CN110750784A - Safety prevention and control method and system for automatic vending equipment - Google Patents

Safety prevention and control method and system for automatic vending equipment Download PDF

Info

Publication number
CN110750784A
CN110750784A CN201910904807.0A CN201910904807A CN110750784A CN 110750784 A CN110750784 A CN 110750784A CN 201910904807 A CN201910904807 A CN 201910904807A CN 110750784 A CN110750784 A CN 110750784A
Authority
CN
China
Prior art keywords
alarm
processing
automatic vending
vending equipment
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910904807.0A
Other languages
Chinese (zh)
Other versions
CN110750784B (en
Inventor
邬思杰
毛红胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Moses Polytron Technologies Inc
Original Assignee
Shenzhen Moses Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Moses Polytron Technologies Inc filed Critical Shenzhen Moses Polytron Technologies Inc
Priority to CN201910904807.0A priority Critical patent/CN110750784B/en
Publication of CN110750784A publication Critical patent/CN110750784A/en
Application granted granted Critical
Publication of CN110750784B publication Critical patent/CN110750784B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

The invention discloses a safety prevention and control method and a system of automatic vending equipment.A server actively monitors a multi-dimensional operation index numerical value of the automatic vending equipment on a network; judging the health state of each automatic vending equipment one by one through a safety model; generating alarm information of the automatic vending equipment according to the alarm items exceeding the normal working interval; and automatically processing according to the historical processing strategy of the alarm, and informing a manual intervention mode to process unknown alarm information, wherein the manual processing mode can automatically become an automatic processing option of the next alarm information processing strategy. The automatic processing can be realized for the known attack types, the emergency limiting measures can be realized for the new external attack behaviors, the influence of the attack behaviors is limited in a small range, the capability of the attack behaviors for automatically responding various external attack behaviors is continuously enhanced along with the increase of the operation time of the attack behaviors, and the operation risk of the automatic vending equipment is greatly reduced.

Description

Safety prevention and control method and system for automatic vending equipment
Technical Field
The invention relates to the technical field of automatic vending equipment, in particular to a safety prevention and control method and system of automatic vending equipment.
Background
Vending machines (also known as vending machines) are used in new retail applications on a large scale, and existing vending machines have networking capabilities for management and maintenance, are remotely monitored by a remote server, and actively transmit relevant services, device data or request services to the remote server. Vending devices therefore often need to log onto a server to establish a connection during operation. Any vending device terminal may become an entry point for malicious attacks, and at the same time, any vending device terminal may also cause an abnormal range to the server terminal due to the abnormality of the device itself. Because the number of the vending equipment terminals managed under one server is possibly huge, the server is attacked or some equipment is abnormal, which may cause damage to the safety of the server or cause the problem that other equipment terminals cannot work normally. Especially, the problem that individual automatic vending equipment logs in a server for long-time connection malicious operation based on the reasons of abnormity, malicious hijack and the like is solved, the general processing scheme is only to adopt an account and a password mode for carrying out the validity verification of the vending machine during logging in, or the communication protocol layer is adopted to carry out the validity verification of the automatic vending equipment by adopting an encryption method, the two means can be used independently or in combination to realize the enhancement of the validity verification requirement of the automatic vending equipment, the two modes are both realized by the server passively carrying out the validity verification, if the illegal device simulates the process of verifying the validity of a certain vending device to obtain authorized legal access, unpredictable hazards such as hijacking of the proxy server, stealing of server data, and crash of the server system may occur, so that the entire automatic vending operation cannot be normally operated, and huge economic loss may be caused.
Disclosure of Invention
In view of the above defects, the present invention aims to provide a method for actively detecting a vending machine with abnormal and malicious attacks, and to achieve automated processing as much as possible, thereby improving network prevention and control capability and prompting maintenance efficiency.
In order to achieve the above object, an aspect of the present invention provides a security control method for a vending machine, including the steps of:
the server periodically collects the multidimensional operation index numerical value of the online automatic vending equipment;
the server carries out statistics and summarization according to the collected multidimensional operation index values to generate multidimensional operation indexes which can be used for judging the health state of the automatic vending equipment;
the server periodically judges the health state of each automatic vending device one by one through a safety model; triggering the next step of alarm processing when judging that the multi-dimensional operation index of the automatic vending equipment has an index exceeding a normal working interval; if the automatic vending equipment does not exceed the normal working interval, returning to continue to execute the first step;
and generating alarm information of the automatic vending equipment according to the alarm items exceeding the normal working interval, and returning to continue to execute the first step.
According to the safety prevention and control method of the automatic vending equipment, the following operations are added after the alarm information of the automatic vending equipment is generated according to the alarm item exceeding the normal working interval: searching an alarm information database according to the alarm information, searching the processing strategy of the alarm item existing in the current alarm information database, and if the processing strategy of the alarm item exists, executing a processing program directly according to the processing strategy corresponding to the alarm item; if the alarm item does not exist, the alarm information is sent to one or more manual processing terminals preset by the system to request manual processing, the manual processing process is recorded, and the processing process is updated to an alarm information database as a processing strategy corresponding to the alarm item and is used as a processing strategy of the next alarm item.
The safety prevention and control method of the automatic vending equipment further comprises the following steps: when the processing strategy of the alarm item does not exist in the retrieval alarm information database, the operation of limiting the access of the automatic vending equipment is executed, and then manual processing is requested.
The safety prevention and control method of the automatic vending equipment further comprises a correction step, wherein the judgment threshold value and the processing strategy of the alarm item are readjusted according to the result feedback of the alarm processing.
According to the safety prevention and control method of the automatic vending equipment, the multi-dimensional operation index numerical value comprises equipment dimension information, user dimension information and/or network dimension information.
According to the safety prevention and control method of the automatic vending equipment, the equipment dimension information, the user dimension information and the network dimension information further comprise a plurality of sub-dimension information, each sub-dimension information is independently provided with a health judgment threshold value, and each sub-dimension information independently and independently prompts the health state of the automatic vending equipment.
According to the safety prevention and control method of the automatic vending equipment, initial data of an alarm information database comprehensively determines health judgment threshold values and processing strategies of all dimensional indexes according to historical operation records and theoretical analysis; and continuously adjusting or correcting the judgment threshold and the processing strategy according to the feedback of the processing result in the operation process.
The safety prevention and control method of the automatic vending equipment further comprises automatic threshold value recommending operation, the automatic threshold value recommending operation automatically counts all dimension information of the online automatic vending equipment, and evaluates evaluation of all dimension information according to big data statistics and automatically adjusts the current health judgment threshold value
Another aspect provides a security prevention and control system for a vending apparatus, comprising:
a statistic module: the system is used for generating a multi-dimensional operation index which can be used for judging the health state of the automatic vending equipment by counting and summarizing the received data;
an analysis module: the automatic vending machine is used for distinguishing multi-dimensional operation indexes of each automatic vending device one by one through the safety model; triggering an alarm processing program when judging that the multi-dimensional operation index of the automatic vending equipment has an index exceeding a normal working interval; if the automatic vending equipment does not exceed the normal working interval, the automatic vending equipment does not process the automatic vending equipment;
a processing module: the automatic vending equipment comprises an analysis module, a display module and a display module, wherein the analysis module is used for analyzing and finding alarm items according to the display module and generating alarm information of the automatic vending equipment according to the alarm items exceeding a normal working interval; searching an alarm information database according to the alarm information, searching the processing strategy of the alarm item existing in the current alarm information database, and if the processing strategy of the alarm item exists, executing a processing program directly according to the processing strategy corresponding to the alarm item; if the alarm item does not exist, the alarm information is sent to one or more manual processing terminals preset by the system to request manual processing, the manual processing process is recorded, and the processing process is updated to an alarm information database as a processing strategy corresponding to the alarm item and is used as a processing strategy of the next alarm item.
The safety prevention and control system of the automatic vending equipment further comprises: a correction module: the judgment threshold value and the processing strategy for realizing manual readjustment of the alarm item according to the result feedback of the alarm processing are used as the judgment threshold value and the processing strategy selection of the next alarm item
The invention adopts an active monitoring method, so that the server can identify the external attack behavior at the first time, can realize automatic processing for the known attack type, can also realize emergent limiting measures for the new type of external attack behavior, and limits the influence of the attack behavior in a small range. By adopting the active monitoring mode, the identification of abnormal automatic vending equipment can be realized, such as the offline of the automatic vending equipment, the overhigh network delay and the like.
Drawings
FIG. 1 is a basic flow diagram of the security control of a vending machine;
FIG. 2 is a data flow diagram of a security and control system of a vending machine;
FIG. 3 is a schematic diagram of a module for implementing multi-dimensional operation index collection of vending equipment by a server;
FIG. 4 is a flow diagram of further processing of the buffer queue;
FIG. 5 is a warning information processing flow diagram;
fig. 6 is a policy example of different processes corresponding to an interval with different dimensional values.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention adopts the server to actively monitor the communication data of the automatic vending equipment, in particular to the data related to the transaction, determines the safety threshold value of the equipment by analyzing the historical transaction data, actively monitors whether the automatic vending equipment is attacked, judges the attacked type, automatically processes the attacking behavior according to the existing processing measures in the processing alarm information database, generates an alarm notice according to a preset flow for the attacking behavior of a new type, limits the access of the user to the system for the malicious behavior of the user at the first time, simultaneously can continue manual intervention or manually selects the processing type, records the result of manual processing, updates the processing measures of the attacking behavior of the type into the processing alarm information database, and provides the automatically processed experience data for the subsequent attacking behavior of the type.
Fig. 1 is a basic flow chart of the security control of the vending machine, and the security control method of the vending machine mainly includes the following steps:
s101, a server periodically collects multidimensional operation index values of online automatic vending equipment;
s102, the server carries out statistics and summarization according to the collected multidimensional operation index numerical values to generate the index values which can be used for judging the health state of the automatic vending equipment;
s103, the server judges the health state of each automatic vending device one by one through a safety model at regular intervals; triggering alarm processing S104 when judging that the multi-dimensional operation index of the automatic vending equipment has an index exceeding a normal working interval; if the automatic vending equipment does not exceed the normal working interval, returning to continue to execute S101;
s104, generating alarm information of the automatic vending equipment according to the alarm items exceeding the normal working interval; returning to continue executing S101.
The following operations can also be added after the alarm information of the automatic vending equipment is generated according to the alarm items exceeding the normal working interval:
s105, searching an alarm information database according to the alarm information, and searching a processing strategy of the alarm item existing in the current alarm information database;
s106, if the alarm item exists, executing a processing program directly according to the processing strategy corresponding to the alarm item;
s107, if the alarm information does not exist, sending the alarm information to one or more manual processing terminals preset by the system;
s108, requesting manual processing;
s109, recording the manual processing process, and updating the processing process as the processing strategy corresponding to the type of alarm item into the alarm information database as the processing strategy of the next type of alarm item.
And when the current alarm processing is carried out according to the historical alarm processing strategy, the processing result is notified to relevant personnel in a system preset mode, and the relevant personnel judge whether the judgment threshold value of the alarm information and the processing strategy need to be adjusted according to the processing result, and immediately adjust the alarm information which needs to be adjusted to be used as the basis for the next processing strategy and judgment strategy of the alarm information.
Considering that if all the alarm information and the processing result are sent to the relevant maintenance personnel, the information is possibly overlarge, so that basic division such as setting alarm levels and the like can be added, or the alarm is further classified, the corresponding alarm information is sent to the corresponding personnel according to the classification, and the irrelevant personnel can choose not to send the alarm information. And sending the alarm information of the high-risk level to related personnel at a first time according to the risk level, and requiring the related personnel to perform manual processing immediately.
The specific treatment method is described in detail below by way of specific examples: first, the following multidimensional operation index value is explained.
The multidimensional operation index numerical value mainly comprises equipment dimension information, user dimension information and/or network dimension information. The specific dimensionality can be divided in other classification modes, and the division according to the equipment dimensionality information, the user dimensionality information and the network dimensionality information is not required. And new dimensions may be added as the actual user proceeds, or specific items of information for each dimension may be added or subtracted.
1. Device dimension information
The equipment dimension information refers to whether each behavior parameter of the vending machine is in a healthy state or not from the viewpoint of automatic vending equipment, generally refers to whether each behavior value of a time interval is within a preset healthy interval range or not, and one or more of the following items can be selected as the equipment dimension information:
(1) application of the amount of orders: the order number application refers to the total number of orders which are not paid in a time interval in the operation process and counted by the dimension of the automatic selling equipment.
(2) Payment price: the payment price refers to the total payment amount in a time interval in the operation process counted by the dimension of the automatic vending equipment.
(3) Total number of orders: the order placement total number refers to the total number of orders which are normally completed in a time interval in the operation process (such as application- > payment- > shipment- > completion) counted by the dimension of the automatic selling equipment.
(4) Total shipment: the total delivery amount refers to the number of delivered goods in a time interval in the operation process counted by the dimension of the automatic vending equipment.
(5) Refund total number: the refund total is the total of the refund orders which are paid and successfully delivered in a time interval in the operation process counted by the dimension of the automatic vending equipment.
(6) Applying for a frequency: the application frequency refers to the order application frequency of a time zone in the operation process of dimension statistics of the automatic vending equipment, and the calculation formula is as follows: the application frequency is the total number of applications/time interval seconds.
(7) Payment frequency: the payment frequency refers to the frequency of payment in a time interval in the operation process of dimension statistics of the automatic vending equipment, and the calculation formula is as follows: the payment frequency is the total number of payment orders/time interval seconds.
