corresponding to each subscriber;
s1104: and sending the resource package to the corresponding subscriber.
In the foregoing scenario, to further achieve decoupling between the producer and the subscriber of the resource, optionally, as shown in fig. 12, before step S206, the resource pushing method may further include:
s1202: and generating an unpacking routine corresponding to the packaging of the resource package, and sending the unpacking routine to a plurality of subscribers through a resource management foreground.
In the embodiment of the present invention, the unpacking routines for different subscribers may be the same or different, and may be routines corresponding to each subscriber, for example, as an optional manner, the unpacking routines may be automatically generated according to the received subscription list and distributed to the corresponding subscribers by the resource management foreground.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
Example 2
It should be clear that one of the problems to be solved by the present technical solution is to provide a means to enable the pushing of a resource to a subscriber subscribing to the resource. Generally speaking, for a network security system that performs relevant policy analysis based on log messages, the pushing is performed in response to the received log messages, or each time a log message is received, it is necessary to perform pushing of relevant resources on one or more subscribers that are preset to be associated with the log message or a log type to which the log message belongs, so that the subscribers can perform further policy-related processing operations according to the pushed resources.
Under the above scenario, the related resource that needs to be sent to the subscriber in each pushing process represents a resource related to the received log message or the log type to which the log message belongs, and the subscriber can generate a security policy related to the log type according to the received resource after receiving the subscribed resource. For example, for a policy analysis system corresponding to an online application product, if a log message belonging to a log type of a user log record is received, one of the security policies related to the log type may be represented as determining whether the user log behavior belongs to a malicious behavior, and the resource related to the log type may be a history log of the user in a past history period and belonging to the log type of the user log record, or a consumption record of the user in the online application, or a specific determination method provided by a certain resource server, that is, the resource may be a history log or log data, or an attribute data, or a temporary data or an accumulated count data, such as a user behavior statistic, a user log record in a history period, Or a probability value generated by the above determining method, etc., even in some embodiments of the present invention, the resource may also be a program block or a process module in the security policy, and after the resources are pushed to the subscriber, the subscriber may generate a complete security policy according to the resources.
On the other hand, in some embodiments of the present invention, the above-mentioned subscriber may also represent a policy process for performing subsequent processing according to the pushed resource, but the present invention is not limited to this, and may also represent other types of resource interfaces, so as to respond to the pushing of the resource subscribed to in advance by the resource interface based on the log message. It should be noted that, in the resource service system as a possible implementation environment of the present invention, the resource service system may be configured to process a plurality of different log types, where there may be a plurality of subscribers associated with each log type, and these subscribers associated with the same log type may respectively represent different security policies, that is, each log type may correspond to a plurality of different security policies.
To implement the above resource subscription and push mechanism, the conventional scheme adopts a relatively decentralized resource subscription and push manner as shown in fig. 1. As shown in fig. 1, an independent resource subscription pushing mechanism is designed for each policy process, and is used to obtain, after receiving a log message from a log receiver, a resource required by the policy process through the independent resource subscription pushing mechanism, and push the obtained resource to the policy process. This approach is likely to result in repeated requests and acquisitions of resources, thereby placing a large load on the resource server as the requested party.
Different from the conventional scheme, in the embodiment of the invention, a mode of performing centralized request and acquisition on resources required by a plurality of subscribers and distributing the acquired resources to the plurality of subscribers is adopted, so that the purpose of performing request and acquisition on the same resource only once is achieved, the processing pressure of a resource server is reduced, and the technical problem of overlarge pressure on the resource server caused by a scattered resource subscription and pushing mode is solved.
Specifically, according to an embodiment of the present invention, there is provided a resource pushing apparatus for pushing resources subscribed by multiple subscribers to multiple subscribers respectively according to received log messages, where the multiple subscribers are preset to be associated with log types of the log messages, and the resources subscribed by the multiple subscribers respectively are used for generating security policies related to the log types, where as shown in fig. 13, the apparatus includes:
1) a first obtaining unit 1302, configured to obtain a subscription ID set and a resource ID set corresponding to a log type, where the subscription ID set includes multiple subscription IDs used for identifying multiple subscribers, and the resource ID set includes multiple resource IDs used for identifying multiple different resources, where the multiple different resources are a union of resources related to the log type and subscribed by multiple subscribers respectively;
2) a second obtaining unit 1304, configured to obtain all resources indicated by the resource ID set from the resource server;
3) a searching unit 1306, configured to search, from all the acquired resources, a resource subscribed by each of the multiple subscribers;
4) a sending unit 1308, configured to send the resource subscribed by each of the found multiple subscribers to a corresponding subscriber of the multiple subscribers according to the subscription ID set.
According to the resource pushing apparatus provided in the embodiment of the present invention, in the first obtaining unit 1302, a subscription ID set and a resource ID set corresponding to a log type to which a received log message belongs may be obtained locally by the resource pushing apparatus, for example, in the embodiment of the present invention, the subscription ID set and the resource ID set may be stored in a lookup table, where a name or a certain attribute of the lookup table corresponds to the log type.
In an embodiment of the present invention, the subscription ID set may include a plurality of subscription IDs for identifying a plurality of subscribers, and the resource ID set may include a plurality of resource IDs for identifying a plurality of different resources, where the plurality of different resources are a union of log-type-related resources to which the plurality of subscribers respectively subscribe.
For example, in one embodiment, three subscribers having common subscription IDs of 001, 002 and 003 respectively subscribe to a log type in advance, where based on the log type, the resource IDs of the resources subscribed by the first subscriber are a and B, the resource IDs of the resources subscribed by the second subscriber are B and C, and the resource IDs of the resources subscribed by the third subscriber are a and C, then the subscription ID set obtained accordingly is: [001, 002, 003], resource ID set is: [ a, B, C ], furthermore, all the resources indicated by the resource ID set, that is, three resources with resource IDs A, B and C, respectively, may be acquired in the second acquiring unit 1304.
With the above embodiment, it is readily understood that each resource in the resource ID set is acquired from the resource server 1 time, respectively. However, in the conventional scheme, to implement the resource pushing task, the pushing process corresponding to the subscriber with subscription ID 001 needs to acquire the resources with resource IDs a and B from the resource server, the pushing process corresponding to the subscriber with subscription ID 002 needs to acquire the resources with resource IDs B and C from the resource server, and the pushing process corresponding to the subscriber with subscription ID 003 needs to acquire the resources with resource IDs a and C from the resource server, that is, each resource in the resource ID set is acquired from the resource server 2 times. That is to say, in the above embodiments, the processing pressure of the resource server is reduced by half by the technical solution of the present invention.
Of course, this is only an example for explaining the implementation of the technical solution of the present invention and the implementation of the effect thereof, and does not mean to constitute any limitation to the present invention, and the technical effect achieved in the above embodiments should not be understood as the technical effect necessarily achieved by the present invention, and further, the disclosure of the present invention will be explained.
In this embodiment of the present invention, there may be multiple manners of acquiring the subscription ID set and the resource ID set described in the first acquiring unit 1302, where as a preferable manner, the subscription ID set and the resource ID set may be maintained locally in the resource pushing apparatus, so that on one hand, the subscription ID set and the resource ID set may be read and preloaded by using a pushing process, and temporary processing on the subscription ID set and the resource ID set after each log message is received is avoided, and on the other hand, since the hard code corresponding to the acquiring method of the subscription ID set and the resource ID set is removed from the resource pushing apparatus in this embodiment of the present invention, this embodiment facilitates maintenance and updating of the subscription ID set and the resource ID set.
More specifically, the above-described maintenance of the resource ID set for the subscription ID set can be achieved in the following manner. Optionally, as shown in fig. 14, coupled to the first obtaining unit 1302, the resource pushing apparatus may further include:
1) a third obtaining unit 1402, configured to obtain a subscription list corresponding to any subscriber, where the subscription list includes a subscription ID of any subscriber and a resource ID of each resource subscribed by any subscriber;
2) an updating unit 1404, configured to update the subscription ID and/or the resource ID in the subscription list to the subscription ID set and/or the resource ID set according to the obtained subscription list.
The specific manner of updating the subscription ID and/or the resource ID according to the subscription list in the updating unit 1404 may be various, for example, as one of optional manners, in an embodiment of the present invention, the updating unit 1404 may include:
1) a determining module 1502, configured to determine whether the subscription ID in the subscription list already exists in the subscription ID set before updating;
2) a third updating module 1504, configured to, when the subscription ID in the subscription list does not exist in the subscription ID set before updating, add the subscription ID in the subscription list to the subscription ID set before updating to form an updated subscription ID set, and add the resource ID in the subscription list, which is different from each resource ID in the resource ID set, to the resource ID set before updating to form an updated resource ID set.
Further optionally, as shown in fig. 16, after the determination result is obtained by the determining module 1502, the updating unit 1404 may further include:
1) a first searching module 1602, configured to search, in the subscription ID set before updating, a resource ID of each resource subscribed by any subscriber in the resource ID set before updating when the subscription ID in the subscription list already exists in the subscription ID set before updating;
2) the fourth updating module 1604 is configured to determine whether the resource identified by the found resource ID is subscribed by another subscriber other than any subscriber of the multiple subscribers, and if not, delete the found resource ID from the resource ID set before updating to form an updated resource ID set.
Through the method, the subscription ID set and the resource ID set can be updated. In addition to the foregoing embodiments, there may be other feasible manners for updating the subscription ID set and the resource ID set, for example, as shown in fig. 17, in an embodiment of the present invention, the updating unit 1404 may also include:
1) a first updating module 1702, configured to determine whether the subscription ID in the subscription list already exists in the subscription ID set before updating, and if not, add the subscription ID in the subscription list to the subscription ID set before updating to form an updated subscription ID set;
2) the second updating module 1704 is configured to obtain a union of the resource IDs included in the subscription list corresponding to each subscription ID in the subscription ID set, so as to form an updated resource ID set.
On the basis of the above description, the present invention will describe in detail the specific manner of acquiring all the resources indicated by the resource ID set in the second acquiring unit 1304 by some embodiments below.
According to the resource pushing apparatus provided in the embodiment of the present invention, in the second obtaining unit 1304, all resources indicated by the resource ID set may be obtained from the resource server. In general, in view of the resource obtaining operation required by the second obtaining unit 1304 according to the resource ID, in some embodiments of the present invention, the resource ID includes a resource address and a resource sub-identifier, where different resource addresses correspond to different resource servers, and the resource sub-identifier is used to distinguish different resources stored on the same resource server, where optionally, as shown in fig. 18, the second obtaining unit 1304 may specifically include:
1) the first obtaining module 1802 is configured to access a resource server corresponding to each resource address in the resource ID set, and obtain a corresponding resource from the accessed resource server according to the resource sub-identifier.
In order to further reduce the processing pressure of the resource server, all resources provided by the same resource server can be acquired in one request and the corresponding query operation. As shown in fig. 19, the first obtaining module 1802 may include:
1) a searching submodule 1902, configured to search, in the resource ID set, all resource sub-identifiers included in the resource ID that includes the resource address corresponding to the accessed resource server;
2) an obtaining sub-module 1904, configured to obtain the resource indicated by all the resource sub-identifiers from the accessed resource server.
In the foregoing scenario, corresponding to the foregoing manner of implementing the pre-configuration of the subscription ID and the resource ID through the processing of the subscription list related to the subscriber, optionally, as shown in fig. 20, in an embodiment of the present invention, coupled with the first obtaining unit 1302, the resource pushing apparatus may further include:
1) a fourth obtaining unit 2002, configured to obtain a registration form corresponding to any resource, where the registration form includes information about at least one of the following resources of any resource: the resource management system comprises a resource address, a resource sub-identifier, a related log type, a resource name and a resource description, wherein the resource address is the address of a resource server where any resource is located, and the resource sub-address is a port number for accessing any resource on the resource server where any resource is located.
In the above scenario, a merged lookup table corresponding to the log type may be further obtained according to the subscription list and the registration list, where the merged lookup table records the subscription ID set on one hand, and may record a resource address set on the other hand, and in the merged lookup table, each resource address in the resource address set correspondingly records a plurality of resource sub-identifiers.
Further, in the embodiment of the present invention, the registration form may also be received by a resource management front desk, where a provider of the registration form may be a producer of the resource, or may be content that is directly input or edited on an operation interface provided by the resource management front desk by a production or maintenance person of the resource, and the like, and then related information of the resource produced by the producer of the resource and stored on the resource server may be registered in the resource management front desk, and the resource management front desk may maintain the related information of the resource, or forward the information to a subscriber of the resource, so as to serve as a reference when the subscriber subscribes the resource, for example, when generating the subscription form.
Through the mode, the resource producer can only take charge of the production and registration of the resource without considering the association with the subscriber, so that the aim of decoupling the resource production from the subscriber is fulfilled. It should be noted that, in some embodiments of the present invention, the producer of the resource may also be located on the resource server, which is not limited in the present invention.
On the other hand, the resource management foreground may be further configured to receive the aforementioned subscription list, and similarly, the provider of the subscription list may be a subscriber, or content directly input or edited on an operation interface provided by the resource management foreground by a production or maintenance person of the resource, or the like. As an optional implementation manner, both the subscription list and the registration list can be compiled and maintained through the resource management foreground, so that the resource management foreground becomes a unique interface for managers of the management system, and the maintenance cost of the whole management system is further reduced.
