+

CN112948822B - Big data audit scene analysis method and system applied to intelligent education system - Google Patents

Big data audit scene analysis method and system applied to intelligent education system Download PDF

Info

Publication number
CN112948822B
CN112948822B CN202110240968.1A CN202110240968A CN112948822B CN 112948822 B CN112948822 B CN 112948822B CN 202110240968 A CN202110240968 A CN 202110240968A CN 112948822 B CN112948822 B CN 112948822B
Authority
CN
China
Prior art keywords
message
information
risk
monitoring
intelligent education
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110240968.1A
Other languages
Chinese (zh)
Other versions
CN112948822A (en
Inventor
卢启伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Clp Yingshuo Shenzhen Smart Internet Co ltd
Original Assignee
Clp Yingshuo Shenzhen Smart Internet Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Clp Yingshuo Shenzhen Smart Internet Co ltd filed Critical Clp Yingshuo Shenzhen Smart Internet Co ltd
Priority to CN202110240968.1A priority Critical patent/CN112948822B/en
Publication of CN112948822A publication Critical patent/CN112948822A/en
Application granted granted Critical
Publication of CN112948822B publication Critical patent/CN112948822B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/32Monitoring with visual or acoustical indication of the functioning of the machine
    • G06F11/324Display of status information
    • G06F11/327Alarm or error message display
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Quality & Reliability (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a big data audit scene analysis method and a big data audit scene analysis system applied to an intelligent education system, wherein the method comprises the following steps: dividing the intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number; scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting and obtaining messages sent to a target window; and analyzing and processing the message sent to the target window to determine whether risk exists in the big data processing process. The system includes modules corresponding to the steps of the method.

Description

Big data audit scene analysis method and system applied to intelligent education system
Technical Field
The invention provides a big data audit scene analysis method and system applied to an intelligent education system, and belongs to the technical field of intelligent education.
Background
The most direct problem brought by various diversified tools under the big data Hadoop ecological system is diversified programming languages and diversified programming interfaces, so that the coverage of big data security audit is increased, and the data analysis difficulty of big data is enhanced. Therefore, to realize effective audit under the Hadoop big data architecture environment, the various UI management interfaces and the programming interfaces must be simultaneously audited, and the Hadoop big data architecture environment has various protocol analysis and programming language analysis capabilities. The auditing difficulties can be summarized as follows:
1. hadoop big data unstructured data (NO SQL), the traditional scheme can not realize comprehensive safety monitoring of the data;
2. The traditional scheme can only carry out security monitoring on the typical access mode of the C/S client, and lacks comprehensive management means;
3. The Hadoop is an open interface and platform, and the sharing of the information network leads to the increase of data risk points and the increase of stealing and revealing channels;
When Hadoop is applied to a large intelligent education platform system, the risk monitoring management capability is low due to the auditing difficulty, so that the problem of increased data access risk of the large intelligent education platform is caused.
Disclosure of Invention
The invention provides a big data audit scene analysis method and a big data audit scene analysis system applied to an intelligent education system, which are used for solving the problem of lower risk management capability of the existing intelligent education system, and the adopted technical scheme is as follows:
a big data audit scenario analysis method applied to an intelligent educational system, the method comprising:
dividing the intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number;
Scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting and obtaining messages sent to a target window;
And analyzing and processing the message sent to the target window to determine whether risk exists in the big data processing process.
Further, the scanning for each audit unit, obtaining a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting messages, including:
searching a Java layer in a system object in the intelligent education system meeting the specified requirement as a hook point;
placing the hook function into business logic which needs to be processed and analyzed by the intelligent education system object to be executed;
Event messages in execution of business logic requiring processing analysis in the intelligent education system are monitored through a hook function, and messages sent to a target window are intercepted.
Further, the hook point of the specified requirement satisfies the following condition: the system object is a static object.
Further, analyzing and processing the message sent to the target window to determine whether a risk exists in the big data processing process, including:
setting a message storage unit in a storage area of the intelligent education system, and dividing the storage area of the message storage unit, wherein the storage area corresponds to the auditing unit one by one;
copying message contents sent to a target window according to the generation time of the message in turn, generating a corresponding message file according to the copied message contents, and sequentially storing the message file into each storage area in a message storage unit according to the order from early to late of the generation time of the message;
Scanning, analyzing and identifying the information in the information file of each storage area, identifying whether the information or code in the information has the risk information or code stored in the database, and if the information or code does not have the risk information or code stored in the database, indicating the information security, and allowing the information to be sent to a target window; if the risk information or codes stored in the database exist, the message is refused to be sent to the target window, and message interception reminding information is fed back to a sending node of the message;
marking the sending node which sends the risk message, setting a monitoring period for the sending node, and independently monitoring the event message generated by the sending node;
And in the set monitoring period, monitoring each message information sent by the sending node in real time, and carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
Further, the monitoring time is set by the following process:
Judging whether a sending node sending the message with risk sends the message information with risk for the first time, if the party node sends the message information with risk for the first time in the running process of the smart education system on the same day, setting the monitoring period length through a first monitoring time setting model, wherein the first monitoring time setting model is as follows:
when n=1, n-1=1, and
Wherein T 1 represents the monitoring period length obtained by the first setting model of the monitored time; n represents the number of times the message is sent by the sending node on the same day; deltaT i represents the time interval between the (i+1) th transmission message and the (i) th transmission message of the transmission node; Δt represents the time interval between the sending node currently sending the message information with risk and the previous message sending; Δt min represents the minimum time interval for the transmitting node to transmit messages on the same day; delta T max represents the maximum time interval for a sending node to send a message on the same day; t 0 represents the preset initial monitoring period length; delta 1 represents a time adjustment coefficient, and the value range of delta 1 is 0.83-0.94;
If the party node is not currently transmitting the message information with risk for the first time in the running process of the intelligent education system on the same day, setting the monitoring period length through a second monitoring time setting model, wherein the second monitoring time setting model is as follows:
Wherein T 2 represents the monitoring period length obtained by the second setting model of the monitored time; delta 2 represents a time adjustment coefficient, and the value range of delta 2 is 1.13-1.28; m represents the number of times the sending node sends the message information with risk on the same day, and Δt li represents the time interval between the (i+1) th sending of the message information with risk and the (i) th sending of the message information with risk by the sending node.
Further, the risk index of the transmitting node is calculated by the following formula:
wherein, H represents risk index, T represents operation time of the intelligent education system of the current day, L 1、L2 and L 3 respectively represent preset first unit index value, second unit index value and third unit index value, and L 1、L2 and L 3 are natural constants.
A big data audit scenario analysis system for use in an intelligent educational system, the system comprising:
The unit dividing module is used for dividing the intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number;
The hook embedding module is used for scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting and obtaining messages sent to a target window;
and the risk processing module is used for analyzing and processing the message sent to the target window and determining whether the risk exists in the big data processing process.
Further, the hook embedding module includes:
the searching module is used for searching a Java layer in a system object in the intelligent education system meeting the specified requirement to serve as a hook point;
The execution module is used for putting the hook function into business logic which needs to be processed and analyzed by the intelligent education system object to be executed;
And the message acquisition module is used for monitoring event messages in the execution process of business logic to be processed and analyzed in the intelligent education system through a hook function and intercepting the messages sent to the target window.
Further, the hook point of the specified requirement satisfies the following condition: the system object is a static object.
Further, the risk processing module includes:
The storage division module is used for setting message storage units in a storage area of the intelligent education system and dividing the storage areas of the message storage units, wherein the storage areas are in one-to-one correspondence with the auditing units;
The information dividing module is used for copying the message content sent to the target window according to the generation time of the message, generating a corresponding message file according to the copied message content, and sequentially storing the message file into each storage area in the message storage unit according to the sequence from early to late of the generation time of the message;
the scanning identification module is used for carrying out scanning analysis and identification on the information in the information file of each storage area, identifying whether the information or code in the information has risk information or code stored in the database, and if the information or code does not have the risk information or code stored in the database, indicating the information security and allowing the information to be sent to the target window; if the risk information or codes stored in the database exist, the message is refused to be sent to the target window, and message interception reminding information is fed back to a sending node of the message;
The marking module is used for marking the sending node which sends the risk message, setting a monitoring period for the sending node, and independently monitoring the event message generated by the sending node;
and the monitoring module is used for monitoring each message information sent by the sending node in real time in a set monitoring period, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
The invention has the beneficial effects that:
According to the big data audit scene analysis method and system applied to the intelligent education system, provided by the invention, the management efficiency and the message monitoring strength of audit management can be effectively improved through the division of audit units based on functions. Meanwhile, the capturing efficiency of sending the message by each node of the intelligent education system can be effectively improved through embedding the hook function, the capturing success rate of sending the message by each node of the intelligent education system is effectively improved, and the number of missing message capturing is reduced. On the other hand, the big data audit scene analysis method and the big data audit scene analysis system applied to the intelligent education system can effectively improve the monitoring processing efficiency and the monitoring strength of the information risk, enter the monitoring strength of the whole intelligent education system, and greatly improve the data access big safety of the intelligent education system.
Drawings
FIG. 1 is a flow chart of the method of the present invention;
fig. 2 is a system block diagram of the system of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described below with reference to the accompanying drawings, it being understood that the preferred embodiments described herein are for illustration and explanation of the present invention only, and are not intended to limit the present invention.
The embodiment of the invention provides a big data audit scene analysis method applied to an intelligent education system, as shown in figure 1, comprising the following steps:
s1, dividing an intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number;
S2, scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting and obtaining messages sent to a target window;
S3, analyzing and processing the message sent to the target window, and determining whether risk exists in the big data processing process.
The method comprises the steps of scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting the messages, and comprises the following steps:
S201, searching a Java layer in a system object in an intelligent education system meeting the specified requirement as a hook point;
S202, placing the hook function into business logic which needs to be processed and analyzed by an intelligent education system object to be executed;
s203, monitoring event messages in the execution process of business logic to be processed and analyzed in the intelligent education system through a hook function, and intercepting and capturing messages sent to a target window.
Wherein the hook point of the specified requirement satisfies the following condition: the system object is a static object.
The working principle of the technical scheme is as follows: in order to realize the auditing effect of big data, the Hook technology, also called Hook function, is a special message processing mechanism, which can monitor various event messages in a system or a process, intercept and process the messages sent to a target window. Therefore, we can customize hooks in the system to monitor the occurrence of specific events in the system, perform specific functions such as screen word taking, log monitoring, keyboard and mouse input interception, etc. The Hook core may be divided into a thread Hook and a system Hook, with the thread Hook monitoring event messages for a given thread. The system hook monitors event messages for all threads in the system. Specific:
Firstly, dividing an intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number; then, scanning is carried out aiming at each audit unit to obtain a hook point, a hook function is embedded in the hook point, event information generated by each audit unit is monitored, and information sent to a target window is intercepted and obtained; and finally, analyzing and processing the message sent to the target window to determine whether risk exists in the big data processing process.
The steps implemented by the Hook technology are divided into two steps, wherein a Hook point (Java layer) is found in the first step, and the Hook point must meet the following conditions: the method of Hook is needed, the object must be static, because the Hook technology acquires the object through reflection, and the Hook technology acquires the object of the system, so that a new object cannot be new, and the object must be created by the system, so that the consistency with the object of the system can be guaranteed only by static state. The second step is to put the Hook method outside the system for execution, namely to put the business logic to be processed and analyzed, based on the solution thought, the design of the big data audit system will carry out secondary development on the big data Hadoop core ecological assembly, and the Hook technology is fused on the basis of the original codes to acquire the operation event information in the assembly, thereby realizing the audit of the operation application. The method specifically comprises the following steps:
Firstly, searching a Java layer in a system object in an intelligent education system meeting the specified requirement as a hook point; then, the hook function is put into business logic which needs to be processed and analyzed by the intelligent education system object to be executed; finally, the event messages of business logic which needs to be processed and analyzed in the intelligent education system are monitored through a hook function, and meanwhile, the messages sent to a target window are intercepted.
The technical scheme has the effects that: by dividing audit units based on functions, the management efficiency of audit management and the message monitoring strength can be effectively improved. Meanwhile, the capturing efficiency of sending the message by each node of the intelligent education system can be effectively improved through embedding the hook function, the capturing success rate of sending the message by each node of the intelligent education system is effectively improved, and the number of missing message capturing is reduced. On the other hand, the monitoring processing efficiency and the monitoring processing strength of the information risk can be effectively improved, the monitoring strength of the whole intelligent education system is improved, and the data access safety of the intelligent education system is greatly improved.
In one embodiment of the present invention, analyzing the message sent to the target window to determine whether there is a risk in the big data processing process includes:
S301, setting a message storage unit in a storage area of the intelligent education system, and dividing the storage area of the message storage unit, wherein the storage area corresponds to the auditing unit one by one;
S302, copying message contents sent to a target window according to the generation time of the message, generating a corresponding message file according to the copied message contents, and sequentially storing the message file into each storage area in a message storage unit according to the order from early to late of the generation time of the message;
S303, carrying out scanning analysis and identification on the information in the information file of each storage area, identifying whether the information or code in the information has risk information or code stored in a database, and if the information or code does not have the risk information or code stored in the database, indicating that the information is safe, and allowing the information to be sent to a target window; if the risk information or codes stored in the database exist, the message is refused to be sent to the target window, and message interception reminding information is fed back to a sending node of the message;
S304, marking the sending node which sends the risk message, setting a monitoring period for the sending node, and independently monitoring event messages generated by the sending node;
And S305, monitoring each message information sent by the sending node in real time in a set monitoring period, and performing risk processing on each message information, wherein when the risk index reaches a risk threshold value, the intelligent education system alarms to prompt operation and maintenance personnel to perform risk processing.
The working principle of the technical scheme is as follows: firstly, setting a message storage unit in a storage area of an intelligent education system, and dividing the storage area of the message storage unit, wherein the storage area corresponds to an auditing unit one by one; then, copying the message content sent to the target window according to the generation time of the message, generating a corresponding message file according to the copied message content, and sequentially storing the message file into each storage area in the message storage unit according to the order from early to late of the generation time of the message; then, the information in the information file of each storage area is scanned, analyzed and identified, whether the information or code in the information has the risk information or code stored in the database or not is identified, if the risk information or code stored in the database does not exist, the information is indicated to be safe, and the information is allowed to be sent to the target window; if the risk information or codes stored in the database exist, the message is refused to be sent to the target window, and message interception reminding information is fed back to a sending node of the message; then, marking the sending node which sends the risk message, setting a monitoring period for the sending node, and independently monitoring the event message generated by the sending node; and finally, in a set monitoring period, monitoring each message information sent by the sending node in real time, and performing risk processing on each message information, wherein when the risk index reaches a risk threshold value, the intelligent education system alarms to prompt operation and maintenance personnel to perform risk processing.
The technical scheme has the effects that: through the risk monitoring in the mode, the monitoring processing efficiency and the monitoring processing strength of the information risk can be effectively improved, the monitoring strength of the whole intelligent education system is improved, and the data access safety of the intelligent education system is greatly improved.
In one embodiment of the present invention, the monitoring time is set by the following procedure:
Judging whether a sending node sending the message with risk sends the message information with risk for the first time, if the party node sends the message information with risk for the first time in the running process of the smart education system on the same day, setting the monitoring period length through a first monitoring time setting model, wherein the first monitoring time setting model is as follows:
when n=1, n-1=1, and
Wherein T 1 represents the monitoring period length obtained by the first setting model of the monitored time; n represents the number of times the message is sent by the sending node on the same day; deltaT i represents the time interval between the (i+1) th transmission message and the (i) th transmission message of the transmission node; Δt represents the time interval between the sending node currently sending the message information with risk and the previous message sending; Δt min represents the minimum time interval for the transmitting node to transmit messages on the same day; delta T max represents the maximum time interval for a sending node to send a message on the same day; t 0 represents the preset initial monitoring period length; delta 1 represents a time adjustment coefficient, and the value range of delta 1 is 0.83-0.94;
If the party node is not currently transmitting the message information with risk for the first time in the running process of the intelligent education system on the same day, setting the monitoring period length through a second monitoring time setting model, wherein the second monitoring time setting model is as follows:
Wherein T 2 represents the monitoring period length obtained by the second setting model of the monitored time; delta 2 represents a time adjustment coefficient, and the value range of delta 2 is 1.13-1.28; m represents the number of times the sending node sends the message information with risk on the same day, and Δt li represents the time interval between the (i+1) th sending of the message information with risk and the (i) th sending of the message information with risk by the sending node.
The technical scheme has the effects that: the monitoring time obtained through the formula can be pertinently set according to the actual running condition of the message sending node, so that the set monitoring time length can effectively meet the requirement that the monitoring module effectively monitors the risk message sending node, and the monitoring time length can meet the judgment time length of risk index acquisition, thereby effectively improving the accuracy of risk index acquisition of the subsequent sending node, avoiding the occurrence of the problem of insufficient monitoring efficiency and strength of the sending node caused by insufficient time length of the fixed monitoring time length, and further causing adverse effects on the accuracy of risk index evaluation of the subsequent message sending node.
On the other hand, the monitoring time length obtained through the formula is highly matched with the actual message sending condition of the message sending node, so that the setting of the monitoring time length can ensure that the sending node is effectively monitored, the rationality of the running time length of the monitoring module can be ensured, the excessive resource consumption of the education system can be effectively reduced while the monitoring force of the sending node is improved, excessive system resources are prevented from being consumed for overlong monitoring time, and the running load of the system is increased.
The risk index of the transmitting node is calculated by the following formula:
wherein, H represents risk index, T represents operation time of the intelligent education system of the current day, L 1、L2 and L 3 respectively represent preset first unit index value, second unit index value and third unit index value, and L 1、L2 and L 3 are natural constants.
The technical scheme has the effects that: through the risk index, effective and accurate risk assessment can be carried out on each message sending node of the intelligent education system.
The embodiment of the invention provides a big data audit scene analysis system applied to an intelligent education system, as shown in fig. 2, comprising:
The unit dividing module is used for dividing the intelligent education platform into k auditing units according to different implementation functions, wherein k is a natural number;
The hook embedding module is used for scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting and obtaining messages sent to a target window;
and the risk processing module is used for analyzing and processing the message sent to the target window and determining whether the risk exists in the big data processing process.
Wherein, the hook embedding module includes:
the searching module is used for searching a Java layer in a system object in the intelligent education system meeting the specified requirement to serve as a hook point;
The execution module is used for putting the hook function into business logic which needs to be processed and analyzed by the intelligent education system object to be executed;
And the message acquisition module is used for monitoring event messages in the execution process of business logic to be processed and analyzed in the intelligent education system through a hook function and intercepting the messages sent to the target window.
Wherein the hook point of the specified requirement satisfies the following condition: the system object is a static object.
The working principle of the technical scheme is as follows: firstly, dividing an intelligent education platform into k auditing units according to different implementation functions through a unit dividing module, wherein k is a natural number; then, scanning each audit unit by utilizing a hook embedding module to acquire a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting and acquiring messages sent to a target window; and then, analyzing and processing the message sent to the target window by adopting a risk processing module to determine whether the risk exists in the big data processing process.
The operation process of the hook embedding module comprises the following steps:
firstly, searching a Java layer in a system object in an intelligent education system meeting specified requirements through a searching module to serve as a hook point; then, the executing module is utilized to put the hook function into business logic which is needed to be processed and analyzed by the intelligent education system object for executing; finally, a message acquisition module is adopted to monitor event messages in the execution process of business logic needing to be processed and analyzed in the intelligent education system through a hook function, and meanwhile, the messages sent to a target window are intercepted.
The technical scheme has the effects that: by dividing audit units based on functions, the management efficiency of audit management and the message monitoring strength can be effectively improved. Meanwhile, the capturing efficiency of sending the message by each node of the intelligent education system can be effectively improved through embedding the hook function, the capturing success rate of sending the message by each node of the intelligent education system is effectively improved, and the number of missing message capturing is reduced. On the other hand, the monitoring processing efficiency and the monitoring processing strength of the information risk can be effectively improved, the monitoring strength of the whole intelligent education system is improved, and the data access safety of the intelligent education system is greatly improved.
In one embodiment of the present invention, the risk processing module includes:
The storage division module is used for setting message storage units in a storage area of the intelligent education system and dividing the storage areas of the message storage units, wherein the storage areas are in one-to-one correspondence with the auditing units;
The information dividing module is used for copying the message content sent to the target window according to the generation time of the message, generating a corresponding message file according to the copied message content, and sequentially storing the message file into each storage area in the message storage unit according to the sequence from early to late of the generation time of the message;
the scanning identification module is used for carrying out scanning analysis and identification on the information in the information file of each storage area, identifying whether the information or code in the information has risk information or code stored in the database, and if the information or code does not have the risk information or code stored in the database, indicating the information security and allowing the information to be sent to the target window; if the risk information or codes stored in the database exist, the message is refused to be sent to the target window, and message interception reminding information is fed back to a sending node of the message;
The marking module is used for marking the sending node which sends the risk message, setting a monitoring period for the sending node, and independently monitoring the event message generated by the sending node;
and the monitoring module is used for monitoring each message information sent by the sending node in real time in a set monitoring period, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
The working principle of the technical scheme is as follows: firstly, setting a message storage unit in a storage area of an intelligent education system through a storage division module, and dividing the storage area of the message storage unit, wherein the storage area corresponds to an auditing unit one by one; then, the information dividing module is utilized to copy the message content sent to the target window according to the generation time of the message, and corresponding message files are generated according to the copied message content, and the message files are sequentially stored in all storage areas in the message storage unit according to the order from early to late of the generation time of the message; then, the scanning recognition module is adopted to scan, analyze and recognize the information in the information file of each storage area, and recognize whether the information or code in the information has the risk information or code stored in the database, if the information or code does not have the risk information or code stored in the database, the information is safe, and the information is allowed to be sent to the target window; if the risk information or codes stored in the database exist, the message is refused to be sent to the target window, and message interception reminding information is fed back to a sending node of the message; then, marking the sending node which sends the risk message by using a marking module, setting a monitoring period for the sending node, and independently monitoring the event message generated by the sending node; and finally, monitoring each message information transmitted by the transmitting node in real time through a monitoring module in a set monitoring period, and performing risk processing on each message information, wherein when the risk index reaches a risk threshold value, the intelligent education system alarms to prompt operation and maintenance personnel to perform risk processing.
The technical scheme has the effects that: through the risk monitoring in the mode, the monitoring processing efficiency and the monitoring processing strength of the information risk can be effectively improved, the monitoring strength of the whole intelligent education system is improved, and the data access safety of the intelligent education system is greatly improved.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (8)

1. A big data audit scenario analysis method applied to an intelligent education system, the method comprising:
dividing the intelligent education platform into k audit units according to different implementation functions, wherein k is a natural number;
Scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting and obtaining messages sent to a target window;
Analyzing and processing the message sent to the target window, and determining whether risk exists in the big data processing process;
Wherein the message sent to the target window is analyzed and processed to determine whether risk exists in the big data processing process,
Comprising the following steps:
setting a message storage unit in a storage area of the intelligent education system, and dividing the storage area of the message storage unit, wherein the storage area corresponds to the auditing unit one by one;
copying message contents sent to a target window according to the generation time of the message in turn, generating a corresponding message file according to the copied message contents, and sequentially storing the message file into each storage area in a message storage unit according to the order from early to late of the generation time of the message;
Scanning, analyzing and identifying the information in the information file of each storage area, identifying whether the information or code in the information has the risk information or code stored in the database, and if the information or code does not have the risk information or code stored in the database, indicating the information security, and allowing the information to be sent to a target window; if the risk information or codes stored in the database exist, the message is refused to be sent to the target window, and message interception reminding information is fed back to a sending node of the message;
marking the sending node which sends the risk message, setting a monitoring period for the sending node, and independently monitoring the event message generated by the sending node;
And in the set monitoring period, monitoring each message information sent by the sending node in real time, and carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
2. The method for analyzing a data audit scene according to claim 1, wherein the steps of scanning for each audit unit, obtaining a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting the messages include:
searching a Java layer in a system object in the intelligent education system meeting the specified requirement as a hook point;
placing the hook function into business logic which needs to be processed and analyzed by the intelligent education system object to be executed;
Event messages in execution of business logic requiring processing analysis in the intelligent education system are monitored through a hook function, and messages sent to a target window are intercepted.
3. The data audit scenario analysis method according to claim 2 wherein the hook points specifying requirements satisfy the following conditions: the system object is a static object.
4. The data audit scenario analysis method according to claim 1 wherein the monitoring period is set by:
judging whether a sending node for sending the message with risk sends the message information with risk for the first time, if the node currently sends the message information with risk for the first time in the running process of the intelligent education system on the same day, setting the length of a monitoring period through a first setting model of the monitoring period, wherein the first setting model of the monitoring period is as follows:
when n=1, n-1=1, and
Wherein T 1 represents the monitoring period length obtained by the monitoring period first setting model; n represents the number of times the message is sent by the sending node on the same day; deltaT i represents the time interval between the (i+1) th transmission message and the (i) th transmission message of the transmission node; Δt represents the time interval between the sending node currently sending the message information with risk and the previous message sending; Δt min represents the minimum time interval for the transmitting node to transmit messages on the same day; delta T max represents the maximum time interval for a sending node to send a message on the same day; t 0 represents the preset initial monitoring period length; delta 1 represents a time adjustment coefficient, and the value range of delta 1 is 0.83-0.94;
If the node is not currently transmitting the message information with risk for the first time in the running process of the intelligent education system on the same day, setting the monitoring period length through a second setting model of the monitoring period, wherein the second setting model of the monitoring period is as follows:
Wherein T 2 represents the monitoring period length obtained by the overserved period second setting model; delta 2 represents a time adjustment coefficient, and the value range of delta 2 is 1.13-1.28; m represents the number of times the sending node sends the message information with risk on the same day, and Δt li represents the time interval between the (i+1) th sending of the message information with risk and the (i) th sending of the message information with risk by the sending node.
5. The data audit scenario analysis method according to claim 4 wherein the risk index of the transmitting node is calculated by the formula:
wherein, H represents risk index, T represents operation time of the intelligent education system of the current day, L 1、L2 and L 3 respectively represent preset first unit index value, second unit index value and third unit index value, and L 1、L2 and L 3 are natural constants.
6. A big data audit scenario analysis system for an intelligent educational system, the system comprising:
the unit dividing module is used for dividing the intelligent education platform into k audit units according to different implementation functions, wherein k is a natural number;
The hook embedding module is used for scanning each audit unit to obtain a hook point, embedding a hook function in the hook point, monitoring event messages generated by each audit unit, and intercepting and obtaining messages sent to a target window;
The risk processing module is used for analyzing and processing the message sent to the target window and determining whether the risk exists in the big data processing process;
The risk processing module includes:
The storage division module is used for setting message storage units in a storage area of the intelligent education system and dividing the storage areas of the message storage units, wherein the storage areas are in one-to-one correspondence with the auditing units;
The information dividing module is used for copying the message content sent to the target window according to the generation time of the message, generating a corresponding message file according to the copied message content, and sequentially storing the message file into each storage area in the message storage unit according to the sequence from early to late of the generation time of the message;
the scanning identification module is used for carrying out scanning analysis and identification on the information in the information file of each storage area, identifying whether the information or code in the information has risk information or code stored in the database, and if the information or code does not have the risk information or code stored in the database, indicating the information security and allowing the information to be sent to the target window; if the risk information or codes stored in the database exist, the message is refused to be sent to the target window, and message interception reminding information is fed back to a sending node of the message;
The marking module is used for marking the sending node which sends the risk message, setting a monitoring period for the sending node, and independently monitoring the event message generated by the sending node;
and the monitoring module is used for monitoring each message information sent by the sending node in real time in a set monitoring period, carrying out risk processing on each message information, and when the risk index reaches a risk threshold value, giving an alarm by the intelligent education system to prompt operation and maintenance personnel to carry out risk processing.
7. The data audit scenario analysis system according to claim 6 wherein the hook embedding module includes:
the searching module is used for searching a Java layer in a system object in the intelligent education system meeting the specified requirement to serve as a hook point;
The execution module is used for putting the hook function into business logic which needs to be processed and analyzed by the intelligent education system object to be executed;
And the message acquisition module is used for monitoring event messages in the execution process of business logic to be processed and analyzed in the intelligent education system through a hook function and intercepting the messages sent to the target window.
8. The data audit scenario analysis system according to claim 7 wherein the hook points specifying requirements satisfy the following conditions: the system object is a static object.
CN202110240968.1A 2021-03-04 2021-03-04 Big data audit scene analysis method and system applied to intelligent education system Active CN112948822B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110240968.1A CN112948822B (en) 2021-03-04 2021-03-04 Big data audit scene analysis method and system applied to intelligent education system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110240968.1A CN112948822B (en) 2021-03-04 2021-03-04 Big data audit scene analysis method and system applied to intelligent education system

Publications (2)

Publication Number Publication Date
CN112948822A CN112948822A (en) 2021-06-11
CN112948822B true CN112948822B (en) 2024-10-18

Family

ID=76247665

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110240968.1A Active CN112948822B (en) 2021-03-04 2021-03-04 Big data audit scene analysis method and system applied to intelligent education system

Country Status (1)

Country Link
CN (1) CN112948822B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114390012A (en) * 2021-12-15 2022-04-22 中国电子科技集团公司第三十研究所 West trust application data evidence obtaining method based on reverse analysis
CN117596223B (en) * 2024-01-18 2024-06-25 北京亿赛通科技发展有限责任公司 Method, device and system for managing and controlling outgoing messages of instant messaging software client

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106897609A (en) * 2015-12-17 2017-06-27 北京奇虎科技有限公司 The method and device that a kind of application program to dynamic load is monitored

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10503822B1 (en) * 2012-03-02 2019-12-10 Apparity, LLC Application tracking, auditing and collaboration systems and methods
US9497212B2 (en) * 2012-05-21 2016-11-15 Fortinet, Inc. Detecting malicious resources in a network based upon active client reputation monitoring
CN104091098A (en) * 2014-07-15 2014-10-08 福建师范大学 Document operation safety auditing system
CN106936793B (en) * 2015-12-30 2020-03-17 腾讯科技(深圳)有限公司 Information interception processing method and terminal
US10706131B2 (en) * 2016-06-10 2020-07-07 OneTrust, LLC Data processing systems and methods for efficiently assessing the risk of privacy campaigns
KR101813840B1 (en) * 2017-08-22 2017-12-29 국민건강보험공단 System for performing audit task using risk evaluation analysis and method thereof
CN107992751B (en) * 2017-12-21 2020-05-08 苏州浪潮智能科技有限公司 A real-time threat detection method based on branch behavior model
CN109525593B (en) * 2018-12-20 2022-02-22 中科曙光国际信息产业有限公司 Centralized safety management and control system and method for hadoop big data platform
CN111107054B (en) * 2019-11-21 2021-09-17 深信服科技股份有限公司 Data auditing method, device, equipment and storage medium
CN111552700B (en) * 2020-04-23 2020-12-08 国网河北省电力有限公司 An intelligent auditing system for dynamic auditing of power system projects
CN112084091B (en) * 2020-09-09 2021-07-30 北京升鑫网络科技有限公司 System behavior auditing method, device, terminal and storage medium

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106897609A (en) * 2015-12-17 2017-06-27 北京奇虎科技有限公司 The method and device that a kind of application program to dynamic load is monitored

Also Published As

Publication number Publication date
CN112948822A (en) 2021-06-11

Similar Documents

Publication Publication Date Title
CN110232006B (en) Equipment alarm method and related device
CN112948822B (en) Big data audit scene analysis method and system applied to intelligent education system
CN110442582B (en) Scene detection method, device, equipment and medium
CN112478483B (en) Automatic monitoring and early warning method and system for hazardous chemical substance normal-pressure storage tank
CN113704772B (en) Safety protection processing method and system based on user behavior big data mining
CN106452815B (en) An information management method, device and system
CN103701783A (en) Preprocessing unit, data processing system consisting of same, and processing method
CN111612422A (en) Method and device for responding to emergency, storage medium and equipment
CN107506408A (en) To the method and system of magnanimity event distribution formula association matching
CN119402282A (en) A network security alarm automatic analysis method, device, equipment and medium
CN105323751A (en) Mobile phone short message monitoring device
CN115344455A (en) Log processing method and device, electronic equipment and storage medium
CN111353116B (en) Content detection method, system and device, client device and storage medium
CN117201501B (en) Intelligent engineering sharing management system and operation method
CN118279106A (en) City management method based on AI city retina
CN116049877B (en) Method, system, equipment and storage medium for identifying and desensitizing private data
CN105430623A (en) Monitoring method, device and system for RCS junk message
CN112307271A (en) A safety monitoring method and device for remote control business of distribution automation system
CN117894171A (en) Intelligent transportation software unified management system
CN113032089B (en) Distributed simulation service construction method based on API gateway
CN112511360B (en) Multi-source service platform data security component monitoring method and system
CN115765151A (en) A safety operation and maintenance management method and system for substation secondary equipment
Subach et al. Rule-oriented Method of Cyber Incidents Detection by SIEM Based on Fuzzy Logical Inference.
CN115237998A (en) Information auditing processing method and device
CN114221787B (en) Network security processing method, system and storage medium based on time strategy

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载