(8) The following single frequency: the order placing frequency refers to a frequency formula of the number of completed orders in a time interval in the dimension counting operation process of the automatic selling equipment, and the frequency formula is as follows: the order frequency is the total number of completed orders/time interval seconds.
(9) The shipment frequency is as follows: the delivery frequency refers to the frequency of finished orders in a time interval in the operation process of dimension statistics of the automatic vending equipment, and the calculation formula is as follows: the order frequency is the total number of completed orders/time interval seconds.
(10) Refund frequency: the refund frequency refers to the order frequency of refunds in the operation process of dimension statistics of the automatic vending equipment, wherein the refunds comprise refunds which are delivered and refunds which are not delivered, and the calculation formulas are respectively as follows: the frequency of returned goods is equal to the number of returned goods of the order of the delivered goods/the number of seconds of the time interval; the non-shipment refund frequency is equal to the non-shipment order refund amount/time interval seconds.
2. User dimension information
The user dimension refers to analyzing some behaviors of the user from the vending machine dimension, whether the user is in a healthy state or not, and the behaviors can comprise values of one or more of the following behaviors in a time interval:
(1) application of the amount of orders: the order number applying means that the number of times that the user applies for an order but does not pay in a time interval on the vending equipment platform is counted according to the dimension of the user.
(2) Payment price: the payment price is the sum of money paid by the user in a time interval on the vending equipment platform counted by the user dimension.
(3) Total number of orders: the order placing total number refers to the total number of orders of which the user has finished normal processes in a time interval on the automatic selling equipment platform counted by the user dimension.
(4) Total shipment: the step of shipment is to count the total number of commodities which are shipped from the vending equipment in a time interval on the vending equipment platform by the user according to the dimension of the user.
(5) Order and image identification number: the order and image identification number counts the time period of the order purchased by the user in a time interval on the automatic vending equipment platform by the user dimension, whether the collected video is purchased by a person is analyzed, and if the person is not found, the possibility of external attack is indicated.
(6) Vending number of vending machine: the vending number of the vending equipment refers to the total number of the users who have purchased the vending equipment in a time interval on the vending equipment platform according to the user dimension.
(7) Average vending equipment distance: the vending number of the vending equipment refers to the total number of the users who have purchased the vending equipment in a time interval on the vending equipment platform according to the user dimension.
3. Network dimension information
The network dimension is used for analyzing whether communication protocol interaction between the vending equipment and the server is in a healthy state or not according to the dimension of the vending equipment, the protocol types comprise login, heartbeat and business, and the behavior indexes of each protocol type comprise values of one or more of the following behavior indexes:
(1) number of times of protocol and frequency: the protocol times and frequency are times and frequency of interaction between the vending equipment and a server communication protocol in a time interval in the operation process according to the dimension statistics of automatic goods receiving, and the frequency formula is as follows: number of cooperative communications/time interval seconds.
(2) Number of protocol validation failures and frequency: the number of times and frequency of protocol authentication failures are the total number of times of authentication of the protocol to be an illegal protocol after the server receives the protocol in a time interval in the operation process of the automatic receiving dimension statistics automatic selling equipment. The frequency formula is: number of collaborative authentication failures/time interval seconds.
(3) Set of protocol IP addresses: the protocol Ip address set refers to an IP address set which is used for counting the communication between the vending equipment and the server in a time interval in the operation process by using the automatic goods receiving dimension.
(4) Protocol size: the protocol size refers to the data size of communication between the vending equipment and the server in a time interval in the operation process according to the dimension statistics of automatic goods receiving.
(5) The vending machine and the server define a communication protocol and a data format for communication, and the communication protocol comprises two types, namely: 1) the request communication protocol refers to a request communication protocol sent by the automatic vending equipment to the server; or request communication protocol data sent by the server to the vending machine. 2) And responding to the communication protocol, namely the server receives feedback data fed back by post-processing of the sent request communication protocol, or the vending equipment receives feedback data fed back by post-processing of the sent request communication protocol.
One-time communication between the vending machine and the server is actually an interactive process, and the process comprises sending and responding of the two communication protocols, and the protocol data format comprises signature information and body information of the protocols.
(6) Signature information: the receiver verifies whether the request protocol content sent by the sender is legal, and the signature information comprises: 1) unique protocol numbering: each protocol comprises a protocol unique number to ensure the uniqueness of the protocol and a session unique number; 2) the vending machine device number; 3) masking; 4) session coding; 5) a signature value.
(7) Main body information: the content comprises a specific service protocol, the service protocol refers to the specific protocol content predefined between the automatic vending equipment and the service server, and is described through the content of the service message, and if the service protocol is a response communication protocol, the main body information further comprises a request protocol processing state code and a request protocol unique number.
The communication protocol has the advantages that each communication provides independent signature information to verify the validity of the communication, illegal data which cannot verify the signature is filtered, and the anti-attack capability of the system can be improved. Can be designed to be compatible with the transmission of various service protocol data formats, such as Json and XML or other protocol formats; the data interaction process is completed by adopting an active request and passive response mode, so that the reliability and maintainability of communication are improved.
The validity verification server end of the automatic vending equipment mainly comprises: the device comprises a data receiving module, a data counting module, an analyzing module and a processing module.
Fig. 2 is a data flow diagram of a security control system of a vending machine, mainly relating to the interaction of the vending machine, a server and a database and the processing flow inside the server. The specific process is as follows:
s201, the server actively sends a communication protocol request to the vending equipment to report data meeting the protocol and check rules periodically or according to a preset strategy, or passively receives the data meeting the protocol and check rules sent by the vending equipment, and multi-dimensional numerical value collection of the vending equipment is achieved;
s202, the server analyzes the received communication protocol and stores the protocol in a cache medium according to the specification;
s203, the server periodically extracts the cache records from the cache medium, counts indexes in the cache records according to time periods, and stores the counted indexes into a database according to a preset structure;
s204, the server regularly acquires various indexes of the automatic vending equipment from the database for detection, identifies records meeting alarm conditions, generates alarm information according to alarm reasons, stores the alarm information into the database and triggers a processing program;
s205, the server searches the database according to the alarm information, inquires whether the database has a processing strategy of the alarm information, and if so, automatically executes the processing directly according to the alarm strategy; if no test triggers manual processing.
The S206 server also provides an interface for automatically executing processing and manual processing result feedback and manual correction and processing, automatically generates a processing strategy of the type of alarm information for the manual processing operation, and updates the processing strategy into the server.
The alarm handling may be: ignore processing, temporarily mask access, permanently mask access. Of course this is just a conventional processing strategy and other strategies may be defined.
The following describes in detail how the server implements the vending machine multi-dimensional value collection.
FIG. 3 is a schematic diagram of a module for implementing multi-dimensional operation index collection of vending equipment by a server; the vending machines are geographically distributed at various operating points and are in communication with the server via a wired or wireless network via a defined communication protocol. The server acquires dimensional index data of the on-line vending equipment, such as equipment dimensional information, user dimensional information, network dimensional information and the like, and acquires the dimensional index data according to a communication protocol between the vending equipment and the server, S301 judges whether the timing time is up, if so, S302 acquires the received protocol data, and inquires the received communication protocol data sent by the vending equipment in the last time period through the server; s303, an analysis module on the server analyzes the received protocol data; s304, the analyzed data is buffered in a queue form. The vending equipment is actively required by the server, and data acquisition is carried out in a mode that the vending equipment sends a response communication protocol, so that the management of a terminal and the data collection of the server are facilitated; the system can also be set to actively and periodically report the data required by the server to the vending equipment or collect the data as supplementary data. Meanwhile, data which require statistics required by the automatic selling equipment terminal to collect and gather the server in the running process and can collect the statistics can be increased.
The receiving module 1 acquires communication protocol data sent by the vending equipment to the server according to a communication protocol, the receiving module receives and updates initial data and data, and the subsequent analysis processing of the user and the vending equipment is based on the protocol data received according to the receiving protocol. The receiving module may be integrated into an existing system independent of the way the system is pluggable.
The analysis module 2 is used for analyzing the protocol data received by the receiving module, and extracting the automatic vending equipment number, the user number, the protocol type, the receiving time and the automatic vending equipment ip address in the protocol data through the analysis module, wherein the protocol type comprises a login protocol, a heartbeat protocol, a service protocol (such as a protocol for communication between the automatic vending equipment and a service server) and the like; and form a buffer queue data format. Other data formats can be used for caching, and the data reading matching setting of the storage module can be realized.
And the storage module 3 is a data interface after analysis, and is used for storing the data obtained by analysis into a cache medium, wherein the cache medium can be a memory, a hard disk and other storage media.
Fig. 4 is a schematic flow chart of further processing of the cache queue, and further implements obtaining cache queue data from the cache queue, counting index quantities of each dimension by the automatic vending device, the user, and the network dimension, and storing the counted index quantities in the database. S401, reading the current time; s402, judging whether T2-T1 is larger than Tr; s403, reading buffer queue data in a time interval from T1 to T2; performing statistics on the queue data and classifying the queue data into multidimensional data; t1 is updated. The method is specifically realized by the following modules:
the reading module 4 is that the system reads the cache queue data in the time interval from T1 to T2 by using a timed task mode, the timed duration is Tr, T1 represents the last time that the timed task reads the time point, T2 is the currently read time point, the system needs to store the current time point T2, the reading of the timed task at the next time is facilitated, and the read cache data is stored in the memory.
And a statistic module 5: the single record of the read data in the time interval from T1 to T2 generally comprises the number of the automatic vending equipment, the number of the user, the type of the protocol, the receiving time, the ip address of the automatic vending equipment and the content of the original protocol. The protocol types comprise login, heartbeat and service protocols; the business agreement includes data related to the order, such as application, payment, shipment, completion, refund, etc. The statistical module analyzes and classifies the content carried by the single record data into record data structures with various dimensions, that is, a communication protocol can be decomposed into one dimension or a plurality of dimensions of device dimension, user dimension and network dimension record information according to the carried information.
The following illustrates by way of specific example how the vending apparatus may be analyzed from a single communication protocol for a single device dimension, a single user dimension, and a single network dimension data.
The single equipment dimension takes the protocol type as an order service protocol, and the following information is generally recorded in the communication protocol, for example: number of vending apparatus, order requested (1 or 0), payment price (0 or order price), number of orders placed (1 or 0), number of shipments (number of shipments of order), number of refunds (1 or 0).
For example, according to the application protocol of the order service protocol, we can obtain the following information: the number of the automatic vending equipment is XXXX, the number of orders applied is 1, the payment price is 0, the number of orders placed is 0, the number of goods delivered is 0, and the number of refunds is 0.
For example, according to the order payment agreement, the vending apparatus number XXXX, the requested order number 0, the payment price order price, the placed order number 0, the delivered number 0, and the refund number 0 are obtained.
Other protocols are analogized in turn, and the method is also suitable for the following combination of users and network dimensions into a single information record.
If the protocol type is a service protocol, the single user dimension has records of: user number, order application (1 or 0), payment price (0 or order price), number of orders placed (1 or 0), shipment number (order shipment number), order and image identification number (1 or 0), and vending machine number. The order and image identification number are recalculated from the data obtained in the business agreement.
A single network dimension, regardless of protocol type this record must be generated: vending machine number, protocol type (login, heartbeat, service), protocol number, protocol failure number, Ip address, protocol size. Because any one communication necessarily includes the network dimension information, the network dimension information can be extracted from any one communication.
And (4) counting records, namely counting the number of records in each dimension and corresponding frequency according to the generated single-dimension record data, namely only three records in relevant dimensions (equipment dimension, user dimension and network dimension respectively) are stored in the database after one time from T1 to T2 is counted.
And the storage module is used for storing the finally counted statistical records of the three dimensions into a database for further processing by a subsequent analysis module.
The analysis module realizes assessing the health status of the automatic vending equipment and the user according to the safety model, specifically assesses the health status of the automatic vending equipment and the user according to the safety model for each dimension statistical record information obtained by statistics, and mainly comprises the following steps: a reading module 4, an evaluation module 6 and a storage submodule 7.
1) And a reading module.
The reading sub-module supports evaluation of the index item statistical records under the single dimension or acquisition of the dimension item index statistical records stored in the data according to the time interval, that is, respective reading modes can be configured according to the dimension of the index item, for example, the total number of applied orders of the user dimension is configured to be read according to the single dimension or the time interval. Whether single-bar or final by time period or single-bar dimensional statistical records enter an evaluation module to evaluate whether the vending apparatus or user is healthy.
2) And the evaluation module evaluates whether related indexes of the automatic vending equipment or the user are abnormal or not according to the single-dimensional statistical record information, and generates alarm information if the related indexes are abnormal. The specific steps are exemplified as follows:
acquiring the lowest threshold and the highest threshold configuration information of each index item under the dimensionality of equipment, users or networks to be evaluated;
then checking whether the index quantities below the dimension to be evaluated exceed or are lower than a highest threshold or a lowest threshold one by one;
and finally, generating alarm information for the index items exceeding the threshold range, wherein the alarm information generally comprises the number of the automatic selling equipment or the number of the user, the value of the index items, the value of the threshold range, the exceeding value and the generation time.
3) And the storage module is used for storing the generated alarm information into a database.
FIG. 5 is a flow chart of alarm information processing, which is mainly implemented according to whether the alarm information system predicts manual processing or system self-processing. The manual processing representative system cannot find a processing scheme from a historical processing scheme, people need to be informed to carry out manual processing, and the system can carry out self-processing through a large data system for processing historical scenes, so that the manual processing is reduced, and the efficiency is improved. The specific treatment process comprises the following steps:
firstly, reading alarm information from an alarm information database through a reading module, scanning the alarm information stored in the database and the index item values of all dimensions of equipment corresponding to the read alarm information in a time period from T1 to T2 according to a timed task, summarizing the index item values to form dimension index item values, and entering an evaluation module for processing;
further, whether manual processing or automatic processing of the system according to the processing strategies recorded in the database is realized by analyzing through an evaluation module, and the specific evaluation module is analyzed as follows:
calculating the difference value of the exceeding or falling threshold values in the alarm indexes;
further, a classification processing scheme (history processing record) is carried out according to the difference and the high and low types;
and further, calculating a processing scheme to which the current difference belongs by adopting a range interval algorithm, if the analysis is in the existing classification, processing by the system according to the classification historical processing record mode, and if the analysis is not in the existing classification, judging that manual processing is needed, and turning to the manual processing.
Fig. 6 is a policy example of different processing corresponding to an interval with different dimensional values, where each index generally has a lowest threshold and a highest threshold, and belongs to a normal interval between the lowest threshold and the highest threshold, and no warning information needs to be prompted; and for the alarm area, different alarm intervals are defined according to the degree of exceeding the normal range, and different processing schemes are adopted in different interval ranges. Manual handling may be required for severe alarm intervals. The threshold values of the respective intervals may be modified manually.
The alarm judgment can be that a single index is used for independently judging whether the index is abnormal or not and whether the alarm is needed or not. Meanwhile, the health degree of the index can be calculated according to different weights to judge whether the index needs to give an alarm or not. This is determined by the actual operation.
The manual processing can also inform the related personnel of the alarm information, and the related personnel carry out corresponding processing scheme processing according to the alarm information. The alarm information can also be added with related information, such as: and prompting relevant personnel about the processing mode which can be selected by the alarm, what the processing mode of the alarm which is most similar historically is, the danger level information of the alarm and the like, and helping the relevant personnel to quickly make the processing selection of the alarm.
The system defaults to provide the following 3 processing options for the user, the user analyzes and makes a selection according to the alarm information, and the operator may also add the processing options along with the actual use of the system:
1) and (4) ignoring processing: override means that the system will not take action to address the abnormal condition of the vending apparatus.
2) Temporarily masking access: the temporary screening access can be set for a period of time for the vending machine and the user, for example, the user is obliged to continuously apply for two-dimensional codes on the screen of the vending machine for a plurality of times without payment operation, the system prohibits any operation for a period of time (N minutes, N hours, N days and the like) after detection, and the temporary screening access is set for the vending machine or the user without causing particularly serious problems.
3) Permanent masked access: the permanent access screening approach is to prohibit all users or vending devices from communicating with the server, including IP filtering (e.g., by taking control of third party HTTP proxy software) and setup for the vending devices and the user's malicious attack systems.
Since any access to the vending apparatus and the user is restricted because of the permanent screening of the vending apparatus or the user, certain restrictions need to be made to the handling operation, and the specific restrictions may be adjusted according to the actual operation process, for example, as follows:
1. the server refuses to accept the refused IP information recorded by the protocol system with the automatic vending equipment number or the user number.
2. The server will restrict the previous vending device number or IP address information carried by the user (including the rejected IP information described above) via the HTTP proxy software.
The maintenance personnel selects a processing scheme or a custom-added processing scheme based on the alarm information: and the storage module stores the information into historical alarm information according to the alarm information and the processing scheme.
In the actual operation process, the processing mode of the alarm information selection which is probably set at the beginning or the threshold value of the alarm information is judged to be not necessarily optimal; or the judgment threshold of the processing mode and the alarm information may need to be adjusted due to the special requirements of the environment or the operation. Therefore, the system also provides a processing function of manual re-correction, which can be used for simultaneously adjusting the judgment threshold value and the like during manual processing, or actively finding out that the problem is to modify the relevant processing mode and the judgment threshold value.
If the general system detects the alarm information and the system cannot automatically select the processing mode, manual processing needs to be triggered, and the manual processing mainly comprises the following information:
the manual processing steps are as follows:
and informing the corresponding processor of the alarm information in a short message mode, a mail mode, a system message mode and the like.
The handler sets the alarm information and may set the minimum and/or maximum thresholds for this processing scheme;
the handler selects or adds a treatment, and stores the threshold information and treatment profile in a database. And when the system checks that the same alarm information exists again, the system automatically processes according to the processing scheme.
The manual correction operation provides a function that a user readjusts or corrects the threshold or the processing scheme according to the processing result of the existing threshold and the processing scheme, so that the alarm judgment and processing mode is more reasonable, and the operation requirement is more met. The manual correction mainly comprises the following operations:
and informing the alarm information processing result to a response processor (the informing mode can be in a short message mode, a mail mode, a system message mode and the like).
The handler may ignore or modify the treatment plan and set the lowest or highest threshold for that treatment plan, or other thresholds for various intervals.
And the system checks the same alarm information again and automatically processes the alarm information according to the processing scheme after the correction.
While the invention has been described with reference to a particular embodiment, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A safety prevention and control method of automatic vending equipment is characterized by comprising the following steps:
the server periodically collects the multidimensional operation index numerical value of the online automatic vending equipment;
the server carries out statistics and summarization according to the collected multidimensional operation index values to generate multidimensional operation indexes which can be used for judging the health state of the automatic vending equipment;
the server periodically judges the health state of each automatic vending device one by one through a safety model; triggering the next step of alarm processing when judging that the multi-dimensional operation index of the automatic vending equipment has an index exceeding a normal working interval; if the automatic vending equipment does not exceed the normal working interval, returning to continue to execute the first step;
and generating alarm information of the automatic vending equipment according to the alarm items exceeding the normal working interval, and returning to continue to execute the first step.
2. The safety prevention and control method of the vending machine according to claim 1, wherein the following operations are added after the alarm information of the vending machine is generated according to the alarm item exceeding the normal working interval: searching an alarm information database according to the alarm information, searching the processing strategy of the alarm item existing in the current alarm information database, and if the processing strategy of the alarm item exists, executing a processing program directly according to the processing strategy corresponding to the alarm item; if the alarm item does not exist, the alarm information is sent to one or more manual processing terminals preset by the system to request manual processing, the manual processing process is recorded, and the processing process is updated to an alarm information database as a processing strategy corresponding to the alarm item and is used as a processing strategy of the next alarm item.
3. The vending apparatus security prevention and control method according to claim 2, further comprising: when the processing strategy of the alarm item does not exist in the retrieval alarm information database, the operation of limiting the access of the automatic vending equipment is executed, and then manual processing is requested.
4. The vending machine security control method of claim 2, further comprising a correction step of readjusting the judgment threshold and the processing policy of the alarm item according to the result feedback of the alarm processing.
5. The vending machine security prevention and control method of claim 2, wherein the multidimensional operation index value comprises device dimension information, user dimension information, and/or network dimension information.
6. The vending machine security prevention and control method according to claim 5, wherein the device dimension information, the user dimension information, and the network dimension information further comprise a plurality of sub-dimension information, each sub-dimension information is individually provided with a health judgment threshold, and each sub-dimension information individually and individually prompts a health status of the vending machine.
7. The safety prevention and control method of the automatic vending equipment according to claim 2, characterized in that the initial data of the alarm information database comprehensively determines the health judgment threshold and the processing strategy of each dimension index according to historical operation records and theoretical analysis; and continuously adjusting or correcting the judgment threshold and the processing strategy according to the feedback of the processing result in the operation process.
8. The vending machine security prevention and control method according to claim 2, further comprising an automatic threshold value recommendation operation that automatically counts all the dimension information of the online vending machines, evaluates evaluation of each dimension information according to big data statistics, and automatically adjusts the current health judgment threshold value.
9. A vending machine security prevention and control system, comprising:
a receiving module: the system is used for acquiring communication protocol data sent by the automatic vending equipment to the server according to a communication protocol and acquiring a multi-dimensional operation index value of the automatic vending equipment on the network by analyzing the received data;
a statistic module: the system is used for generating a multi-dimensional operation index which can be used for judging the health state of the automatic vending equipment by counting and summarizing the received data;
an analysis module: the automatic vending machine is used for distinguishing multi-dimensional operation indexes of each automatic vending device one by one through the safety model; triggering an alarm processing program when judging that the multi-dimensional operation index of the automatic vending equipment has an index exceeding a normal working interval; if the automatic vending equipment does not exceed the normal working interval, the automatic vending equipment does not process the automatic vending equipment;
a processing module: the automatic vending equipment comprises an analysis module, a display module and a display module, wherein the analysis module is used for analyzing and finding alarm items according to the display module and generating alarm information of the automatic vending equipment according to the alarm items exceeding a normal working interval; searching an alarm information database according to the alarm information, searching the processing strategy of the alarm item existing in the current alarm information database, and if the processing strategy of the alarm item exists, executing a processing program directly according to the processing strategy corresponding to the alarm item; if the alarm item does not exist, the alarm information is sent to one or more manual processing terminals preset by the system to request manual processing, the manual processing process is recorded, and the processing process is updated to an alarm information database as a processing strategy corresponding to the alarm item and is used as a processing strategy of the next alarm item.
10. The vending apparatus security system of claim 9, further comprising: a correction module: and the judgment threshold value and the processing strategy for realizing manual readjustment of the alarm item according to the alarm processing result feedback are selected as the judgment threshold value and the processing strategy of the next alarm item.
CN201910904807.0A 2019-09-24 2019-09-24 Security prevention and control method and system for automatic vending equipment Active CN110750784B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910904807.0A CN110750784B (en) 2019-09-24 2019-09-24 Security prevention and control method and system for automatic vending equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910904807.0A CN110750784B (en) 2019-09-24 2019-09-24 Security prevention and control method and system for automatic vending equipment

Publications (2)

Publication Number Publication Date
CN110750784A true CN110750784A (en) 2020-02-04
CN110750784B CN110750784B (en) 2023-10-03

Family

ID=69276974

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910904807.0A Active CN110750784B (en) 2019-09-24 2019-09-24 Security prevention and control method and system for automatic vending equipment

Country Status (1)

Country Link
CN (1) CN110750784B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111835760A (en) * 2020-07-10 2020-10-27 广州博冠信息科技有限公司 Alarm information processing method and device, computer storage medium and electronic equipment
CN112905409A (en) * 2021-01-14 2021-06-04 广州乐摇摇信息科技有限公司 Abnormity solving method and device for automatic vending equipment
CN113436423A (en) * 2020-03-23 2021-09-24 本田技研工业株式会社 Reporting device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082702A (en) * 2009-11-27 2011-06-01 华为技术有限公司 Terminal alarm processing method, device and system thereof
CN107302264A (en) * 2017-07-06 2017-10-27 国电南瑞科技股份有限公司 A kind of substation secondary automation equipment stable operation management-control method
CN108304941A (en) * 2017-12-18 2018-07-20 中国软件与技术服务股份有限公司 A kind of failure prediction method based on machine learning
CN109800139A (en) * 2018-12-18 2019-05-24 东软集团股份有限公司 Server health degree analysis method, device, storage medium and electronic equipment
CN109947088A (en) * 2019-04-17 2019-06-28 北京天泽智云科技有限公司 Equipment fault early-warning system based on model lifecycle management
CN110164101A (en) * 2019-04-09 2019-08-23 烽台科技(北京)有限公司 A kind of method and apparatus handling warning message

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082702A (en) * 2009-11-27 2011-06-01 华为技术有限公司 Terminal alarm processing method, device and system thereof
CN107302264A (en) * 2017-07-06 2017-10-27 国电南瑞科技股份有限公司 A kind of substation secondary automation equipment stable operation management-control method
CN108304941A (en) * 2017-12-18 2018-07-20 中国软件与技术服务股份有限公司 A kind of failure prediction method based on machine learning
CN109800139A (en) * 2018-12-18 2019-05-24 东软集团股份有限公司 Server health degree analysis method, device, storage medium and electronic equipment
CN110164101A (en) * 2019-04-09 2019-08-23 烽台科技(北京)有限公司 A kind of method and apparatus handling warning message
CN109947088A (en) * 2019-04-17 2019-06-28 北京天泽智云科技有限公司 Equipment fault early-warning system based on model lifecycle management

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113436423A (en) * 2020-03-23 2021-09-24 本田技研工业株式会社 Reporting device
CN113436423B (en) * 2020-03-23 2023-10-20 本田技研工业株式会社 Notifying device
CN111835760A (en) * 2020-07-10 2020-10-27 广州博冠信息科技有限公司 Alarm information processing method and device, computer storage medium and electronic equipment
CN111835760B (en) * 2020-07-10 2023-03-24 广州博冠信息科技有限公司 Alarm information processing method and device, computer storage medium and electronic equipment
CN112905409A (en) * 2021-01-14 2021-06-04 广州乐摇摇信息科技有限公司 Abnormity solving method and device for automatic vending equipment

Also Published As

Publication number Publication date
CN110750784B (en) 2023-10-03

Similar Documents

Publication Publication Date Title
CN110750784B (en) Security prevention and control method and system for automatic vending equipment
US9601000B1 (en) Data-driven alert prioritization
US20060130147A1 (en) Method and system for detecting and stopping illegitimate communication attempts on the internet
CN104519018A (en) Method, device and system for preventing malicious requests for server
CN111131253A (en) Scene-based security event global response method, device, equipment and storage medium
CN109936556B (en) Monitoring method and device for account stealing event
CN106953738A (en) Risk control method and device
CN108009406B (en) Account freezing method, account unfreezing method and server
CN111526109B (en) Method and device for automatically detecting running state of web threat recognition defense system
CN107888576B (en) Anti-collision library safety risk control method using big data and equipment fingerprints
CN114157504A (en) Safety protection method based on Servlet interceptor
CN111625700B (en) Anti-grabbing method, device, equipment and computer storage medium
CN113032764A (en) Account registration login service wind control system and service wind control method
CN113572787A (en) Computer network intelligent monitoring system
CN116346433A (en) Method and system for detecting network security situation of power system
KR20150131846A (en) Method and System for preventing Login ID theft using captcha
CN115987827A (en) Equipment monitoring method and device, electronic equipment and readable medium
CN115801307A (en) Method and system for carrying out port scanning detection by using server log
CN111932290A (en) Request processing method, device, equipment and storage medium
CN110955884B (en) Method and device for determining upper limit times of password trial and error
CN107124390B (en) Security defense and implementation method, device and system of computing equipment
CN115830734B (en) Method for preventing card from being punched instead of card and related equipment
KR20200054495A (en) Method for security operation service and apparatus therefor
CN116663021B (en) Machine request behavior recognition method, device, electronic equipment and storage medium
CN117614694B (en) Identity authentication-based bidding method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant