CN113259397A - Method, device and equipment for executing plan and readable storage medium - Google Patents

Method, device and equipment for executing plan and readable storage medium Download PDF

Info

Publication number
CN113259397A
CN113259397A CN202110764770.3A CN202110764770A CN113259397A CN 113259397 A CN113259397 A CN 113259397A CN 202110764770 A CN202110764770 A CN 202110764770A CN 113259397 A CN113259397 A CN 113259397A
Authority
CN
China
Prior art keywords
plan
node
network security
security event
flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110764770.3A
Other languages
Chinese (zh)
Other versions
CN113259397B (en
Inventor
常月
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Technology Group Co Ltd
Original Assignee
Qianxin Technology Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianxin Technology Group Co Ltd filed Critical Qianxin Technology Group Co Ltd
Priority to CN202110764770.3A priority Critical patent/CN113259397B/en
Publication of CN113259397A publication Critical patent/CN113259397A/en
Application granted granted Critical
Publication of CN113259397B publication Critical patent/CN113259397B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method, a device, equipment and a readable storage medium for executing a plan, wherein the method comprises the following steps: when a network security event occurs, acquiring a target plan corresponding to the network security event from a preset plan library; analyzing plan nodes contained in the target plan and node sequences among the plan nodes; in the process of sequentially executing the plan nodes according to the node sequence, when the executed plan nodes are strong flow nodes, sequentially executing all the child nodes in the strong flow nodes, and when the executed plan nodes are weak flow nodes, executing all the child nodes in the weak flow nodes out of order; the present invention is able to respond to network security events through an emergency protocol that includes both strong and weak flow nodes.

Description

Method, device and equipment for executing plan and readable storage medium
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method, an apparatus, a device, and a readable storage medium for executing a plan.
Background
In the internet field, network security events are often threatened during the operation of network systems, such as: network attack, remote trojan, mine digging virus, etc., thereby affecting the normal operation of the network system. In order to ensure the normal operation of the network system, it is generally necessary for network security personnel to manually perform planning, and analyze and respond to the network security event through the planned planning, so as to recover the normal operation of the network system. However, in the prior art, the technical problems of time and labor consumption of plan arrangement, low arrangement plan multiplexing rate and poor flexibility exist.
Disclosure of Invention
The invention aims to provide a method, a device, equipment and a readable storage medium for executing a plan, which can respond to a network security event through an emergency plan comprising a strong flow node and a weak flow node.
According to an aspect of the present invention, there is provided a method of executing a protocol, the method including:
when a network security event occurs, acquiring a target plan corresponding to the network security event from a preset plan library;
analyzing plan nodes contained in the target plan and node sequences among the plan nodes;
in the process of executing the plan nodes in sequence according to the node sequence, when the executed plan node is a strong flow node, all the child nodes in the strong flow node are executed in sequence, and when the executed plan node is a weak flow node, all the child nodes in the weak flow node are executed out of sequence.
Optionally, when a network security event occurs, the obtaining a target plan corresponding to the network security event from a preset plan library specifically includes:
when a network security event occurs, judging whether a target plan corresponding to the network security event exists in the plan library or not;
if yes, acquiring a target plan corresponding to the network security event from the plan library;
if not, determining emergency means for processing the network security events and determining the execution sequence of the emergency means, and sequentially connecting the emergency means through connecting lines according to the execution sequence to compile a target plan corresponding to the network security events.
Optionally, the determining a processing means for processing the network security event specifically includes:
determining the service type and the security level of the network security event;
determining an emergency means corresponding to the service type and the safety level from the plan library; wherein, store the following four kinds of emergency means in the said plan library: work order class, service class, API class, and message class.
Optionally, when a network security event occurs, the obtaining a target plan corresponding to the network security event from a preset plan library specifically includes:
when a network security event occurs, determining the security level of the network security event;
and when the security level is greater than a preset level, acquiring a target plan corresponding to the network security event from a preset plan library.
Optionally, before the obtaining, when the network security event occurs, a target plan corresponding to the network security event from a preset plan library, the method further includes:
acquiring a pre-programmed plan flow chart used for representing the target plan from a flow canvas;
obtaining canvas controls and connecting lines for connecting the canvas controls from the pre-arranged flow chart;
determining a plan node and a node sequence according to the obtained canvas control and the connecting line, and generating a description file of the target plan according to the determined plan node and the node sequence;
and storing the description file of the target plan into the plan library.
Optionally, the determining a plan node and a node sequence according to the obtained canvas control and the obtained connecting line, and generating a description file of the target plan according to the determined plan node and the determined node sequence specifically include:
determining canvas controls belonging to a strong flow node according to the line type of connecting lines among the canvas controls;
generating strong flow description content according to the canvas control belonging to the strong flow node, and adding the strong flow description content into the description file;
the strong flow description is identified in the description file by a first identifier characterizing a strong flow node.
Optionally, the determining a plan node and a node sequence according to the obtained canvas control and the obtained connecting line, and generating a description file of the target plan according to the determined plan node and the determined node sequence specifically include:
determining canvas controls belonging to weak flow nodes according to the line type of connecting lines among the canvas controls;
generating weak flow description content according to the canvas control belonging to the weak flow node, and adding the weak flow description content into the description file;
and identifying the weak flow description content in the description file through a second identifier for characterizing the weak flow node.
Optionally, the analyzing a plan node included in the target plan specifically includes:
analyzing the description content which is identified by the first identifier and corresponds to the strong procedure node from the description file of the target plan; and the number of the first and second groups,
and analyzing the description contents corresponding to the weak procedure nodes identified by the second identifiers from the description file of the target plan.
In order to achieve the above object, the present invention further provides an apparatus for executing a protocol, which specifically includes the following components:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a target plan corresponding to a network security event from a preset plan library when the network security event occurs;
the analysis module is used for analyzing the plan nodes contained in the target plan and the node sequence among the plan nodes;
and the execution module is used for executing all the child nodes in the strong flow node in sequence when the executed plan node is the strong flow node and executing all the child nodes in the weak flow node out of sequence when the executed plan node is the weak flow node in the process of executing the plan node in sequence according to the node sequence.
In order to achieve the above object, the present invention further provides a computer device, which specifically includes: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method of executing the protocol introduced above when executing the computer program.
In order to achieve the above object, the present invention also provides a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, realizes the above-described steps of the method of executing the protocol.
The method, the device, the equipment and the readable storage medium for executing the plan set by the invention set the corresponding emergency plan for each network security event in advance so as to improve the reuse rate of the emergency plan; in addition, a plan flow chart including both a strong flow and a weak flow can be formed during plan arrangement, so that the flexibility of the emergency plan is improved; in addition, the formed plan flow chart is translated into a description file in an XML format, and identifiers are set to identify the strong flow description content and the weak flow description content, so that the expansibility of the description file of the emergency plan is stronger. When the network system is threatened by a network security event, the execution objects are instantiated and generated according to the description files of the corresponding emergency plans, and the normal operation of the network system is ensured by executing each execution object to respond to the network security event.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic flow chart of an alternative method for executing a plan according to an embodiment;
fig. 2 is a schematic diagram of an alternative structure of an apparatus for executing a predetermined scenario provided in the second embodiment;
fig. 3 is a schematic diagram of an alternative hardware architecture of the computer device according to the third embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
An embodiment of the present invention provides a method for executing a plan, as shown in fig. 1, the method specifically includes the following steps:
step S101: when a network security event occurs, a target plan corresponding to the network security event is obtained from a preset plan library.
In this embodiment, a plurality of plans for different network security events are pre-arranged, and the pre-arranged plans are stored in a plan library for later use. The plan refers to an emergency disposal scheme of a corresponding level which is made in advance when a network security event of a major level or more occurs. The pre-planning refers to arranging the emergency means according to a certain sequence and connecting all the emergency means through connecting lines to form an emergency disposal flow responding to the network security event.
Specifically, step S101 includes:
when a network security event occurs, judging whether a target plan corresponding to the network security event exists in the plan library or not;
if yes, acquiring a target plan corresponding to the network security event from the plan library;
if not, determining emergency means for processing the network security events and determining the execution sequence of the emergency means, and sequentially connecting the emergency means through connecting lines according to the execution sequence to compile a target plan corresponding to the network security events.
Further, the determining an emergency means for processing the network security event specifically includes:
determining the service type and the security level of the network security event;
determining an emergency means corresponding to the service type and the safety level from the plan library; wherein, store the following four kinds of emergency means in the said plan library: work order class, service class, API class, and message class.
The work order class needs to have a clear return state value after processing an event, for example, when issuing a report, a clear sign-in must be made; the service class needs configuration items, for example, in an emergency duty scene, duty personnel needs to be configured and check in; the message class can be finished after sending the message without returning any value; the API class is data that is output through the interface setting.
In this embodiment, if there is no target plan corresponding to the network security event in the plan library, a new plan is formed according to the emergency means stored in the plan library, and the new plan is stored in the plan library to continuously enrich the plan types in the plan library.
Further, step S101 specifically includes:
when a network security event occurs, determining the security level of the network security event;
and when the security level is greater than a preset level, acquiring a target plan corresponding to the network security event from a preset plan library.
Preferably, the determining the security level of the network security event specifically includes:
analyzing the network security event to judge whether the network security event contains a malicious script, and acquiring the number of devices influenced by the network security event in a local area network;
and comprehensively determining the security level of the network security event according to whether the network security event contains a malicious script and the number of devices influenced by the network security event in the local area network in combination with the security event classification in the related official standard file. The relevant official standard can be a relevant network security classification official standard and a specification file which are currently effective, such as a public internet network security emergency plan standard issued by the industry and informatization department. In the scheme, besides the consideration of official standards, the determination mode of the security level of the network security event also introduces whether malicious scripts are contained and the number of affected devices, so that the dimensionality of the network security event evaluation is more comprehensive, and the determined security level is more strict and accurate, so that the adopted emergency plan can better meet the actual processing requirement.
Further, before step S101, the method further comprises:
step A1: and acquiring a pre-programmed plan flow chart for representing the target plan from the flow canvas.
The flow canvas is a work table for planning and can be written by the JavaScript frame vue, and the user can arrange the canvas controls in the flow canvas and connect the canvas controls with connecting wires to form a planning flow chart. In this embodiment, the user may compile a pre-arranged flow diagram for responding to the network security event through the flow canvas; specifically, a user drags out corresponding canvas controls from a preset control library according to emergency means required to be used for responding to the network security event (the emergency means and the canvas controls have a one-to-one correspondence relationship), and sequentially connects the canvas controls through connecting lines to form a pre-arranged flow chart. The canvas controls in the control library are divided into the following four types: a work order class, a service class, an API class and a message class; the work order class needs to have a clear return state value after processing an event, for example, when issuing a report, a clear sign-in must be made; the service class needs configuration items, for example, in an emergency duty scene, duty personnel needs to be configured and check in; the message class can be finished after sending the message without returning any value; the API class is data that is output through the interface setting. When the user carries out the plan arrangement, one or more types of canvas controls can be selected from the control library according to the working experience of the user and the service type and the safety level of the network safety event so as to form a plan flow chart. It should be noted that the input and output of the canvas control in each type follows the input/output data standard in the corresponding type.
Step A2: and acquiring canvas controls and connecting lines for connecting the canvas controls from the plan flow chart.
The canvas control component forming the plan flow chart at least comprises one of the following components: a start control, an end control, a business control, a logic control (a parallel control, an exclusive control); the canvas controls are connected through connecting lines of different line types, and control attribute information (such as control input, control output and control position) can be set for each canvas control. In the process of planning and arranging by a user through a process canvas, the user arranges the canvas control on the process canvas by dragging the canvas control from the control library, and the user can also set input parameters and output parameters of a standard data format for the canvas control and connect the canvas controls by connecting lines of different line types to form a planning flow chart.
The canvas controls are connected through connecting lines to represent the logical relationship among the canvas controls; in this embodiment, the predetermined flow chart may include a strong flow relation and a weak flow relation; preferably, the canvas controls for representing the strong flow relationship are connected with each other through a solid arrow connecting line, and the canvas controls for representing the weak flow relationship are connected with each other through a virtual arrow connecting line. It should be noted that the strong flow relation means that each canvas control has a forced time sequence relation, and each canvas control must be executed in sequence according to the connection sequence of the connecting lines, that is, the input data required by the current canvas control needs to depend on the output data of the previous canvas control; the weak flow relation means that no forced time sequence relation exists among the canvas controls, the canvas controls do not need time sequence requirements, and the canvas controls can be executed out of order, namely, input data required by the current canvas control does not depend on output data of the last canvas control.
Step A3: and determining a plan node and a node sequence according to the obtained canvas control and the connecting line, and generating a description file of the target plan according to the determined plan node and the node sequence.
In this embodiment, when the user compiles a plan flowchart through the flow canvas and saves the plan flowchart, a description file in an XML format is generated according to the plan flowchart.
Wherein, the scheme node includes: a start node, an end node, a logic node, a strong flow node and a weak flow node; the protocol node may be comprised of one or more canvas controls; for example, a start node includes only a start control, an end node includes only an end control, a logical node includes only a logical control, a strong flow node is composed of a plurality of controls interconnected by solid arrow connecting lines, and a weak flow node is composed of a plurality of controls interconnected by dashed arrow connecting lines. In addition, the node sequence is used for representing the sequence of execution among the various plan nodes. It should be noted that, when one plan node corresponds to multiple canvas controls, each canvas control is set as a child node in the plan node.
After the preplan nodes and the node sequences are determined from the preplan flow chart, each preplan node and the node sequence are sequentially translated into a description file in an XML format by JavaScript. The description file comprises the description contents respectively corresponding to each pre-arranged node and the description contents corresponding to the node sequence. For example, in the description file are included: the method comprises the steps of starting description content corresponding to a starting node, ending description content corresponding to an ending node, logic judgment description content corresponding to a logic judgment node, strong flow description content corresponding to a strong flow node, weak flow description content corresponding to a weak flow node and node sequence description content corresponding to a node sequence.
Further, step a3 specifically includes:
step A31: determining canvas controls belonging to a strong flow node according to the line type of connecting lines among the canvas controls;
each canvas control in the strong flow node is connected through a first type of connecting line; preferably, the first type of connecting line is a solid arrow connecting line;
step A32: generating strong flow description content according to the canvas control belonging to the strong flow node, and adding the strong flow description content into the description file;
step A33: identifying in the description file the strong flow description by a first identifier characterizing a strong flow node;
preferably, the first identifier is < process > and </process >, i.e. the description starting with < process > and ending with </process > in the description file is a strong flow description.
Further, step a3, further includes:
step a 31': determining canvas controls belonging to weak flow nodes according to the line type of connecting lines among the canvas controls;
each canvas control in the strong flow node is connected through a first type of connecting line; preferably, the first type of connecting line is a dashed arrow connecting line;
step a 32': generating weak flow description content according to the canvas control belonging to the weak flow node, and adding the weak flow description content into the description file;
step a 33': identifying the weak flow description content in the description file through a second identifier for characterizing a weak flow node;
preferably, the second identifiers are < free > and </free >, i.e. the description starting with < free > and ending with </free > in the description file is a weak flow description.
It should be noted that the strong flow node and the weak flow node may have a common parent node, and the first identifier of the strong flow and the second identifier of the weak flow are not interleaved, that is, there is no nested relationship between the first identifier and the second identifier, so as to ensure that the scheduled flows can be executed in sequence, and ensure that the cross execution between the strong flow and the weak flow does not occur during each execution.
Step A4: and storing the description file of the target plan into the plan library.
In the present embodiment, the plan layout is performed on the process canvas to form the plan flow chart of the target plan, and the result of the plan layout is to generate a description file for describing the plan flow chart.
Further, step S101 includes:
when a network security event occurs, a description file of a target plan corresponding to the network security event is obtained from a preset plan library.
In the prior art, BPMN (Business Process Modeling and labeling) is used for performing planning to obtain planning files; the plan file consists of a fixed label and a fixed execution flow and does not support a loose flow; when the plan file needs to be loaded, the bpmn file under the fixed/resource directory needs to be loaded, and the empty process.xml file under the META-INF directory needs to be loaded, wherein the storage path of the plan file is fixed and cannot be modified. In the embodiment, the loose structure information is added to the plan, so that the effect of simultaneously supporting the fixed flow mode and the loose flow mode is achieved; in addition, since the description file is generated according to the preplan flowchart in the XML format in the present embodiment, the path can be customized to store the description file under the specified path of the project, and the description file is automatically loaded from the specified path when the description file needs to be loaded. In addition, the existing plan file is a bpmn file, the extension name cannot be modified, but the extension name can be modified in the embodiment, and the extended description file is more flexible and has stronger expansibility.
The plan flow chart formed by the embodiment has loose property, time sequence property, branch flow logic property and parameter standardization property, so that the plan loose coupling is achieved, and the flow is high in cohesion; when major network security events of more than or equal to the level occur, the emergency plan process of the corresponding level is started, unified command and coordination are carried out, the protection object range and the detailed information during the emergency are controlled, the risk situation is mastered, the emergency guarantee force is quickly organized, the information is communicated up and down, and the effects of rapid command, timely response and efficient disposal are achieved.
Step S102: plan nodes contained in the target plan and the node sequence among the plan nodes are analyzed.
In this embodiment, the description file of the target plan can be parsed by means of DOM 4J; specifically, the description content corresponding to each pre-arranged node and the description content corresponding to the node sequence are analyzed from the description file according to the identifier of each pre-arranged node, and then the child node is analyzed from the description content corresponding to each pre-arranged node.
Specifically, the analyzing a plan node included in the target plan includes:
step B1: analyzing the description content which is identified by the first identifier and corresponds to the strong procedure node from the description file of the target plan;
step B2: and analyzing the description contents corresponding to the weak procedure nodes identified by the second identifiers from the description file of the target plan.
Preferably, the first identifier is < process > and </process >, that is, the description content enclosed by < process > and </process > in the description file corresponds to the strong flow node; the second identifiers are < free > and </free >, that is, the description contents enclosed by the < free > and </free > open and close in the description file correspond to the weak flow node.
In the existing scene of planning through BPMN, a DOM of w3c is adopted to analyze a plan file, and as the DOM is an object model, all contents are directly loaded into a memory, the problem of memory overflow is easy to occur; in the example, the description file in the XML format is analyzed, so that the performance is better, and the processing of a large file is supported.
Step S103: in the process of executing the plan nodes in sequence according to the node sequence, when the executed plan node is a strong flow node, all the child nodes in the strong flow node are executed in sequence, and when the executed plan node is a weak flow node, all the child nodes in the weak flow node are executed out of sequence.
When the target plan is executed to respond to the network security event, instantiation operation needs to be performed according to the description file to form an execution object, that is, the plan nodes in the description file are instantiated into the execution object, and the execution objects are sequentially executed according to the node sequence. The description file comprises a strong flow node and a weak flow node, and when the strong flow node is executed, input information is firstly obtained and each step of operation is sequentially executed in sequence to complete a task; when the weak flow node is executed, each child node in the weak flow node is executed according to the loose coupling relation, that is, each child node in the weak flow node can be randomly executed, or each child node in the weak flow node is executed at the same time, the execution of one child node does not need to wait for the completion of the other child node, and the input data of one child node does not depend on the output data of other nodes.
In this embodiment, a combination of a custom flow scenario and a fixed flow scenario is adopted, and when a plan node in a plan is an expanded loose node (i.e., a weak flow node), a loose flow scenario is selected for execution; when the plan node in the plan is a fixed node (i.e., a strong flow node), execution is performed according to the standard BPMN scenario definition.
In this embodiment, a corresponding emergency plan is set for each network security event in advance to improve the reuse rate of the emergency plan; in addition, a plan flow chart including both a strong flow and a weak flow can be formed during plan arrangement, so that the flexibility of the emergency plan is improved; in addition, the formed plan flow chart is translated into a description file in an XML format, and identifiers are set to identify the strong flow description content and the weak flow description content, so that the expansibility of the description file of the emergency plan is stronger. When the network system is threatened by a network security event, the execution objects are instantiated and generated according to the description files of the corresponding emergency plans, and the normal operation of the network system is ensured by executing each execution object to respond to the network security event.
Example two
An embodiment of the present invention provides a device for executing a plan, as shown in fig. 2, the device specifically includes the following components:
an obtaining module 201, configured to obtain, when a network security event occurs, a target plan corresponding to the network security event from a preset plan library;
a parsing module 202, configured to parse plan nodes included in the target plan and a node sequence between each plan node;
and the executing module 203 is configured to, in the process of sequentially executing the plan nodes according to the node order, sequentially execute all the child nodes in the strong flow node when the executed plan node is the strong flow node, and execute all the child nodes in the weak flow node out of order when the executed plan node is the weak flow node.
Specifically, the obtaining module 201 is configured to:
when a network security event occurs, judging whether a target plan corresponding to the network security event exists in the plan library or not; if yes, acquiring a target plan corresponding to the network security event from the plan library; if not, determining emergency means for processing the network security events and determining the execution sequence of the emergency means, and sequentially connecting the emergency means through connecting lines according to the execution sequence to compile a target plan corresponding to the network security events.
Further, the obtaining module 201, when implementing the step of determining the emergency means for processing the network security event, is specifically configured to:
determining the service type and the security level of the network security event; determining an emergency means corresponding to the service type and the safety level from the plan library; wherein, store the following four kinds of emergency means in the said plan library: work order class, service class, API class, and message class.
Further, the obtaining module 201 is further configured to:
when a network security event occurs, determining the security level of the network security event; and when the security level is greater than a preset level, acquiring a target plan corresponding to the network security event from a preset plan library.
Further, the apparatus further comprises:
the editing module is used for acquiring a pre-programmed plan flow chart used for representing the target plan from the flow canvas; obtaining canvas controls and connecting lines for connecting the canvas controls from the pre-arranged flow chart; determining a plan node and a node sequence according to the obtained canvas control and the connecting line, and generating a description file of the target plan according to the determined plan node and the node sequence; and storing the description file of the target plan into the plan library.
Further, the editing module is specifically configured to:
determining canvas controls belonging to a strong flow node according to the line type of connecting lines among the canvas controls; generating strong flow description content according to the canvas control belonging to the strong flow node, and adding the strong flow description content into the description file; identifying in the description file the strong flow description by a first identifier characterizing a strong flow node;
determining canvas controls belonging to weak flow nodes according to the line type of connecting lines among the canvas controls; generating weak flow description content according to the canvas control belonging to the weak flow node, and adding the weak flow description content into the description file; and identifying the weak flow description content in the description file through a second identifier for characterizing the weak flow node.
Further, the parsing module 202 is specifically configured to:
analyzing the description content which is identified by the first identifier and corresponds to the strong procedure node from the description file of the target plan; and analyzing the description content corresponding to the weak flow node identified by the second identifier from the description file of the target plan.
EXAMPLE III
The embodiment also provides a computer device, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a rack server, a blade server, a tower server or a rack server (including an independent server or a server cluster composed of a plurality of servers) capable of executing programs, and the like. As shown in fig. 3, the computer device 30 of the present embodiment includes at least but is not limited to: a memory 301, a processor 302 communicatively coupled to each other via a system bus. It is noted that FIG. 3 only shows the computer device 30 having components 301 and 302, but it is understood that not all of the shown components are required and that more or fewer components may be implemented instead.
In this embodiment, the memory 301 (i.e., the readable storage medium) includes a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the storage 301 may be an internal storage unit of the computer device 30, such as a hard disk or a memory of the computer device 30. In other embodiments, the memory 301 may also be an external storage device of the computer device 30, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the computer device 30. Of course, the memory 301 may also include both internal and external storage devices for the computer device 30. In the present embodiment, the memory 301 is generally used for storing an operating system and various types of application software installed in the computer device 30. In addition, the memory 301 may also be used to temporarily store various types of data that have been output or are to be output.
Processor 302 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 302 generally serves to control the overall operation of the computer device 30.
Specifically, in the present embodiment, the processor 302 is configured to execute the program of the method for executing the plan stored in the memory 301, and the program of the method for executing the plan realizes the following steps when executed:
when a network security event occurs, acquiring a target plan corresponding to the network security event from a preset plan library;
analyzing plan nodes contained in the target plan and node sequences among the plan nodes;
in the process of executing the plan nodes in sequence according to the node sequence, when the executed plan node is a strong flow node, all the child nodes in the strong flow node are executed in sequence, and when the executed plan node is a weak flow node, all the child nodes in the weak flow node are executed out of sequence.
The specific embodiment process of the above method steps can be referred to in the first embodiment, and the detailed description of this embodiment is not repeated here.
Example four
The present embodiments also provide a computer readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application mall, etc., having stored thereon a computer program that when executed by a processor implements the method steps of:
when a network security event occurs, acquiring a target plan corresponding to the network security event from a preset plan library;
analyzing plan nodes contained in the target plan and node sequences among the plan nodes;
in the process of executing the plan nodes in sequence according to the node sequence, when the executed plan node is a strong flow node, all the child nodes in the strong flow node are executed in sequence, and when the executed plan node is a weak flow node, all the child nodes in the weak flow node are executed out of sequence.
The specific embodiment process of the above method steps can be referred to in the first embodiment, and the detailed description of this embodiment is not repeated here.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (11)

1. A method of executing a protocol, the method comprising:
when a network security event occurs, acquiring a target plan corresponding to the network security event from a preset plan library;
analyzing plan nodes contained in the target plan and node sequences among the plan nodes;
in the process of executing the plan nodes in sequence according to the node sequence, when the executed plan node is a strong flow node, all the child nodes in the strong flow node are executed in sequence, and when the executed plan node is a weak flow node, all the child nodes in the weak flow node are executed out of sequence.
2. The method according to claim 1, wherein when a network security event occurs, acquiring a target plan corresponding to the network security event from a preset plan library specifically comprises:
when a network security event occurs, judging whether a target plan corresponding to the network security event exists in the plan library or not;
if yes, acquiring a target plan corresponding to the network security event from the plan library;
if not, determining emergency means for processing the network security events and determining the execution sequence of the emergency means, and sequentially connecting the emergency means through connecting lines according to the execution sequence to compile a target plan corresponding to the network security events.
3. The method according to claim 2, wherein the determining an emergency means for handling the network security event comprises:
determining the service type and the security level of the network security event;
determining an emergency means corresponding to the service type and the safety level from the plan library; wherein, store the following four kinds of emergency means in the said plan library: work order class, service class, API class, and message class.
4. The method according to claim 1, wherein when a network security event occurs, acquiring a target plan corresponding to the network security event from a preset plan library specifically comprises:
when a network security event occurs, determining the security level of the network security event;
and when the security level is greater than a preset level, acquiring a target plan corresponding to the network security event from a preset plan library.
5. The method for executing a protocol according to claim 1, wherein before the obtaining a target protocol corresponding to the network security event from a preset protocol library when the network security event occurs, the method further comprises:
acquiring a pre-programmed plan flow chart used for representing the target plan from a flow canvas;
obtaining canvas controls and connecting lines for connecting the canvas controls from the pre-arranged flow chart;
determining a plan node and a node sequence according to the obtained canvas control and the connecting line, and generating a description file of the target plan according to the determined plan node and the node sequence;
and storing the description file of the target plan into the plan library.
6. The method according to claim 5, wherein the determining a plan node and a node order according to the obtained canvas control and the obtained connecting line, and generating a description file of the target plan according to the determined plan node and the node order specifically comprises:
determining canvas controls belonging to a strong flow node according to the line type of connecting lines among the canvas controls;
generating strong flow description content according to the canvas control belonging to the strong flow node, and adding the strong flow description content into the description file;
the strong flow description is identified in the description file by a first identifier characterizing a strong flow node.
7. The method according to claim 5, wherein the determining a plan node and a node order according to the obtained canvas control and the obtained connecting line, and generating a description file of the target plan according to the determined plan node and the node order specifically comprises:
determining canvas controls belonging to weak flow nodes according to the line type of connecting lines among the canvas controls;
generating weak flow description content according to the canvas control belonging to the weak flow node, and adding the weak flow description content into the description file;
and identifying the weak flow description content in the description file through a second identifier for characterizing the weak flow node.
8. The method according to any one of claims 5 to 7, wherein the parsing out the plan node included in the target plan specifically comprises:
analyzing the description content which is identified by the first identifier and corresponds to the strong procedure node from the description file of the target plan; and the number of the first and second groups,
and analyzing the description contents corresponding to the weak procedure nodes identified by the second identifiers from the description file of the target plan.
9. An apparatus for executing a protocol, the apparatus comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a target plan corresponding to a network security event from a preset plan library when the network security event occurs;
the analysis module is used for analyzing the plan nodes contained in the target plan and the node sequence among the plan nodes;
and the execution module is used for executing all the child nodes in the strong flow node in sequence when the executed plan node is the strong flow node and executing all the child nodes in the weak flow node out of sequence when the executed plan node is the weak flow node in the process of executing the plan node in sequence according to the node sequence.
10. A computer device, the computer device comprising: memory, processor and computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of any of claims 1 to 8 when executing the computer program.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 8.
CN202110764770.3A 2021-07-07 2021-07-07 Method, device and equipment for executing plan and readable storage medium Active CN113259397B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110764770.3A CN113259397B (en) 2021-07-07 2021-07-07 Method, device and equipment for executing plan and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110764770.3A CN113259397B (en) 2021-07-07 2021-07-07 Method, device and equipment for executing plan and readable storage medium

Publications (2)

Publication Number Publication Date
CN113259397A true CN113259397A (en) 2021-08-13
CN113259397B CN113259397B (en) 2021-09-28

Family

ID=77190826

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110764770.3A Active CN113259397B (en) 2021-07-07 2021-07-07 Method, device and equipment for executing plan and readable storage medium

Country Status (1)

Country Link
CN (1) CN113259397B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115169861A (en) * 2022-06-30 2022-10-11 北京天融信网络安全技术有限公司 Multi-level coordinated scheduling method and device, electronic equipment and storage medium
CN115955481A (en) * 2022-12-12 2023-04-11 支付宝(杭州)信息技术有限公司 Emergency response method and device

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103886507A (en) * 2013-12-31 2014-06-25 北京交通大学 Emergency plan digitization generation method
CN104299076A (en) * 2014-09-30 2015-01-21 浙江大学 Method for constructing safety emergency workflow model based on icons
CN105005844A (en) * 2015-06-23 2015-10-28 东南大学 Traffic emergency plan processing method and system
CN105068810A (en) * 2015-08-18 2015-11-18 国电南瑞科技股份有限公司 Energy control emergency preplan processing method based on graphic modeling
CN109002345A (en) * 2018-06-28 2018-12-14 合肥浪金防伪科技有限公司 A kind of information system dispositions method under virtual computation environmental
CN109413642A (en) * 2018-11-22 2019-03-01 中邮科通信技术股份有限公司 Terminal security detection and monitoring system method
CN110619504A (en) * 2018-06-19 2019-12-27 阿里巴巴集团控股有限公司 Service change processing method, device and system and electronic equipment
CN111061580A (en) * 2019-12-18 2020-04-24 中信百信银行股份有限公司 Computer system emergency plan drilling method, server and system
CN111614696A (en) * 2020-06-02 2020-09-01 深圳供电局有限公司 Network security emergency response method and system based on knowledge graph
CN111740974A (en) * 2020-06-16 2020-10-02 黑龙江省网络空间研究中心 Network security emergency linkage system and method

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103886507A (en) * 2013-12-31 2014-06-25 北京交通大学 Emergency plan digitization generation method
CN104299076A (en) * 2014-09-30 2015-01-21 浙江大学 Method for constructing safety emergency workflow model based on icons
CN105005844A (en) * 2015-06-23 2015-10-28 东南大学 Traffic emergency plan processing method and system
CN105068810A (en) * 2015-08-18 2015-11-18 国电南瑞科技股份有限公司 Energy control emergency preplan processing method based on graphic modeling
CN110619504A (en) * 2018-06-19 2019-12-27 阿里巴巴集团控股有限公司 Service change processing method, device and system and electronic equipment
CN109002345A (en) * 2018-06-28 2018-12-14 合肥浪金防伪科技有限公司 A kind of information system dispositions method under virtual computation environmental
CN109413642A (en) * 2018-11-22 2019-03-01 中邮科通信技术股份有限公司 Terminal security detection and monitoring system method
CN111061580A (en) * 2019-12-18 2020-04-24 中信百信银行股份有限公司 Computer system emergency plan drilling method, server and system
CN111614696A (en) * 2020-06-02 2020-09-01 深圳供电局有限公司 Network security emergency response method and system based on knowledge graph
CN111740974A (en) * 2020-06-16 2020-10-02 黑龙江省网络空间研究中心 Network security emergency linkage system and method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115169861A (en) * 2022-06-30 2022-10-11 北京天融信网络安全技术有限公司 Multi-level coordinated scheduling method and device, electronic equipment and storage medium
CN115955481A (en) * 2022-12-12 2023-04-11 支付宝(杭州)信息技术有限公司 Emergency response method and device

Also Published As

Publication number Publication date
CN113259397B (en) 2021-09-28

Similar Documents

Publication Publication Date Title
CN106156186B (en) Data model management device, server and data processing method
CN108874558B (en) Message subscription method of distributed transaction, electronic device and readable storage medium
US8869111B2 (en) Method and system for generating test cases for a software application
CN113259397B (en) Method, device and equipment for executing plan and readable storage medium
CN110597531B (en) Distributed module upgrading method and device and storage medium
CN110096424B (en) Test processing method and device, electronic equipment and storage medium
CN111068328B (en) Game advertisement configuration form generation method, terminal equipment and medium
CN109902073B (en) Log processing method and device, computer equipment and computer readable storage medium
CN113986226A (en) Micro front end architecture based on qiankun and Web Component and construction method thereof
CN112527459B (en) Log analysis method and device based on Kubernetes cluster
CN114064213B (en) Quick arranging service method and system based on Kubernets container environment
JP2009534773A (en) Process coding
WO2021169124A1 (en) Method and apparatus for installing software package to target host, and computer device
CN116523457A (en) Workflow processing method, device, equipment and storage medium based on business process
CN113377667A (en) Scene-based testing method and device, computer equipment and storage medium
CN110597662B (en) Backup data automatic verification method and device, user equipment and storage medium
CN110784347A (en) Node management method, system, equipment and storage medium for container cluster
US8365165B2 (en) Dynamic addition of products and removal of software products on a distribution server
CN114003269A (en) Component processing method and device, electronic equipment and storage medium
CN111857781B (en) Resource updating method and related equipment
CN103838575A (en) Plug-in type page customization implementation method based on EXTJS frame
EP1710698A2 (en) Generic software requirements analyser
CN109828752B (en) Project code automatic generation method, device, computer equipment and storage medium
CN108595924B (en) Business authority management method and device, computer equipment and storage medium
CN111026466A (en) File processing method and device, computer readable storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant