+

CN109460664A - Risk analysis method, device, Electronic Design and computer-readable medium - Google Patents

Risk analysis method, device, Electronic Design and computer-readable medium Download PDF

Info

Publication number
CN109460664A
CN109460664A CN201811236573.9A CN201811236573A CN109460664A CN 109460664 A CN109460664 A CN 109460664A CN 201811236573 A CN201811236573 A CN 201811236573A CN 109460664 A CN109460664 A CN 109460664A
Authority
CN
China
Prior art keywords
target entity
goal behavior
knowledge mapping
risk
mapping model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811236573.9A
Other languages
Chinese (zh)
Other versions
CN109460664B (en
Inventor
汪南
孙浩庭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Three Cloud Computing Co ltd
Beijing Sankuai Online Technology Co Ltd
Original Assignee
Beijing Sankuai Online Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Sankuai Online Technology Co Ltd filed Critical Beijing Sankuai Online Technology Co Ltd
Priority to CN201811236573.9A priority Critical patent/CN109460664B/en
Publication of CN109460664A publication Critical patent/CN109460664A/en
Priority to CA3059709A priority patent/CA3059709A1/en
Application granted granted Critical
Publication of CN109460664B publication Critical patent/CN109460664B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Economics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Strategic Management (AREA)
  • Health & Medical Sciences (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Computer Security & Cryptography (AREA)
  • Educational Administration (AREA)
  • Development Economics (AREA)
  • Databases & Information Systems (AREA)
  • Game Theory and Decision Science (AREA)
  • Automation & Control Theory (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Debugging And Monitoring (AREA)

Abstract

This disclosure relates to a kind of risk analysis method, device, Electronic Design and computer-readable medium.It is related to computer information processing field, this method comprises: the incidence relation between acquisition target entity, goal behavior and target entity and goal behavior;It is common to set up knowledge mapping model using the incidence relation between target entity and goal behavior as side using the target entity and the goal behavior as node;And the risk analysis of the target entity Yu the goal behavior is carried out by the knowledge mapping model.This disclosure relates to risk analysis method, device, Electronic Design and computer-readable medium, comprehensive consideration can be carried out to enterprise security, being capable of quick hazardous act and risk object when security incident occurs.

Description

Risk analysis method, device, Electronic Design and computer-readable medium
Technical field
This disclosure relates to computer information processing field, in particular to a kind of risk analysis method, device, electronics Design and computer-readable medium.
Background technique
In general, enterprise is by human resources, fund, market.The elements such as machinery equipment, material, information composition.Currently, Business administration becomes more and more important, especially in present information-intensive society, the various electronic bits of data of enterprises be easy to by Enterprise staff is stolen, and very big business loss is in turn resulted in.To realize Enterprise Sustainable security developments, come there are many approach to enterprise The information security of industry is managed: first is that scientific and technological level is improved energetically, construction network security system;Second is that specification " method Control ", promote the information security awareness of employee;Third is that the regulatory responsibility of refinement government agencies at all levels, strengthens supervision.But it is above each The content of aspect can only constrain enterprise staff from the angle of morals and regulation, have specific purposes and special enterprise to some The employee of figure, the above management means produce little effect.Moreover, being especially responsible for carrying out enterprise the employee of network security, these members Some unlawful practices of work or violation operation trace are easy to be cleaned up by it, in this case, the information of enterprises Security management and control is a problem to be solved.
Therefore, it is necessary to a kind of new risk analysis method, device, Electronic Design and computer-readable mediums.
Above- mentioned information are only used for reinforcing the understanding to the background of the disclosure, therefore it disclosed in the background technology part It may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Summary of the invention
In view of this, the disclosure provides a kind of risk analysis method, device, Electronic Design and computer-readable medium, energy It is enough that comprehensive consideration is carried out to enterprise security, additionally it is possible to, being capable of quick hazardous act and risk object when security incident occurs
Other characteristics and advantages of the disclosure will be apparent from by the following detailed description, or partially by the disclosure Practice and acquistion.
According to the one side of the disclosure, a kind of risk analysis method is proposed, this method comprises: obtaining target entity, target Incidence relation between behavior and target entity and goal behavior;Using the target entity and the goal behavior as section Point, the incidence relation between the target entity and the goal behavior construct knowledge mapping model as side;And pass through institute State the risk analysis that knowledge mapping model carries out the target entity Yu the goal behavior.
In a kind of exemplary embodiment of the disclosure, further includes: determine being associated between target entity and goal behavior The intensity of relationship.
In a kind of exemplary embodiment of the disclosure, the target entity includes user, equipment and network address; And/or the goal behavior includes multiple predefined actions of target entity;And/or between the target entity and goal behavior Incidence relation includes operation behavior.
In a kind of exemplary embodiment of the disclosure, target entity, goal behavior and target entity and target are determined Incidence relation between behavior includes: the user extracted in monitoring log, and equipment and network address are using as target entity; The predefined action in monitoring log is extracted using as goal behavior;And extract the target entity and goal behavior monitored in log Between operation behavior using as the incidence relation.
In a kind of exemplary embodiment of the disclosure, the strong of the incidence relation between target entity and goal behavior is determined Degree includes: the intensity that the incidence relation is determined by the frequency of operation behavior between target entity and goal behavior.
It, will using the target entity with the goal behavior as node in a kind of exemplary embodiment of the disclosure Incidence relation between target entity and goal behavior is common to set up knowledge mapping model further include: by the association as side Weight of the intensity of relationship as the side of the knowledge mapping model.
In a kind of exemplary embodiment of the disclosure, the target entity and institute are carried out by the knowledge mapping model The risk analysis for stating goal behavior includes: that the value-at-risk of target entity is determined by the knowledge mapping model;And/or pass through institute It states knowledge mapping model and determines abnormal target entity;And/or abnormal goal behavior is determined by the knowledge mapping model.
In a kind of exemplary embodiment of the disclosure, the value-at-risk of target entity is determined by the knowledge mapping model It include: the security level for obtaining each goal behavior in the knowledge mapping model;And pass through the knowledge mapping model Each target is real in target entity set in the weight on middle side, the security level of goal behavior and knowledge mapping model The discrepancy of body and or in-degree, determine the value-at-risk of target entity in knowledge mapping model.
In a kind of exemplary embodiment of the disclosure, the value-at-risk of target entity is calculated by risk formula;
Wherein, R (j) is the value-at-risk of target entity Xj, and Yi is and associated i-th of the goal behavior of target entity Xj, θ It (i) is the bonding strength of target entity Xj and Yi, α (i) is the security level of target entity Xj, and ID (Yi) goes out in-degree for Yi's, Ni be and the associated target entity number of Yi.
In a kind of exemplary embodiment of the disclosure, abnormal target entity packet is determined by the knowledge mapping model It includes: determining that value-at-risk is greater than the target entity of threshold value;Determine the associated entity set of the target entity;And in the target When the value-at-risk of entity is greater than the value-at-risk of each target entity in the associated entity set, determine that the target entity is Abnormal target entity.
In a kind of exemplary embodiment of the disclosure, abnormal goal behavior packet is determined by the knowledge mapping model It includes: determining the abnormal target entity;It is determining associated with abnormal target entity by the knowledge mapping model The value-at-risk of each goal behavior;The corresponding goal behavior of maximum risk value is determined as abnormal goal behavior.
According to the one side of the disclosure, a kind of risk analysis device is proposed, which includes: extraction module, for obtaining Incidence relation between target entity, goal behavior and target entity and goal behavior;Model module is used for the target Entity and the goal behavior are common to set up using the incidence relation between target entity and goal behavior as side as node Knowledge mapping model;And analysis module, for carrying out the target entity and the target by the knowledge mapping model The risk analysis of behavior.
According to the one side of the disclosure, a kind of electronic equipment is proposed, which includes: one or more processors; Storage device, for storing one or more programs;When one or more programs are executed by one or more processors, so that one A or multiple processors realize such as methodology above.
According to the one side of the disclosure, it proposes a kind of computer-readable medium, is stored thereon with computer program, the program Method as mentioned in the above is realized when being executed by processor.
It, can be to enterprise security according to the risk analysis method of the disclosure, device, Electronic Design and computer-readable medium Carry out comprehensive consideration, additionally it is possible to, being capable of quick hazardous act and risk object when security incident occurs.
It should be understood that the above general description and the following detailed description are merely exemplary, this can not be limited It is open.
Detailed description of the invention
Its example embodiment is described in detail by referring to accompanying drawing, above and other target, feature and the advantage of the disclosure will It becomes more fully apparent.Drawings discussed below is only some embodiments of the present disclosure, for the ordinary skill of this field For personnel, without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is the system block diagram of a kind of risk analysis method and device shown according to an exemplary embodiment.
Fig. 2 is a kind of flow chart of risk analysis method shown according to an exemplary embodiment.
Fig. 3 is a kind of schematic diagram of the risk analysis method shown according to another exemplary embodiment.
Fig. 4 is a kind of flow chart of the risk analysis method shown according to another exemplary embodiment.
Fig. 5 is a kind of block diagram of risk analysis device shown according to an exemplary embodiment.
Fig. 6 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.
Fig. 7 is that a kind of computer readable storage medium schematic diagram is shown according to an exemplary embodiment.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be real in a variety of forms It applies, and is not understood as limited to embodiment set forth herein;On the contrary, thesing embodiments are provided so that the disclosure will be comprehensively and complete It is whole, and the design of example embodiment is comprehensively communicated to those skilled in the art.Identical appended drawing reference indicates in figure Same or similar part, thus repetition thereof will be omitted.
In addition, described feature, structure or characteristic can be incorporated in one or more implementations in any suitable manner In example.In the following description, many details are provided to provide and fully understand to embodiment of the disclosure.However, It will be appreciated by persons skilled in the art that can with technical solution of the disclosure without one or more in specific detail, Or it can be using other methods, constituent element, device, step etc..In other cases, it is not shown in detail or describes known side Method, device, realization or operation are to avoid fuzzy all aspects of this disclosure.
Block diagram shown in the drawings is only functional entity, not necessarily must be corresponding with physically separate entity. I.e., it is possible to realize these functional entitys using software form, or realized in one or more hardware modules or integrated circuit These functional entitys, or these functional entitys are realized in heterogeneous networks and/or processor device and/or microcontroller device.
Flow chart shown in the drawings is merely illustrative, it is not necessary to including all content and operation/step, It is not required to execute by described sequence.For example, some operation/steps can also decompose, and some operation/steps can close And or part merge, therefore the sequence actually executed is possible to change according to the actual situation.
It should be understood that although herein various assemblies may be described using term first, second, third, etc., these groups Part should not be limited by these terms.These terms are to distinguish a component and another component.Therefore, first group be discussed herein below Part can be described as the second component without departing from the teaching of disclosure concept.As used herein, term " and/or " include associated All combinations for listing any of project and one or more.
It will be understood by those skilled in the art that attached drawing is the schematic diagram of example embodiment, module or process in attached drawing Necessary to not necessarily implementing the disclosure, therefore it cannot be used for the protection scope of the limitation disclosure.
Fig. 1 is the system block diagram of a kind of risk analysis method and device shown according to an exemplary embodiment.
As shown in Figure 1, system architecture 100 may include terminal device 101,102,103, network 104 and server 105. Network 104 between terminal device 101,102,103 and server 105 to provide the medium of communication link.Network 104 can be with Including various connection types, such as wired, wireless communication link or fiber optic cables etc..
User can be used terminal device 101,102,103 and carry out various information exchanges by network 104, to receive or send out Send message etc..Various telecommunication customer end applications, such as the application of shopping class, net can be installed on terminal device 101,102,103 The application of page browsing device, searching class application, instant messaging tools, mailbox client, social platform software etc..
Terminal device 101,102,103 can be the various electronic equipments with display screen and supported web page browsing, packet Include but be not limited to smart phone, tablet computer, pocket computer on knee and desktop computer etc..
Server 105 can be the data server for monitor terminal equipment 101,102,103, and server 105 can be with Obtain the log of various operations or data service that user is carried out using terminal device 101,102,103.Server 105 can be with The processing such as data analysis carried out to the log information that gets, and by processing result (abnormal terminal device, abnormal operation row For etc.) feed back to terminal device.
Server 105 can for example obtain being associated between target entity, goal behavior and target entity and goal behavior Relationship;Server 105 can be for example using the target entity and the goal behavior as node, by target entity and goal behavior Between incidence relation as side, it is common to set up knowledge mapping model;Server 105 can for example pass through the knowledge mapping model Carry out the risk analysis of the target entity Yu the goal behavior;Wherein, the target entity includes user, equipment, and Network address;And/or the goal behavior includes multiple predefined actions of target entity;And/or the target entity and target Incidence relation between behavior includes operation behavior.
Server 105 can be the server of an entity, also may be, for example, that multiple servers form, in server 105 A part can be for example as the risk analysis system in the disclosure, for passing through the knowledge mapping model progress target The risk analysis of entity and the goal behavior;A part in server 105 can also be for example as data system, for responding The data access request of user terminal.
It should be noted that risk analysis method provided by the embodiment of the present disclosure can be executed by server 105, accordingly Ground, risk analysis device can be set in server 105.And it is supplied to user and carries out data manipulation or send request of data Request end is normally in terminal device 101,102,103.
According to the risk analysis method and device of the disclosure, by knowledge mapping model to target entity, goal behavior into Row risk analysis can carry out comprehensive consideration to enterprise security, additionally it is possible to, being capable of quick hazardous act when security incident occurs With risk object.
Fig. 2 is a kind of flow chart of risk analysis method shown according to an exemplary embodiment.Risk analysis method 20 Including at least step S202 to S206.
As shown in Fig. 2, in S202, between acquisition target entity, goal behavior and target entity and goal behavior Incidence relation.Wherein, the target entity includes any combination of user, equipment and network address.
Wherein, in the present embodiment, the target entity is the individual of performance objective behavior in enterprise, and target entity can wrap Include user, equipment and network address.
Wherein, in the present embodiment, the goal behavior is one group of target entity execution in enterprise and there are safety winds The behavior of danger, goal behavior includes multiple predefined actions of target entity;It specifically can for example upload data, downloading data, access The behaviors such as data.
Wherein, the incidence relation between the target entity and goal behavior includes operation behavior.Incidence relation is target Connection between entity and its goal behavior carried out.
In one embodiment, being associated between target entity, goal behavior and target entity and goal behavior is determined Relationship includes: the user extracted in monitoring log, and equipment and network address are using as target entity;It extracts in monitoring log Predefined action using as goal behavior;And extract the operation behavior monitored between target entity and goal behavior in log Using as the incidence relation.
In one embodiment, can such as target entity A be XX user;Goal behavior B is that data download behavior;Target line It is data deleting act for C, when XX user there are data to download behavior, determines to have between target entity A and goal behavior B and close Connection relationship;And in XX user's no data deleting act, it is determined that do not have incidence relation between target entity A and goal behavior C.
In S204, using the target entity and the goal behavior as node, the target entity and the target Incidence relation between behavior constructs knowledge mapping model as side.
In one embodiment, further includes: determine the intensity of the incidence relation between target entity and goal behavior.Specifically The intensity of the incidence relation can be for example determined by the frequency of operation behavior between target entity and goal behavior.And it will be described Weight of the intensity of incidence relation as the side of the knowledge mapping model.
It in one embodiment, can be the intensity θ of incidence relation by the operation frequency in the predetermined time.It can be for example with one day For the time limit, in one day when XX user there are data to download behavior, determines to have between target entity A and goal behavior B and be associated with Relationship, when the number of XX user data downloading behavior is 10 times, intensity θ=10 of incidence relation.
In one embodiment, knowledge mapping is by by applied mathematics, graphics, Information Visualization Technology, Information Center The theory of etc. subjects is combined with method and the methods of meterological citation analysis, Co-occurrence Analysis, and utilizes visual map shape As ground shows that nuclear structure, developing history, Disciplinary Frontiers and the whole Knowledge framework of subject reach Multidisciplinary Integration purpose Modern theory.
Knowledge mapping includes a variety of nodes:
Wherein, it entity: refers to distinguishability and certain self-existent things.
Concept: the set that the entity with homospecificity is constituted.
Attribute: its attribute value is directed toward from an entity.Different attribute types corresponds to the side of different type attribute.
Relationship: on knowledge mapping, relationship is then one and kk node of graph (entity, semantic category, attribute value) is mapped to The function of Boolean.
A kind of generic representation mode of knowledge mapping is that node is the entity sets in knowledge base, includes altogether | E | kind is different Entity;Side is the set of relationship in knowledge base, includes altogether | R | plant different relationships.
In one embodiment, based on above-mentioned definition, can by the target entity, the goal behavior as node, The knowledge mapping of incidence relation building can be for example shown in Fig. 3.There are the nodes of two attribute in the knowledge mapping model, divide Not Wei target entity node and goal behavior node, the side between linking objective entity node and goal behavior node is to be associated with System.As shown in figure 3, the white nodes in knowledge mapping model may be, for example, target entity node, dark node may be, for example, mesh Mark behavior node.
In one embodiment, as shown in figure 3, in knowledge mapping model target entity node and goal behavior node it Between by side connect, be not connected directly between target entity node and target entity node;Goal behavior node and target line It is not also connected directly between node.Such setting tallies with the actual situation in knowledge mapping model, can such as target Entity A is XX user;Goal behavior B is that data download behavior, and goal behavior C is data deleting act, and target entity D is XX electricity Brain, downloading behavior by data between XX user and XX computer could be interrelated.And data downloading behavior and data are deleted and are gone Relationship cannot be directly generated between, need to be associated with by target entity node.
In S206, the risk point of the target entity or the goal behavior is carried out by the knowledge mapping model Analysis.
In one embodiment, the wind of the target entity Yu the goal behavior is carried out by the knowledge mapping model Danger analysis includes: the value-at-risk that target entity is determined by the knowledge mapping model;And/or pass through the knowledge mapping model Determine abnormal target entity;And/or abnormal goal behavior is determined by the knowledge mapping model.
Wherein, determine that the value-at-risk of target entity includes: to obtain the knowledge mapping mould by the knowledge mapping model The security level of each goal behavior in type;And weight, the peace of goal behavior by side in the knowledge mapping model In target entity set in congruent grade and knowledge mapping model the discrepancy of each target entity and or in-degree, determination know Know the value-at-risk of target entity in spectrum model.
Wherein, determine that abnormal target entity comprises determining that value-at-risk is greater than threshold value by the knowledge mapping model Target entity;Determine the associated entity set of the target entity;And it is greater than the pass in the value-at-risk of the target entity When joining the value-at-risk of each target entity in entity sets, determine that the target entity is abnormal target entity.
Wherein, determine that abnormal goal behavior comprises determining that the abnormal target is real by the knowledge mapping model Body;Pass through the value-at-risk of knowledge mapping model determination and each associated goal behavior of abnormal target entity; And the corresponding goal behavior of maximum risk value is determined as abnormal goal behavior.
In one embodiment, can also be for example by way of timed task, timing acquisition monitors daily record data to construct The knowledge mapping model carries out risk analysis.
According to the risk analysis method of the disclosure, using the target entity and the goal behavior as node, by target For incidence relation between entity and goal behavior as side, common establishment knowledge mapping model passes through the knowledge mapping model The mode of the risk analysis of the target entity and the goal behavior is carried out, comprehensive consideration can be carried out to enterprise security, also Can be when security incident occur, quick hazardous act and risk object.
It will be clearly understood that the present disclosure describes how to form and use particular example, but the principle of the disclosure is not limited to These exemplary any details.On the contrary, the introduction based on disclosure disclosure, these principles can be applied to many other Embodiment.
Fig. 4 is a kind of flow chart of the risk analysis method shown according to another exemplary embodiment.Risk shown in Fig. 4 Analysis method 40 is " to carry out the target by the knowledge mapping model to S206 in risk analysis method 20 shown in Fig. 2 The detailed description of the risk analysis of entity and the goal behavior ".
As shown in figure 4, determining the value-at-risk of target entity by the knowledge mapping model in S402.It can be for example, obtaining Take the security level of each goal behavior in the knowledge mapping model;And the power by side in the knowledge mapping model The discrepancy of each target entity in target entity set in weight, the security level of goal behavior and knowledge mapping model With or in-degree, determine the value-at-risk of target entity in knowledge mapping model.
In one embodiment, it for target entity Xj each in knowledge mapping model, can be calculated by following equation Its value-at-risk:
Wherein:
The value-at-risk of R (j) expression Xj
Yi indicates to seek its in-degree with associated i-th of the goal behavior of target entity Xj, ID function
Ni is indicated and the associated target entity number of this safety behavior.
The bonding strength of θ (i) expression Xj and Yi
α (i) indicates the risk class of i-th of security risk
In S404, abnormal target entity is determined by the knowledge mapping model.It can be for example, determining that value-at-risk is greater than The target entity of threshold value;Determine the associated entity set of the target entity;And it is greater than in the value-at-risk of the target entity In the associated entity set when value-at-risk of each target entity, determine that the target entity is abnormal target entity.
In one embodiment, threshold value may be, for example, the empirical value T being arranged by experience, for each R (j) > T mesh Entity Xj is marked, determines the associated entity set SR of the target entity, in the present embodiment, the target in associated entity set is real Body is that there are the associated target entity set of goal behavior between abnormal target entity:
{R(k)|j!=k, Xj-Xk}
The value-at-risk for the multiple target entity Xk being connected to Xj.If R (j) meets condition:
Rj> max (Rk)
Then marking R (j) is abnormal target entity.
If the value-at-risk of target entity is not more than the value-at-risk of each target entity in the associated entity set, The target entity is not marked.
Defining security incident in one embodiment is the security risk that its surmounted that target entity is made can undertake One group of goal behavior of range;It can be for example, after determining abnormal target entity, it is believed that abnormal target entity triggers Security incident.
In S406, abnormal goal behavior is determined by the knowledge mapping model.It can be for example, determination be described abnormal Target entity;Pass through the wind of knowledge mapping model determination and each associated goal behavior of abnormal target entity Danger value;And the corresponding goal behavior of maximum risk value is determined as abnormal goal behavior.
For abnormal target entity R (j), according to the following formula:
Influence of all goal behaviors to R (j) can be calculated, and can be marked on the maximum mesh of its security risk influence Mark behavior.
According to the risk analysis method of the disclosure, mentioned using security risk value of the knowledge mapping technology to business goal entity The index that can be carried out with reference to comparison quantified for one.
According to the risk analysis method of the disclosure, when security incident occurs, it is capable of the target of mark initiation security incident Entity.
It can be to the safe thing of business goal entity triggers when security incident occurs according to the risk analysis method of the disclosure The safety behavior of part is traced.
It will be appreciated by those skilled in the art that realizing that all or part of the steps of above-described embodiment is implemented as being executed by CPU Computer program.When the computer program is executed by CPU, above-mentioned function defined by the above method that the disclosure provides is executed Energy.The program can store in a kind of computer readable storage medium, which can be read-only memory, magnetic Disk or CD etc..
Further, it should be noted that above-mentioned attached drawing is only the place according to included by the method for disclosure exemplary embodiment Reason schematically illustrates, rather than limits purpose.It can be readily appreciated that above-mentioned processing shown in the drawings is not indicated or is limited at these The time sequencing of reason.In addition, be also easy to understand, these processing, which can be, for example either synchronously or asynchronously to be executed in multiple modules.
Following is embodiment of the present disclosure, can be used for executing embodiments of the present disclosure.It is real for disclosure device Undisclosed details in example is applied, embodiments of the present disclosure is please referred to.
Fig. 5 is a kind of block diagram of risk analysis device shown according to an exemplary embodiment.Risk analysis device 50 wraps It includes: extraction module 502, model module 504, analysis module 506.
Extraction module 502 is used to obtain being associated between target entity, goal behavior and target entity and goal behavior Relationship;It include: the user extracted in monitoring log, equipment and network address are using as target entity;It extracts in monitoring log Predefined action using as goal behavior;And extract the operation behavior monitored between target entity and goal behavior in log Using as the incidence relation.
Model module 504 is used for using the target entity and the goal behavior as node, by target entity and target Incidence relation between behavior is common to construct knowledge mapping model as side;In knowledge mapping model target entity node with It is connected between goal behavior node by side, is not connected directly between target entity node and target entity node;Target line It is not also connected directly between node and goal behavior node.
Analysis module 506 is used to carry out the wind of the target entity Yu the goal behavior by the knowledge mapping model Danger analysis.It include: the value-at-risk that target entity is determined by the knowledge mapping model;And/or pass through the knowledge mapping mould Type determines abnormal target entity;And/or abnormal goal behavior is determined by the knowledge mapping model.
According to the risk analysis device of the disclosure, using the target entity and the goal behavior as node, by target For incidence relation between entity and goal behavior as side, common establishment knowledge mapping model passes through the knowledge mapping model The mode of the risk analysis of the target entity and the goal behavior is carried out, comprehensive consideration can be carried out to enterprise security, also Can be when security incident occur, it being capable of quick hazardous act and risk object.
Fig. 6 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.
The electronic equipment 200 of this embodiment according to the disclosure is described referring to Fig. 6.The electronics that Fig. 6 is shown Equipment 200 is only an example, should not function to the embodiment of the present disclosure and use scope bring any restrictions.
As shown in fig. 6, electronic equipment 200 is showed in the form of universal computing device.The component of electronic equipment 200 can wrap It includes but is not limited to: at least one processing unit 210, at least one storage unit 220, (including the storage of the different system components of connection Unit 220 and processing unit 210) bus 230, display unit 240 etc..
Wherein, the storage unit is stored with program code, and said program code can be held by the processing unit 210 Row, so that the processing unit 210 executes described in this specification above-mentioned electronic prescription circulation processing method part according to this The step of disclosing various illustrative embodiments.For example, the processing unit 210 can be executed such as Fig. 2, walked shown in Fig. 4 Suddenly.
The storage unit 220 may include the readable medium of volatile memory cell form, such as random access memory Unit (RAM) 2201 and/or cache memory unit 2202 can further include read-only memory unit (ROM) 2203.
The storage unit 220 can also include program/practical work with one group of (at least one) program module 2205 Tool 2204, such program module 2205 includes but is not limited to: operating system, one or more application program, other programs It may include the realization of network environment in module and program data, each of these examples or certain combination.
Bus 230 can be to indicate one of a few class bus structures or a variety of, including storage unit bus or storage Cell controller, peripheral bus, graphics acceleration port, processing unit use any bus structures in a variety of bus structures Local bus.
Electronic equipment 200 can also be with one or more external equipments 300 (such as keyboard, sensing equipment, bluetooth equipment Deng) communication, can also be enabled a user to one or more equipment interact with the electronic equipment 200 communicate, and/or with make Any equipment (such as the router, modulation /demodulation that the electronic equipment 200 can be communicated with one or more of the other calculating equipment Device etc.) communication.This communication can be carried out by input/output (I/O) interface 250.Also, electronic equipment 200 can be with By network adapter 260 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network, Such as internet) communication.Network adapter 260 can be communicated by bus 230 with other modules of electronic equipment 200.It should Understand, although not shown in the drawings, other hardware and/or software module can be used in conjunction with electronic equipment 200, including but unlimited In: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and number According to backup storage system etc..
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the disclosure The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating Equipment (can be personal computer, server or network equipment etc.) executes the above method according to disclosure embodiment.
Fig. 7 schematically shows a kind of computer readable storage medium schematic diagram in disclosure exemplary embodiment.
Refering to what is shown in Fig. 7, describing the program product for realizing the above method according to embodiment of the present disclosure 400, can using portable compact disc read only memory (CD-ROM) and including program code, and can in terminal device, Such as it is run on PC.However, the program product of the disclosure is without being limited thereto, in this document, readable storage medium storing program for executing can be with To be any include or the tangible medium of storage program, the program can be commanded execution system, device or device use or It is in connection.
Described program product can be using any combination of one or more readable mediums.Readable medium can be readable letter Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but be not limited to electricity, magnetic, optical, electromagnetic, infrared ray or System, device or the device of semiconductor, or any above combination.The more specific example of readable storage medium storing program for executing is (non exhaustive List) include: electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), read-only Memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read only memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
The computer readable storage medium may include in a base band or the data as the propagation of carrier wave a part are believed Number, wherein carrying readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetism Signal, optical signal or above-mentioned any appropriate combination.Readable storage medium storing program for executing can also be any other than readable storage medium storing program for executing Readable medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or Person's program in connection.The program code for including on readable storage medium storing program for executing can transmit with any suitable medium, packet Include but be not limited to wireless, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
Can with any combination of one or more programming languages come write for execute the disclosure operation program Code, described program design language include object oriented program language-Java, C++ etc., further include conventional mistake Formula programming language-such as " C " language or similar programming language.Program code can be calculated fully in user It executes in equipment, partly execute on a user device, executing, as an independent software package partially in user calculating equipment Upper part executes on a remote computing or executes in remote computing device or server completely.It is being related to remotely counting In the situation for calculating equipment, remote computing device can pass through the network of any kind, including local area network (LAN) or wide area network (WAN), it is connected to user calculating equipment, or, it may be connected to external computing device (such as utilize ISP To be connected by internet).
Above-mentioned computer-readable medium carries one or more program, when said one or multiple programs are by one When the equipment executes, so that the computer-readable medium implements function such as: it is real to obtain target entity, goal behavior and target Incidence relation between body and goal behavior;Regard the target entity and the goal behavior as node, by target entity and Incidence relation between goal behavior is common to set up knowledge mapping model as side;And by the knowledge mapping model into The risk analysis of the row target entity and the goal behavior.
It will be appreciated by those skilled in the art that above-mentioned each module can be distributed in device according to the description of embodiment, it can also Uniquely it is different from one or more devices of the present embodiment with carrying out corresponding change.The module of above-described embodiment can be merged into One module, can also be further split into multiple submodule.
By the description of above embodiment, those skilled in the art is it can be readily appreciated that example embodiment described herein It can also be realized in such a way that software is in conjunction with necessary hardware by software realization.Therefore, implemented according to the disclosure The technical solution of example can be embodied in the form of software products, which can store in a non-volatile memories In medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) or on network, including some instructions are so that a calculating equipment (can To be personal computer, server, mobile terminal or network equipment etc.) it executes according to the method for the embodiment of the present disclosure.
It is particularly shown and described the exemplary embodiment of the disclosure above.It should be appreciated that the present disclosure is not limited to Detailed construction, set-up mode or implementation method described herein;On the contrary, disclosure intention covers included in appended claims Various modifications and equivalence setting in spirit and scope.

Claims (12)

1. a kind of risk analysis method characterized by comprising
Incidence relation between acquisition target entity, goal behavior and target entity and goal behavior;
Using the target entity and the goal behavior as node, being associated between the target entity and the goal behavior Relationship constructs knowledge mapping model as side;And
The risk analysis of the target entity or the goal behavior is carried out by the knowledge mapping model.
2. the method as described in claim 1, which is characterized in that further include:
The intensity that the incidence relation is determined by the frequency of operation behavior between target entity and goal behavior, by the association Weight of the intensity of relationship as the side of the knowledge mapping model.
3. the method as described in claim 1, which is characterized in that
The target entity includes any combination of user, equipment and network address;And/or
The goal behavior includes multiple predefined actions of target entity;And/or
Incidence relation between the target entity and the goal behavior includes operation behavior.
4. method as claimed in claim 3, which is characterized in that obtain target entity, goal behavior and target entity and mesh Incidence relation between mark behavior includes:
Extract the user in monitoring log, equipment and network address are using as target entity;
The predefined action in monitoring log is extracted using as goal behavior;And
The operation behavior between the target entity and goal behavior in monitoring log is extracted using as the incidence relation.
5. the method as described in claim 1, which is characterized in that by the knowledge mapping model carry out the target entity with The risk analysis of the goal behavior includes:
The value-at-risk of target entity is determined by the knowledge mapping model;And/or
Abnormal target entity is determined by the knowledge mapping model;And/or
Abnormal goal behavior is determined by the knowledge mapping model.
6. method according to claim 2, which is characterized in that determine the risk of target entity by the knowledge mapping model Value includes:
Obtain the security level of each goal behavior in the knowledge mapping model;And
Pass through the mesh in the weight on side, the security level of goal behavior and knowledge mapping model in the knowledge mapping model Mark entity sets in each target entity out-degree and or in-degree, determine the value-at-risk of target entity in knowledge mapping model.
7. method as claimed in claim 6, which is characterized in that calculate the value-at-risk of target entity by risk formula;
Wherein, R (j) is the value-at-risk of target entity Xj, and Yi is to be with associated i-th of the goal behavior of target entity Xj, θ (i) The bonding strength of target entity Xj and Yi, α (i) be target entity Xj security level, ID (Yi) be Yi go out in-degree, Ni be with The associated target entity number of Yi.
8. method as claimed in claim 6, which is characterized in that determine abnormal target entity by the knowledge mapping model Include:
Determine that value-at-risk is greater than the target entity of threshold value;
Determine the associated entity set of the target entity;And
When the value-at-risk of the target entity is greater than the value-at-risk of each target entity in the associated entity set, determine The target entity is abnormal target entity.
9. method according to claim 8, which is characterized in that determine abnormal goal behavior by the knowledge mapping model Include:
Determine the abnormal target entity;
Pass through the value-at-risk of knowledge mapping model determination and each associated goal behavior of abnormal target entity; And
The corresponding goal behavior of maximum risk value is determined as abnormal goal behavior.
10. a kind of risk analysis device characterized by comprising
Extraction module, for obtaining the incidence relation between target entity, goal behavior and target entity and goal behavior;
Model module, for using the target entity and the goal behavior as node, the target entity and the target Incidence relation between behavior constructs knowledge mapping model as side;And
Analysis module, for carrying out the risk point of the target entity or the goal behavior by the knowledge mapping model Analysis.
11. a kind of electronic equipment characterized by comprising
One or more processors;
Storage device, for storing one or more programs;
When one or more of programs are executed by one or more of processors, so that one or more of processors are real The now method as described in any in claim 1-10.
12. a kind of computer-readable medium, is stored thereon with computer program, which is characterized in that described program is held by processor The method as described in any in claim 1-10 is realized when row.
CN201811236573.9A 2018-10-23 2018-10-23 Risk analysis method and device, electronic equipment and computer readable medium Active CN109460664B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201811236573.9A CN109460664B (en) 2018-10-23 2018-10-23 Risk analysis method and device, electronic equipment and computer readable medium
CA3059709A CA3059709A1 (en) 2018-10-23 2019-10-22 Risk analysis method, device and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811236573.9A CN109460664B (en) 2018-10-23 2018-10-23 Risk analysis method and device, electronic equipment and computer readable medium

Publications (2)

Publication Number Publication Date
CN109460664A true CN109460664A (en) 2019-03-12
CN109460664B CN109460664B (en) 2022-05-03

Family

ID=65608212

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811236573.9A Active CN109460664B (en) 2018-10-23 2018-10-23 Risk analysis method and device, electronic equipment and computer readable medium

Country Status (2)

Country Link
CN (1) CN109460664B (en)
CA (1) CA3059709A1 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110209835A (en) * 2019-05-09 2019-09-06 四川九洲电器集团有限责任公司 A kind of method for detecting abnormality and device, computer storage medium and electronic equipment
CN110933101A (en) * 2019-12-10 2020-03-27 腾讯科技(深圳)有限公司 Security event log processing method, device and storage medium
CN111178615A (en) * 2019-12-24 2020-05-19 成都数联铭品科技有限公司 Construction method and system of enterprise risk identification model
CN111292008A (en) * 2020-03-03 2020-06-16 电子科技大学 A risk assessment method for privacy-preserving data release based on knowledge graph
WO2020199621A1 (en) * 2019-04-01 2020-10-08 北京三快在线科技有限公司 Knowledge graph-based fraud detection
CN111949803A (en) * 2020-08-21 2020-11-17 深圳供电局有限公司 A method, device and device for detecting abnormal network users based on knowledge graph
CN112053021A (en) * 2019-06-05 2020-12-08 国网信息通信产业集团有限公司 Feature coding method and device for enterprise operation management risk identification
CN112256889A (en) * 2020-11-06 2021-01-22 奇安信科技集团股份有限公司 Knowledge graph construction method, device, equipment and medium of security entity
CN112351441A (en) * 2019-08-06 2021-02-09 中国移动通信集团广东有限公司 Data processing method and device and electronic equipment
CN113313333A (en) * 2020-02-26 2021-08-27 阿里巴巴集团控股有限公司 Risk judgment method, device and medium for relational network topology
CN113722576A (en) * 2021-05-07 2021-11-30 北京达佳互联信息技术有限公司 Network security information processing method, query method and related device
CN114208128A (en) * 2019-09-11 2022-03-18 华为技术有限公司 Data processing method and device, and computer storage medium
CN115048533A (en) * 2022-06-21 2022-09-13 四维创智(北京)科技发展有限公司 Knowledge graph construction method and device, electronic equipment and readable storage medium

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112256887B (en) * 2020-10-28 2022-06-24 福建亿榕信息技术有限公司 Intelligent supply chain management method based on knowledge graph
CN112785320B (en) * 2021-02-01 2023-09-19 北京互金新融科技有限公司 Credit risk determination method and device, storage medium and electronic equipment
CN113536319B (en) * 2021-07-07 2022-12-13 上海浦东发展银行股份有限公司 Interface risk prediction method and device, computer equipment and storage medium
CN115203689B (en) * 2022-07-25 2023-05-02 广州正则纬创信息科技有限公司 Data security sharing method and system
CN115659307A (en) * 2022-10-18 2023-01-31 国家工业信息安全发展研究中心 Safety protection method, device, equipment and medium for field industrial control terminal equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104519032A (en) * 2013-09-30 2015-04-15 深圳市腾讯计算机系统有限公司 Internet account safety policy and system
US20170124464A1 (en) * 2015-10-28 2017-05-04 Fractal Industries, Inc. Rapid predictive analysis of very large data sets using the distributed computational graph
CN108228706A (en) * 2017-11-23 2018-06-29 中国银联股份有限公司 For identifying the method and apparatus of abnormal transaction corporations
CN108431846A (en) * 2015-12-18 2018-08-21 Aci环球公司 Use pattern analysis Transaction Information

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104519032A (en) * 2013-09-30 2015-04-15 深圳市腾讯计算机系统有限公司 Internet account safety policy and system
US20170124464A1 (en) * 2015-10-28 2017-05-04 Fractal Industries, Inc. Rapid predictive analysis of very large data sets using the distributed computational graph
CN108431846A (en) * 2015-12-18 2018-08-21 Aci环球公司 Use pattern analysis Transaction Information
CN108228706A (en) * 2017-11-23 2018-06-29 中国银联股份有限公司 For identifying the method and apparatus of abnormal transaction corporations

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020199621A1 (en) * 2019-04-01 2020-10-08 北京三快在线科技有限公司 Knowledge graph-based fraud detection
CN110209835A (en) * 2019-05-09 2019-09-06 四川九洲电器集团有限责任公司 A kind of method for detecting abnormality and device, computer storage medium and electronic equipment
CN110209835B (en) * 2019-05-09 2021-09-10 四川九洲电器集团有限责任公司 Anomaly detection method and device, computer storage medium and electronic equipment
CN112053021A (en) * 2019-06-05 2020-12-08 国网信息通信产业集团有限公司 Feature coding method and device for enterprise operation management risk identification
CN112351441B (en) * 2019-08-06 2023-08-15 中国移动通信集团广东有限公司 A data processing method, device and electronic equipment
CN112351441A (en) * 2019-08-06 2021-02-09 中国移动通信集团广东有限公司 Data processing method and device and electronic equipment
CN114208128A (en) * 2019-09-11 2022-03-18 华为技术有限公司 Data processing method and device, and computer storage medium
CN110933101A (en) * 2019-12-10 2020-03-27 腾讯科技(深圳)有限公司 Security event log processing method, device and storage medium
CN111178615A (en) * 2019-12-24 2020-05-19 成都数联铭品科技有限公司 Construction method and system of enterprise risk identification model
CN111178615B (en) * 2019-12-24 2023-10-27 成都数联铭品科技有限公司 Method and system for constructing enterprise risk identification model
CN113313333A (en) * 2020-02-26 2021-08-27 阿里巴巴集团控股有限公司 Risk judgment method, device and medium for relational network topology
CN113313333B (en) * 2020-02-26 2024-12-17 阿里巴巴集团控股有限公司 Risk determination method, device and medium for relational network topology
CN111292008A (en) * 2020-03-03 2020-06-16 电子科技大学 A risk assessment method for privacy-preserving data release based on knowledge graph
CN111949803A (en) * 2020-08-21 2020-11-17 深圳供电局有限公司 A method, device and device for detecting abnormal network users based on knowledge graph
CN111949803B (en) * 2020-08-21 2024-05-28 深圳供电局有限公司 A method, device and equipment for detecting abnormal network users based on knowledge graph
CN112256889B (en) * 2020-11-06 2024-04-12 奇安信科技集团股份有限公司 A method, device, equipment and medium for constructing a knowledge graph of a security entity
CN112256889A (en) * 2020-11-06 2021-01-22 奇安信科技集团股份有限公司 Knowledge graph construction method, device, equipment and medium of security entity
CN113722576A (en) * 2021-05-07 2021-11-30 北京达佳互联信息技术有限公司 Network security information processing method, query method and related device
CN115048533B (en) * 2022-06-21 2023-06-27 四维创智(北京)科技发展有限公司 Knowledge graph construction method and device, electronic equipment and readable storage medium
CN115048533A (en) * 2022-06-21 2022-09-13 四维创智(北京)科技发展有限公司 Knowledge graph construction method and device, electronic equipment and readable storage medium

Also Published As

Publication number Publication date
CN109460664B (en) 2022-05-03
CA3059709A1 (en) 2020-04-23

Similar Documents

Publication Publication Date Title
CN109460664A (en) Risk analysis method, device, Electronic Design and computer-readable medium
Ali et al. Huntgpt: Integrating machine learning-based anomaly detection and explainable ai with large language models (llms)
Brucherseifer et al. Digital Twin conceptual framework for improving critical infrastructure resilience
Wanasinghe et al. Human centric digital transformation and operator 4.0 for the oil and gas industry
Szwed et al. A new lightweight method for security risk assessment based on fuzzy cognitive maps
Kumar et al. Software engineering for big data projects: Domains, methodologies and gaps
CN106815524B (en) Malicious script file detection method and device
CN109564609A (en) It mitigates and corrects using the detection of the computer attack of advanced computers decision-making platform
Nath et al. AI and Blockchain-based source code vulnerability detection and prevention system for multiparty software development
Iturriza et al. Modelling methodologies for analysing critical infrastructures
CN107678852A (en) Method, system, equipment and the storage medium calculated in real time based on flow data
Yu Group decision making under interval‐valued multiplicative intuitionistic fuzzy environment based on Archimedean t‐conorm and t‐norm
Diop et al. A high-level risk management framework as part of an overall asset management process for the assessment of industry 4.0 and its corollary industry 5.0 related new emerging technological risks in socio-technical systems
Sulistiarini Representing knowledge base into database for WAP and web-based expert system
Haimes Strategic preparedness for recovery from catastrophic risks to communities and infrastructure systems of systems
CN109614319B (en) Automated testing method, apparatus, electronic device and computer readable medium
Ospanova et al. Cloud service for protecting computer networks of enterprises using intelligent hardware and software devices, based on raspberry pi microcomputers
Yang et al. Disaster recovery site evaluations and selections for information systems of academic big data
Nateghi et al. The frontiers of uncertainty estimation in interdisciplinary disaster research and practice
US20250138798A1 (en) Platform integration systems and methods
Kassab et al. Unleashing the Potential: Integrating ChatGPT and the Internet of Things for Enhanced User Experiences and Automation
KR20200059730A (en) System and method for automatically evaluating an information security level
CN111178667A (en) Vulnerability-based power system risk assessment method and device
Ying et al. A survey of information intelligent system security risk assessment models, standards and methods
US11722379B2 (en) Systems and methods for a resilient infrastructure simulation environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20221024

Address after: 100102 Room 01, Floor 3, Room 01, Building 2 to 4, Yard 6, Wangjing East Road, Chaoyang District, Beijing

Patentee after: Beijing three cloud computing Co.,Ltd.

Patentee after: BEIJING SANKUAI ONLINE TECHNOLOGY Co.,Ltd.

Address before: 100083 2106-030, 9 North Fourth Ring Road, Haidian District, Beijing.

Patentee before: BEIJING SANKUAI ONLINE TECHNOLOGY Co.,Ltd.

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载