CN110298178A - Credible policy learning method and device, credible and secure management platform - Google Patents
Credible policy learning method and device, credible and secure management platform Download PDFInfo
- Publication number
- CN110298178A CN110298178A CN201910605616.4A CN201910605616A CN110298178A CN 110298178 A CN110298178 A CN 110298178A CN 201910605616 A CN201910605616 A CN 201910605616A CN 110298178 A CN110298178 A CN 110298178A
- Authority
- CN
- China
- Prior art keywords
- access behavior
- history
- behavior
- space
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of credible policy learning method and devices, credible and secure management platform.Wherein, this method comprises: the history for obtaining destination application accesses behavioral data, wherein history access behavioral data includes: the access behavior of at least one history;Extract the behavioural characteristic of each history access behavior, wherein, behavioural characteristic includes: to be used to indicate the operating characteristics operated performed by main object in history access behavior, the temporal characteristics for the time of origin for being used to indicate history access behavior, be used to indicate the object feature of the accessed object of main body in history access behavior, be used to indicate the caller feature that main body is called by other application program in history access behavior;The behavioural characteristic of each history access behavior is respectively mapped in space-time, wherein one of point in space-time is used to indicate the behavioural characteristic of one of history access behavior;The corresponding credible strategy of destination application is obtained based on space-time.
Description
Technical field
The present invention relates to credible administrative skill field, in particular to a kind of credible policy learning method and device, can
Believe safety management platform.
Background technique
In the related art, trust computing needs to carry out credible measurement according to credible strategy, currently, credible strategy is usually
Safety officer is based on itself cognition manual configuration to application routine access behavior, if credible strategy needs to update,
It is to be updated by safety officer's manual configuration.But the credible strategy of safety officer's manual configuration is to safety officer
Subjective consciousness dependence it is larger, due to safety officer to application routine access behavior cognition asking there may be one-sided
Topic, it will cause the configuration accuracy of credible strategy lower, and safety officer carries out analysis to application routine access behavior and needs
It consumes a longer time, it is also that the allocative efficiency that will lead to credible strategy is lower.In addition, being carried out manually by safety officer credible
Policy update, it will cause credible policy update efficiency lower.
For above-mentioned problem, currently no effective solution has been proposed.
Summary of the invention
The embodiment of the invention provides a kind of credible policy learning method and devices, credible and secure management platform, at least
It solves to configure the low technical problem of accuracy by the credible strategy of safety officer's manual configuration in the related technology.
According to an aspect of an embodiment of the present invention, a kind of credible policy learning method is provided, comprising: obtain target and answer
Behavioral data is accessed with the history of program, wherein the history access behavioral data includes: the access behavior of at least one history;
Extract the behavioural characteristic of each history access behavior, wherein the behavioural characteristic includes: to be used to indicate the history access
Performed operating characteristics operated of main object in behavior, be used to indicate the history access behavior time of origin time
Feature is used to indicate the object feature of the accessed object of main body in the history access behavior, is used to indicate the history access
The caller feature that main body is called by other application program in behavior;By the behavioural characteristic difference of each history access behavior
It is mapped in space-time, wherein one of point in the space-time is used to indicate one of them described history access
The behavioural characteristic of behavior;The corresponding credible strategy of the destination application is obtained based on the space-time.
Optionally, described after obtaining the corresponding credible strategy of the destination application based on the space-time
Learning method further include: calculate the central point and variance yields of all the points in the space-time;New access behavioral data is received,
Wherein, the new access behavioral data includes: at least one new access behavior;The new access behavior is mapped into institute
Space-time is stated, with the new behavior point of determination, and calculates the distance value of new the behavior point and the central point;If it is described away from
It is less than the variance yields from value, it is determined that the new access behavior is normal;If the distance value is greater than or equal to the variance
Value, it is determined that the new access abnormal behavior.
Optionally, after determining that the new access behavior is normal, the learning method further include: by the new visit
Ask that behavior carries out track convergence, to determine Local Subspace corresponding with the normal access behavior of the destination application,
In, the Local Subspace is the subspace of the space-time.
Optionally, the step of the corresponding credible strategy of the destination application is obtained based on the space-time, comprising:
Acquisition strategy transformation rule;Based on the translation rule, by the corresponding each point of the space-time be converted to it is described can
Letter strategy.
According to another aspect of an embodiment of the present invention, a kind of credible policy learning device is additionally provided, comprising: first obtains
Unit, the history for obtaining destination application access behavioral data, wherein history access behavioral data include: to
Few history accesses behavior;Extraction unit, for extracting the behavioural characteristic of each history access behavior, wherein described
Behavioural characteristic includes: to be used to indicate the performed operating characteristics operated of main object in the history access behavior, for referring to
Show the temporal characteristics of the time of origin of the history access behavior, be used to indicate the accessed visitor of main body in the history access behavior
The object feature of body is used to indicate the caller feature that main body is called by other application program in the history access behavior;It reflects
Unit is penetrated, for the behavioural characteristic of each history access behavior to be respectively mapped in space-time, wherein the four-dimension
One of point in space is used to indicate the behavioural characteristic of one of them history access behavior;Second acquisition unit is used
In based on the corresponding credible strategy of the space-time acquisition destination application.
Optionally, the learning device further include: computing unit, for obtaining the target based on the space-time
After the corresponding credible strategy of application program, the central point and variance yields of all the points in the space-time are calculated;Receiving unit,
For receiving new access behavioral data, wherein the new access behavioral data includes: at least one new access behavior;
First determination unit with the new behavior point of determination, and is calculated for the new access behavior to be mapped to the space-time
The distance value of new the behavior point and the central point;Second determination unit, for being less than the variance in the distance value
When value, determine that the new access behavior is normal;Third determination unit, for being greater than or equal to the variance in the distance value
When value, the new access abnormal behavior is determined.
Optionally, the learning device further include: the 4th determination unit, for determining that the new access behavior is normal
Later, the new access behavior is subjected to track convergence, with the determining normal access behavior pair with the destination application
The Local Subspace answered, wherein the Local Subspace is the subspace of the space-time.
Optionally, the second acquisition unit includes: acquisition module, is used for acquisition strategy transformation rule;Conversion module is used
In being based on the translation rule, the corresponding each point of the space-time is converted into the credible strategy.
According to another aspect of an embodiment of the present invention, a kind of credible and secure management platform is additionally provided, comprising: memory,
The processor coupled with the memory, the memory and the processor are communicated by bus system;The memory
For storing program, wherein equipment where described program controls the memory when being executed by processor executes above-mentioned any
Credible policy learning method described in one, the processor is for running program, wherein described program executes above-mentioned when running
Credible policy learning method described in any one.
According to another aspect of an embodiment of the present invention, a kind of processor is additionally provided, the processor is used to run program,
Wherein, credible policy learning method described in above-mentioned any one is executed when described program is run.
In embodiments of the present invention, behavioral data is accessed using the history for obtaining destination application, wherein history access
Behavioral data includes: the access behavior of at least one history, then extracts the behavioural characteristic of each history access behavior, wherein row
Be characterized includes: to be used to indicate the performed operating characteristics operated of main object in history access behavior, be used to indicate history
The temporal characteristics of the time of origin of access behavior, be used to indicate the object feature of the accessed object of main body in history access behavior,
It is used to indicate the caller feature that main body is called by other application program in history access behavior, by the access behavior of each history
Behavioural characteristic is respectively mapped in space-time, wherein one of point in space-time is used to indicate one of history
The behavioural characteristic of access behavior can finally obtain the corresponding credible strategy of destination application based on space-time.In the implementation
In example, behavioral data can be accessed by the history to destination application and carries out feature extraction and Feature Mapping, it is automatic to learn
To credible strategy corresponding with application program, it is not necessarily to the credible strategy of safety officer's manual configuration, it is flat by credible and secure management
The automatic study of platform has reached more accurate and content comprehensively learn to obtain credible strategy, thus solution in the related technology by
Safety officer's manual configuration is credible strategy, the low technical problem of configuration accuracy.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is a kind of flow chart of optional credible policy learning method according to an embodiment of the present invention;
A kind of Fig. 2 schematic diagram of optional credible policy learning device according to an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work
It encloses.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to illustrating herein or
Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to
Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product
Or other step or units that equipment is intrinsic.
To understand the present invention convenient for user, solution is made to part term or noun involved in various embodiments of the present invention below
It releases:
TCM: credible password module, the hardware module of credible calculating platform provide crypto-operation function for credible calculating platform
Can, there is shielded memory space.
TPCM: credible platform control module, one kind are integrated in credible calculating platform, for establishing and ensureing trust source point
Hardware core module, provide integrity measurement, secure storage, credible report and the functions such as cryptographic service for trust computing.
TSB: trusted software base, for credible calculating platform credibility provide support software element set.
The executing subject of credible policy learning method in various embodiments of the present invention is credible and secure management platform, credible peace
Full management platform is used for the multiple credible calculating platforms of support maintenance, and credible calculating platform includes parallel computing subsystem and protection
Subsystem, wherein computing subsystem protects subsystem for according to credible tactful to calculating subsystem for completing calculating task
System carries out active measurement, and credible calculating platform is responsible for the access behavioral data of acquisition applications program, and is reported to credible and secure pipe
Platform.
Above-mentioned credible calculating platform can include but is not limited to: plate, mobile terminal, PC, IPAD and server etc..It is right
Need to formulate the different credible strategies that is immunized in different service applications and user's scene, credible policy learning is according to node one
What the action trail intelligent conversion that the behavioural characteristic of the history access behavior of section time learns user automatically was described at policy language
Credible strategy, edits and is safeguarded for system safety manager.After carrying out active measurement by credible strategy, determine credible
Whether strategy is comprehensive to the security protection of credible calculating platform, accurate, so that the credible strategy of each credible calculating platform meets
Degree is beyond default degree of conformity numerical value.
The following embodiments of the present invention are by devising a kind of credible policy learning method, in deployment credible calculating platform (TSB
Or TPCM+TSB) after, behavioral data can be accessed based on the history of application program, statistics is carried out to history access behavioral data and is returned
It receives, it is automatic to learn credible strategy corresponding with application program, improve the formation efficiency of credible strategy;Then it can continue iteration more
New credible strategy, so that credible strategy and the degree of conformity of service application behavior are continuously improved, it is ensured that the accuracy of credible strategy.
According to embodiments of the present invention, a kind of credible policy learning embodiment of the method is provided, it should be noted that in attached drawing
Process the step of illustrating can execute in a computer system such as a set of computer executable instructions, although also,
Logical order is shown in flow charts, but in some cases, can be executed with the sequence for being different from herein it is shown or
The step of description.
Fig. 1 is a kind of flow chart of optional credible policy learning method according to an embodiment of the present invention, as shown in Figure 1,
This method comprises the following steps:
Step S102 obtains the history access behavioral data of destination application, wherein history accesses behavioral data packet
Include: at least one history accesses behavior;
Step S104 extracts the behavioural characteristic of each history access behavior, wherein behavioural characteristic includes: to be used to indicate to go through
Performed operating characteristics operated of main object in history access behavior, be used to indicate history access behavior time of origin when
Between feature, be used to indicate the object feature of the accessed object of main body in history access behavior, be used to indicate in history access behavior
The caller feature that main body is called by other application program;
The behavioural characteristic of each history access behavior is respectively mapped in space-time, wherein four-dimensional empty by step S106
Between in one of point be used to indicate the behavioural characteristic of one of history access behavior;
Step S108 obtains the corresponding credible strategy of destination application based on space-time.
Through the above steps, behavioral data can be accessed using the history for obtaining destination application, wherein history access
Behavioral data includes: the access behavior of at least one history, then extracts the behavioural characteristic of each history access behavior, wherein row
Be characterized includes: to be used to indicate the performed operating characteristics operated of main object in history access behavior, be used to indicate history
The temporal characteristics of the time of origin of access behavior, be used to indicate the object feature of the accessed object of main body in history access behavior,
It is used to indicate the caller feature that main body is called by other application program in history access behavior, by the access behavior of each history
Behavioural characteristic is respectively mapped in space-time, wherein one of point in space-time is used to indicate one of history
The behavioural characteristic of access behavior can finally obtain the corresponding credible strategy of destination application based on space-time.In the implementation
In example, behavioral data can be accessed by the history to destination application and carries out feature extraction and Feature Mapping, it is automatic to learn
To credible strategy corresponding with application program, it is not necessarily to the credible strategy of safety officer's manual configuration, it is flat by credible and secure management
The automatic study of platform has reached more accurate and content comprehensively learn to obtain credible strategy, thus solution in the related technology by
Safety officer's manual configuration is credible strategy, the low technical problem of configuration accuracy.
Above steps is described in detail separately below.
Step S102 obtains the history access behavioral data of destination application, wherein history accesses behavioral data packet
Include: at least one history accesses behavior.
Each credible calculating platform can recorde access behavior of the user in each application program, and choose one of them
Application program accesses behavioral data as credible policy learning as destination application, by the history of the destination application
Data.
Above-mentioned history access behavior includes but is not limited to: read operation behavior, duplication operation behavior, is pasted at write operation behavior
Operation behavior and naming operation behavior etc..
Step S104 extracts the behavioural characteristic of each history access behavior, wherein behavioural characteristic includes: to be used to indicate to go through
Performed operating characteristics operated of main object in history access behavior, be used to indicate history access behavior time of origin when
Between feature, be used to indicate the object feature of the accessed object of main body in history access behavior, be used to indicate in history access behavior
The caller feature that main body is called by other application program.
Each history access behavior is corresponding with aforementioned four behavioural characteristic, that is, includes: operation, the access of main object
Object, the working time of main body and callee main body.This four behavioural characteristics can all form corresponding characteristic set.
Main body can include but is not limited to: application program;Object includes but is not limited to: file (includes file directory and text
Part text), this document can be the files such as word, PPT, excel table.
Above-mentioned operating characteristics include but is not limited to: read operation, write operation execute operation, duplication operation, shearing manipulation;
And temporal characteristics include but is not limited to: body of work section, body of work start time point, body of work end time point;Visitor
Body characteristics include but is not limited to: all object features crossed by the principal access that complete trails indicates.
The addressing space of destination application can be constructed by four above-mentioned features, which can be four
Dimension space.
The behavioural characteristic of each history access behavior is respectively mapped in space-time, wherein four-dimensional empty by step S106
Between in one of point be used to indicate the behavioural characteristic of one of history access behavior.
Aforementioned four behavioural characteristic is mapped into space-time, four dimensions are operation, time, object and caller,
It is accessed each time to a point in the corresponding space.
Step S108 obtains the corresponding credible strategy of destination application based on space-time.
Optionally, the step of the corresponding credible strategy of destination application is obtained based on space-time, comprising: acquisition strategy
Transformation rule;Based on translation rule, the corresponding each point of space-time is converted into credible strategy.
Pass through the determining credible strategy with destination application of space-time.Above-mentioned translation rule can be understood as
Laws of use of the application program in business scenario analyzes the laws of use of destination application to show that the application program exists
The canonical system behavior of specific business is executed in business scenario, and then is converted to credible strategy.
As an optional embodiment of the invention, the corresponding credible strategy of destination application is being obtained based on space-time
Later, above-mentioned learning method further include: calculate the central point and variance yields of all the points in space-time;Receive new access behavior
Data, wherein new access behavioral data includes: at least one new access behavior;New access behavior is mapped into the four-dimension
Space with the new behavior point of determination, and calculates the distance value of new behavior point and central point;If distance value is less than variance yields,
Determine that new access behavior is normal;If distance value is greater than or equal to variance yields, it is determined that new access abnormal behavior.
It is converted to the point in space-time by the behavioural characteristic that history is accessed behavior, then finds out the central point of these points
And variance, when in a new access behavior i.e. space one it is new point out current, calculate the point at a distance from center, such as
Fruit is less than variance and is then considered normally, otherwise it is assumed that being abnormal.
In embodiments of the present invention, in space-time the weight of each dimension be according to the importance of each behavioural characteristic come
It is arranged, in general, the weight that operating characteristics and object feature can be set is higher, the power of temporal characteristics and caller feature
Can be set again it is lower, computationally state in space-time the central point and variance yields of all the points and new behavior point with
When the distance value of central point, the weight of each dimension in space-time should be taken into account, to obtain corresponding numerical value.
In another optional embodiment of the invention, after the new access behavior of determination is normal, learning method is also wrapped
It includes: new access behavior is subjected to track convergence, to determine part corresponding with the normal access behavior of destination application
Space, wherein Local Subspace is the subspace of space-time.In addition to that new access behavior can be carried out track convergence with true
Fixed Local Subspace corresponding with the normal access behavior of destination application can also be determined just by modes such as Local Theorems
Frequentation asks behavior corresponding Local Subspace.
Through the foregoing embodiment, behavioral data can be accessed to the history of application program to summarize and analyze, analysis obtains
Behavioural characteristic, is then mapped to the space-time of application program, the space-time by the behavioural characteristic of each history access behavior
It can be understood as the credible strategy that study obtains, can determine whether new access behavior is abnormal using space-time.
Fig. 2 a kind of schematic diagram of optional credible policy learning device according to an embodiment of the present invention, as shown in Fig. 2, should
Learning device may include: first acquisition unit 21, extraction unit 23, map unit 25, second acquisition unit 27, wherein
First acquisition unit 21, the history for obtaining destination application access behavioral data, wherein history access row
It include: that at least one history accesses behavior for data;
Extraction unit 23, for extracting the behavioural characteristic of each history access behavior, wherein behavioural characteristic includes: to be used for
When indicating the performed operating characteristics operated of main object in history access behavior, being used to indicate the generation of history access behavior
Between temporal characteristics, be used to indicate the object feature of the accessed object of main body in history access behavior, be used to indicate history access
The caller feature that main body is called by other application program in behavior;
Map unit 25, for the behavioural characteristic of each history access behavior to be respectively mapped in space-time, wherein
One of point in space-time is used to indicate the behavioural characteristic of one of history access behavior;
Second acquisition unit 27, for obtaining the corresponding credible strategy of destination application based on space-time.
Above-mentioned credible policy learning device, the history that destination application can be obtained by first acquisition unit 21 access
Behavioral data, wherein history access behavioral data includes: the access behavior of at least one history, is then mentioned by extraction unit 23
Take the behavioural characteristic of each history access behavior, wherein behavioural characteristic includes: to be used to indicate in history access behavior main body to visitor
The performed operating characteristics operated of body, be used to indicate history access behavior time of origin temporal characteristics, be used to indicate history
The object feature of the accessed object of main body in access behavior is used to indicate in history access behavior main body by other application program tune
The behavioural characteristic that each history accesses behavior is respectively mapped to space-time by map unit 25 by caller feature
In, wherein one of point in space-time is used to indicate the behavioural characteristic of one of history access behavior, can finally lead to
It crosses second acquisition unit 27 and is based on the corresponding credible strategy of space-time acquisition destination application.In this embodiment it is possible to
Behavioral data is accessed by the history to destination application and carries out feature extraction and Feature Mapping, and automatic study arrives and applies journey
The corresponding credible strategy of sequence is not necessarily to the credible strategy of safety officer's manual configuration, passes through automatic of credible and secure management platform
It practises, has reached more accurate and content comprehensively learns to obtain credible strategy, to solve in the related technology by safety officer
Manual configuration is credible strategy, the low technical problem of configuration accuracy.
It is another optionally, learning device further include: computing unit, for obtaining target application journey based on space-time
After the corresponding credible strategy of sequence, the central point and variance yields of all the points in space-time are calculated;Receiving unit is new for receiving
Access behavioral data, wherein new access behavioral data includes: at least one new access behavior;First determination unit is used
In new access behavior is mapped to space-time, with the new behavior point of determination, and calculate new behavior point and central point away from
From value;Second determination unit, for determining that new access behavior is normal when distance value is less than variance yields;Third determination unit,
For determining new access abnormal behavior when distance value is greater than or equal to variance yields.
In the embodiment of the present invention, learning device further include: the 4th determination unit, for normal in the new access behavior of determination
Later, new access behavior is subjected to track convergence, to determine part corresponding with the normal access behavior of destination application
Subspace, wherein Local Subspace is the subspace of space-time.
Optionally, second acquisition unit includes: acquisition module, is used for acquisition strategy transformation rule;Conversion module is used for base
In translation rule, the corresponding each point of space-time is converted into credible strategy.
Above-mentioned credible learning device can also include processor and memory, and above-mentioned first acquisition unit 21 is extracted single
Member 23, map unit 25, second acquisition unit 27 etc. store in memory as program unit, execute storage by processor
Above procedure unit in memory realizes corresponding function.
Include kernel in above-mentioned processor, is gone in memory to transfer corresponding program unit by kernel.Kernel can be set
One or more obtains the corresponding credible strategy of destination application by adjusting kernel parameter to be based on space-time.
Above-mentioned memory may include the non-volatile memory in computer-readable medium, random access memory
(RAM) and/or the forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM), memory includes extremely
A few storage chip.
According to another aspect of an embodiment of the present invention, a kind of credible and secure management platform is additionally provided, comprising: memory,
The processor coupled with memory, memory and processor are communicated by bus system;Memory is used to store program,
In, equipment where program controls memory when being executed by processor executes the credible policy learning method of above-mentioned any one,
Processor is for running program, wherein program executes the credible policy learning method of above-mentioned any one when running.
According to another aspect of an embodiment of the present invention, a kind of processor is additionally provided, processor is used to run program,
In, program executes the credible policy learning method of above-mentioned any one when running.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
In the above embodiment of the invention, it all emphasizes particularly on different fields to the description of each embodiment, does not have in some embodiment
The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others
Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, Ke Yiwei
A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module
It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
On unit.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the present invention whole or
Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code
Medium.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (10)
1. a kind of credible policy learning method characterized by comprising
The history for obtaining destination application accesses behavioral data, wherein the history access behavioral data includes: at least one
History accesses behavior;
Extract the behavioural characteristic of each history access behavior, wherein the behavioural characteristic includes: to be used to indicate the history
Performed operating characteristics operated of main object in access behavior, the time of origin for being used to indicate the history access behavior
Temporal characteristics are used to indicate the object feature of the accessed object of main body in the history access behavior, are used to indicate the history
The caller feature that main body is called by other application program in access behavior;
The behavioural characteristic of each history access behavior is respectively mapped in space-time, wherein in the space-time
One of point be used to indicate the behavioural characteristic of one of them described history access behavior;
The corresponding credible strategy of the destination application is obtained based on the space-time.
2. the method according to claim 1, wherein obtaining the target application journey based on the space-time
After the corresponding credible strategy of sequence, the learning method further include:
Calculate the central point and variance yields of all the points in the space-time;
Receive new access behavioral data, wherein the new access behavioral data includes: at least one new access behavior;
The new access behavior is mapped into the space-time, with the new behavior point of determination, and calculates the new behavior
The distance value of point and the central point;
If the distance value is less than the variance yields, it is determined that the new access behavior is normal;
If the distance value is greater than or equal to the variance yields, it is determined that the new access abnormal behavior.
3. described according to the method described in claim 2, it is characterized in that, after determining that the new access behavior is normal
Learning method further include:
The new access behavior is subjected to track convergence, it is corresponding with the normal access behavior of the destination application with determination
Local Subspace, wherein the Local Subspace be the space-time subspace.
4. the method according to claim 1, wherein obtaining the destination application based on the space-time
The step of corresponding credible strategy, comprising:
Acquisition strategy transformation rule;
Based on the translation rule, the corresponding each point of the space-time is converted into the credible strategy.
5. a kind of credible policy learning device characterized by comprising
First acquisition unit, the history for obtaining destination application access behavioral data, wherein the history accesses behavior
Data include: the access behavior of at least one history;
Extraction unit, for extracting the behavioural characteristic of each history access behavior, wherein the behavioural characteristic includes: use
In indicating the operating characteristics of operation performed by main object in the history access behavior, be used to indicate the history access row
For time of origin temporal characteristics, be used to indicate the object feature of the accessed object of main body in the history access behavior, use
In the caller feature for indicating that main body is called by other application program in the history access behavior;
Map unit, for the behavioural characteristic of each history access behavior to be respectively mapped in space-time, wherein institute
State the behavioural characteristic that one of point in space-time is used to indicate one of them history access behavior;
Second acquisition unit, for obtaining the corresponding credible strategy of the destination application based on the space-time.
6. device according to claim 5, which is characterized in that the learning device further include:
Computing unit, for counting after obtaining the corresponding credible strategy of the destination application based on the space-time
Calculate the central point and variance yields of all the points in the space-time;
Receiving unit, for receiving new access behavioral data, wherein the new access behavioral data includes: at least one
New access behavior;
First determination unit, for the new access behavior to be mapped to the space-time, with the new behavior point of determination, and
Calculate the distance value of new the behavior point and the central point;
Second determination unit, for determining that the new access behavior is normal when the distance value is less than the variance yields;
Third determination unit, for determining the new access behavior when the distance value is greater than or equal to the variance yields
It is abnormal.
7. device according to claim 6, which is characterized in that the learning device further include:
4th determination unit, for after determining that the new access behavior is normal, the new access behavior to be carried out rail
Mark convergence, to determine Local Subspace corresponding with the normal access behavior of the destination application, wherein part
Space is the subspace of the space-time.
8. device according to claim 7, which is characterized in that the second acquisition unit includes:
Module is obtained, acquisition strategy transformation rule is used for;
Conversion module, for being based on the translation rule, by the corresponding each point of the space-time be converted to it is described can
Letter strategy.
9. a kind of credible and secure management platform characterized by comprising
Memory, the processor coupled with the memory, the memory and the processor are communicated by bus system;
The memory is for storing program, wherein described program is set where controlling the memory when being executed by processor
Credible policy learning method described in any one of standby perform claim requirement 1 to 4,
The processor is for running program, wherein perform claim requires described in any one of 1 to 4 when described program is run
Credible policy learning method.
10. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run
Benefit require any one of 1 to 4 described in credible policy learning method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910605616.4A CN110298178B (en) | 2019-07-05 | 2019-07-05 | Trusted policy learning method and device and trusted security management platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910605616.4A CN110298178B (en) | 2019-07-05 | 2019-07-05 | Trusted policy learning method and device and trusted security management platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110298178A true CN110298178A (en) | 2019-10-01 |
| CN110298178B CN110298178B (en) | 2021-07-27 |
Family
ID=68030512
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910605616.4A Active CN110298178B (en) | 2019-07-05 | 2019-07-05 | Trusted policy learning method and device and trusted security management platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110298178B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111901146A (en) * | 2020-06-28 | 2020-11-06 | 北京可信华泰信息技术有限公司 | Object access control method and device |
| CN111897768A (en) * | 2020-06-28 | 2020-11-06 | 北京可信华泰信息技术有限公司 | Method and device for configuring object access policy |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101894239A (en) * | 2010-08-12 | 2010-11-24 | 武汉大学 | Method and system for auditing and distributing sensitive data based on evolution strategy |
| CN103297435A (en) * | 2013-06-06 | 2013-09-11 | 中国科学院信息工程研究所 | Abnormal access behavior detection method and system on basis of WEB logs |
| CN105426760A (en) * | 2015-11-05 | 2016-03-23 | 工业和信息化部电信研究院 | Detection method and apparatus for malicious android application |
| CN107657171A (en) * | 2017-09-11 | 2018-02-02 | 郑州云海信息技术有限公司 | A kind of method in SSR centralized management platform management application programs |
| CN108021823A (en) * | 2017-12-04 | 2018-05-11 | 北京元心科技有限公司 | Method, device and terminal for seamlessly running application program based on trusted execution environment |
| US10108791B1 (en) * | 2015-03-19 | 2018-10-23 | Amazon Technologies, Inc. | Authentication and fraud detection based on user behavior |
| CN109560984A (en) * | 2018-11-13 | 2019-04-02 | 苏宁易购集团股份有限公司 | A kind of network service response time method for detecting abnormality and device |
| CN109583161A (en) * | 2018-11-27 | 2019-04-05 | 咪咕文化科技有限公司 | Information processing method and device and storage medium |
| CN109753345A (en) * | 2018-12-18 | 2019-05-14 | 北京可信华泰信息技术有限公司 | A kind of method for managing security under cloud environment |
| CN109753803A (en) * | 2018-12-18 | 2019-05-14 | 北京可信华泰信息技术有限公司 | A kind of secure virtual machine management system |
| CN109842628A (en) * | 2018-12-13 | 2019-06-04 | 成都亚信网络安全产业技术研究院有限公司 | A kind of anomaly detection method and device |
| CN109861970A (en) * | 2018-12-18 | 2019-06-07 | 北京可信华泰信息技术有限公司 | A kind of system based on credible strategy |
| CN109933503A (en) * | 2019-02-13 | 2019-06-25 | 平安科技(深圳)有限公司 | User's operation risk factor determines method, apparatus and storage medium, server |
-
2019
- 2019-07-05 CN CN201910605616.4A patent/CN110298178B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101894239A (en) * | 2010-08-12 | 2010-11-24 | 武汉大学 | Method and system for auditing and distributing sensitive data based on evolution strategy |
| CN103297435A (en) * | 2013-06-06 | 2013-09-11 | 中国科学院信息工程研究所 | Abnormal access behavior detection method and system on basis of WEB logs |
| US10108791B1 (en) * | 2015-03-19 | 2018-10-23 | Amazon Technologies, Inc. | Authentication and fraud detection based on user behavior |
| CN105426760A (en) * | 2015-11-05 | 2016-03-23 | 工业和信息化部电信研究院 | Detection method and apparatus for malicious android application |
| CN107657171A (en) * | 2017-09-11 | 2018-02-02 | 郑州云海信息技术有限公司 | A kind of method in SSR centralized management platform management application programs |
| CN108021823A (en) * | 2017-12-04 | 2018-05-11 | 北京元心科技有限公司 | Method, device and terminal for seamlessly running application program based on trusted execution environment |
| CN109560984A (en) * | 2018-11-13 | 2019-04-02 | 苏宁易购集团股份有限公司 | A kind of network service response time method for detecting abnormality and device |
| CN109583161A (en) * | 2018-11-27 | 2019-04-05 | 咪咕文化科技有限公司 | Information processing method and device and storage medium |
| CN109842628A (en) * | 2018-12-13 | 2019-06-04 | 成都亚信网络安全产业技术研究院有限公司 | A kind of anomaly detection method and device |
| CN109753345A (en) * | 2018-12-18 | 2019-05-14 | 北京可信华泰信息技术有限公司 | A kind of method for managing security under cloud environment |
| CN109753803A (en) * | 2018-12-18 | 2019-05-14 | 北京可信华泰信息技术有限公司 | A kind of secure virtual machine management system |
| CN109861970A (en) * | 2018-12-18 | 2019-06-07 | 北京可信华泰信息技术有限公司 | A kind of system based on credible strategy |
| CN109933503A (en) * | 2019-02-13 | 2019-06-25 | 平安科技(深圳)有限公司 | User's operation risk factor determines method, apparatus and storage medium, server |
Non-Patent Citations (4)
| Title |
|---|
| YULI YANG等: "Trust-Based Scheduling Strategy for Workflow Applications in Cloud Environment", 《2013 EIGHTH INTERNATIONAL CONFERENCE ON P2P, PARALLEL, GRID, CLOUD AND INTERNET COMPUTING》 * |
| 张艳等: "基于最近邻策略的入侵检测方法研究", 《计算机工程与应用》 * |
| 毋泽南等: "基于机器学习的 Web用户行为认证", 《网络与信息安全学报》 * |
| 陈志鹏等: "一种基于多维特征分析的网页代理服务发现方法", 《信息安全学报》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111901146A (en) * | 2020-06-28 | 2020-11-06 | 北京可信华泰信息技术有限公司 | Object access control method and device |
| CN111897768A (en) * | 2020-06-28 | 2020-11-06 | 北京可信华泰信息技术有限公司 | Method and device for configuring object access policy |
| CN111901146B (en) * | 2020-06-28 | 2023-07-18 | 北京可信华泰信息技术有限公司 | Object access control method and device |
| CN111897768B (en) * | 2020-06-28 | 2024-02-02 | 北京可信华泰信息技术有限公司 | Configuration method and device of object access policy |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110298178B (en) | 2021-07-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108667861A (en) | By browser to the method, system and server of device real-time monitoring | |
| CN106874356B (en) | Geographical location information management method and device | |
| CN104408073B (en) | Data manipulation method and device | |
| CN108121716A (en) | The approaches and problems uniprocesser system of process problem list | |
| CN113162923B (en) | User reliability evaluation method and device based on user behaviors and storage medium | |
| CN112418259B (en) | Real-time rule configuration method based on user behavior in live broadcast process, computer equipment and readable storage medium | |
| CN114553658B (en) | Resource sharing security processing method based on cloud computing and server | |
| CN114091610A (en) | Intelligent decision method and device | |
| CN110298178A (en) | Credible policy learning method and device, credible and secure management platform | |
| CN108924258A (en) | Background information method for pushing, device, computer equipment and storage medium | |
| CN108804679A (en) | A kind of operation system user's operation monitoring data method for visualizing | |
| CN109213742A (en) | Log collection method and device | |
| CN110601909B (en) | Network maintenance method and device, computer equipment and storage medium | |
| US20130290245A1 (en) | Database history management method and system thereof | |
| CN114300082B (en) | Information processing method and device and computer readable storage medium | |
| CN115328786A (en) | Automatic testing method and device based on block chain and storage medium | |
| CN114153696A (en) | Cloud native application health detection method and device, computer equipment and storage medium | |
| CN111506921B (en) | Data processing method, system, device, terminal and storage medium | |
| CN114915434A (en) | Network agent detection method, device, storage medium and computer equipment | |
| CN109120960A (en) | User behaviors log acquisition method and device based on television set | |
| CN114928582B (en) | Resource combination method, device, equipment and storage medium | |
| CN110019316A (en) | Information interacting method and server | |
| CN111815339A (en) | Marketing information pushing method and equipment | |
| CN110401639A (en) | Abnormality determination method, device, server and its storage medium of network access | |
| CN116743508B (en) | Method, device, equipment and medium for detecting network attack chain of power system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |