[go: up one dir, main page]

CN115473735B - Data request risk assessment method and device - Google Patents

Data request risk assessment method and device Download PDF

Info

Publication number
CN115473735B
CN115473735B CN202211108577.5A CN202211108577A CN115473735B CN 115473735 B CN115473735 B CN 115473735B CN 202211108577 A CN202211108577 A CN 202211108577A CN 115473735 B CN115473735 B CN 115473735B
Authority
CN
China
Prior art keywords
request
risk
category
data request
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211108577.5A
Other languages
Chinese (zh)
Other versions
CN115473735A (en
Inventor
朱正亮
吴帅帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qichacha Technology Co ltd
Original Assignee
Qichacha Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qichacha Technology Co ltd filed Critical Qichacha Technology Co ltd
Priority to CN202211108577.5A priority Critical patent/CN115473735B/en
Publication of CN115473735A publication Critical patent/CN115473735A/en
Application granted granted Critical
Publication of CN115473735B publication Critical patent/CN115473735B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

本公开涉及一种数据请求的风险评估方法、装置、计算机设备、存储介质和计算机程序产品。所述方法包括:在待处理的数据请求对应的请求类别为目标请求类别的情况下,获取所述数据请求的请求内容信息和请求属性信息;根据所述请求内容信息和所述请求属性信息确定所述数据请求对应的风险类别;按照与所述风险类别对应的请求处理方式对所述数据请求进行处理。采用本方法能够提高数据请求风险判断评估的准确性,保证业务系统安全性。

The present disclosure relates to a data request risk assessment method, device, computer equipment, storage medium and computer program product. The method comprises: when the request category corresponding to the data request to be processed is the target request category, obtaining the request content information and request attribute information of the data request; determining the risk category corresponding to the data request according to the request content information and the request attribute information; and processing the data request according to the request processing method corresponding to the risk category. The use of this method can improve the accuracy of data request risk assessment and ensure the security of the business system.

Description

Risk assessment method and device for data request
Technical Field
The disclosure relates to the technical field of data processing, and in particular relates to a risk assessment method, a risk assessment device, computer equipment and a storage medium for a data request.
Background
In a service system, conditions such as content crawling, malicious registration, illegal login and the like may occur to threaten the safety of the service system, so that the traffic of the service system needs to be monitored, and risk traffic is prevented from entering the service system. In the prior art, the request category needing to be intercepted can be set through a custom rule, and the interception is performed when the request is detected to be the request category needing to be intercepted.
However, in this way, accurate judgment of the data request carrying the risk cannot be achieved, and the security of the service system is affected.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a risk assessment method, apparatus, computer device, storage medium, and computer program product for accurately determining a data request having a risk that increases the security of a business system.
In a first aspect, an embodiment of the present disclosure provides a risk assessment method for a data request. The method comprises the following steps:
acquiring request content information and request attribute information of a data request under the condition that a request type corresponding to the data request to be processed is a target request type;
Determining a risk category corresponding to the data request according to the request content information and the request attribute information;
and processing the data request according to a request processing mode corresponding to the risk category.
In one embodiment, the determining the risk category corresponding to the data request according to the request content information and the request attribute information includes:
Acquiring a preset risk category rule, wherein the risk category comprises a risk-free request, a risk request and a risk limiting request;
And classifying the request content information and the request attribute information according to the risk category rule, and determining the risk category corresponding to the data request.
In one embodiment, the determining manner of the risk category rule includes:
acquiring request content information, request attribute information and corresponding risk categories of a historical data request, wherein the request content information comprises request time;
determining an association relationship between the risk category, the request content information and the request attribute information according to the request content information, the request attribute information and the risk category;
and determining a risk category rule according to the association relation.
In one embodiment, the risk category includes a limited risk request, and the processing the data request according to the request processing mode corresponding to the risk category includes:
under the condition that the data request is a limiting risk request, acquiring a preset limiting rule;
And carrying out request limiting processing on the data request according to the request content information and the request attribute information and the limiting rule.
In one embodiment, when the request category corresponding to the data request to be processed is the target request category, acquiring the request content information of the data request further includes:
Acquiring a transmitting end address corresponding to a data request and a preset safe transmitting end address;
and under the condition that the sender address does not belong to the preset safe sender address, determining the request category as a target request category.
In one embodiment, the request content information includes a sender address of the data request, the request attribute information includes a request number, and the determining the risk category corresponding to the data request according to the request content information and the request attribute information includes:
And determining the risk category corresponding to the data request as a risk request under the condition that the data request is sent by the same sender address and the request times are larger than the preset times.
In a second aspect, an embodiment of the disclosure further provides a risk assessment device for a data request. The device comprises:
The acquisition module is used for acquiring request content information and request attribute information of the data request under the condition that a request type corresponding to the data request to be processed is a target request type;
The determining module is used for determining a risk category corresponding to the data request according to the request content information and the request attribute information;
and the processing module is used for processing the data request according to a request processing mode corresponding to the risk category.
In one embodiment, the determining module includes:
The risk classification module is used for acquiring preset risk classification rules, wherein the risk classification comprises a risk-free request, a risk request and a risk limiting request;
And the determining submodule is used for classifying the request content information and the request attribute information according to the risk category rule and determining the risk category corresponding to the data request.
In one embodiment, the determining module of the risk category rule includes:
the acquisition sub-module is used for acquiring request content information, request attribute information and corresponding risk categories of the historical data request, wherein the request content information comprises request time;
The first determining submodule is used for determining the association relation between the risk category, the request content information and the request attribute information according to the request content information, the request attribute information and the risk category;
And the second determining submodule is used for determining a risk category rule according to the association relation.
In one embodiment, the risk category includes a limited risk request, and the processing module includes:
The acquisition sub-module is used for acquiring a preset limiting rule under the condition that the data request is a limiting risk request;
And the determining submodule is used for carrying out request limiting processing on the data request according to the request content information and the request attribute information and the limiting rule.
In one embodiment, before the acquiring module, the method further includes:
The acquisition sub-module is used for acquiring a transmitting end address corresponding to the data request and a preset safe transmitting end address;
The determining submodule is used for determining the request category as a target request category under the condition that the sender address does not belong to the preset safe sender address.
In one embodiment, the request content information includes a sender address of the data request, the request attribute information includes a request number, and the determining module includes:
The determining submodule is used for determining that the risk category corresponding to the data request is a risk request when the data request is sent by the same sender address and the request times are larger than the preset times.
In a third aspect, embodiments of the present disclosure also provide a computer device. The computer device comprises a memory storing a computer program and a processor implementing the steps of the method of any of the embodiments of the present disclosure when the computer program is executed.
In a fourth aspect, embodiments of the present disclosure also provide a computer-readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the method of any of the embodiments of the present disclosure.
In a fifth aspect, embodiments of the present disclosure also provide a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of the method according to any of the embodiments of the present disclosure.
According to the embodiment of the disclosure, when a data request is processed, after the data request is received, when the data request is judged to be a target request type, request content information and request attribute information of the data request are obtained, a risk type corresponding to the data request is determined according to the request content information and the request attribute information, the data request to be processed is processed according to a request mode corresponding to the risk type, and by performing risk assessment on the request of the target request type, accurate judgment of the risk of the data request is achieved, the risk type and the processing mode corresponding to the data request are obtained according to the content information and the attribute information of the data request, judgment and processing of the risk of the data request with finer granularity are achieved, accuracy of judging and evaluating the risk of the data request is further improved, and experience of a user is improved while safety of a service system is ensured.
Drawings
FIG. 1 is an application environment diagram of a risk assessment method for data requests in one embodiment;
FIG. 2 is a flow chart of a method of risk assessment for a data request in one embodiment;
FIG. 3 is a flow chart of a method of risk assessment for a data request in one embodiment;
FIG. 4 is a flow diagram of a method of determining rules for risk categories in one embodiment;
FIG. 5 is a flow chart of a method of risk assessment for a data request in one embodiment;
FIG. 6 is a flow chart of a method of risk assessment for a data request in one embodiment;
FIG. 7 is a block diagram of a risk assessment device for data requests in one embodiment;
fig. 8 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the embodiments of the present disclosure will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the disclosed embodiments and are not intended to limit the disclosed embodiments.
The risk assessment method for the data request provided by the embodiment of the disclosure can be applied to an application environment as shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be integrated on the server 104 or may be located on a cloud or other network server. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices, and portable wearable devices, where the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart vehicle devices, and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The server 104 may be implemented as a stand-alone server or as a server cluster of multiple servers.
In one embodiment, as shown in fig. 2, a risk assessment method for a data request is provided, and the method is applied to the terminal in fig. 1 for illustration, and includes the following steps:
Step S210, acquiring request content information and request attribute information of a data request to be processed under the condition that a request category corresponding to the data request is a target request category;
In general, in order to avoid the situation that the security of the system is threatened due to the risk flow entering the system, after receiving the data request, the data request is correspondingly processed, and the request is not directly passed.
In the embodiment of the disclosure, after receiving the data request, it is determined whether the data request is of a target request type, where the target request type may be regarded as a target request type that may have a risk. When the data request is of the target request type, further judgment is required for the data request. Request content information and request attribute information of a data request are acquired. In one example, the request content information may include, but is not limited to, an access address of the data request, a request originator address, a request recipient address, etc., and the request attribute information may include, but is not limited to, a request type, a request frequency, etc. In one example, in the case where the request category to which the data request corresponds is not the target request category, the data request at this time may be considered to be risk-free, and the data request may be passed directly. In one possible implementation, it may be determined whether the data request is of the target request type by making an analysis determination of the IP address from which the data request was issued.
Step S220, determining a risk category corresponding to the data request according to the request content information and the request attribute information;
In the embodiment of the disclosure, after the request content information and the request attribute information are acquired, the risk category corresponding to the data request is judged according to the request content information and the request attribute information. In one example, a risk category classification rule may be set in advance, and different request content information and request attribute information correspond to different risk categories, where the number of risk categories is not limited in this embodiment, and for example, the risk categories may be set to have a risk request, have no risk request, and limit a risk request. In another example, risk categories can be determined through a machine learning mode, risk categories of historical data requests are divided and judged, tags of corresponding risk categories are marked, a risk category identification model is trained and obtained through association relation between request content information and request attribute information of the historical data requests and the corresponding risk category tags, request content information and request attribute information of the data requests to be processed are input into the risk category identification model, and risk categories corresponding to the data requests are output through the risk category identification model.
And step S230, processing the data request according to a request processing mode corresponding to the risk category.
In the embodiment of the disclosure, after the risk request category corresponding to the data request is obtained, a request processing mode corresponding to the risk category is determined, and the data request to be processed is processed according to the corresponding request processing mode. In one example, the association relationship between the request processing manner and the risk category is determined in advance, wherein the association relationship between the request processing manner and the risk category can be determined by analyzing and processing the historical data request information. In one example, the request processing means may include, but is not limited to, passing a request, rejecting a request, delaying a response request, sending a verification code, sending a prompt, and the like.
According to the embodiment of the disclosure, when a data request is processed, after the data request is received, when the data request is judged to be a target request type, request content information and request attribute information of the data request are obtained, a risk type corresponding to the data request is determined according to the request content information and the request attribute information, the data request to be processed is processed according to a request mode corresponding to the risk type, and by performing risk assessment on the request of the target request type, accurate judgment of the risk of the data request is achieved, the risk type and the processing mode corresponding to the data request are obtained according to the content information and the attribute information of the data request, judgment and processing of the risk of the data request with finer granularity are achieved, accuracy of judging and evaluating the risk of the data request is further improved, and experience of a user is improved while safety of a service system is ensured. The embodiment can realize the noninductive access of the multi-service system, and simultaneously support differentiated and flexibly configured wind control strategies based on different service demands.
In one embodiment, as shown in fig. 3, the determining, according to the request content information and the request attribute information, a risk category corresponding to the data request includes:
Step S221, a preset risk category rule is obtained, wherein the risk category comprises a risk-free request, a risk request and a risk limiting request;
Step S222, classifying the request content information and the request attribute information according to the risk category rule, and determining a risk category corresponding to the data request.
In the embodiment of the disclosure, when determining a risk category corresponding to a data request according to request content information and request attribute information, a preset risk category rule is obtained, wherein the risk category rule is generally an association relationship between the request content information and request attribute information and the risk category, and in the embodiment, the association relationship between the request content information and the request attribute information of the data request and the risk category is set in advance according to an actual application scene. Generally, risk categories of the data request may be classified according to a risk size of the data request, where the risk categories include no risk request, and limited risk request in this embodiment. The risk-free request can be considered to be free of risks for the corresponding data request and cannot threaten the system security, the risk request can be considered to be dangerous for the system security by the corresponding data request, the risk-limiting request can be considered to be possibly dangerous for the corresponding data request, the risk can be possibly threatening the system security, and the request needs to be further limited. And classifying the request content information and the request attribute information according to the risk category rule, and determining the risk category corresponding to the data request.
According to the risk category determining method and the risk determining device, risk categories comprise risk-free requests, risk requests and risk limiting requests, the risk categories corresponding to the data requests are obtained by classifying according to request content information and request attribute information of the data requests and according to risk category rules, and the risk categories can be determined according to the request content information and the request attribute information of the data requests, so that finer granularity division of risks of the data requests is achieved, accuracy of risk judgment of the data requests is improved, and safety of a service system is further guaranteed.
In one embodiment, as shown in fig. 4, the determining manner of the risk category rule includes:
step S410, request content information, request attribute information and corresponding risk categories of a historical data request are obtained, wherein the request content information comprises request time;
Step S420, determining an association relationship between the risk category, the request content information, and the request attribute information according to the request content information, the request attribute information, and the risk category;
And step S430, determining a risk category rule according to the association relation.
In the embodiment of the disclosure, when determining the risk category rule, request content information, request attribute information and a corresponding risk category of the historical data request are acquired, wherein the request content information includes request time, and the historical data request may be a part or all of data requests within a preset historical period. And determining the association relationship among the request content information, the request attribute information and the risk category according to the acquired information. In one example, the association relationship may be determined through machine learning, that is, a risk category identification model is obtained through training according to the request content information, the request attribute information and the risk category label, the request content information and the request attribute information are input into the risk category identification model, and the risk category is output through the model, so that the association relationship between the risk category and the request information is determined, wherein one or more risk category identification models may be obtained according to the difference between the request content information and the request attribute information. In this embodiment, in consideration of different risk assessment criteria for data requests at different times, therefore, the request content information further includes a request time, and when setting the risk category rule, in consideration of the request time, a dynamic baseline policy may be set, and a periodic risk category rule may be set based on an actual application scenario. And after the association relation is determined, obtaining a risk category rule according to the association relation.
According to the embodiment of the disclosure, the risk category rule is obtained through analysis and processing of the historical data request information, and meanwhile, the association relation between different request time and risks is considered, so that the obtained risk category rule is more accurate and reliable, the accuracy of determining the subsequent risk category is improved, and the safety of a service system is ensured.
In one embodiment, the risk category includes a limited risk request, and the processing the data request according to the request processing mode corresponding to the risk category includes:
under the condition that the data request is a limiting risk request, acquiring a preset limiting rule;
And carrying out request limiting processing on the data request according to the request content information and the request attribute information and the limiting rule.
In the embodiment of the disclosure, the risk category includes a limited risk request, where the limited risk category request may be considered as a data request with a possible risk, and thus, further limitation on the data request is required. When the data request is a risk limiting request, a preset limiting rule is obtained, wherein the preset limiting rule is usually determined in advance according to an actual application scene. In general, the restriction rule includes association relations among request content information, request attribute information, and restriction categories. In one example, the constraint rules may be set directly by the history data, or may be derived by using a machine learning algorithm with the history data. And carrying out request limiting processing on the data request according to the request content information and the request attribute information and the limiting rule. In one example, the restriction process may include, but is not limited to, human recognition verification code, return error information, forced login, log-out to log-in, delayed response, prompt information, data confusion, and the like.
According to the embodiment of the disclosure, when the risk category is the limited risk request, the request content information and the request attribute information of the data request are further analyzed and subdivided, the corresponding limited category is determined according to the request content information and the request attribute information, and the corresponding request limiting processing is carried out on the data request, so that the data request can be processed in a finer step, the situation that the security request is directly refused under the condition that the data request possibly has risks is avoided, and the experience of a user is improved while the security of a service system is ensured.
In one embodiment, as shown in fig. 5, in the case that the request type corresponding to the data request to be processed is the target request type, acquiring the request content information of the data request further includes:
step S202, a sender address corresponding to a data request and a preset safe sender address are obtained;
Step S204, determining the request class as a target request class when the sender address does not belong to the preset secure sender address.
In the embodiment of the disclosure, after receiving a data request, a sender address corresponding to the data request is obtained, and a preset safe sender address is obtained, wherein the preset safe sender address is usually determined in advance according to an actual application scenario. In one example, the preset secure sender address may be determined according to the sender address of the risk-free request in the history request, or may be obtained by direct evaluation. In one example, a preset secure sender address may be stored in the white list, and after the sender address of the data request is obtained, it is directly determined whether the address matches the secure sender address in the white list. When the sender address does not belong to the preset safe sender address, the corresponding data request can be considered to have risk or possibly risk, the request type is determined to be the target request type, and further judgment of the risk type is needed. In another example, a preset risk sender address may be determined in advance, and when the sender address of the data request is the preset risk sender address, the data request at this time may be considered as a risk data request, and the data request is directly rejected without further judging the risk type.
According to the embodiment of the disclosure, the data request is firstly judged through the sending end address of the data request, so that the data request with risk or possible risk is obtained for further analysis and processing, the workload of subsequent risk category judgment is reduced, the efficiency of risk assessment of the data request is improved, meanwhile, the accuracy of risk judgment of the data request is ensured, and the safety of a service system is improved.
In one embodiment, the request content information comprises a sender address of the data request, the request attribute information comprises a request number, and the determining the risk category corresponding to the data request according to the request content information and the request attribute information comprises:
And determining the risk category corresponding to the data request as a risk request under the condition that the data request is sent by the same sender address and the request times are larger than the preset times.
In the embodiment of the disclosure, the request content information includes a sender address of the data request, and the request attribute information includes the number of requests. After request content information and request attribute information of a data request are obtained, determining whether the data request is a plurality of identical data requests sent by the same sender address according to the sender address and the request times of the data request, if the request times of the data request sent by the same sender address are larger than preset times, the data request is generally considered to have risk when the frequency of the data request is too high, and the risk category corresponding to the data request is determined to be the risk request at the moment, and the risk to the system security is avoided without passing the request. In one example, the preset number of times is generally determined according to an actual application scenario, and when the number of times of data requests is greater than the preset number of times, it may be considered that the data request frequency is too high at this time, and there is a risk.
According to the embodiment of the disclosure, through judging the address of the transmitting end and the number of requests, the data request with too high request frequency is judged as the risk request, so that the efficiency of risk assessment of the data request is improved, meanwhile, the accuracy of risk judgment of the data request is ensured, and the safety of a service system is improved.
Fig. 6 is a flowchart of a risk assessment method for a data request according to an exemplary embodiment, and referring to fig. 6, after the request starts and a data request is received, first, a traffic analysis and risk assessment system determines a request type. The identification method of the request category can include, but is not limited to, realizing city-level request distinction through an IP asset library, classifying requests sent by different cities in different regions, identifying the request category, realizing request distinction of the user category through a butt joint service information library according to historical service information or an evaluation set user list, completing information library collection of white spiders through a white list IP disclosed by the search engines and a search engine spider IP verified in an rDNS mode, evaluating the collection condition of each search engine based on the spider library, facilitating subsequent ROI (region of interest) based on each search engine, giving the spider amount to each engine, and comprehensively evaluating through other risk libraries. In one example, the request categories may include, but are not limited to, search engine spiders, malicious crawlers, normal traffic, attack traffic, and the like. Marking the data request after the request type is identified as a safety request, skipping the subsequent judging logic, and carrying out subsequent further identification and determination after the request type is identified as other type requests. And judging whether the request is a spider request or not for other types of requests, if the request is a preset search engine spider request, marking the data request, skipping the subsequent logic, and simultaneously, executing peak clipping and steady flow processing for ensuring the stability of a service system and carrying out quota based on the ROI. When other types of requests are not spider requests, the risk types of the data requests are identified, wherein the identification mode of the risk types can include, but is not limited to, configuration of rules supporting real-time rules and offline rules, such as request frequency, request sources and the like, comprehensive analysis of strategies based on behavior characteristics, such as frequent single requests and the like, which deviate from the request behaviors of normal users obviously, data introduction of three-party sources, and access of more risk asset libraries, such as direct entry of malicious IP based on honeypot collection, are supported. When the risk category is detected as a malicious risk, the request is refused, and when the risk category is the risk of other categories, corresponding risk coping means, namely corresponding limitation processing, can be executed according to the specific information of the data request. In one example, the embodiment supports the transparent transmission of risk tags to subsequent service systems, and notifies the service systems to execute risk handling means by themselves based on the risk tags. In this embodiment, when the request type and the risk type of the data request are identified, the identification result is marked in the corresponding data request in the form of a tag for the back-end to process. In one example, in this embodiment, when processing the data request, the refinement analysis may be further performed according to the flow of the service system, that is, the data request, to continuously refine the wind control rule, so as to further ensure the security of the service system. In another example, the request category and risk category of the data request may also be identified and determined by the log-delivery module, the background configuration, and the external data source.
The method and the system can realize the cooperation with the back-end service node through a specific label while decoupling the service, transmit risk information to a subsequent service system, automatically design a wind control page by the service system, thereby avoiding the problem that the design style of the wind control page of the service wind control node is inconsistent with that of a service site, realize different wind control strategies thinned to a city level, support different wind control strategies of different cities, such as cities with denser proxy IP, can finish service operation after logging in, improve the accuracy of risk identification, support a dynamic baseline strategy, realize more flexible and effective wind control rules based on service periodicity, support a user-level wind control strategy, such as a user-level request model, request delay, request redirection and the like, improve the accuracy of risk identification, improve the sense of experience of users, ensure the reliability and the safety of the service system, and finish the cooperation level strategy with the internal system based on the fact that the third-level data source and the actual service are linked.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least a portion of the steps in the figures may include steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the steps or stages in other steps.
Based on the same inventive concept, the embodiments of the present disclosure further provide a risk assessment apparatus for a data request for implementing the risk assessment method for a data request as referred to above. The implementation of the solution provided by the apparatus is similar to the implementation described in the above method, so the specific limitation in the embodiments of the risk assessment apparatus for one or more data requests provided below may refer to the limitation of the risk assessment method for the data request hereinabove, and will not be repeated herein.
In one embodiment, as shown in fig. 7, there is provided a risk assessment apparatus for a data request, including:
an obtaining module 710, configured to obtain request content information and request attribute information of a data request to be processed when a request class corresponding to the data request is a target request class;
A determining module 720, configured to determine a risk category corresponding to the data request according to the request content information and the request attribute information;
And a processing module 730, configured to process the data request according to a request processing manner corresponding to the risk category.
In one embodiment, the determining module includes:
The risk classification module is used for acquiring preset risk classification rules, wherein the risk classification comprises a risk-free request, a risk request and a risk limiting request;
And the determining submodule is used for classifying the request content information and the request attribute information according to the risk category rule and determining the risk category corresponding to the data request.
In one embodiment, the determining module of the risk category rule includes:
the acquisition sub-module is used for acquiring request content information, request attribute information and corresponding risk categories of the historical data request, wherein the request content information comprises request time;
The first determining submodule is used for determining the association relation between the risk category, the request content information and the request attribute information according to the request content information, the request attribute information and the risk category;
And the second determining submodule is used for determining a risk category rule according to the association relation.
In one embodiment, the risk category includes a limited risk request, and the processing module includes:
The acquisition sub-module is used for acquiring a preset limiting rule under the condition that the data request is a limiting risk request;
And the determining submodule is used for carrying out request limiting processing on the data request according to the request content information and the request attribute information and the limiting rule.
In one embodiment, before the acquiring module, the method further includes:
The acquisition sub-module is used for acquiring a transmitting end address corresponding to the data request and a preset safe transmitting end address;
The determining submodule is used for determining the request category as a target request category under the condition that the sender address does not belong to the preset safe sender address.
In one embodiment, the request content information comprises a sender address of the data request, the request attribute information comprises a request number, and the determining module comprises:
The determining submodule is used for determining that the risk category corresponding to the data request is a risk request when the data request is sent by the same sender address and the request times are larger than the preset times.
The respective modules in the risk assessment apparatus for data request described above may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 8. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing data such as data request data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a risk assessment method for a data request.
It will be appreciated by those skilled in the art that the structure shown in fig. 8 is merely a block diagram of a portion of the structure associated with an embodiment of the present disclosure and is not limiting of the computer device to which an embodiment of the present disclosure may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In an embodiment, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, the user information (including, but not limited to, user equipment information, user personal information, etc.) and the data (including, but not limited to, data for analysis, stored data, presented data, etc.) according to the embodiments of the present disclosure are information and data authorized by the user or sufficiently authorized by each party.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided by the present disclosure may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magneto-resistive random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (PHASE CHANGE Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc. The databases referred to in the embodiments provided by the present disclosure may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors referred to in the embodiments provided in the present disclosure may be general-purpose processors, central processing units, graphic processors, digital signal processors, programmable logic units, data processing logic units based on quantum computing, and the like, without being limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples merely represent a few implementations of the disclosed embodiments, which are described in more detail and are not to be construed as limiting the scope of the disclosed embodiments. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made to the disclosed embodiments without departing from the spirit of the disclosed embodiments. Accordingly, the scope of the disclosed embodiments should be determined from the following claims.

Claims (10)

1. A method of risk assessment for a data request, the method comprising:
Acquiring request content information and request attribute information of a data request to be processed under the condition that the request category corresponding to the data request is a target request category, wherein the request category comprises search engine spiders, malicious crawlers, normal flow and attack flow, and the judging mode of whether the request category is the target request category comprises the steps of determining whether the data request is the target request category according to an IP address sent by the data request, realizing urban-level request distinction through an IP asset library, classifying requests sent by different cities in different regions, identifying the request category through a butt joint service information library according to historical service information or a user list which is evaluated and set, completing the information base steady flow collection of the white spiders through a white list IP and rDNS (r DNS) mode, and identifying the request category based on the information base;
Determining a risk category corresponding to the data request according to the request content information and the request attribute information;
and processing the data request according to a request processing mode corresponding to the risk category.
2. The method of claim 1, wherein the determining a risk category corresponding to the data request based on the request content information and the request attribute information comprises:
Acquiring a preset risk category rule, wherein the risk category comprises a risk-free request, a risk request and a risk limiting request;
And classifying the request content information and the request attribute information according to the risk category rule, and determining the risk category corresponding to the data request.
3. The method according to claim 2, wherein the risk category rule is determined in a manner comprising:
acquiring request content information, request attribute information and corresponding risk categories of a historical data request, wherein the request content information comprises request time;
determining an association relationship between the risk category, the request content information and the request attribute information according to the request content information, the request attribute information and the risk category;
and determining a risk category rule according to the association relation.
4. The method of claim 1, wherein the risk category includes a limit risk request, and wherein processing the data request in a request processing manner corresponding to the risk category includes:
under the condition that the data request is a limiting risk request, acquiring a preset limiting rule;
And carrying out request limiting processing on the data request according to the request content information and the request attribute information and the limiting rule.
5. The method according to claim 1, wherein, in the case that the request category corresponding to the data request to be processed is the target request category, acquiring the request content information of the data request further includes:
Acquiring a transmitting end address corresponding to a data request and a preset safe transmitting end address;
and under the condition that the sender address does not belong to the preset safe sender address, determining the request category as a target request category.
6. The method of claim 1, wherein the request content information includes a sender address of the data request, the request attribute information includes a number of requests, and wherein determining the risk category corresponding to the data request based on the request content information and the request attribute information includes:
And determining the risk category corresponding to the data request as a risk request under the condition that the data request is sent by the same sender address and the request times are larger than the preset times.
7. A risk assessment apparatus for a data request, the apparatus comprising:
The acquisition module is used for acquiring request content information and request attribute information of a data request under the condition that a request category corresponding to the data request to be processed is a target request category, wherein the request category comprises search engine spiders, malicious crawlers, normal traffic and attack traffic, and the judgment mode of whether the request category is the target request category comprises the steps of determining whether the data request is the target request category according to an IP address sent by the data request, realizing city-level request distinction through an IP asset library, classifying requests sent by different cities in different regions, and identifying the request category; identifying request types according to historical service information or a user list set by evaluation through a butt joint service information base, completing information base collection of white spiders through a search engine spiders IP which is verified in a white list IP and rDNS mode which are shown by a search engine, and identifying request types based on the information base;
The determining module is used for determining a risk category corresponding to the data request according to the request content information and the request attribute information;
and the processing module is used for processing the data request according to a request processing mode corresponding to the risk category.
8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the risk assessment method of a data request according to any one of claims 1 to 6.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the risk assessment method of a data request according to any one of claims 1 to 6.
10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, realizes the steps of the risk assessment method of a data request according to any one of claims 1 to 6.
CN202211108577.5A 2022-09-13 2022-09-13 Data request risk assessment method and device Active CN115473735B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211108577.5A CN115473735B (en) 2022-09-13 2022-09-13 Data request risk assessment method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211108577.5A CN115473735B (en) 2022-09-13 2022-09-13 Data request risk assessment method and device

Publications (2)

Publication Number Publication Date
CN115473735A CN115473735A (en) 2022-12-13
CN115473735B true CN115473735B (en) 2025-01-28

Family

ID=84333851

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211108577.5A Active CN115473735B (en) 2022-09-13 2022-09-13 Data request risk assessment method and device

Country Status (1)

Country Link
CN (1) CN115473735B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109636607A (en) * 2018-12-18 2019-04-16 平安科技(深圳)有限公司 Business data processing method, device and computer equipment based on model deployment

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8108933B2 (en) * 2008-10-21 2012-01-31 Lookout, Inc. System and method for attack and malware prevention
US10546135B1 (en) * 2019-03-06 2020-01-28 SecurityScorecard, Inc. Inquiry response mapping for determining a cybersecurity risk level of an entity
CN111125695B (en) * 2019-12-26 2022-04-05 武汉极意网络科技有限公司 Account risk assessment method, device, equipment and storage medium
CN112651619A (en) * 2020-12-22 2021-04-13 上海哔哩哔哩科技有限公司 Business-oriented wind control method and device
CN113344453A (en) * 2021-07-05 2021-09-03 湖南快乐阳光互动娱乐传媒有限公司 Risk monitoring method, device, system, storage medium and equipment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109636607A (en) * 2018-12-18 2019-04-16 平安科技(深圳)有限公司 Business data processing method, device and computer equipment based on model deployment

Also Published As

Publication number Publication date
CN115473735A (en) 2022-12-13

Similar Documents

Publication Publication Date Title
US11848760B2 (en) Malware data clustering
US20200389495A1 (en) Secure policy-controlled processing and auditing on regulated data sets
US10592666B2 (en) Detecting anomalous entities
US20210092160A1 (en) Data set creation with crowd-based reinforcement
WO2018208451A1 (en) Real time detection of cyber threats using behavioral analytics
US10135852B2 (en) Bot detection based on behavior analytics
US20150120583A1 (en) Process and mechanism for identifying large scale misuse of social media networks
US20180121405A1 (en) System and method of annotating utterances based on tags assigned by unmanaged crowds
CN110855648B (en) Early warning control method and device for network attack
CN110569213A (en) File access method, device and equipment
US11132358B2 (en) Candidate name generation
CN112131507A (en) Website content processing method, device, server and computer-readable storage medium
CN114244611B (en) Abnormal attack detection method, device, equipment and storage medium
CN113326523A (en) Privacy calculation method and device and electronic equipment
CN113065748A (en) Business risk assessment method, device, equipment and storage medium
CN108876314B (en) A career professional ability traceability method and platform
CN114363002B (en) Method and device for generating network attack relation diagram
CN115189963A (en) Abnormal behavior detection method and device, computer equipment and readable storage medium
CN115473735B (en) Data request risk assessment method and device
CN113326064A (en) Method for dividing business logic module, electronic equipment and storage medium
CN110532773A (en) Malicious access Activity recognition method, data processing method, device and equipment
US20140172874A1 (en) Intelligent analysis queue construction
CN116155628B (en) Network security detection method, training device, electronic equipment and medium
US20180150752A1 (en) Identifying artificial intelligence content
CN114880637B (en) Account risk verification method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Country or region after: China

Address after: No. 8 Huizhi Street, Suzhou Industrial Park, Suzhou Area, China (Jiangsu) Pilot Free Trade Zone, Suzhou City, Jiangsu Province, 215000

Applicant after: Qichacha Technology Co.,Ltd.

Address before: Room 503, 5 / F, C1 building, 88 Dongchang Road, Suzhou Industrial Park, 215000, Jiangsu Province

Applicant before: Qicha Technology Co.,Ltd.

Country or region before: China

CB02 Change of applicant information
GR01 Patent grant