CN110750784B - Security prevention and control method and system for automatic vending equipment - Google Patents

Security prevention and control method and system for automatic vending equipment Download PDF

Info

Publication number
CN110750784B
CN110750784B CN201910904807.0A CN201910904807A CN110750784B CN 110750784 B CN110750784 B CN 110750784B CN 201910904807 A CN201910904807 A CN 201910904807A CN 110750784 B CN110750784 B CN 110750784B
Authority
CN
China
Prior art keywords
alarm
processing
automatic vending
equipment
vending equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910904807.0A
Other languages
Chinese (zh)
Other versions
CN110750784A (en
Inventor
邬思杰
毛红胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Zhilai Science and Technology Co Ltd
Original Assignee
Shenzhen Zhilai Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Zhilai Science and Technology Co Ltd filed Critical Shenzhen Zhilai Science and Technology Co Ltd
Priority to CN201910904807.0A priority Critical patent/CN110750784B/en
Publication of CN110750784A publication Critical patent/CN110750784A/en
Application granted granted Critical
Publication of CN110750784B publication Critical patent/CN110750784B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

The invention discloses a safety prevention and control method and a system for automatic vending equipment, wherein a server actively monitors multi-dimensional operation index values of the online automatic vending equipment; judging the health state of each automatic vending equipment one by one through a safety model; generating alarm information of the automatic vending equipment according to the alarm items exceeding the normal working interval; and automatically processing according to the historical alarm processing strategy, and informing a manual intervention mode to process the unknown alarm information, wherein the manual processing mode can automatically become an automatic processing option of the alarm information processing strategy of the next type. The method can realize automatic processing for the known attack types, can realize urgent limiting measures for the new types of external attack behaviors, limits the influence of the attack behaviors to a small range, and along with the increase of the operation time, the capability of automatically coping with various external attack behaviors is continuously enhanced, so that the operation risk of automatic vending equipment is greatly reduced.

Description

Security prevention and control method and system for automatic vending equipment
Technical Field
The invention relates to the technical field of automatic vending equipment, in particular to a safety prevention and control method and system of automatic vending equipment.
Background
Vending devices (also known as vending machines) find large-scale application in new retailers, and existing vending devices all have networking capabilities for management and maintenance purposes, which can be remotely monitored by a remote server, and which can actively send related traffic, device data, or request services to the remote server. The vending machine is therefore often required to log into the server during operation to establish a connection. Any one of the vending equipment terminals may become an entry point for a malicious attack, and at the same time, any one of the vending equipment terminals may also have an abnormal range to the server terminal due to the abnormality of its own equipment. Since the number of vending machine terminals managed under one server may be very large, attack on the server or abnormality of a certain device may cause damage to the security of the server or cause a problem that other machine terminals cannot work normally. Particularly, individual vending equipment logs in a server for carrying out long-connection malicious operation based on reasons such as abnormality or malicious hijacking, the common processing scheme only adopts account and password modes for carrying out vending machine validity verification during logging, or adopts a communication protocol layer for carrying out vending equipment validity verification by adopting an encryption method, the two means can be used independently or in combination to realize the requirement of reinforcing the vending equipment validity verification, the two means are both the server for carrying out validity verification passively, if illegal equipment simulates the validity verification process of a certain vending equipment to obtain authorized legal access, the damage of unpredictable proxy server hijacking, server data stealing, server system breakdown and the like is possible, so that the whole vending operation cannot be operated normally, and huge economic loss is possible.
Disclosure of Invention
Aiming at the defects, the invention aims to provide the automatic vending equipment which can actively realize the detection of abnormal and malicious attacks, realize automatic processing as far as possible, and improve the network prevention and control capability and prompt maintenance efficiency.
To achieve the above object, in one aspect, the present invention provides a security prevention and control method for vending equipment, including the steps of:
step one, a server periodically collects multi-dimensional operation index values of automatic vending equipment on the network;
step two, the server performs statistics and summary according to the collected multi-dimensional operation index values to generate multi-dimensional operation indexes which can be used for judging the health state of the automatic vending equipment;
step three, the server regularly judges the health status of each automatic vending device one by one through a security model; when judging that the multi-dimensional operation index of the automatic vending equipment has an index exceeding a normal working interval, triggering an alarm processing next step; if the automatic vending equipment does not have the index exceeding the normal working interval, returning to continue to execute the first step;
and fourthly, generating alarm information of the automatic vending equipment according to the alarm items exceeding the normal working interval, and returning to continue to execute the first step.
The security prevention and control method of the automatic vending equipment further comprises the following operation after generating the alarm information of the automatic vending equipment according to the alarm items exceeding the normal working interval: searching an alarm information database according to alarm information, judging whether a processing strategy of the alarm item exists in the current alarm information database, and executing a processing program directly according to the processing strategy corresponding to the alarm item if the processing strategy exists; if the alarm information does not exist, the alarm information is sent to one or more than one manual processing terminal preset by the system, manual processing is requested, the manual processing process is recorded, and the processing process is used as a processing strategy corresponding to the alarm item and updated to an alarm information database to be used as a processing strategy of the alarm item of the next time.
The safety prevention and control method of the automatic vending equipment further comprises the following steps: when the processing strategy of the type of alarm items does not exist in the alarm information database, the operation of limiting the access of the automatic vending equipment is executed first, and then the manual processing is requested.
The security prevention and control method of the automatic vending equipment further comprises a correction step, wherein the judgment threshold value and the processing strategy of the alarm item are readjusted according to the alarm processing result feedback.
The multi-dimensional operation index value also comprises equipment dimension information, user dimension information and/or network dimension information.
According to the security prevention and control method of the automatic vending equipment, the equipment dimension information, the user dimension information and the network dimension information further comprise a plurality of pieces of sub-dimension information, each piece of sub-dimension information is independently provided with a health judgment threshold value, and each piece of sub-dimension information independently prompts the health state of the automatic vending equipment.
According to the safety prevention and control method of the automatic vending equipment, the health judgment threshold and the processing strategy of each dimension index are comprehensively determined according to the historical operation records and theoretical analysis; and in the operation process, the judgment threshold and the processing strategy are continuously adjusted or corrected according to the feedback of the processing result.
The security prevention and control method of the automatic vending equipment further comprises automatic threshold recommending operation, wherein the automatic threshold recommending operation automatically counts all dimension information of the online automatic vending equipment, evaluates all dimension information according to big data statistics and automatically adjusts the current health judgment threshold.
Another aspect provides a security prevention and control system for a vending apparatus, comprising:
and a statistics module: the multi-dimensional operation index is used for generating multi-dimensional operation indexes which can be used for judging the health state of the automatic vending equipment by carrying out statistics and summarization on the received data;
and an analysis module: the multi-dimensional operation index judgment method is used for judging the multi-dimensional operation indexes of each automatic vending device one by one through the security model; triggering an alarm processing program when judging that the multi-dimensional operation index of the automatic vending equipment has the index exceeding the normal working interval; if the automatic vending equipment does not have the index exceeding the normal working interval, the automatic vending equipment does not process the index;
the processing module is used for: when the alarm items are found to exist according to the analysis of the analysis module, alarm information of the automatic vending equipment is generated according to the alarm items exceeding the normal working interval; searching an alarm information database according to alarm information, judging whether a processing strategy of the alarm item exists in the current alarm information database, and executing a processing program directly according to the processing strategy corresponding to the alarm item if the processing strategy exists; if the alarm information does not exist, the alarm information is sent to one or more than one manual processing terminal preset by the system, manual processing is requested, the manual processing process is recorded, and the processing process is used as a processing strategy corresponding to the alarm item and updated to an alarm information database to be used as a processing strategy of the alarm item of the next time.
The safety prevention and control system of the automatic vending equipment further comprises: and a correction module: the method is used for manually readjusting the judgment threshold and the processing strategy of the alarm item according to the feedback of the alarm processing result, and the judgment threshold and the processing strategy are used as the judgment threshold and the processing strategy of the alarm item of the next class.
The invention adopts the active monitoring method, so that the server can identify the external attack behavior at the first time, can realize automatic processing for the known attack type, can realize urgent limiting measures for the new type of external attack behavior, limits the influence of the attack behavior to a small range, and along with the increase of the operation time, the capability of automatically coping with various external attack behaviors is continuously enhanced, thereby greatly reducing the operation risk of automatic vending equipment. By adopting the active monitoring mode, the identification of the abnormal automatic vending equipment can be realized at the same time, such as the abnormality of offline automatic vending equipment, overhigh network delay and the like.
Drawings
FIG. 1 is a basic flow diagram of security control of a vending apparatus;
FIG. 2 is a data flow diagram of a security control system of a vending machine;
FIG. 3 is a schematic diagram of a module for a server to implement multi-dimensional operation index collection for vending equipment;
FIG. 4 is a flow diagram of further processing of a cache queue;
FIG. 5 is a flow chart of alarm information processing;
fig. 6 is a strategy example of different processes corresponding to intervals in which one dimension value is different.
Description of the embodiments
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention adopts a server to actively monitor the communication data of the automatic vending equipment, especially the data related to the transaction, determines the safety threshold of the equipment by analyzing the historical transaction data of the automatic vending equipment, judges the type of the attack, automatically processes the attack according to the existing processing measures in the processing alarm information database, generates alarm notification with the new type of attack according to the preset flow, limits the access of the user to the system for the first time of the malicious act, can continuously intervene manually or manually select the processing type, records the result of the manual processing, updates the processing measures of the type of attack into the processing alarm information database, and provides the automatically processed experience data for the subsequent attack of the type.
Fig. 1 is a basic flow chart of security control of a vending apparatus, the security control method of the vending apparatus mainly comprising the steps of:
s101, periodically collecting multi-dimensional operation index values of automatic vending equipment on the network by a server;
s102, the server performs statistics and summary according to the collected multidimensional operation index values to generate a health state which can be used for judging the vending equipment;
s103, the server regularly judges the health state of each automatic vending device one by one through a security model; when judging that the multi-dimensional operation index of the automatic vending equipment has an index exceeding a normal working interval, triggering alarm processing S104; if the vending equipment does not exist beyond the normal working interval, returning to continue to execute S101;
s104, generating alarm information of the automatic vending equipment according to the alarm items exceeding the normal working interval; the execution returns to S101.
The following operations can be added after the alarm information of the automatic vending equipment is generated according to the alarm items beyond the normal working interval:
s105, searching an alarm information database according to the alarm information, and searching a processing strategy of the type of alarm items existing in the current alarm information database;
s106, if the alarm item exists, executing a processing program directly according to the processing strategy corresponding to the alarm item; s107, if the alarm information does not exist, the alarm information is sent to one or more manual processing terminals preset by the system;
s108, requesting manual processing, recording the manual processing process, and updating the processing process serving as a processing strategy corresponding to the alarm items in the alarm information database to serve as the processing strategy of the alarm items in the next time.
For the current alarm processing according to the historical alarm processing strategy, the processing result is also notified to related personnel in a system preset mode, the related personnel judges whether the alarm information judgment threshold and the processing strategy need to be adjusted according to the processing result, and the alarm information can be adjusted immediately to be used as the basis of the next alarm information processing strategy and judgment strategy.
Considering that if all the alarm information and the processing result are sent to related maintenance personnel, the information may be excessively large, basic division such as setting alarm level can be added or the alarm can be further classified, the corresponding alarm information is sent to the corresponding personnel according to the classification, and the alarm can be selected not to be sent to unrelated personnel. And sending the alarm information of the high-risk level to related personnel at the first time according to the risk level, and requiring the related personnel to perform manual processing immediately.
The following details the specific processing methods by way of specific examples: first, the following multidimensional operation index values are explained.
The multi-dimensional operation index value mainly comprises equipment dimension information, user dimension information and/or network dimension information. The specific dimension can be divided in other classification modes, and the division is not required to be performed according to the equipment dimension information, the user dimension information and the network dimension information. And new dimensions may be added as the actual usage is made, or specific information items for each dimension may be added or subtracted.
1. Device dimension information
The device dimension information refers to whether each behavior parameter of the vending machine is in a health state from the perspective of vending device, generally refers to whether each behavior value of a time interval is within a preset health interval, and one or more of the following items can be selected as the device dimension information:
(1) The application amount of orders: the application order quantity refers to the total quantity of orders which are not paid in a time interval in the operation process by using the dimension statistics of the automatic vending equipment.
(2) Payment price: the payment price refers to counting the total payment amount in a time interval in the operation process by using the dimension of the vending equipment.
(3) Total number of orders: the total number of orders refers to the total number of orders in which a process (such as application- > payment- > shipment- > completion) is normally completed in a time interval in the operation process by dimension statistics of automatic vending equipment.
(4) Total number of shipment: the total shipment number refers to how many shipments are shipped out in a time interval during the operation process by the dimension of the vending machine.
(5) Total refund: the refund total number refers to the total number of refund orders after an order in a time interval in the operation process is paid and the shipment is successful by counting the dimension of the automatic vending equipment.
(6) Application frequency: the application frequency refers to the application order frequency of a time zone in the operation process of dimension statistics of automatic vending equipment, and the calculation formula is as follows: application frequency = total number of applications/number of time zone interval seconds.
(7) Payment frequency: the payment frequency refers to the frequency of payment in a time interval in the operation process by dimension statistics of automatic vending equipment, and the calculation formula is as follows: payment frequency = total number of payment orders/number of seconds of time interval.
(8) The following frequencies: the order placing frequency refers to counting the frequency formula of the number of completed orders in a time interval in the operation process by using the dimension of the automatic vending equipment, wherein the frequency formula is as follows: order frequency = total number of completed orders/number of seconds of time interval.
(9) Shipment frequency: the shipment frequency refers to the frequency of the number of completed orders in a time interval in the operation process of dimension statistics of automatic vending equipment, and the calculation formula is as follows: order frequency = total number of completed orders/number of seconds of time interval.
(10) Refund frequency: refund frequency refers to order frequency of refunds in the operation process by dimension statistics of automatic vending equipment, wherein refunds which are delivered and refunds which are not delivered are included, and the calculation formulas are as follows: refund frequency = refund number of orders returned/time interval seconds; refund frequency = number of refunds for a non-shipment order/number of seconds of time interval.
2. User dimension information
The user dimension refers to analyzing from the vending machine dimension whether the user is in a healthy state or not, which may include values for one or more of the following behaviors within a time interval:
(1) The application amount of orders: the order applying quantity refers to counting the number of orders applied but not paid by a user in a time interval on the automatic vending equipment platform according to the dimension of the user.
(2) Payment price: the payment price refers to counting the total amount paid by the user in the user dimension for a time interval on the vending machine platform.
(3) Total number of orders: the total number of orders refers to the total number of orders in which the user walks through the normal flow in a time interval on the automatic vending equipment platform by using the dimension of the user.
(4) Total number of shipment: the shipment refers to counting the total number of goods which are shipped from the vending machine by a user in a time interval on the vending machine platform in the dimension of the user.
(5) Order and image identification number: the order and the image identification number are used for counting the time period that the user purchases the order in a time interval on the automatic vending equipment platform through the dimension of the user, analyzing whether the acquired video is purchased by people, and if the acquired video cannot be found to be purchased by people, indicating that the video is possibly attacked by the outside.
(6) Vending number of vending apparatus: the vending machine vending number refers to the total number of the user purchases on how many vending machines the user makes in a time interval on the vending machine platform in the dimension of the user.
(7) Vending device average distance: the vending machine vending number refers to the total number of the user purchases on how many vending machines the user makes in a time interval on the vending machine platform in the dimension of the user.
3. Network dimension information
The network dimension is to analyze whether the communication protocol interaction between the automatic vending equipment and the server is in a health state or not according to the dimension of the automatic vending equipment, the protocol types comprise login, heartbeat and business, and the behavior indexes of each protocol type comprise the numerical values of one or more of the following behavior indexes:
(1) Protocol times and frequency: the protocol times and the frequency are counted by the automatic receiving dimension to obtain the times and the frequency of interaction between the automatic vending equipment and the server communication protocol in a time interval in the operation process, and the frequency formula is as follows: number of cooperative communication/number of seconds of time interval.
(2) Number and frequency of protocol authentication failures: the number and frequency of protocol verification failures are counted by the dimension of automatic receiving goods, and after a time interval server receives the protocol in the running process of the automatic vending equipment, the protocol is verified to be the total number of illegal protocols. The frequency formula is: number of co-verification failures/number of seconds of time interval.
(3) Protocol IP address set: the protocol Ip address set refers to an Ip address set that is used to count the communication between the vending machine and the server in a time interval during the operation of the vending machine in the dimension of automatic delivery.
(4) Protocol size: the protocol size refers to the data size of the automatic vending equipment in communication with the server in a time interval in the operation process by using the dimension of automatic receiving goods.
(5) Communication protocols are defined between the vending equipment and the server, and data formats of communication between the vending equipment and the server are defined, wherein the communication protocols comprise two types of communication protocols which are respectively: 1) A request communication protocol, namely a request communication protocol sent by the vending equipment to the server; or the server sends the requested communication protocol data to the vending device. 2) The response communication protocol refers to feedback data which is fed back by the processing after the server receives the transmitted request communication protocol, or refers to feedback data which is fed back by the processing after the vending equipment receives the transmitted request communication protocol.
The vending device communicates with the server once, in effect, as an interactive process involving the transmission and response of the two communication protocols described above, the protocol data format including the signature information and the body information of the protocol.
(6) Signature information: the receiver verifies whether the content of the request protocol sent by the sender is legal or not, and the signature information comprises: 1) Protocol unique number: each protocol contains a protocol unique number to ensure the uniqueness of the protocol and a session unique number; 2) Device number of vending device; 3) Masking; 4) Session coding; 5) Signature value.
(7) Main body information: the content comprises a specific service protocol, wherein the service protocol refers to a specific protocol content predefined between the vending equipment and the service server, the specific protocol content is described by service message content, and if the specific protocol is a response communication protocol, the main body information also comprises a request protocol processing state code and a request protocol unique number.
The communication protocol has the advantages that independent signature information is provided for each communication to verify the validity of the communication, illegal data which cannot verify the signature is filtered, and the anti-attack capability of the system can be improved. Transmission compatible with various service protocol data formats, such as Json and XML or other protocol formats; the adoption of the active request and passive response modes to complete the data interaction process improves the reliability and maintainability of communication.
The validity verification server side of the vending device mainly comprises: the system comprises a data receiving module, a data statistics module, an analysis module and a processing module.
Fig. 2 is a data flow diagram of a security prevention and control system for a vending machine (vending machine), which relates generally to interactions of three parties, namely, the vending machine (vending machine), a server and a database, and processing flows within the server side. The specific flow is as follows:
s201, the server actively transmits a communication protocol request to report data conforming to a protocol and verification regulation to the automatic vending equipment periodically or according to a preset strategy, or passively receives the data conforming to the protocol and verification transmitted by the automatic vending equipment, so as to realize multi-dimensional numerical value acquisition of the automatic vending equipment;
s202, the server analyzes the received communication protocol and stores the communication protocol into a cache medium according to the specification;
s203, the server regularly extracts cache records from the cache medium, counts various indexes in the cache records according to time periods, and stores the counted various indexes into a database according to a preset structure;
s204, the server periodically acquires various indexes of the automatic vending equipment from the database to detect, identifies records meeting alarm conditions, generates alarm information according to the reason of the alarm, stores the alarm information into the database, and triggers a processing program;
s205, the server searches the database according to the alarm information, inquires whether the processing strategy of the alarm information exists in the database, and if so, automatically executes the processing according to the alarm strategy directly; if no test triggers manual processing.
The S206 server also provides an interface for automatically executing processing and manual processing result feedback and manual correction and processing, and a processing strategy for automatically generating the type of alarm information for manual processing operation is updated to the server.
The alarm handling may be: ignoring processing, temporarily masking access, permanently masking access. Of course this is only a conventional processing strategy and other strategies may be defined.
The following describes how the server can collect the multidimensional degree value of the vending machine.
FIG. 3 is a schematic diagram of a module for a server to implement multi-dimensional operation index collection for vending equipment; the vending machine is geographically dispersed at various operating points and communicates with the server via a wired or wireless network via a defined communication protocol. The server collects the dimension index data of the automatic vending equipment on the network, such as equipment dimension information, user dimension information, network dimension information and the like, and collects the dimension index data according to a communication protocol between the automatic vending equipment and the server, S301 judges whether the timing time is up, if so, S302 acquires the received protocol data, and the server side inquires the received communication protocol data sent by the automatic vending equipment in the previous time period; s303, an analysis module on the server analyzes the received protocol data; s304, caching the parsed data in a queue form. The automatic vending equipment is actively required by the server, and the automatic vending equipment transmits a response communication protocol to acquire data, so that the server is more beneficial to managing the terminal and collecting the data; the vending machine may also be configured to actively report the data required by the server to the vending machine on a periodic basis or to collect as supplemental data. And meanwhile, the statistics required by the automatic vending equipment terminal to collect and summarize the server in operation can be increased, and the data of the statistics can be collected.
The receiving module acquires communication protocol data sent by the automatic vending equipment to the server according to the communication protocol, the receiving module receives and updates the initial data and the data, and the later analysis and processing of the user and the automatic vending equipment are all based on the protocol data received according to the receiving protocol. The receiving module can be integrated into an existing system independently of the system in a pluggable manner.
The analysis module is used for analyzing the protocol data received by the receiving module, and extracting the automatic vending equipment number, the user number, the protocol type, the receiving time and the automatic vending equipment ip address in the protocol data, wherein the protocol type comprises a login protocol, a heartbeat protocol, a service protocol (such as a protocol for communication between the automatic vending equipment and a service server) and the like; and forms a cache queue data format. Other data formats may also be used for buffering and matching data read from the memory module.
The storage module is used for analyzing the data interface and storing the analyzed data into a cache medium, and the cache medium can be a memory, a hard disk and other storage media.
FIG. 4 is a flow chart of further processing of a cache queue, further implementing obtaining cache queue data from the cache queue, counting various index amounts of each dimension by vending equipment, users and network dimensions, counting, and storing in a database. S401 reads the current time, S402 judges whether T2-T1 is larger than Tr, S403 reads the buffer queue data of the time interval from T1 to T2; the queue data are statistically classified into multidimensional data; and updating T1. The method is specifically realized by the following modules:
the system adopts a timing task mode to read the buffer queue data in the time interval from T1 to T2, the timing time length is Tr, T1 represents the time point from the last time of the timing task reading, T2 is the time point of the current reading, the system needs to store the current time point T2, the next time of the timing task reading is convenient, and the read buffer data is stored in the memory.
And a statistics module: the read data of the time interval from T1 to T2, the single record information generally includes the number of the automatic vending equipment, the number of the user, the protocol type, the receiving time, the ip address of the automatic vending equipment and the original protocol content. Wherein the protocol types include login, heartbeat, and business protocols; the business agreements include data related to the order, such as application, payment, shipment, completion, refund, etc. The statistics module is used for analyzing and classifying the content carried by the single record data into record data structures of all dimensions, namely one communication protocol can be decomposed into one dimension or a plurality of dimension data in the record information of equipment dimension, user dimension and network dimension according to the information carried by the single record data.
How individual device dimensions, individual user dimensions, and individual network dimension data of the vending device are analyzed from a single communication protocol is described below by way of specific examples.
A single equipment dimension and takes a protocol type as an order service protocol, and the following information is generally recorded in the communication protocol, for example: automatic vending equipment number, application order (1 or 0), payment price (0 or order price), number of orders in the singular (1 or 0), number of orders (number of orders) and number of refunds (1 or 0).
For example, according to the application protocol of the order service protocol, we can get the following information: automatic vending equipment number XXXX, application order number 1, payment price 0, lower order number 0, shipment number 0 and refund number 0.
For example, according to the order payment agreement we can get the following information of automatic vending apparatus number XXXX, applied order number 0, payment price 0, order price 0, shipment number 0, refund number 0.
Other protocols and so on, the method is also suitable for combining the following user and network dimensions into a single information record.
A single user dimension, if the protocol type is a business protocol, has records: user number, applied order (1 or 0), payment price (0 or order price), placement of the singular (1 or 0), shipment number (order shipment number), order and image identification number (1 or 0), vending machine number. The order and the image identification number are obtained by recalculating data acquired in a business protocol.
A single network dimension, this record must be generated regardless of the protocol type: vending device number, protocol type (login, heartbeat, traffic), number of protocols, number of protocol failures, ip address, protocol size. Because any one communication necessarily includes network dimension information, any one communication can extract the network dimension information.
And counting records, namely counting the record number of each dimension and the corresponding frequency according to the generated single dimension record data, namely counting time from T1 to T2, and storing only three records of related dimensions into a database (namely, equipment dimension, user dimension and network dimension respectively).
The storage module is used for storing the statistical records of the three dimensions obtained by final statistics into a database for further processing by a subsequent analysis module.
The analysis module is used for evaluating the health states of the automatic vending equipment and the user according to the security model, specifically, evaluating the health states of the automatic vending equipment and the user according to the statistical record information of each dimension obtained by statistics by using the security model, and mainly comprises the following steps: the device comprises a reading module, an evaluation module and a storage sub-module.
1) And a reading module.
The reading sub-module supports the evaluation of index item statistical records under the single dimension or the acquisition of dimension item index statistical records stored in the data according to time intervals, namely, respective reading modes can be configured according to the index item dimension, for example, the total number of application orders for configuring the user dimension is read according to the single statistics or the time intervals. Whether single or time period final or single dimension statistics record enter the assessment module to assess whether the vending device or user is healthy.
The evaluation module evaluates whether the related indexes of the automatic vending equipment or the user are abnormal according to the single-dimension statistical record information, and generates alarm information if abnormal conditions exist. The specific steps are exemplified as follows:
firstly, acquiring the configuration information of the lowest threshold and the highest threshold of each index item under equipment, users or network dimensions to be evaluated;
then checking whether each index quantity under the dimension to be evaluated exceeds or falls below the highest threshold value or the lowest threshold value one by one;
and finally, generating alarm information by the index items exceeding the threshold range, wherein the alarm information generally comprises the number of the automatic vending equipment or the number of the user, the index item value, the threshold range value, the exceeding value and the generation time.
3) And the storage module is used for storing the generated alarm information into the database.
FIG. 5 is a flow chart of alarm information processing that is primarily implemented as manual processing or system self-processing based on alarm information system predictions. The manual processing representative system cannot find a processing scheme from the historical processing scheme, and needs to inform a person to perform manual processing, and the system can perform self-processing through a plurality of processing historical scene big data systems so as to reduce manual processing and improve efficiency. The specific process flow is as follows:
firstly, reading alarm information from an alarm information database through a reading module, scanning the alarm information stored in the database and index item values of each dimension of equipment corresponding to the read alarm information in a time period from T1 to T2 according to a timing task, summarizing the index item values to form dimension index item values, and entering an evaluation module for processing;
further, the evaluation module is used for analyzing to realize whether manual processing or automatic processing of the system according to the processing strategy recorded in the database, and the specific evaluation module is used for analyzing as follows:
calculating the difference value of the exceeding or falling threshold value in the alarm index;
further, classifying treatment schemes (history treatment records) are carried out according to the difference value and the high-low type;
further, a range interval algorithm is adopted to calculate which type of processing scheme the current difference belongs to, if the analysis is in the existing classification, the system processes according to the classification history processing record mode, if the analysis is not in the existing classification, the system judges that the manual processing is needed, and the system shifts to the manual processing.
FIG. 6 is an example of policies for different treatments corresponding to intervals of different dimension values, in which each index is generally set with a lowest threshold and a highest threshold, and between the lowest threshold and the highest threshold, the interval is normal, and no alarm information needs to be prompted; while the alarm is considered to be needed when the alarm is lower than the lowest threshold value and higher than the highest threshold value, different alarm intervals are needed to be defined according to the degree that the alarm is out of the normal range when the alarm is in the alarm area, and different treatment schemes are adopted in different intervals. Manual handling may be required for severe alert intervals. The threshold value of each interval may be modified manually.
The judgment about the alarm can be that a single index singly judges whether the index is abnormal or not, and whether the alarm is needed or not. Meanwhile, the health degree of the user can be calculated by a plurality of indexes according to different weights to judge whether the user needs to be warned or not. This is determined by the actual operation.
The manual processing can also inform relevant personnel of the alarm information, and the relevant personnel can carry out corresponding processing scheme processing according to the alarm information. The alarm information can be additionally provided with relevant information, such as: prompting the relevant personnel about the processing mode which can be selected by the alarm, what mode is the processing mode of the alarm which is the closest to the alarm in history, the danger level information of the alarm and the like, and helping the relevant personnel to quickly make the processing selection of the alarm.
The system defaults to provide the following 3 processing options to the user, which are analyzed and selected by the user according to the alarm information, and the operator may also increase the processing options as the system is actually used:
1) Neglecting: ignoring the process represents that the system does not take action to deal with the abnormal situation of the vending machine.
2) Temporary mask access: the temporary shielding access can be used for shielding the vending machine and the user for a period of time, for example, the user maliciously applies for the two-dimensional code on the screen of the vending machine for a plurality of times without payment operation, the system detects and then prohibits any operation after a period of time (N minutes, N hours, N days, etc.), and the temporary shielding access is set for vending equipment or the user without forming a particularly serious problem.
3) Permanent mask access: the processing scheme of the permanent shielding access is to prohibit all users or vending devices from communicating with the server, including IP filtering (such as setting by controlling third party HTTP proxy software), and setting for the vending devices and the user malicious attack system.
Because the vending machine or the user is permanently shielded, any access to the vending machine or the user is restricted, and thus certain restrictions are required for the processing operation, the specific restrictions may be adjusted according to the actual operation procedure, such as the following restrictions:
1. the server refuses to accept the protocol system record with the vending machine number or user number rejected IP information.
2. The server will limit the previous vending machine number or the IP address information carried by the user (including the rejected IP information described above) by the HTTP proxy software.
The maintenance personnel can select a processing scheme or a custom added processing scheme based on the alarm information:
and the storage module is used for storing the information into the historical alarm information according to the alarm information and the processing scheme.
Because in the actual operation process, the processing mode of the alarm information selection or the threshold value for judging the alarm information which is set at the beginning is possibly not necessarily optimal; or the judgment threshold value of the processing mode and the alarm information may need to be adjusted due to the special requirements of the environment or the operation. Therefore, the system also provides a manual re-correction processing function, which can be used for simultaneously adjusting the judgment threshold value and the like during manual processing, or can be used for actively finding out that the related processing mode and the judgment threshold value are modified.
The general system checks the alarm information and the system can not automatically select the processing mode, then the manual processing needs to be triggered, and the manual processing mainly comprises the following information:
the manual treatment steps are as follows:
and notifying the alarm information to the corresponding processor in a short message, a mail, a system message and the like.
The handler sets alert information and may set minimum and/or maximum thresholds for the treatment plan;
the handler selects or adds a treatment measure and stores the threshold information and treatment plan in a database. And if the system detects that the same alarm information exists again, the system automatically processes the alarm information according to the processing scheme.
The manual correction operation provides the function that the user readjusts or corrects the threshold value or the processing scheme according to the processing result of the existing threshold value and the processing scheme, so that the alarm judgment and the processing mode are more reasonable, and the operation requirement is more met. The manual correction mainly comprises the following operations:
and notifying the alarm information processing result to a response processor (the notification mode can be short message, mail, system message and the like).
The handler may ignore or modify the treatment plan and set the lowest or highest threshold for the treatment plan, or other thresholds for the respective intervals.
And if the system checks the same alarm information again, the system automatically processes the alarm information according to the modified processing scheme according to the processing scheme.
The above disclosure is only one embodiment of the present invention, and it should be understood that the scope of the invention is not limited thereto, and those skilled in the art can appreciate that all or part of the procedures described above may be performed according to the equivalent changes of the claims, and still fall within the scope of the present invention.

Claims (10)

1. A security prevention and control method of vending equipment, comprising the steps of:
step one, a server periodically collects multi-dimensional operation index values of automatic vending equipment on the network;
step two, the server performs statistics and summary according to the collected multi-dimensional operation index values to generate multi-dimensional operation indexes which can be used for judging the health state of the automatic vending equipment; the server determines a security threshold for the device by analyzing its historical transaction data;
step three, the server regularly judges the health status of each automatic vending device one by one through a security model; when judging that the multi-dimensional operation index of the automatic vending equipment has an index exceeding a normal working interval, triggering an alarm processing next step; if the automatic vending equipment does not have the index exceeding the normal working interval, returning to continue to execute the first step; the index exceeding the normal working interval comprises an index exceeding a safety threshold range;
generating alarm information of the automatic vending equipment according to the alarm items exceeding the normal working interval, and returning to continue to execute the first step;
the multi-dimensional operation index value of the automatic vending equipment comprises equipment dimension information and user dimension information; the equipment dimension information comprises the application order quantity, the total number of orders, the total number of refunds and/or the application frequency of the equipment in a set time; the user dimension information comprises the application order quantity, the total number of orders, the total number of goods outgoing and/or the order and image identification number of the user in a set time.
2. The security protection and control method of a vending apparatus according to claim 1, further comprising the following operations after generating the alarm information of the vending apparatus according to the alarm item beyond the normal operation interval: searching an alarm information database according to alarm information, judging whether a processing strategy of the alarm item exists in the current alarm information database, and executing a processing program directly according to the processing strategy corresponding to the alarm item if the processing strategy exists; if the alarm information does not exist, the alarm information is sent to one or more than one manual processing terminal preset by the system, manual processing is requested, the manual processing process is recorded, and the processing process is used as a processing strategy corresponding to the alarm item to be updated in an alarm information database and used as a processing strategy of the alarm item next time.
3. The security prevention and control method of a vending apparatus of claim 2, further comprising: when the processing strategy of the alarm item does not exist in the retrieval alarm information database, the operation of limiting the access of the automatic vending equipment is executed first, and then the manual processing is requested.
4. The security prevention and control method of a vending apparatus of claim 2, further comprising a correction step of readjusting a judgment threshold and a processing policy of the alert item based on a result feedback of the alert process.
5. The security control method of a vending apparatus of claim 2, wherein the multi-dimensional operation index value further comprises network dimension information.
6. The security prevention and control method of a vending apparatus of claim 5, wherein the apparatus dimension information, the user dimension information, and the network dimension information each further comprise a plurality of sub-dimension information, each sub-dimension information being separately provided with a health judgment threshold, each sub-dimension information separately prompting a health status of the vending apparatus.
7. The security prevention and control method of vending apparatus of claim 2, wherein the health judgment threshold and the processing policy of each dimension indicator are comprehensively determined according to historical operation records and theoretical analysis; and in the operation process, the judgment threshold and the processing strategy are continuously adjusted or corrected according to the feedback of the processing result.
8. The security prevention and control method of an online vending apparatus of claim 2, further comprising an automatic threshold recommendation operation that automatically counts all of the dimension information of the online vending apparatus, evaluates the dimension information based on the big data statistics, and automatically adjusts a current health judgment threshold.
9. A security prevention and control system for vending apparatus, comprising:
and a receiving module: the method comprises the steps of obtaining communication protocol data sent by automatic vending equipment to a server according to a communication protocol, and obtaining multi-dimensional operation index values of the automatic vending equipment on the network by analyzing the received data;
and a statistics module: the multi-dimensional operation index is used for generating multi-dimensional operation indexes which can be used for judging the health state of the automatic vending equipment by carrying out statistics and summarization on the received data; the server determines a security threshold for the device by analyzing its historical transaction data;
and an analysis module: the multi-dimensional operation index judgment method is used for judging the multi-dimensional operation indexes of each automatic vending device one by one through the security model; triggering an alarm processing program when judging that the multi-dimensional operation index of the automatic vending equipment has the index exceeding the normal working interval; if the automatic vending equipment does not have the index exceeding the normal working interval, the automatic vending equipment does not process the index; the index exceeding the normal working interval comprises an index exceeding a safety threshold range;
the processing module is used for: when the alarm items are found to exist according to the analysis of the analysis module, alarm information of the automatic vending equipment is generated according to the alarm items exceeding the normal working interval; searching an alarm information database according to alarm information, judging whether a processing strategy of the alarm item exists in the current alarm information database, and executing a processing program directly according to the processing strategy corresponding to the alarm item if the processing strategy exists; if the alarm information does not exist, the alarm information is sent to one or more than one manual processing terminal preset by the system, manual processing is requested, the manual processing process is recorded, and the processing process is used as a processing strategy corresponding to the alarm item to be updated in an alarm information database and used as a processing strategy of the alarm item at the next time;
the multi-dimensional operation index value of the automatic vending equipment comprises equipment dimension information and user dimension information; the equipment dimension information comprises the application order quantity, the total number of orders, the total number of refunds and/or the application frequency of the equipment in a set time; the user dimension information comprises the application order quantity, the total number of orders, the total number of goods outgoing and/or the order and image identification number of the user in a set time.
10. The security prevention and control system for a vending apparatus of claim 9, further comprising: and a correction module: the method is used for manually readjusting the judgment threshold and the processing strategy of the alarm item according to the feedback of the alarm processing result, and the judgment threshold and the processing strategy are used as the judgment threshold and the processing strategy of the alarm item next time.
CN201910904807.0A 2019-09-24 2019-09-24 Security prevention and control method and system for automatic vending equipment Active CN110750784B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910904807.0A CN110750784B (en) 2019-09-24 2019-09-24 Security prevention and control method and system for automatic vending equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910904807.0A CN110750784B (en) 2019-09-24 2019-09-24 Security prevention and control method and system for automatic vending equipment

Publications (2)

Publication Number Publication Date
CN110750784A CN110750784A (en) 2020-02-04
CN110750784B true CN110750784B (en) 2023-10-03

Family

ID=69276974

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910904807.0A Active CN110750784B (en) 2019-09-24 2019-09-24 Security prevention and control method and system for automatic vending equipment

Country Status (1)

Country Link
CN (1) CN110750784B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2021149806A (en) * 2020-03-23 2021-09-27 本田技研工業株式会社 Notification device
CN111835760B (en) * 2020-07-10 2023-03-24 广州博冠信息科技有限公司 Alarm information processing method and device, computer storage medium and electronic equipment
CN112905409A (en) * 2021-01-14 2021-06-04 广州乐摇摇信息科技有限公司 Abnormity solving method and device for automatic vending equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082702A (en) * 2009-11-27 2011-06-01 华为技术有限公司 Terminal alarm processing method, device and system thereof
CN107302264A (en) * 2017-07-06 2017-10-27 国电南瑞科技股份有限公司 A kind of substation secondary automation equipment stable operation management-control method
CN108304941A (en) * 2017-12-18 2018-07-20 中国软件与技术服务股份有限公司 A kind of failure prediction method based on machine learning
CN109800139A (en) * 2018-12-18 2019-05-24 东软集团股份有限公司 Server health degree analysis method, device, storage medium and electronic equipment
CN109947088A (en) * 2019-04-17 2019-06-28 北京天泽智云科技有限公司 Equipment fault early-warning system based on model lifecycle management
CN110164101A (en) * 2019-04-09 2019-08-23 烽台科技(北京)有限公司 A kind of method and apparatus handling warning message

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082702A (en) * 2009-11-27 2011-06-01 华为技术有限公司 Terminal alarm processing method, device and system thereof
CN107302264A (en) * 2017-07-06 2017-10-27 国电南瑞科技股份有限公司 A kind of substation secondary automation equipment stable operation management-control method
CN108304941A (en) * 2017-12-18 2018-07-20 中国软件与技术服务股份有限公司 A kind of failure prediction method based on machine learning
CN109800139A (en) * 2018-12-18 2019-05-24 东软集团股份有限公司 Server health degree analysis method, device, storage medium and electronic equipment
CN110164101A (en) * 2019-04-09 2019-08-23 烽台科技(北京)有限公司 A kind of method and apparatus handling warning message
CN109947088A (en) * 2019-04-17 2019-06-28 北京天泽智云科技有限公司 Equipment fault early-warning system based on model lifecycle management

Also Published As

Publication number Publication date
CN110750784A (en) 2020-02-04

Similar Documents

Publication Publication Date Title
CN110750784B (en) Security prevention and control method and system for automatic vending equipment
US9601000B1 (en) Data-driven alert prioritization
US20060130147A1 (en) Method and system for detecting and stopping illegitimate communication attempts on the internet
CN104519018A (en) Method, device and system for preventing malicious requests for server
CN106357685A (en) Method and device for defending distributed denial of service attack
CN111131253A (en) Scene-based security event global response method, device, equipment and storage medium
CN101321084A (en) Method and apparatus for generating configuration rules for computing entities within a computing environment using association rule mining
CN109462599A (en) A kind of honey jar management system
CN106953738A (en) Risk control method and device
CN110929896A (en) Security analysis method and device for system equipment
JP4508207B2 (en) Unauthorized browsing prevention method, unauthorized browsing prevention system, and unauthorized browsing prevention program
CN108833442A (en) A kind of distributed network security monitoring device and its method
CN108009406B (en) Account freezing method, account unfreezing method and server
CN115378711A (en) Industrial control network intrusion detection method and system
CN113849362B (en) Business service platform management method, device and computer readable storage medium
CN111625700B (en) Anti-grabbing method, device, equipment and computer storage medium
KR101576993B1 (en) Method and System for preventing Login ID theft using captcha
CN116346433A (en) Method and system for detecting network security situation of power system
CN114124453B (en) Processing method and device of network security information, electronic equipment and storage medium
CN111209171B (en) Closed loop handling method and device for security risk and storage medium
CN111932290A (en) Request processing method, device, equipment and storage medium
CN113949578A (en) Automatic detection method and device for unauthorized vulnerability based on flow and computer equipment
CN113515786A (en) Method and device for detecting whether device fingerprints collide or not by combining wind control system
CN107124390B (en) Security defense and implementation method, device and system of computing equipment
CN111259383A (en) Safety management center system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant