CN113487316A

CN113487316A - Distributed payment system security processing method and device

Info

Publication number: CN113487316A
Application number: CN202110828767.3A
Authority: CN
Inventors: 杨晨; 谭新培; 张照胜; 张悦
Original assignee: Yinqing Technology Co ltd
Current assignee: Yinqing Technology Co ltd
Priority date: 2021-07-22
Filing date: 2021-07-22
Publication date: 2021-10-08
Anticipated expiration: 2041-07-22
Also published as: CN113487316B

Abstract

The embodiment of the application provides a distributed payment system security processing method and a device, wherein the method comprises the following steps: modeling a plurality of performance indexes of a payment system, and performing aggregation processing through a logic dependency relationship among the performance indexes based on a preset variational self-encoder to obtain a system-level reconstruction sequence, an index-level reconstruction sequence and a component-level reconstruction sequence of the corresponding payment system; determining alarm thresholds of the system-level reconstruction sequence and the index-level reconstruction sequence; sequentially determining a system-level health state, an index-level health state and a component-level health state corresponding to the index-level health state of the payment system according to the alarm threshold of the system-level reconstruction sequence, the alarm threshold of the index-level reconstruction sequence and a preset abnormal propagation rule; the method and the device can accurately determine the respective health degree of the distributed payment system at a system level, a component level and an index level in real time, and ensure the information safety and the stable operation of the payment system.

Description

Distributed payment system security processing method and device

Technical Field

The application relates to the field of information security, in particular to a distributed payment system security processing method and device.

Background

Due to different types and scales of processed services, the interior of the payment system is distributed from a logic level and a physical implementation level, for example, the service types can include a large payment service, a small payment service, an online banking payment service and the like, and different services can be supported by one or more physical servers and can be collectively called as components. In order to ensure the stable operation of the payment system, it is necessary to monitor and analyze performance indexes of different sides of the payment system, such as the success rate of a certain service and the CPU utilization rate of a certain server. Therefore, from the aspect of the quantification of the runtime health of the payment system, the whole analysis system needs to obtain the runtime health degree of three layers of "system-component-index" and grade the health degree, such as three layers of health, warning and alarm, and can be further understood as needing to quantify the runtime health degree of "macro-mesoscopic-microscopic" of the payment system in a grading manner. The health degree of the system can be essentially equivalent to the abnormal degree of the system, and the current methods for evaluating the index abnormality mainly focus on: (1) single index anomaly detection and (2) multiple index anomaly detection, but neither measure payment system three-tier runtime health.

For the single-index abnormality detection method, aiming at time sequence performance index data collected by monitoring a large-scale system, the existing single-index abnormality detection algorithm learns the historical rule of a single index and compares the similarities and differences between the current point and the predicted or reconstructed point to judge the index health (abnormality) degree. The methods are various, such as a regression-based method and a 3-sigma principle-based method, but essentially only can measure the deviation degree of a single index, and the health degree description of a system level and a component needs to be realized by monitoring a plurality of indexes, so that the health degree evaluation of the system level and the component level cannot be realized by the single-index abnormality detection method.

For a multi-index anomaly detection method, the method takes a plurality of indexes as matrix data, and judges the overall health (anomaly) degree of the current vector and the predicted or reconstructed vector by simultaneously learning the historical rules and comparing the similarities and differences of the vectors, such as an LSTM-based method. Although such methods can characterize the health (health and alarm) of the target host by analyzing multiple targets in their entirety, they only achieve a "host-target" two-level health assessment and do not effectively rank the health.

The payment system is used as a financial infrastructure supporting the stable running of the national citizens in China, and the multi-scale evaluation of the running state of the payment system in a grading way is very necessary.

Disclosure of Invention

Aiming at the problems in the prior art, the application provides a distributed payment system safety processing method and device, which can accurately determine the respective health degree of the distributed payment system at a system level, a component level and an index level in real time, and ensure the information safety and the stable operation of the payment system.

In order to solve at least one of the above problems, the present application provides the following technical solutions:

in a first aspect, the present application provides a distributed payment system security processing method, including:

modeling a plurality of performance indexes of a payment system, and performing aggregation processing through a logic dependency relationship among the performance indexes based on a preset variational self-encoder to obtain a system-level reconstruction sequence, an index-level reconstruction sequence and a component-level reconstruction sequence of the corresponding payment system;

determining an alarm threshold of the system-level reconstruction sequence, and determining the alarm threshold of the index-level reconstruction sequence according to the system alarm contribution degree of the index-level reconstruction sequence;

and sequentially determining the system-level health state, the index-level health state and the component-level health state corresponding to the index-level health state of the payment system according to the alarm threshold of the system-level reconstruction sequence, the alarm threshold of the index-level reconstruction sequence and a preset abnormal propagation rule.

Further, the determining an alarm threshold of the index-level reconstruction sequence according to the system alarm contribution of the index-level reconstruction sequence includes:

determining a system alarm contribution degree of the index-level reconstruction sequence according to the proportion of the index-level reconstruction sequence dimension in the system-level reconstruction sequence dimension, the alarm position of the index-level reconstruction sequence in the system-level reconstruction sequence and the similarity of the index-level reconstruction sequence and the system-level reconstruction sequence;

and carrying out data alignment operation on the index level reconstruction sequence to the system level reconstruction sequence according to the system alarm contribution degree, and determining an alarm threshold of the index level reconstruction sequence.

Further, the sequentially determining a system-level health state, an index-level health state, and a component-level health state corresponding to the index-level health state of the payment system according to the alarm threshold of the system-level reconstruction sequence, the alarm threshold of the index-level reconstruction sequence, and a preset exception propagation rule includes:

determining a system level health status of the payment system according to the system level reconstruction sequence and a corresponding alarm threshold;

determining the index-level health state of the payment system according to the system-level health state, the index-level reconstruction sequence and a corresponding alarm threshold;

and determining the corresponding component-level health state according to the index-level health state of the payment system.

Further, after the sequentially determining a system level health status, a target level health status, and a component level health status corresponding to the target level health status of the payment system, the method includes:

determining a corresponding index level health degree value according to the numerical comparison relation between the data characteristic value of the index level reconstruction sequence and a preset threshold value;

and determining a corresponding system level health degree value and a corresponding component level health degree value according to a preset health degree mapping rule, the system level health state and the reconstruction sequence after the component level health state normalization processing.

In a second aspect, the present application provides a distributed payment system security processing apparatus, including:

the system comprises an index sequence reconstruction module, a data processing module and a data processing module, wherein the index sequence reconstruction module is used for modeling a plurality of performance indexes of the payment system and carrying out aggregation processing through the logic dependence relationship among the performance indexes based on a preset variational self-encoder to obtain a system level reconstruction sequence, an index level reconstruction sequence and a component level reconstruction sequence of the corresponding payment system;

the alarm threshold determination module is used for determining an alarm threshold of the system-level reconstruction sequence and determining the alarm threshold of the index-level reconstruction sequence according to the system alarm contribution degree of the index-level reconstruction sequence;

and the health state determination module is used for sequentially determining the system-level health state, the index-level health state and the component-level health state corresponding to the index-level health state of the payment system according to the alarm threshold of the system-level reconstruction sequence, the alarm threshold of the index-level reconstruction sequence and a preset abnormal propagation rule.

Further, the alarm threshold determination module includes:

a system alarm contribution degree determining unit, configured to determine a system alarm contribution degree of the index-level reconstruction sequence according to a proportion of the index-level reconstruction sequence dimension in the system-level reconstruction sequence dimension, an alarm position of the index-level reconstruction sequence in the system-level reconstruction sequence, and a similarity between the alarm position and the system-level reconstruction sequence;

and the index level alarm threshold value determining unit is used for performing data alignment operation on the index level reconstruction sequence to the system level reconstruction sequence according to the system alarm contribution degree and determining an alarm threshold value of the index level reconstruction sequence.

Further, the health status determination module comprises:

the system level health state determining unit is used for determining the system level health state of the payment system according to the system level reconstruction sequence and the corresponding alarm threshold value;

the index level health state determination unit is used for determining the index level health state of the payment system according to the system level health state, the index level reconstruction sequence and the corresponding alarm threshold value;

and the component level health state determining unit is used for determining the corresponding component level health state according to the index level health state of the payment system.

Further, the health status determination module comprises:

the index level health degree value determining unit is used for determining a corresponding index level health degree value according to a numerical comparison relation between the data characteristic value of the index level reconstruction sequence and a preset threshold value;

and the system level health degree value and component level health degree value determining unit is used for determining the corresponding system level health degree value and component level health degree value according to a preset health degree mapping rule, the system level health state and the reconstruction sequence after the component level health state normalization processing.

In a third aspect, the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the distributed payment system security processing method when executing the program.

In a fourth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the distributed payment system security processing method described.

According to the technical scheme, the three-layer consistent alarm is realized by constructing a system-component-index unambiguous abnormal propagation mode, the respective health degree of the distributed payment system at a system level, a component level and an index level can be accurately determined in real time, and the information safety and the operation stability of the payment system are guaranteed.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic flow chart of a distributed payment system security processing method in an embodiment of the present application;

fig. 2 is a second flowchart of a security processing method of the distributed payment system in the embodiment of the present application;

fig. 3 is a third schematic flowchart of a security processing method of a distributed payment system in an embodiment of the present application;

fig. 4 is a fourth flowchart illustrating a security processing method of the distributed payment system in the embodiment of the present application;

FIG. 5 is a block diagram of one embodiment of a distributed payment system security processing apparatus;

fig. 6 is a second block diagram of a security processing apparatus of a distributed payment system in an embodiment of the present application;

fig. 7 is a third block diagram of a distributed payment system security processing apparatus in an embodiment of the present application;

fig. 8 is a fourth block diagram of a distributed payment system security processing apparatus in an embodiment of the present application;

FIG. 9 is a schematic diagram of an exception propagation rule in an embodiment of the present application;

fig. 10 is a schematic structural diagram of an electronic device in an embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

Considering the single-index anomaly detection method in the prior art and aiming at the time sequence performance index data collected by monitoring a large-scale system, the existing single-index anomaly detection algorithm learns the historical rule of a single index and compares the difference and the similarity between the current point and the predicted or reconstructed point to judge the index health (anomaly) degree. The methods are various, such as a regression-based method and a 3-sigma principle-based method, but essentially only can measure the deviation degree of a single index, and the health degree description of a system level and a component is realized by monitoring a plurality of indexes, so that the health degree evaluation of the system level and the component level cannot be realized by the single-index abnormality detection method; and for the multi-index abnormality detection method in the prior art, the method takes a plurality of indexes as matrix data, and judges the overall health (abnormality) degree of the current vector and the predicted or reconstructed vector by simultaneously learning the historical rules and comparing the similarities and differences of the vectors, such as an LSTM-based method and the like. Although the method can describe the health degree (health and alarm) of the index hosts by analyzing a plurality of indexes integrally, the method only realizes the two-layer health degree evaluation of host-index and cannot effectively grade the health degree.

In order to accurately determine the respective health degrees of the distributed payment system at a system level, a component level and an index level in real time and ensure the information security and the stable operation of the payment system, the application provides an embodiment of a distributed payment system security processing method, which specifically includes the following contents with reference to fig. 1:

step S101: modeling a plurality of performance indexes of the payment system, and performing aggregation processing through the logic dependence relationship among the performance indexes based on a preset variational self-encoder to obtain a system level reconstruction sequence, an index level reconstruction sequence and a component level reconstruction sequence of the corresponding payment system.

Specifically, the multi-index data is represented by a high-dimensional random variable X ═ X₁，x₂，...，x_nGenerated and independently identically distributed, variable x_iIndicating the index i. A Variational Auto-Encoder (VAE) is a general name of a deep probability graph model and is used for solving the problem that the VAE is not a general name of a variable Auto-Encoder (VAE) which is a general name of a deep probability graph model and is used for solving the problem that the VAE is a general name of a variable Auto-Encoder (VAE) which is a general name of a depth probability graph model and is used for solving the problem that the VAE is a general name of a variable Auto-Encoder (VAE) which is a general name of a variable Auto-Encoder (variable Auto-Encoder) which is a variable Auto-Encoder which is a general name of a variable Auto-Encoder which is a depth probability graph model and is a general name of a depth probability graph model and is a general name of a variable Auto-Encoder which is a general name of a variable Auto-Encoder (VAE) which is a general name of a depth probability graph model and is a general name of a variable Auto-Encoder which is a general name of a depth probability graph model, namely a depth probability graph model, a depth graph which is a general name of which is a variable Auto-Encoder (which is a variable Auto-Encoder which is a general name of which is a depth-Encoder (which is a depth-Encoder (which is a general name of which is a depth-Encoder) which is a general name of which is a model and is a variable Auto-Encoder which is a model and is a model which is a general name of which is a model and is a model of which is a variable Auto-Encoder (which is

The fitting mode encodes X into a low-dimensional random variable Z, then decodes Z into X through a neural network theta, the decoded X is ensured to be similar to an original value as much as possible in the iteration process, and the VAE can finally output R_XComprises the following steps:

R_X＝log(p_θ(X|Z))＝∑_i∈[1，n]log(p_θ(x_i|Z)) (1)

wherein p is_θ(X | Z) represents the conditional probability of encoding X information into Z and then generating X through a neural network, and defines R_XReconstruct the sequence for the system level, and index x_iIs reconstructed sequence of

Is defined as log (p)_θ(x_i| Z)). Due to the fact that

And θ can be user-defined, so the method of this patent can be applied to other variants of VAE algorithms.

Assume that there is a user-defined configuration set C ═ C₁，c₂，...，c_mWhere m denotes the number of components, where

c_jC is all [1, n ∈]A subset of, and

representing the index division way constructed by the user according to the membership between the indexes and the components, a component level c can be defined_kIs reconstructed sequence of

Comprises the following steps:

therefore, the reconstruction sequences of the system, the components and the index level can be obtained by the variational self-encoder, and the value range of the reconstruction sequences is

And smaller values in the sequence represent more abnormal corresponding hosts (systems, components, or metrics).

Step S102: and determining an alarm threshold value of the system-level reconstruction sequence, and determining the alarm threshold value of the index-level reconstruction sequence according to the system alarm contribution degree of the index-level reconstruction sequence.

Specifically, in order to identify the abnormality identified from the reconstruction sequence, an alarm threshold needs to be set for the reconstruction sequence, and since numerous monitoring indexes are provided, the manual setting of the threshold for the reconstruction sequences at the system level, the component level and the index level respectively identifies the abnormality, which brings a large amount of labor overhead, the threshold setting method is provided in this section, and only the threshold needs to be set for the reconstruction sequences at the system level and the index level, and the component level alarm threshold does not need to be set. Thresholds are set for all index level reconstruction sequences at once by aligning the index reconstruction sequences to system level reconstruction sequences.

Let the vector R_X＝(r¹，r²，...，r^T) For the calculation of the system level reconstruction sequence according to equation (11), the time range is [1, T]Then the system level threshold is defined as:

th_X＝μ_X-λ_Xσ_X (3)

wherein mu_XIs R_XMean value of (a)_XIs R_XVariance of (a) ("lambda_XThe parameter is customized for the user, typically set to 2. If r is^t≤th_XThen the system is considered to alarm at time t.

In order to set the threshold for all the indexes at one time, the contribution degree of different indexes to the system alarm needs to be quantized, the higher the contribution degree is, the more important the contribution degree is to the system alarm, the more strict the threshold setting is, and otherwise, the more loose the threshold setting is. The measure of the contribution degree is divided into two parts, one part is the proportion alpha of the index level reconstruction sequence dimension in the system level reconstruction sequence dimension, and the other part is the similarity beta of the index level reconstruction sequence at the alarm position of the system level reconstruction sequence and the system level reconstruction sequence. The overall dimension of the system-level reconstructed sequence is L_X＝∑_t∈[1，T]r^t. Similarly, the reconstructed sequence of index i may be defined as

Wherein

Value, L, representing the reconstructed sequence of the index i at time t_iIs a dimension of the reconstructed sequence of index i, then α of index i_iCan be defined as:

wherein alpha is_i∈(0，1]. Further, the present patent uses the system level alarm as the true label of the index alarm, and selects a threshold value on the reconstruction sequence of the index i as much as possible to make the alarm similar to the true label, and the similarity can be measured using F1.

Formalizing the above description, given the threshold th_XCalculating to obtain the label vector of the system alarm according to the formula (13)

a^TE {0, 1}, 0 denotes the system alarm at time t, and 1 denotes normal. For the index i, a certain threshold th is given_iThen, if

Alarm tag of index i at time t

Otherwise

Label vector of index i alarm can be constructed

Beta defining index i_iComprises the following steps:

wherein the content of the first and second substances,

and

the minimum and maximum values of the i reconstruction sequence are indicated separately,

as a vector of labels

Relative to the label vector

To a precision of

For recall, and beta_i∈[0，1]. Due to the fact that

Is a real number domain, and in order to reduce the search space, the complexity of the search can be reduced by a uniform sampling mode.

Thus, the contribution w of the index i can be defined_iComprises the following steps:

w_i＝τ₁α_i+τ₂β_i (6)

wherein, tau₁+τ₂1 for regulating α_iAnd beta_iIs generally set to τ₁＝0.6，τ₂0.4. Further, the threshold of index i reconstruction sequence may be set as:

th_i＝μ_i-λ_xw_iσ_i (7)

wherein, mu_iReconstructing the mean, σ, of the sequence for index i_iIs the variance, λ_xAll index level reconstruction sequence threshold settings share one lambda for user-defined parameters_x. If it is not

The index i is considered to alarm at time t.

Step S103: and sequentially determining the system-level health state, the index-level health state and the component-level health state corresponding to the index-level health state of the payment system according to the alarm threshold of the system-level reconstruction sequence, the alarm threshold of the index-level reconstruction sequence and a preset abnormal propagation rule.

Optionally, if there is an index i such that time t is

And r is^t＞th_XIf the system is normal, but there is index alarm, the system is in alarm state at this moment. Further, when the system is set to be in a warning state, the number of indexes giving out warning is W_t。

Specifically, the application is further designed with an exception propagation rule of 'system-component-index' for eliminating ambiguity which may occur in alarms of different levels. As shown in FIG. 9, system health is divided into three levels, normal, warning and alarm, component health is divided into two levels, normal and warning, and indicators are divided into two levels, normal and warning. The specific exception propagation rules are as follows:

strategy 1: the normal system necessarily results in normal index and normal components.

Strategy 2: the system alerts must cause an indicator alert, which further causes the indicator host component to alert.

Strategy 3: the system alarm certainly causes the index alarm and further causes the index host component to alarm.

From the above strategy, it can be seen that the anomaly propagation strategy is first based on a threshold λ_XAnd the system warning level definition determines the system level health state, however, the index level health state calculation is triggered, and the component level health state calculation is triggered finally instead of descending step by step through the logical relation, so that the ambiguity which is possibly caused when the health state calculation is triggered by multiple levels can be effectively avoided, and the threshold value does not need to be set on the component level reconstruction sequence.

As can be seen from the above description, the distributed payment system security processing method provided in the embodiment of the present application can implement three-layer uniform alarm by constructing a system-component-index unambiguous anomaly propagation manner, can accurately determine the respective health degrees of the distributed payment system at a system level, a component level and an index level in real time, and ensure information security and stable operation of the payment system.

In order to accurately determine the alarm threshold of the index-level reconstruction sequence, in an embodiment of the distributed payment system security processing method of the present application, referring to fig. 2, the following may be further specifically included:

step S201: and determining the system alarm contribution degree of the index-level reconstruction sequence according to the proportion of the index-level reconstruction sequence dimension in the system-level reconstruction sequence dimension, the alarm position of the index-level reconstruction sequence in the system-level reconstruction sequence and the similarity of the index-level reconstruction sequence and the system-level reconstruction sequence.

Step S202: and carrying out data alignment operation on the index level reconstruction sequence to the system level reconstruction sequence according to the system alarm contribution degree, and determining an alarm threshold of the index level reconstruction sequence.

Specifically, in order to set the threshold for all the indexes at one time, the contribution degree of different indexes to the system alarm needs to be quantized, the higher the contribution degree is, the more important the contribution degree is to the system-level alarm, the more strict the threshold setting is, and otherwise, the more loose the threshold setting is. The measure of the contribution degree is divided into two parts, one part is the proportion alpha of the index level reconstruction sequence dimension in the system level reconstruction sequence dimension, and the other part is the similarity beta of the index level reconstruction sequence at the alarm position of the system level reconstruction sequence and the system level reconstruction sequence. The overall dimension of the system-level reconstructed sequence is L_X＝∑_t∈[1，T]r^t. Similarly, the reconstructed sequence of index i may be defined as

Wherein

Specifically, a threshold is set for all index-level reconstruction sequences at once by aligning the index reconstruction sequences to the system-level reconstruction sequences.

In order to accurately determine the health status of each level of the payment system, in an embodiment of the distributed payment system security processing method of the present application, referring to fig. 3, the following may be specifically included:

step S301: and determining the system-level health state of the payment system according to the system-level reconstruction sequence and the corresponding alarm threshold value.

Step S302: and determining the index-level health state of the payment system according to the system-level health state, the index-level reconstruction sequence and the corresponding alarm threshold value.

Step S303: and determining the corresponding component-level health state according to the index-level health state of the payment system.

Optionally, the anomaly propagation rule is first based on a threshold λ_XAnd the system warning level definition determines the system level health state, however, the index level health state calculation is triggered, and the component level health state calculation is triggered finally instead of descending step by step through the logical relation, so that the ambiguity which is possibly caused when the health state calculation is triggered by multiple levels can be effectively avoided, and the threshold value does not need to be set on the component level reconstruction sequence.

In order to accurately determine the health value of each level of the payment system, in an embodiment of the distributed payment system security processing method of the present application, referring to fig. 4, the following may be further specifically included:

step S401: and determining a corresponding index level health degree value according to the numerical comparison relation between the data characteristic value of the index level reconstruction sequence and a preset threshold value.

Step S402: and determining a corresponding system level health degree value and a corresponding component level health degree value according to a preset health degree mapping rule, the system level health state and the reconstruction sequence after the component level health state normalization processing.

In particular, although the reconstructed sequence can distinguish between normal and abnormal states of the host, it lacks warning levels and furthermore has a value range of

It does not have good readability and therefore needs to be further mapped.

Specifically, because the indicator itself has a data value (e.g., CPU utilization), it need not be definedDegree of health. Device set

Is R_XSum threshold th_XThe normalized value is SysHS which is the system-level health degree at the time t^tIt is defined as follows:

wherein S is_a∈(0，100]Is the lower bound of the score for which the system is healthy, S_b∈(0，100]Is the system is the lower bound of the score for the warning state, and S_a＞S_bGenerally set up S_a＝80，S_b60. The first segment of the piecewise function represents the mapping of the reconstructed sequence of the normalized system normal state to S_a，100](ii) a The second segment represents the mapping of the reconstructed sequence of normalized system alarm states to S_b，S_a) And punishment items are provided to ensure that the more the alarm index is, the lower the health degree is; the third segment of the piecewise function represents that the reconstructed sequence of the normalized system alarm state is mapped to [0, S_b). The above ensures that the final health sequence is between 0 and 100, and is in S_aAnd S_bThree states of the system are segmented.

For component c_kIn a word, let

Reconstructing the sequence for the component

Normalized sequence, the value of the reconstructed sequence in the normal state of the component then comes from

Is shown as

The component level health at time t is therefore

The calculation method is as follows:

wherein the content of the first and second substances,

C_a∈(0，100]for the fractional lower bound of health status of a component, C is typically set_a∈(0，100]The first segment of the piecewise function represents the mapping of the reconstructed sequence of normalized component normal states to [ C_a，100](ii) a The second segment represents the mapping of the reconstructed sequence of normalized component alarm states to [0, C_a). To prevent a possible out-of-range situation for run-time unknown normalized reconstructed values, both segments of equation (20) need to be matched to boundary C_aAnd comparing and correcting the final health degree.

In order to accurately determine the respective health degrees of a distributed payment system at a system level, a component level and an index level in real time and ensure the information security and the stable operation of the payment system, the application provides an embodiment of a distributed payment system security processing apparatus for implementing all or part of the contents of the distributed payment system security processing method, and referring to fig. 5, the distributed payment system security processing apparatus specifically includes the following contents:

the index sequence reconstruction module 10 is configured to model multiple performance indexes of the payment system, and perform aggregation processing on the multiple performance indexes through a logic dependency relationship between the performance indexes based on a preset variational self-encoder to obtain a system-level reconstruction sequence, an index-level reconstruction sequence, and a component-level reconstruction sequence of the corresponding payment system.

And an alarm threshold determining module 20, configured to determine an alarm threshold of the system-level reconstruction sequence, and determine the alarm threshold of the index-level reconstruction sequence according to the system alarm contribution of the index-level reconstruction sequence.

And the health state determination module 30 is configured to sequentially determine a system-level health state, an index-level health state of the payment system, and a component-level health state corresponding to the index-level health state according to the alarm threshold of the system-level reconstruction sequence, the alarm threshold of the index-level reconstruction sequence, and a preset exception propagation rule.

As can be seen from the above description, the distributed payment system security processing apparatus provided in the embodiment of the present application can implement three-layer uniform alarm by constructing a system-component-index unambiguous anomaly propagation manner, can accurately determine the respective health degrees of the distributed payment system at a system level, a component level, and an index level in real time, and ensure information security and stable operation of the payment system.

In order to accurately determine the alarm threshold of the index-level reconstruction sequence, in an embodiment of the distributed payment system security processing apparatus of the present application, referring to fig. 6, the alarm threshold determination module 20 includes:

a system alarm contribution degree determining unit 21, configured to determine the system alarm contribution degree of the index-level reconstruction sequence according to the proportion of the index-level reconstruction sequence dimension in the system-level reconstruction sequence dimension, the alarm position of the index-level reconstruction sequence in the system-level reconstruction sequence, and the similarity between the alarm position and the system-level reconstruction sequence.

And an index level alarm threshold determining unit 22, configured to perform data alignment operation on the index level reconstruction sequence to the system level reconstruction sequence according to the system alarm contribution degree, and determine an alarm threshold of the index level reconstruction sequence.

In order to accurately determine the health status of each layer of the payment system, in an embodiment of the distributed payment system security processing apparatus of the present application, referring to fig. 7, the health status determining module 30 includes:

a system-level health status determining unit 31, configured to determine a system-level health status of the payment system according to the system-level reconstruction sequence and a corresponding alarm threshold;

an index-level health status determination unit 32, configured to determine an index-level health status of the payment system according to the system-level health status, the index-level reconstruction sequence, and a corresponding alarm threshold;

a component level health status determining unit 33, configured to determine a corresponding component level health status according to the index level health status of the payment system.

In order to accurately determine the health value of each level of the payment system, in an embodiment of the distributed payment system security processing apparatus of the present application, referring to fig. 8, the health status determining module 30 includes:

an index-level health value determining unit 34, configured to determine a corresponding index-level health value according to a numerical comparison relationship between the data feature value of the index-level reconstruction sequence and a preset threshold;

the system-level health degree value and component-level health degree value determining unit 35 is configured to determine a corresponding system-level health degree value and component-level health degree value according to a preset health degree mapping rule, the system-level health state, and a reconstruction sequence obtained after normalization processing of the component-level health state.

To further explain the scheme, the present application further provides a specific application example for implementing the distributed payment system security processing method by using the above distributed payment system security processing apparatus, which specifically includes the following contents:

(1) a reconstruction sequence at the index level, component level, and system level is generated for quantifying the current state reducibility at different levels.

(2) And (4) defining alarm thresholds on a system-level reconstruction sequence and an index-level reconstruction sequence, and distinguishing between abnormity and normality.

(3) Constructing an exception propagation policy identification component alarm and system alert, and mapping the reconstructed sequence to a health level. Which comprises the following steps:

1) reconstruction sequence generation

The multi-index data is set as the random variable X ═ X in high dimension₁，x₂，...，x_nGenerated and independently identically distributed, variable x_iIndicating the index i. Variational Auto-Encoder (VAE) is a type of depth probability mapGeneral name of model, by neural network

R_X＝log(p_θ(X|Z))＝∑_i∈[1，n]log(p_θ(x_i|Z)) (11)

Is defined as log (p)_θ(x_i| Z)). Due to the fact that

c_jC is all [1, n ∈]A subset of, and

Comprises the following steps:

And smaller values in the sequence represent more abnormal corresponding hosts (systems, components, or metrics). In order to identify the identified anomalies from the reconstructed sequence, an alarm threshold needs to be set for the reconstructed sequence.

2) Threshold setting method

Because numerous monitoring indexes exist, manual setting of threshold recognition abnormalities for system-level, component-level and index-level reconstruction sequences respectively brings a lot of labor expenses, and therefore the threshold setting method is provided in this section, only threshold setting is needed for the system-level and index-level reconstruction sequences, and component-level alarm thresholds are not needed. Thresholds are set for all index level reconstruction sequences at once by aligning the index reconstruction sequences to system level reconstruction sequences.

th_X＝μ_X-λ_Xσ_X (13)

In order to set the threshold for all the indexes at one time, the contribution degree of different indexes to the system alarm needs to be quantized, the higher the contribution degree is, the more important the contribution degree is to the system alarm, the more strict the threshold setting is, and otherwise, the more loose the threshold setting is. The measure of the contribution degree is divided into two parts, one part is the specific gravity alpha of the index level reconstruction sequence dimension in the system level reconstruction sequence dimension, and the other part is the alarm position and system of the index level reconstruction sequence in the system level reconstruction sequenceAnd (4) level the similarity beta of the reconstructed sequence. The overall dimension of the system-level reconstructed sequence is L_X＝∑_t∈[1，T]r^t. Similarly, the reconstructed sequence of index i may be defined as

Wherein

Alarm tag of index i at time t

Otherwise

Label vector of index i alarm can be constructed

Beta defining index i_iComprises the following steps:

wherein the content of the first and second substances,

and

as a vector of labels

Relative to the label vector

To a precision of

For recall, and beta_i∈[0，1]. Due to the fact that

w_i＝τ₁α_i+τ₂β_i (16)

wherein, tau₁+τ₂T for regulating α_iAnd beta_iIs generally set to τ₁＝0.6，τ₂0.4. Further, the threshold of index i reconstruction sequence may be set as:

th_i＝μ_i-λ_xw_iσ_i (17)

The index i is considered to alarm at time t.

3) Anomaly propagation policy and health rating

The upper section solves the system level normal and alarm and the index level normal and alarm, and the section mainly solves the component level normal and alarm problems. In addition, although the reconstructed sequence can distinguish between normal and abnormal states of the host, it lacks warning levels and has a value range of

It does not have good readability and therefore needs to be further mapped. Thus, the content of this section is divided into 3 parts: (1) system level alert definition, (2) exception propagation policy design, and (3) health map.

System level alert definition: if there is an index i such that time t is

Designing an exception propagation strategy: in this section, a system-component-index anomaly propagation strategy is designed to eliminate ambiguity that may occur in alarms of different levels. As shown in FIG. 9, system health is divided into three levels, normal, warning and alarm, component health is divided into two levels, normal and warning, and indicators are divided into two levels, normal and warning. The exception propagation strategy is as follows:

strategy 1: the system is normal, so that the indexes are normal and the components are normal;

strategy 2: system warning, which certainly causes index warning and further causes the index host component to warn;

strategy 3: the system alarm certainly causes the index alarm and further causes the index host component to alarm;

Component tag vector: available from the exception propagation policy when given component c_kE C, system level threshold th_XAnd alarm threshold th of any index i_iWhen, the component tag vector is defined as

The calculation method is as follows:

and (3) mapping the health degree: this section mainly defines system level health and component level health, since the metrics themselves have data values (e.g., CPU utilization), and thus there is no need to define health. Device set

wherein S is_a∈(0，100]Is the lower bound of the score for which the system is healthy, S_b∈(0，100]For the system being in a warning stateScore lower bound, and S_a＞S_bGenerally set up S_a＝80，S_b60. The first segment of the piecewise function represents the mapping of the reconstructed sequence of the normalized system normal state to S_a，100](ii) a The second segment represents the mapping of the reconstructed sequence of normalized system alarm states to S_b，S_a) And punishment items are provided to ensure that the more the alarm index is, the lower the health degree is; the third segment of the piecewise function represents that the reconstructed sequence of the normalized system alarm state is mapped to [0, S_b). The above ensures that the final health sequence is between 0 and 100, and is in S_aAnd S_bThree states of the system are segmented.

For component c_kIn a word, let

Reconstructing the sequence for the component

Is shown as

The component level health at time t is therefore

The calculation method is as follows:

wherein the content of the first and second substances,

C_a∈(0，100]for the fractional lower bound of health status of a component, C is typically set_a∈(0，100]The first segment of the piecewise function indicates that normalization is to be performedThe reconstructed sequence of the normal state of the latter component is mapped to [ C ]_a，100](ii) a The second segment represents the mapping of the reconstructed sequence of normalized component alarm states to [0, C_a). To prevent a possible out-of-range situation for run-time unknown normalized reconstructed values, both segments of equation (20) need to be matched to boundary C_aAnd comparing and correcting the final health degree.

As can be seen from the above, the present application can also achieve the following technical effects:

(1) a multi-scale reconstruction sequence construction method based on a variational self-encoder is provided, the reconfigurability of a plurality of performance index data is modeled, and system-level and component-level reconstruction sequences are described in an aggregation mode through a logic dependency relationship among indexes.

(2) A system level reconstruction sequence alignment-oriented index reconstruction sequence self-adaptive alarm threshold selection method is provided, and by automatically aligning an index level reconstruction sequence to an alarm state of a system level, the contribution degree of an index to an overall alarm is dynamically identified, and an index reconstruction sequence alarm threshold is selected.

(3) An anomaly propagation strategy facing a three-level monitoring architecture and a health degree grading mechanism thereof are provided, a system-component-index unambiguous anomaly propagation mode is constructed to realize three-level uniform alarm, and system level and component level health degrees are mapped by combining a reconstruction sequence and an alarm threshold.

In order to accurately determine the respective health degrees of the distributed payment system at a system level, a component level and an index level in real time and ensure the information security and the operation stability of the payment system, the application provides an embodiment of an electronic device for implementing all or part of the contents in the security processing method of the distributed payment system, and the electronic device specifically includes the following contents:

a processor (processor), a memory (memory), a communication Interface (Communications Interface), and a bus; the processor, the memory and the communication interface complete mutual communication through the bus; the communication interface is used for realizing information transmission between the distributed payment system security processing device and relevant equipment such as a core service system, a user terminal, a relevant database and the like; the logic controller may be a desktop computer, a tablet computer, a mobile terminal, and the like, but the embodiment is not limited thereto. In this embodiment, the logic controller may be implemented with reference to the embodiment of the distributed payment system security processing method and the embodiment of the distributed payment system security processing apparatus in the embodiment, and the contents thereof are incorporated herein, and repeated details are not repeated here.

It is understood that the user terminal may include a smart phone, a tablet electronic device, a network set-top box, a portable computer, a desktop computer, a Personal Digital Assistant (PDA), an in-vehicle device, a smart wearable device, and the like. Wherein, intelligence wearing equipment can include intelligent glasses, intelligent wrist-watch, intelligent bracelet etc..

In practical applications, part of the distributed payment system security processing method may be executed on the electronic device side as described in the above, or all operations may be completed in the client device. The selection may be specifically performed according to the processing capability of the client device, the limitation of the user usage scenario, and the like. This is not a limitation of the present application. The client device may further include a processor if all operations are performed in the client device.

The client device may have a communication module (i.e., a communication unit), and may be communicatively connected to a remote server to implement data transmission with the server. The server may include a server on the task scheduling center side, and in other implementation scenarios, the server may also include a server on an intermediate platform, for example, a server on a third-party server platform that is communicatively linked to the task scheduling center server. The server may include a single computer device, or may include a server cluster formed by a plurality of servers, or a server structure of a distributed apparatus.

Fig. 10 is a schematic block diagram of a system configuration of an electronic device 9600 according to an embodiment of the present application. As shown in fig. 10, the electronic device 9600 can include a central processor 9100 and a memory 9140; the memory 9140 is coupled to the central processor 9100. Notably, this fig. 10 is exemplary; other types of structures may also be used in addition to or in place of the structure to implement telecommunications or other functions.

In one embodiment, the distributed payment system security processing method functions may be integrated into the central processor 9100. The central processor 9100 may be configured to control as follows:

As can be seen from the above description, the electronic device provided in the embodiment of the present application implements three-layer consistent alarm by constructing a "system-component-index" unambiguous anomaly propagation manner, and can accurately determine the respective health degrees of the distributed payment system at the system level, the component level, and the index level in real time, thereby ensuring information security and stable operation of the payment system.

In another embodiment, the distributed payment system security processing apparatus may be configured separately from the central processor 9100, for example, the distributed payment system security processing apparatus may be configured as a chip connected to the central processor 9100, and the functions of the distributed payment system security processing method may be implemented by the control of the central processor.

As shown in fig. 10, the electronic device 9600 may further include: a communication module 9110, an input unit 9120, an audio processor 9130, a display 9160, and a power supply 9170. It is noted that the electronic device 9600 also does not necessarily include all of the components shown in fig. 10; in addition, the electronic device 9600 may further include components not shown in fig. 10, which can be referred to in the prior art.

As shown in fig. 10, a central processor 9100, sometimes referred to as a controller or operational control, can include a microprocessor or other processor device and/or logic device, which central processor 9100 receives input and controls the operation of the various components of the electronic device 9600.

The memory 9140 can be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information relating to the failure may be stored, and a program for executing the information may be stored. And the central processing unit 9100 can execute the program stored in the memory 9140 to realize information storage or processing, or the like.

The input unit 9120 provides input to the central processor 9100. The input unit 9120 is, for example, a key or a touch input device. Power supply 9170 is used to provide power to electronic device 9600. The display 9160 is used for displaying display objects such as images and characters. The display may be, for example, an LCD display, but is not limited thereto.

The memory 9140 can be a solid state memory, e.g., Read Only Memory (ROM), Random Access Memory (RAM), a SIM card, or the like. There may also be a memory that holds information even when power is off, can be selectively erased, and is provided with more data, an example of which is sometimes called an EPROM or the like. The memory 9140 could also be some other type of device. Memory 9140 includes a buffer memory 9141 (sometimes referred to as a buffer). The memory 9140 may include an application/function storage portion 9142, the application/function storage portion 9142 being used for storing application programs and function programs or for executing a flow of operations of the electronic device 9600 by the central processor 9100.

The memory 9140 can also include a data store 9143, the data store 9143 being used to store data, such as contacts, digital data, pictures, sounds, and/or any other data used by an electronic device. The driver storage portion 9144 of the memory 9140 may include various drivers for the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging applications, contact book applications, etc.).

The communication module 9110 is a transmitter/receiver 9110 that transmits and receives signals via an antenna 9111. The communication module (transmitter/receiver) 9110 is coupled to the central processor 9100 to provide input signals and receive output signals, which may be the same as in the case of a conventional mobile communication terminal.

Based on different communication technologies, a plurality of communication modules 9110, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, may be provided in the same electronic device. The communication module (transmitter/receiver) 9110 is also coupled to a speaker 9131 and a microphone 9132 via an audio processor 9130 to provide audio output via the speaker 9131 and receive audio input from the microphone 9132, thereby implementing ordinary telecommunications functions. The audio processor 9130 may include any suitable buffers, decoders, amplifiers and so forth. In addition, the audio processor 9130 is also coupled to the central processor 9100, thereby enabling recording locally through the microphone 9132 and enabling locally stored sounds to be played through the speaker 9131.

Embodiments of the present application further provide a computer-readable storage medium capable of implementing all steps in the distributed payment system security processing method in which the execution subject is the server or the client in the foregoing embodiments, where the computer-readable storage medium stores a computer program thereon, and when the computer program is executed by a processor, the computer program implements all steps in the distributed payment system security processing method in which the execution subject is the server or the client in the foregoing embodiments, for example, when the processor executes the computer program, the processor implements the following steps:

As can be seen from the above description, the computer-readable storage medium provided in the embodiment of the present application implements three-layer uniform alarm by constructing a "system-component-index" unambiguous anomaly propagation manner, and can accurately determine the respective health degrees of the distributed payment system at the system level, the component level, and the index level in real time, thereby ensuring information security and stable operation of the payment system.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims

1. A method for secure processing of a distributed payment system, the method comprising:

2. The distributed payment system security processing method of claim 1, wherein the determining the alarm threshold of the index level reconstruction sequence according to the system alarm contribution of the index level reconstruction sequence comprises:

3. The distributed payment system security processing method of claim 1, wherein the sequentially determining the system-level health status, the index-level health status, and the component-level health status corresponding to the index-level health status of the payment system according to the alarm threshold of the system-level reconstruction sequence, the alarm threshold of the index-level reconstruction sequence, and a preset exception propagation rule comprises:

4. The distributed payment system security processing method of claim 1, after the sequentially determining a system level health status, a target level health status, and a component level health status corresponding to the target level health status of the payment system, comprising:

5. A distributed payment system security processing apparatus, comprising:

6. The distributed payment system security processing apparatus of claim 5, wherein the alert threshold determination module comprises:

7. The distributed payment system security processing apparatus of claim 5, wherein the health status determination module comprises:

8. The distributed payment system security processing apparatus of claim 5, wherein the health status determination module comprises:

9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the distributed payment system security processing method of any one of claims 1 to 4 are implemented when the program is executed by the processor.

10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the distributed payment system security processing method of any one of claims 1 to 4.