Through the above description, the present invention provides a specific embodiment of acquiring all the resources indicated by the resource ID set from the resource server described in the first acquiring unit 1302, but this is not the only implementation manner of the present invention. For example, in some embodiments of the present invention, all the resources subscribed by the multiple subscribers are stored in one resource server, the resource ID may not include the address of the resource server, and the corresponding resource is accessed and acquired through other manners, such as a manner of establishing a connection.
On the other hand, the above embodiment is proposed as a distribution form of common resources on a computer network, and is not meant to limit the present invention, for example, in some embodiments of the present invention, a resource management server may be further provided between the resource pushing apparatus and a plurality of resource servers providing different resources, so as to respond to a resource acquisition request issued by the processing device, and further, the resource management server acquires all resources required by the processing device according to a storage structure table stored locally thereof, for example, in a distributed file system, the resource management server may be a data warehouse server, and the storage structure table may be metadata or a name structure table, etc.
Based on the above description, the present invention will describe in detail a specific pushing manner of a resource subscribed by a certain subscriber among multiple subscribers in all resources to be acquired in the lookup unit 1306 through the following embodiment.
According to the resource pushing apparatus provided by the embodiment of the present invention, in the searching unit 1306, the resource subscribed by each of the multiple subscribers can be searched from all the acquired resources, and the resource subscribed by each of the searched multiple subscribers is sent to the corresponding subscriber of the multiple subscribers according to the subscription ID set by the sending unit 1308.
Specifically, as shown in fig. 21, as a possible implementation, the second obtaining unit 1304 may include:
1) a storage module 2102 configured to obtain, from a resource server, a resource identified by each resource ID in a resource ID set, and store the obtained resource identified by each resource ID in a storage area;
2) a recording module 2104 for recording an identification of a storage location of the resource identified by each resource ID in the storage area into the location index;
the search unit 1306 may include:
1) a second searching module 2106, configured to search all resource IDs included in the subscription list corresponding to each of the multiple subscribers;
2) a second obtaining module 2108, configured to obtain the resources stored in the storage area from the storage locations corresponding to all the resource IDs according to the location index.
Further, as shown in fig. 22, the transmitting unit 1308 may include:
1) a packaging module 2202, configured to package one or more resources subscribed by each of the found multiple subscribers into a resource package corresponding to each subscriber;
2) a sending module 2204, configured to send the resource package to the corresponding subscriber.
In the foregoing scenario, to further achieve decoupling between the producer and the subscriber of the resource, optionally, as shown in fig. 23, coupled with the lookup unit 1306, the resource pushing apparatus may further include:
1) a generating unit 2302 for generating an unpacking routine corresponding to the packaging of the resource package and transmitting the unpacking routine to a plurality of subscribers through a resource management foreground.
In the embodiment of the present invention, the unpacking routines for different subscribers may be the same or different, and may be routines corresponding to each subscriber, for example, as an optional manner, the unpacking routines may be automatically generated according to the received subscription list and distributed to the corresponding subscribers by the resource management foreground.
Example 3
In an embodiment of the present invention, a resource service system is further provided, where the system may include a resource pushing apparatus as described in embodiment 2 and multiple subscribers.
A more specific embodiment of the present invention will be given below with reference to fig. 24 to 26 as a reference for the above resource pushing method, apparatus and resource server system provided according to the above embodiment of the present invention.
Optionally, as shown in fig. 24, in the embodiment of the present invention, an overall architecture of the resource service system may include: the system comprises a resource center foreground, a resource center background and a strategy unit, wherein the strategy unit is used for generating and executing a security strategy according to received resources.
As shown in fig. 24, the resource center may be divided into a resource center foreground and a resource center background, where the resource center foreground may be used to provide functions of resource registration, modification, viewing, subscription, resource subscription and unpacking API download, modification and pipelining query of resources and subscriptions, and the like. In addition, optionally, the resource center foreground may further provide an API automatic generation function, so as to automatically generate a corresponding unpacking API according to the subscribed resource for the subscriber to download, and automatically generate an API for analyzing the resource center request and packaging the resource response package when the resource plug-in occurs, for the resource producer to download. The background of the resource center can comprise a log receiver, a resource center logic layer and each resource server, wherein the log receiver can be used for receiving operation flow logs of the production system and performing related basic analysis, the resource center logic layer is responsible for receiving requests from the log receiver, acquiring resources required by subscribers according to resource subscription information and assembling and pushing the resources to the resource subscribers, and the resource server or producers of various resources can be used for producing resources and providing query services of the resource center logic layer so as to respond related resources to the resource center when receiving the query services of the resource center logic layer. In the embodiment of the invention, the pushing of the subscribed resources is triggered based on the log, after the log of a certain type and the related resources are subscribed, the logic layer can request the subscribed resources when receiving the log of the type, and the resources are pushed to the subscriber after the completion of the resources.
Specifically, in the embodiment of the present invention, a resource center foreground may be provided to a manager of a resource server as a platform for managing and operating resources and subscriptions, where the foreground functions may include: resource registration, resource viewing, resource subscription, and API download. The resource registration is that a resource producer registers a resource with a resource center, and specifically, the resource registration may register the following information:
1) the name and description of the resource are convenient for the resource subscriber to view;
2) the types of resources can be divided into three categories according to the characteristics and the direct dependency relationship of the resources: the system comprises log resources, attribute resources and temporary counting resources, wherein the log resources represent output data of a log receiver, the attribute resources represent some attribute data with a characteristic value, and the temporary counting resources represent accumulated counting of user behavior operations, wherein the temporary counting resources can rely on the log resources or the attribute resources to perform accumulated counting of some data;
3) the IP address and port of the service of the resource, i.e. the address of the resource requested by the resource logic layer;
4) the person in charge of the resource;
5) the specific definition of the resource describes the specific subscription of the resource, so that the subscriber can know the specific meaning of the resource conveniently, and the specific definition can be used as the basis for automatic generation of the API.
The resource center foreground can maintain a resource table, a record is newly added in the resource table after the resource registration is successful, the resource table is also a resource allocation table source of the resource logic layer, and the resource logic layer obtains the resource allocation by loading the resource table. The resource view page may provide resource subscribers with resources, find pages that require subscription to resources, and may support modifications to registered resources. The resource subscription page can provide a resource subscription function, wherein a subscriber can check resources needing subscription on the resource subscription page, and then can generate a new subscription list after the subscription is successfully submitted. Similarly, the resource center foreground may further maintain a subscription table, and adding one subscription form adds one record to the table, and the logic layer obtains the subscription information through the subscription table. The subscription table mainly comprises information such as subscription ID, subscription log type, subscription specific resource ID, subscription modification time and the like.
In addition, when the resource center foreground is oriented to the subscriber, the resource center foreground can provide a function of downloading a corresponding subscription information unpacking API for a certain subscription list besides providing a query function of the subscription list. Further, the resource center foreground can also provide the view of the resource and the flow of subscription modification, so as to track modification and locate problems.
In another aspect, as shown in FIG. 24, the resource center backend can include a log receiver, a logical layer, and a resource server. The logic layer is a core module of the whole platform, and is responsible for assembling the resources subscribed by each subscriber according to the resource and subscription configuration request, and pushing the resources to the subscribers, so as to complete the pushing function of the resources from the resource producer to the resource consumer, and implement the decoupling of production and consumption.
As shown in fig. 25, in the embodiment of the present invention, when the logic layer is started, a configuration process is started, the configuration information of the resource and the subscription is loaded, and when the resource or the subscription of the foreground is changed, the configuration process is notified, and the configuration process reloads the configuration. After loading the resource and the subscribed configuration, the configuration process calculates an attribute resource combination query table and a temporary resource combination query table, and when requesting the resource, the resource is requested and distributed quickly according to the two tables.
In fig. 25, the service process is a core module for processing resource requests and pushing by the logic layer, and the logic layer makes requests of two-layer sessions (sessions) according to the dependency relationship between the resources, where the two sessions respectively process requests of the attributed resources of the first layer and requests of the temporary resources of the second layer.
The first layer session requests resources from all attribute resource servers associated with the log type directly according to the attribute resource combination query table, and requests for the second layer session are made after all attribute resources are requested. And when the second layer session requests, making a request according to the temporary resource combination query table.
On the basis of the above description, considering that the production system write operation logs of the microblog every day are 1.9 million, each subscription can subscribe a plurality of resources at the same time, if each resource is requested independently for each subscription, the number of the receiving and sending packets related to the request in the whole system is huge, which forms a large burden on the network card of the server and the network card interrupt of the CPU, thereby increasing the processing pressure of the resource server and the whole resource service system. To address this problem, the embodiment of the present invention employs a way of merging fast queries, where merging includes two layers of meanings: 1) the method comprises the steps of combining request resources of a plurality of subscription lists of log types, calculating a resource collection subscribed by all the subscription lists of one log type, and assembling and distributing according to subscriptions as long as a log operation requests the resource collection; 2) the combination of resource services can perform packing query on related resources through an interface process, so that the efficiency of one request in the resources is improved.
In the embodiment of the present invention, the implementation of the fast merge query is implemented by using the attribute resource merge lookup table and the temporary resource merge lookup table, and the resource pushing method provided in the embodiment of the present invention will be explained below with reference to fig. 26.
In fig. 26, the attribute resource merging lookup table and the temporary resource merging lookup table are resource request tables of two-layer sessions in which a log type is a Key (Key), the lookup tables describe all resources and corresponding address information that the log type needs to request on the two-layer sessions, and all subscription lists of the log are recorded in the temporary resource log request table. And when receiving a log, acquiring information of two request tables according to the log type, sending a corresponding resource request to the address of the request table, and loading resource data into a session data area when receiving a response packet.
As shown in fig. 26, two-layer sessions acquire that all resource data is cached in a session data area, the session data area also records the position index of each resource data in the data area, after all resource requests in a certain log type are complete, a temporary resource log type request table is queried to acquire all subscription tickets of the log type, all resources subscribed by each subscription ticket are acquired one by one, and the subscribed resources are assembled in the data area and pushed to the subscriber.
Through the mode, the embodiment of the invention realizes the decoupling of resource production and consumption, so that on one hand, the sharing and linkage between strategies can be realized through a uniform resource management platform, and on the other hand, the resource development and the strategy development can be carried out in parallel, thereby improving the attack efficiency of the security strategy and the development efficiency of the security strategy. Furthermore, in the embodiment of the invention, the effect of reducing the processing pressure of the resource server and the resource service system is achieved by a way of quickly combining the queries.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments. In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In several embodiments provided in the present application, it should be understood that the disclosed resource pushing device and resource server may be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form. The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (11)

1. A resource pushing method for pushing resources subscribed by a plurality of subscribers to the plurality of subscribers respectively according to received log messages, wherein the plurality of subscribers are preset to be associated with log types of the log messages, the method comprising:
acquiring a subscription ID set and a resource ID set corresponding to the log type, wherein the subscription ID set comprises a plurality of subscription IDs for identifying the plurality of subscribers, and the resource ID set comprises a plurality of resource IDs for identifying a plurality of different resources, wherein the plurality of different resources are a union set of resources subscribed by the plurality of subscribers and related to the log type; the resources include at least one of: log data, attribute data, temporary data, and a security policy subroutine block;
acquiring all resources indicated by the resource ID set from a resource server;
searching out the resource subscribed by each of the plurality of subscribers from the acquired all resources, and sending the resource subscribed by each of the plurality of subscribers to the corresponding subscriber of the plurality of subscribers according to the subscription ID set;
before the obtaining of the subscription ID set and the resource ID set corresponding to the log type, the method further includes: acquiring a subscription list corresponding to any subscriber, wherein the subscription list comprises a subscription ID of the subscriber and a resource ID of each resource subscribed by the subscriber; and updating the subscription ID and/or the resource ID in the subscription list to the subscription ID set and/or the resource ID set according to the acquired subscription list.
2. The method according to claim 1, wherein the resource ID includes a resource address and a resource sub-ID, wherein different resource addresses correspond to different resource servers, and the resource sub-ID is used to distinguish different resources stored on the same resource server, and wherein the obtaining all resources indicated by the resource ID set from the resource servers includes:
and accessing the resource server corresponding to each resource address in the union set of the resource addresses in the resource ID set, and obtaining the resources indicated by all the resource sub-identifications corresponding to each resource address in the resource ID set in batches from the accessed resource servers.
3. The method according to claim 1, wherein the updating the subscription ID and/or the resource ID in the subscription sheet to the subscription ID set and/or the resource ID set according to the acquired subscription sheet comprises:
judging whether the subscription ID in the subscription list exists in the subscription ID set before updating or not, if not, adding the subscription ID in the subscription list to the subscription ID set before updating to form the updated subscription ID set;
and acquiring a union set of the resource IDs included in the subscription list corresponding to each subscription ID in the subscription ID set to form the updated resource ID set.
4. The method of claim 1,
the obtaining of all resources indicated by the resource ID set from the resource server includes: acquiring the resource identified by each resource ID in the resource ID set from the resource server, and storing the acquired resource identified by each resource ID in a storage area; recording the identification of the storage position of the resource identified by each resource ID in the storage area into a position index;
the finding out the resources subscribed to by each of the plurality of subscribers from the acquired resources comprises: searching all resource IDs included in the subscription list corresponding to each of the plurality of subscribers; and acquiring the resources stored in the storage area from the storage positions corresponding to all the resource IDs according to the position index.
5. The method according to any one of claims 1 and 3 to 4, wherein before the obtaining of the subscription ID set and the resource ID set corresponding to the log type, the method further comprises:
the resource management foreground acquires a registration form corresponding to any resource, wherein the registration form comprises relevant information of at least one of the following resources: the method comprises the following steps of (1) obtaining a resource address, a resource sub-identifier, a related log type, a resource name and a resource description, wherein the resource address is the address of a resource server where any resource is located, and the resource sub-identifier is a port number for accessing any resource on the resource server where any resource is located; wherein,
the obtaining of the subscription list corresponding to any subscriber includes: and the resource management foreground acquires the subscription list generated according to the registration list.
6. The method according to any one of claims 1 to 4, wherein before said sending the resource subscribed to each of the plurality of subscribers found to the corresponding subscriber of the plurality of subscribers according to the subscription ID set, further comprising:
the resource management foreground generates an unpacking routine corresponding to the resource package packaging format according to the resource package packaging format and sends the unpacking routine to the plurality of subscribers; wherein,
the sending the resource subscribed by each of the plurality of found subscribers to the corresponding subscriber of the plurality of subscribers according to the subscription ID set includes: packaging one or more resources subscribed by each of the plurality of searched subscribers into a resource package corresponding to each of the subscribers according to the resource package packaging format; and sending the resource package to a corresponding subscriber.
7. The method according to any one of claims 1 to 4, wherein the resources subscribed to by each of the plurality of subscribers are used for generating a security policy related to the log type, wherein after the sending the resource subscribed to each of the plurality of subscribers found according to the subscription ID set to the corresponding subscriber of the plurality of subscribers, the method further comprises:
each of the plurality of subscribers receives the subscribed resource and generates the security policy from the received resource.
8. A resource pushing apparatus for pushing a resource subscribed by each of a plurality of subscribers to the plurality of subscribers according to a received log message, wherein the plurality of subscribers are preset to be associated with a log type of the log message, the apparatus comprising:
a first obtaining unit, configured to obtain a subscription ID set and a resource ID set corresponding to the log type, where the subscription ID set includes multiple subscription IDs for identifying the multiple subscribers, and the resource ID set includes multiple resource IDs for identifying multiple different resources, where the multiple different resources are a union of resources subscribed by the multiple subscribers and related to the log type; the resources include at least one of: log data, attribute data, temporary data, and a security policy subroutine block;
a second obtaining unit, configured to obtain all resources indicated by the resource ID set from a resource server;
a searching unit, configured to search for a resource subscribed by each of the multiple subscribers from the acquired all resources;
a sending unit, configured to send the resource subscribed by each of the found multiple subscribers to a corresponding subscriber of the multiple subscribers according to the subscription ID set;
a third obtaining unit, configured to obtain a subscription list corresponding to any subscriber before obtaining the subscription ID set and the resource ID set corresponding to the log type, where the subscription list includes a subscription ID of the any subscriber and a resource ID of each resource subscribed by the any subscriber;
and the updating unit is used for updating the subscription ID and/or the resource ID in the subscription list to the subscription ID set and/or the resource ID set according to the acquired subscription list.
9. The apparatus according to claim 8, wherein the resource ID includes a resource address and a resource sub-identifier, wherein different resource addresses correspond to different resource servers, and the resource sub-identifier is configured to distinguish different resources stored on the same resource server, and wherein the second obtaining unit includes:
and the acquisition module is used for accessing the resource server corresponding to each resource address in the union set of the resource addresses in the resource ID set and acquiring the resources indicated by all the resource sub-identifications corresponding to each resource address in the resource ID set in batches from the accessed resource servers.
10. The apparatus of claim 9, further comprising:
the third obtaining unit is further configured to obtain a registration form corresponding to any resource, where the registration form includes information about at least one of the following resources: the method comprises the following steps of (1) obtaining a resource address, a resource sub-identifier, a related log type, a resource name and a resource description, wherein the resource address is the address of a resource server where any resource is located, and the resource sub-identifier is a port number for accessing any resource on the resource server where any resource is located; wherein,
the subscription list is generated according to the registration list.
11. The apparatus according to any one of claims 8 to 10, wherein each of the plurality of subscribers is configured to receive the subscribed resource and generate a security policy associated with the log type according to the received resource.
CN201310538414.5A 2013-11-04 2013-11-04 Resource supplying method and apparatus Active CN104618410B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310538414.5A CN104618410B (en) 2013-11-04 2013-11-04 Resource supplying method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310538414.5A CN104618410B (en) 2013-11-04 2013-11-04 Resource supplying method and apparatus

Publications (2)

Publication Number Publication Date
CN104618410A CN104618410A (en) 2015-05-13
CN104618410B true CN104618410B (en) 2019-06-07

Family

ID=53152685

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310538414.5A Active CN104618410B (en) 2013-11-04 2013-11-04 Resource supplying method and apparatus

Country Status (1)

Country Link
CN (1) CN104618410B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107181636B (en) * 2016-03-10 2020-09-11 阿里巴巴集团控股有限公司 Health check method and device in load balancing system
CN106878246A (en) * 2016-07-27 2017-06-20 阿里巴巴集团控股有限公司 A kind of method for managing resource and device
CN108810048A (en) * 2017-05-02 2018-11-13 中国移动通信集团重庆有限公司 Resource supplying method and device
CN110737447B (en) * 2018-07-18 2023-11-14 阿里巴巴集团控股有限公司 Application updating method and device
CN109672735A (en) * 2018-12-20 2019-04-23 中国移动通信集团江苏有限公司 A kind of method, device and equipment of Message Processing
CN114928604B (en) * 2022-06-29 2023-06-16 建信金融科技有限责任公司 File distribution method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1967695A (en) * 2005-08-01 2007-05-23 索尼株式会社 Information processing apparatus, reproduction apparatus, communication method, reproduction method and computer program
CN101047691A (en) * 2006-04-29 2007-10-03 华为技术有限公司 Method for integral controlling subscribe
CN102110104A (en) * 2009-12-28 2011-06-29 北大方正集团有限公司 Method for establishing index library, search method and method for updating index library
CN102255944A (en) * 2011-04-14 2011-11-23 浪潮(北京)电子信息产业有限公司 Management method and system for clustered system
CN102780768A (en) * 2012-06-29 2012-11-14 北京奇虎科技有限公司 Processing method and processing system for highly-concurrent requests
CN102902733A (en) * 2012-09-11 2013-01-30 北京奇艺世纪科技有限公司 Information push method, device and system based on content subscription
CN103064842A (en) * 2011-10-20 2013-04-24 北京中搜网络技术股份有限公司 Information subscription processing device and information subscription processing method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1967695A (en) * 2005-08-01 2007-05-23 索尼株式会社 Information processing apparatus, reproduction apparatus, communication method, reproduction method and computer program
CN101047691A (en) * 2006-04-29 2007-10-03 华为技术有限公司 Method for integral controlling subscribe
CN102110104A (en) * 2009-12-28 2011-06-29 北大方正集团有限公司 Method for establishing index library, search method and method for updating index library
CN102255944A (en) * 2011-04-14 2011-11-23 浪潮(北京)电子信息产业有限公司 Management method and system for clustered system
CN103064842A (en) * 2011-10-20 2013-04-24 北京中搜网络技术股份有限公司 Information subscription processing device and information subscription processing method
CN102780768A (en) * 2012-06-29 2012-11-14 北京奇虎科技有限公司 Processing method and processing system for highly-concurrent requests
CN102902733A (en) * 2012-09-11 2013-01-30 北京奇艺世纪科技有限公司 Information push method, device and system based on content subscription

Also Published As

Publication number Publication date
CN104618410A (en) 2015-05-13

Similar Documents

Publication Publication Date Title
CN104618410B (en) Resource supplying method and apparatus
US8938534B2 (en) Automatic provisioning of new users of interest for capture on a communication network
CN112632129B (en) Code stream data management method, device and storage medium
CN101442558B (en) Method and system for providing index service for P2SP network
CN112699089B (en) Data sharing system, data sharing method and device
CN101449559A (en) Distributed memory
CN110198530B (en) Flow-free service scheduling processing method, device, equipment and storage medium
US20120191754A1 (en) Locating Subscription Data in a Multi-Tenant Network
US20130191493A1 (en) System for accessing a set of communication and transaction data associated with a user of interest sourced from multiple different network carriers and for enabling multiple analysts to independently and confidentially access the set of communication and transaction data
CN109167840B (en) Task pushing method, node autonomous server and edge cache server
CN102985919A (en) System and method for a serialized data service
CN108093026B (en) Method and device for processing multi-tenant request
CN107622064A (en) A data reading method and system
WO2023273922A1 (en) Account management method, system, and computer readable storage medium
CN105447151A (en) Method for accessing distributed database, data source proxy apparatus and application server
CN112199463A (en) Data query method, device and equipment
CN113010904A (en) Data processing method and device and electronic equipment
US10205679B2 (en) Resource object resolution management
CN111858609A (en) Fuzzy query method and device for block chain
CN104503983A (en) Method and device for providing website certification data for search engine
WO2017096886A1 (en) Content pushing method, apparatus and system
CN115098738B (en) Business data extraction method, device, storage medium and electronic device
CN112887925B (en) SMS push method, edge server node and service server node
CN116886758A (en) Cloud storage information security management method, device and system and storage medium
CN103796042B (en) resource information pushing method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant