CN114328121A - Safety warning method and safety warning system of terminal equipment - Google Patents
Safety warning method and safety warning system of terminal equipment Download PDFInfo
- Publication number
- CN114328121A CN114328121A CN202111676067.3A CN202111676067A CN114328121A CN 114328121 A CN114328121 A CN 114328121A CN 202111676067 A CN202111676067 A CN 202111676067A CN 114328121 A CN114328121 A CN 114328121A
- Authority
- CN
- China
- Prior art keywords
- alarm
- data table
- information data
- target
- terminal equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 238000012544 monitoring process Methods 0.000 claims abstract description 51
- 230000001960 triggered effect Effects 0.000 claims abstract description 30
- 230000008569 process Effects 0.000 description 11
- 238000004590 computer program Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Landscapes
- Alarm Systems (AREA)
Abstract
The application discloses a safety warning method and a safety warning system of terminal equipment, and relates to the technical field of safety warning. The method of the present application comprises: receiving a target operation log sent by target terminal equipment and a unique identifier corresponding to the target terminal equipment; updating an alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal equipment, wherein the alarm information data table comprises the unique identifier corresponding to each triggered safety problem terminal equipment and the number of times of triggering safety problems corresponding to each triggered safety problem terminal equipment in the current monitoring period; judging whether an alarm rule is met or not based on data contained in the alarm information data table, wherein the alarm rule contains a plurality of alarm conditions; and if so, sending the alarm information data table to a terminal safety management system.
Description
Technical Field
The present application relates to the field of security alarm technologies, and in particular, to a security alarm method and a security alarm system for a terminal device.
Background
When a user uses the terminal equipment, a large number of operations are carried out on the terminal equipment, and each operation is possibly related to the safety of the terminal equipment, so that whether the safety problem is triggered by the operation of the user is monitored, and when the safety problem is triggered by the operation of the user, a safety alarm is reasonably carried out, which is an important work needing to be completed by the safety management of the terminal equipment.
At present, organizations such as enterprises or governments generally monitor whether a plurality of terminal devices included in the organizations themselves trigger a security problem through a terminal security management system, and perform security alarm according to the condition that the plurality of terminal devices trigger the security problem and a preset alarm rule. However, the terminal security management system needs to monitor whether the plurality of terminal devices trigger the security problem, and perform security alarm according to the situation that the plurality of terminal devices trigger the security problem, and also needs to perform other tasks such as checking and repairing the operating systems of the plurality of terminal devices, so when the formulated alarm rule includes diversified alarm conditions and the terminal security management system needs to implement a complicated service logic, the normal operation of the terminal security management system may be affected.
Disclosure of Invention
The embodiment of the application provides a safety alarm method and a safety alarm system of terminal equipment, and mainly aims to ensure the normal operation of a terminal safety management system when safety alarm is required to be performed according to alarm rules including diversified alarm conditions.
In order to solve the above technical problem, an embodiment of the present application provides the following technical solutions:
in a first aspect, the present application provides a security alarm method for a terminal device, where the method is applied to a security alarm system, and includes:
receiving a target operation log sent by target terminal equipment and a unique identifier corresponding to the target terminal equipment;
updating an alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal equipment, wherein the alarm information data table comprises the unique identifier corresponding to each triggered safety problem terminal equipment and the number of times of triggering safety problems corresponding to each triggered safety problem terminal equipment in the current monitoring period;
judging whether an alarm rule is met or not based on data contained in the alarm information data table, wherein the alarm rule contains a plurality of alarm conditions;
and if so, sending the alarm information data table to a terminal safety management system.
Optionally, the target operation log is specifically an unknown operation log; the updating of the alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal device includes:
determining whether the unknown operation log is an illegal operation log or not according to an illegal operation rule, wherein the illegal operation rule comprises a plurality of illegal operations capable of triggering security problems;
if yes, judging whether the unique identification corresponding to the target terminal device exists in the alarm information data table;
if yes, updating the number of times of triggering the safety problem corresponding to the target terminal equipment;
and if the unique identifier does not exist, adding the unique identifier corresponding to the target terminal equipment into the alarm information data table, and setting the number of times of triggering the safety problem corresponding to the target terminal equipment to be 1.
Optionally, the target operation log is specifically an illegal operation log; the updating of the alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal device includes:
judging whether the unique identifier corresponding to the target terminal equipment exists in the alarm information data table or not;
if yes, updating the number of times of triggering the safety problem corresponding to the target terminal equipment;
and if the unique identifier does not exist, adding the unique identifier corresponding to the target terminal equipment into the alarm information data table, and setting the number of times of triggering the safety problem corresponding to the target terminal equipment to be 1.
Optionally, the alarm rule further includes a monitoring period; the method further comprises the following steps:
and clearing the data contained in the alarm information data table according to the monitoring period.
Optionally, the method further includes:
sending the target operation log and the unique identifier corresponding to the target terminal equipment to a third party alarm platform;
and when receiving alarm information sent by the third-party alarm platform based on the target operation log and the unique identifier corresponding to the target terminal equipment, sending the alarm information to the terminal safety management system.
Optionally, the sending the alarm information data table to a terminal security management system includes:
sending an alarm mail carrying the alarm information data table to the terminal security management system; and/or
And sending the alarm information data table to a database corresponding to the terminal safety management system.
Optionally, the determining whether the alarm rule is satisfied based on the data included in the alarm information data table includes:
carrying out multi-dimensional statistical processing on data contained in the alarm information data table according to a preset rule to obtain a plurality of statistical results;
and judging whether a plurality of alarm conditions are met according to a plurality of statistical results.
Optionally, the plurality of alarm conditions include: the method comprises the steps that N terminal devices in a current monitoring period trigger safety problems, the number of times that any one terminal device in the current monitoring period triggers safety problems is larger than M times, P terminal devices in a target group in the current monitoring period trigger safety problems, and the number of times that any one terminal device in the target group in the current monitoring period triggers safety problems is larger than any number of Q times, wherein N, M, P, Q are positive integers.
In a second aspect, the present application further provides a safety warning system, including:
the receiving unit is used for receiving a target operation log sent by target terminal equipment and a unique identifier corresponding to the target terminal equipment;
the updating unit is used for updating an alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal equipment, wherein the alarm information data table comprises the unique identifier corresponding to each triggered safety problem terminal equipment and the number of times of triggering safety problems corresponding to each triggered safety problem terminal equipment in the current monitoring period;
the judging unit is used for judging whether an alarm rule is met or not based on data contained in the alarm information data table, wherein the alarm rule contains a plurality of alarm conditions;
and the first sending unit is used for sending the alarm information data table to a terminal safety management system when the judging unit judges that the alarm rule is met.
Optionally, the target operation log is specifically an unknown operation log; the update unit includes:
the determining module is used for determining whether the unknown operation log is an illegal operation log according to an illegal operation rule, wherein the illegal operation rule comprises a plurality of illegal operations capable of triggering a security problem;
the first judging module is used for judging whether the unique identifier corresponding to the target terminal device exists in the alarm information data table or not when the determining module determines that the unknown operation log is the illegal operation log;
the first updating module is used for updating the number of times of triggering the safety problem corresponding to the target terminal equipment when the first judging module judges that the unique identifier corresponding to the target terminal equipment exists in the alarm information data table;
and the first adding module is used for adding the unique identifier corresponding to the target terminal device into the alarm information data table and setting the number of times of triggering the safety problem corresponding to the target terminal device to be 1 when the first judging module judges that the unique identifier corresponding to the target terminal device does not exist in the alarm information data table.
Optionally, the target operation log is specifically an illegal operation log; the update unit includes:
the second judgment module is used for judging whether the unique identifier corresponding to the target terminal equipment exists in the alarm information data table or not;
the second updating module is used for updating the number of times of triggering the safety problem corresponding to the target terminal equipment when the second judging module judges that the unique identifier corresponding to the target terminal equipment exists in the alarm information data table;
and the second adding module is used for adding the unique identifier corresponding to the target terminal device to the alarm information data table and setting the number of times of triggering the safety problem corresponding to the target terminal device to be 1 when the second judging module judges that the unique identifier corresponding to the target terminal device does not exist in the alarm information data table.
Optionally, the alarm rule further includes a monitoring period; the system further comprises:
and the clearing unit is used for clearing the data contained in the alarm information data table according to the monitoring period.
Optionally, the system further includes:
the second sending unit is used for sending the target operation log and the unique identifier corresponding to the target terminal equipment to a third party alarm platform;
and the third sending unit is used for sending the alarm information to the terminal safety management system when receiving the alarm information sent by the third-party alarm platform based on the target operation log and the unique identifier corresponding to the target terminal equipment.
Optionally, the first sending unit includes:
the first sending module is used for sending an alarm mail carrying the alarm information data table to the terminal security management system;
and the second sending module is used for sending the alarm information data table to a database corresponding to the terminal safety management system.
Optionally, the determining unit is specifically configured to perform multidimensional statistical processing on data included in the alarm information data table according to a preset rule to obtain a plurality of statistical results; and judging whether a plurality of alarm conditions are met according to a plurality of statistical results.
Optionally, the plurality of alarm conditions include: the method comprises the steps that N terminal devices in a current monitoring period trigger safety problems, the number of times that any one terminal device in the current monitoring period triggers safety problems is larger than M times, P terminal devices in a target group in the current monitoring period trigger safety problems, and the number of times that any one terminal device in the target group in the current monitoring period triggers safety problems is larger than any number of Q times, wherein N, M, P, Q are positive integers.
In a third aspect, an embodiment of the present application provides a storage medium, where the storage medium includes a stored program, and when the program runs, a device in which the storage medium is located is controlled to execute the security alarm method of the terminal device according to the first aspect.
In a fourth aspect, an embodiment of the present application provides a security alarm apparatus for a terminal device, where the apparatus includes a storage medium; and one or more processors, the storage medium coupled with the processors, the processors configured to execute program instructions stored in the storage medium; and when the program instruction runs, executing the security alarm method of the terminal equipment in the first aspect.
By means of the technical scheme, the technical scheme provided by the application at least has the following advantages:
the application provides a safety warning method and a safety warning system of terminal equipment, and the safety warning system can update a warning information data table according to a target operation log and a unique identifier corresponding to the target terminal equipment after receiving the target operation log and the unique identifier corresponding to the target terminal equipment, which are sent by the target terminal equipment, and judge whether a warning rule is met or not based on data contained in the warning information data table. Because the safety alarm is carried out through the safety alarm system in the application, the terminal safety management system is not required to realize more complex service logic, and the normal operation of the terminal safety management system is not influenced.
The foregoing description is only an overview of the technical solutions of the present application, and the present application can be implemented according to the content of the description in order to make the technical means of the present application more clearly understood, and the following detailed description of the present application is given in order to make the above and other objects, features, and advantages of the present application more clearly understandable.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present application will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. Several embodiments of the present application are illustrated by way of example and not by way of limitation in the figures of the accompanying drawings and in which like reference numerals refer to similar or corresponding parts and in which:
fig. 1 shows a flowchart of a security alarm method for a terminal device according to an embodiment of the present application;
fig. 2 is a flowchart illustrating a security alarm method for another terminal device according to an embodiment of the present application;
FIG. 3 is a block diagram illustrating components of a security alarm system provided by an embodiment of the present application;
fig. 4 shows a block diagram of another security alarm system provided in the embodiment of the present application.
Detailed Description
Exemplary embodiments of the present application will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present application are shown in the drawings, it should be understood that the present application may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
It is to be noted that, unless otherwise specified, technical or scientific terms used herein shall have the ordinary meaning as understood by those skilled in the art to which this application belongs.
An embodiment of the present application provides a security alarm method for a terminal device, where the method is applied to a security alarm system, and specifically as shown in fig. 1, the method includes:
101. and receiving a target operation log sent by the target terminal equipment and a unique identifier corresponding to the target terminal equipment.
The target terminal equipment is terminal equipment which needs to be subjected to safety management inside an enterprise (government or other organizations); the target operation log records the operation of the target terminal device by the target user.
In the embodiment of the present application, the execution subject in each step is a security alarm system independent of the terminal security management system, and the terminal security management system and the security alarm system may operate in the same terminal device or may operate in different terminal devices.
In the embodiment of the application, in the process that the target user uses the target terminal device, when the target user operates the target terminal device, the target terminal device generates a corresponding operation log (namely, a target operation log), and sends the generated target operation log and the unique identifier corresponding to the target terminal device to the safety alarm system, and at this time, the safety alarm system can receive the target operation log sent by the target terminal device and the unique identifier corresponding to the target terminal device.
It should be noted that, in the actual application process, the target terminal device sends the target operation log and the unique identifier corresponding to the target terminal device to the security alarm system, and also sends the target operation log and the unique identifier corresponding to the target terminal device to the database corresponding to the terminal security management system, so that when a worker desires to check the log corresponding to the target terminal device, the worker can query the database through the terminal security management system to obtain the log corresponding to the target terminal device.
102. And updating the alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal equipment.
The alarm information data table comprises a unique identifier corresponding to each triggered safety problem terminal device and the number of times of triggering safety problems corresponding to each triggered safety problem terminal device in the current monitoring period.
In the embodiment of the present application, after receiving and obtaining the target operation log sent by the target terminal device and the unique identifier corresponding to the target terminal device, the security alarm system may update the alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal device, and the specific process is as follows: firstly, determining whether a target operation log is an illegal operation log; when the target operation log is determined to be the illegal operation log, updating an alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal equipment; when the target operation log is determined not to be the illegal operation log, the alarm information data table does not need to be updated; when the operation recorded in the target operation log is specifically an illegal operation (i.e., an operation that triggers a security problem), the target operation log is the illegal operation log.
103. And judging whether the alarm rule is met or not based on the data contained in the alarm information data table.
The alarm rule is preset for the staff and is issued to the safety alarm system through the terminal safety management system; the alarm rule includes a plurality of alarm conditions, that is, the alarm rule includes diversified alarm conditions.
In the embodiment of the application, after the alarm information data table is updated, the safety alarm system may determine whether the alarm rule is satisfied based on the data included in the alarm information data table, that is, firstly, according to the data included in the alarm information data table, count the number of terminal devices that have triggered the safety problem in the current monitoring period and the number of times that each terminal device that has triggered the safety problem triggers the safety problem, and then determine whether a plurality of alarm conditions included in the alarm rule are satisfied according to the number of terminal devices that have triggered the safety problem in the current monitoring period and the number of times that each terminal device that has triggered the safety problem triggers the safety problem.
104. And if so, sending the alarm information data table to a terminal safety management system.
In the embodiment of the application, when the safety alarm system determines that the alarm rule is met, the alarm information data table needs to be sent to the terminal safety management system, so that the terminal safety management system outputs and displays the alarm information data table, and a worker can know data contained in the alarm information data table.
The embodiment of the application provides a safety warning method of terminal equipment, and the safety warning system can update a warning information data table according to a target operation log sent by target terminal equipment and a unique identifier corresponding to the target terminal equipment after receiving the target operation log and the unique identifier corresponding to the target terminal equipment, judge whether a warning rule is met or not based on data contained in the warning information data table, and when the safety warning system determines that the warning rule is met, the warning information data table needs to be sent to a terminal safety management system so that the terminal safety management system outputs and displays the warning information data table, and a worker can know the data contained in the warning information data table. Because the safety alarm is carried out through the safety alarm system in the embodiment of the application, the terminal safety management system is not required to realize more complex service logic, and the normal operation of the terminal safety management system is not influenced.
To explain in more detail below, an embodiment of the present application provides another security alarm method for a terminal device, where the method is applied to a security alarm system, and specifically as shown in fig. 2, the method includes:
201. and receiving a target operation log sent by the target terminal equipment and a unique identifier corresponding to the target terminal equipment.
In step 201, the description of the corresponding part in fig. 1 may be referred to for receiving the target operation log sent by the target terminal device and the unique identifier corresponding to the target terminal device, and details of the embodiment of the present application will not be repeated here.
202. And updating the alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal equipment.
In the embodiment of the application, after receiving and obtaining the target operation log sent by the target terminal device and the unique identifier corresponding to the target terminal device, the safety alarm system can update the alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal device.
Specifically, in this step, a manner in which the terminal device sends the target log to the security alarm system may be preset: 1. after a user operates the terminal equipment, the terminal equipment does not judge whether the operation performed by the user is an illegal operation which can trigger a safety problem, and directly generates a corresponding operation log, and at the moment, the terminal equipment sends a target log to a safety warning system to be an unknown operation log; 2. after a user operates the terminal equipment, the terminal equipment firstly judges whether the operation performed by the user is illegal operation which can trigger a safety problem, if so, a corresponding operation log is generated, and at the moment, a target log sent to a safety warning system by the terminal equipment is the illegal operation log.
When the target operation log sent by the target terminal device is specifically an unknown operation log (that is, the target terminal device sends the target log to the security alarm system in the first manner), the security alarm system needs to determine whether the unknown operation log is an illegal operation log according to an illegal operation rule, that is, determine whether an operation recorded in the unknown operation log is an illegal operation according to the illegal operation rule, where the illegal operation rule includes a plurality of illegal operations that can trigger a security problem, and the plurality of illegal operations may include, but are not limited to: use of a USB flash disk, start of a particular process, etc.; when the unknown operation log sent by the target terminal equipment is determined to be the illegal operation log, whether the unique identifier corresponding to the target terminal equipment exists in the alarm information data table needs to be judged; if yes, updating the number of times of triggering the safety problem corresponding to the target terminal equipment, namely adding 1 to the number of times of triggering the safety problem corresponding to the target terminal equipment in an alarm information data table; and if the unique identifier does not exist, adding the unique identifier corresponding to the target terminal equipment into the alarm information data table, and setting the number of times of triggering the safety problem corresponding to the target terminal equipment to be 1.
When the target operation log sent by the target terminal device is specifically an illegal operation log (that is, the target terminal device sends the target log to the security alarm system in the second mode), the security alarm system can directly judge whether the unique identifier corresponding to the target terminal device exists in the alarm information data table; if yes, updating the number of times of triggering the safety problem corresponding to the target terminal equipment, namely adding 1 to the number of times of triggering the safety problem corresponding to the target terminal equipment in an alarm information data table; and if the unique identifier does not exist, adding the unique identifier corresponding to the target terminal equipment into the alarm information data table, and setting the number of times of triggering the safety problem corresponding to the target terminal equipment to be 1.
203. And judging whether the alarm rule is met or not based on the data contained in the alarm information data table.
A plurality of terminal devices inside an enterprise (government or other organizations) can be grouped in advance to obtain one or more target groups; the plurality of alarm conditions included in the alarm rule may include, but are not limited to: triggering safety problems by N terminal devices in the current monitoring period, wherein the number of times of triggering safety problems by any terminal device in the current monitoring period is more than M times, triggering safety problems by P terminal devices in a target group in the current monitoring period, and triggering safety problems by any terminal device in the target group in the current monitoring period is more than Q times; wherein N, M, P, Q are all positive integers.
Specifically, in this step, the specific process of the safety warning system determining whether the warning rule is satisfied based on the data included in the warning information data table is as follows: carrying out multi-dimensional statistical processing on data contained in the alarm information data table according to a preset rule so as to obtain a plurality of statistical results; and judging whether a plurality of alarm conditions are met or not according to the plurality of statistical results. The preset rule is specifically as follows: firstly, according to data contained in an alarm information data table, counting the number of triggered safety problem terminal devices and the number of times of triggering safety problems of each triggered safety problem terminal device in a current monitoring period; and then, according to the number of the terminal devices with the triggered safety problems and the number of times of triggering the safety problems by each terminal device with the triggered safety problems in the current monitoring period, counting the number of the terminal devices with the triggered safety problems in the target group and the number of times of triggering the safety problems by each terminal device with the triggered safety problems.
204. And if so, sending the alarm information data table to a terminal safety management system.
In the embodiment of the application, when the safety alarm system determines that the alarm rule is met, the alarm information data table needs to be sent to the terminal safety management system, so that the terminal safety management system outputs and displays the alarm information data table, and a worker can know data contained in the alarm information data table.
Specifically, in this step, the security alarm system may adopt any one of the following two manners, or simultaneously adopt the following two manners to send the alarm information data table to the terminal security management system:
(1) and sending an alarm mail carrying the alarm information data table to a terminal safety management system, reading the alarm mail by a worker through a mailbox program, and outputting and displaying the alarm information data table by the mailbox program.
(2) And sending the alarm information data table to a database corresponding to the terminal safety management system, and controlling the terminal safety management system to query the database by corresponding operation of a worker in an alarm interface of the terminal safety management system, and outputting and displaying the alarm information data table obtained by query through the alarm interface.
205. And acquiring alarm information through a third party alarm platform.
In the embodiment of the application, the safety alarm system can also communicate with a third-party alarm platform, send the target operation log received each time and the unique identifier corresponding to the target terminal device to the third-party alarm platform, so that the third party alarm platform determines whether safety alarm needs to be carried out according to the target operation log received each time and the unique identifier corresponding to the target terminal equipment, when the third party alarm platform determines that the safety alarm needs to be carried out, the third party alarm platform generates alarm information, and sends the generated alarm information to a safety alarm system, the safety alarm system needs to send the alarm information to a terminal safety management system after receiving the alarm information sent by a third party alarm platform, therefore, the terminal safety management system can output and display the alarm information, and the working personnel can obtain the alarm information generated by the third-party alarm platform.
The specific process of sending the alarm information to the terminal security management system by the security alarm system may refer to the specific process of sending the alarm information data table to the terminal security management system, which is not described in detail in this embodiment of the present application.
Further, in the embodiment of the present application, the alarm rule further includes a monitoring period, and the safety alarm system further needs to empty data included in the alarm information data table according to the monitoring period, so as to ensure that the data included in the alarm information data table is data in the current monitoring period, where the monitoring period may be, but is not limited to, 3 hours, 6 hours, 24 hours, 1 week, and the like.
In order to achieve the above object, according to another aspect of the present application, an embodiment of the present application further provides a storage medium, where the storage medium includes a stored program, and when the program runs, a device in which the storage medium is located is controlled to execute the above security alarm method for a terminal device.
In order to achieve the above object, according to another aspect of the present application, an embodiment of the present application further provides a security alarm apparatus for a terminal device, where the apparatus includes a storage medium; and one or more processors, the storage medium coupled with the processors, the processors configured to execute program instructions stored in the storage medium; and when the program instruction runs, the safety warning method of the terminal equipment is executed.
Further, as an implementation of the method shown in fig. 1 and fig. 2, another embodiment of the present application further provides a security alarm system. The system embodiment corresponds to the method embodiment, and details in the method embodiment are not described in detail again in this system embodiment for easy reading, but it should be clear that the system in this embodiment can correspondingly implement all the contents in the method embodiment. The system is applied to ensure the normal operation of the terminal safety management system when safety alarm is required to be performed according to alarm rules including diversified alarm conditions, and specifically as shown in fig. 3, the system comprises:
a receiving unit 31, configured to receive a target operation log sent by a target terminal device and a unique identifier corresponding to the target terminal device;
an updating unit 32, configured to update an alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal device, where the alarm information data table includes the unique identifier corresponding to each triggered security problem terminal device and the number of times of triggering security problems corresponding to each triggered security problem terminal device in the current monitoring period;
a judging unit 33, configured to judge whether an alarm rule is satisfied based on data included in the alarm information data table, where the alarm rule includes multiple alarm conditions;
and the first sending unit 34 is used for sending the alarm information data table to a terminal safety management system when the judging unit 33 judges that the alarm rule is met.
Further, as shown in fig. 4, the target operation log is specifically an unknown operation log; the update unit 32 includes:
a determining module 321, configured to determine whether the unknown operation log is an illegal operation log according to an illegal operation rule, where the illegal operation rule includes multiple illegal operations that can trigger a security problem;
a first determining module 322, configured to determine whether a unique identifier corresponding to the target terminal device exists in the alarm information data table when the determining module 321 determines that the unknown operation log is an illegal operation log;
a first updating module 323, configured to update the number of times of triggering security problems corresponding to the target terminal device when the first determining module 322 determines that the unique identifier corresponding to the target terminal device exists in the alarm information data table;
a first adding module 324, configured to, when the first determining module 322 determines that the unique identifier corresponding to the target terminal device does not exist in the alarm information data table, add the unique identifier corresponding to the target terminal device to the alarm information data table, and set the number of times of triggering the security problem corresponding to the target terminal device to 1.
Further, as shown in fig. 4, the target operation log is specifically an illegal operation log; the update unit 32 includes:
a second judging module 325, configured to judge whether the alarm information data table has a unique identifier corresponding to the target terminal device;
a second updating module 326, configured to update the number of times of triggering the security problem corresponding to the target terminal device when the second determining module 325 determines that the unique identifier corresponding to the target terminal device exists in the alarm information data table;
a second adding module 327, configured to add the unique identifier corresponding to the target terminal device to the alarm information data table and set the number of times of triggering the security problem corresponding to the target terminal device to 1 when the second determining module 325 determines that the unique identifier corresponding to the target terminal device does not exist in the alarm information data table.
Further, as shown in fig. 4, the alarm rule further includes a monitoring period; the system further comprises:
and the clearing unit 35 is configured to clear data included in the alarm information data table according to the monitoring period.
Further, as shown in fig. 4, the system further includes:
the second sending unit 36 is configured to send the target operation log and the unique identifier corresponding to the target terminal device to a third party alarm platform;
and a third sending unit 37, configured to send the alarm information to the terminal security management system when receiving the alarm information sent by the third-party alarm platform based on the target operation log and the unique identifier corresponding to the target terminal device.
Further, as shown in fig. 4, the first sending unit 34 includes:
a first sending module 341, configured to send an alarm mail carrying the alarm information data table to the terminal security management system;
the second sending module 342 is configured to send the alarm information data table to a database corresponding to the terminal security management system.
Further, as shown in fig. 4, the determining unit 33 is specifically configured to perform multidimensional statistical processing on the data included in the alarm information data table according to a preset rule, so as to obtain a plurality of statistical results; and judging whether a plurality of alarm conditions are met according to a plurality of statistical results.
Further, as shown in fig. 4, the plurality of alarm conditions include: the method comprises the steps that N terminal devices in a current monitoring period trigger safety problems, the number of times that any one terminal device in the current monitoring period triggers safety problems is larger than M times, P terminal devices in a target group in the current monitoring period trigger safety problems, and the number of times that any one terminal device in the target group in the current monitoring period triggers safety problems is larger than any number of Q times, wherein N, M, P, Q are positive integers.
The embodiment of the application provides a safety warning method and a safety warning system of a terminal device, and the safety warning system can update a warning information data table according to a target operation log and a unique identifier corresponding to a target terminal device after receiving the target operation log and the unique identifier corresponding to the target terminal device, and judge whether a warning rule is met or not based on data contained in the warning information data table. Because the safety alarm is carried out through the safety alarm system in the embodiment of the application, the terminal safety management system is not required to realize more complex service logic, and the normal operation of the terminal safety management system is not influenced.
The embodiment of the application provides a storage medium, wherein the storage medium comprises a stored program, and when the program runs, the device where the storage medium is located is controlled to execute the security alarm method of the terminal device.
The storage medium may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
The embodiment of the application also provides a safety warning device of the terminal equipment, which comprises a storage medium; and one or more processors, the storage medium coupled with the processors, the processors configured to execute program instructions stored in the storage medium; and when the program instruction runs, the safety warning method of the terminal equipment is executed.
The embodiment of the application provides equipment, the equipment comprises a processor, a memory and a program which is stored on the memory and can run on the processor, and the following steps are realized when the processor executes the program:
receiving a target operation log sent by target terminal equipment and a unique identifier corresponding to the target terminal equipment;
updating an alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal equipment, wherein the alarm information data table comprises the unique identifier corresponding to each triggered safety problem terminal equipment and the number of times of triggering safety problems corresponding to each triggered safety problem terminal equipment in the current monitoring period;
judging whether an alarm rule is met or not based on data contained in the alarm information data table, wherein the alarm rule contains a plurality of alarm conditions;
and if so, sending the alarm information data table to a terminal safety management system.
Further, the target operation log is specifically an unknown operation log; the updating of the alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal device includes:
determining whether the unknown operation log is an illegal operation log or not according to an illegal operation rule, wherein the illegal operation rule comprises a plurality of illegal operations capable of triggering security problems;
if yes, judging whether the unique identification corresponding to the target terminal device exists in the alarm information data table;
if yes, updating the number of times of triggering the safety problem corresponding to the target terminal equipment;
and if the unique identifier does not exist, adding the unique identifier corresponding to the target terminal equipment into the alarm information data table, and setting the number of times of triggering the safety problem corresponding to the target terminal equipment to be 1.
Further, the target operation log is specifically an illegal operation log; the updating of the alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal device includes:
judging whether the unique identifier corresponding to the target terminal equipment exists in the alarm information data table or not;
if yes, updating the number of times of triggering the safety problem corresponding to the target terminal equipment;
and if the unique identifier does not exist, adding the unique identifier corresponding to the target terminal equipment into the alarm information data table, and setting the number of times of triggering the safety problem corresponding to the target terminal equipment to be 1.
Further, the alarm rule further includes a monitoring period; the method further comprises the following steps:
and clearing the data contained in the alarm information data table according to the monitoring period.
Further, the method further comprises:
sending the target operation log and the unique identifier corresponding to the target terminal equipment to a third party alarm platform;
and when receiving alarm information sent by the third-party alarm platform based on the target operation log and the unique identifier corresponding to the target terminal equipment, sending the alarm information to the terminal safety management system.
Further, the sending the alarm information data table to a terminal security management system includes:
sending an alarm mail carrying the alarm information data table to the terminal security management system; and/or
And sending the alarm information data table to a database corresponding to the terminal safety management system.
Further, the determining whether the alarm rule is satisfied based on the data included in the alarm information data table includes:
carrying out multi-dimensional statistical processing on data contained in the alarm information data table according to a preset rule to obtain a plurality of statistical results;
and judging whether a plurality of alarm conditions are met according to a plurality of statistical results.
Further, the plurality of alarm conditions includes: the method comprises the steps that N terminal devices in a current monitoring period trigger safety problems, the number of times that any one terminal device in the current monitoring period triggers safety problems is larger than M times, P terminal devices in a target group in the current monitoring period trigger safety problems, and the number of times that any one terminal device in the target group in the current monitoring period triggers safety problems is larger than any number of Q times, wherein N, M, P, Q are positive integers.
The present application further provides a computer program product adapted to perform program code for initializing the following method steps when executed on a data processing device: receiving a target operation log sent by target terminal equipment and a unique identifier corresponding to the target terminal equipment; updating an alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal equipment, wherein the alarm information data table comprises the unique identifier corresponding to each triggered safety problem terminal equipment and the number of times of triggering safety problems corresponding to each triggered safety problem terminal equipment in the current monitoring period; judging whether an alarm rule is met or not based on data contained in the alarm information data table, wherein the alarm rule contains a plurality of alarm conditions; and if so, sending the alarm information data table to a terminal safety management system.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (11)
1. A safety alarm method of terminal equipment is characterized in that the method is applied to a safety alarm system and comprises the following steps:
receiving a target operation log sent by target terminal equipment and a unique identifier corresponding to the target terminal equipment;
updating an alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal equipment, wherein the alarm information data table comprises the unique identifier corresponding to each triggered safety problem terminal equipment and the number of times of triggering safety problems corresponding to each triggered safety problem terminal equipment in the current monitoring period;
judging whether an alarm rule is met or not based on data contained in the alarm information data table, wherein the alarm rule contains a plurality of alarm conditions;
and if so, sending the alarm information data table to a terminal safety management system.
2. The method of claim 1, wherein the target oplog is specifically an unknown oplog; the updating of the alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal device includes:
determining whether the unknown operation log is an illegal operation log or not according to an illegal operation rule, wherein the illegal operation rule comprises a plurality of illegal operations capable of triggering security problems;
if yes, judging whether the unique identification corresponding to the target terminal device exists in the alarm information data table;
if yes, updating the number of times of triggering the safety problem corresponding to the target terminal equipment;
and if the unique identifier does not exist, adding the unique identifier corresponding to the target terminal equipment into the alarm information data table, and setting the number of times of triggering the safety problem corresponding to the target terminal equipment to be 1.
3. The method according to claim 1, wherein the target operation log is specifically a violation operation log; the updating of the alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal device includes:
judging whether the unique identifier corresponding to the target terminal equipment exists in the alarm information data table or not;
if yes, updating the number of times of triggering the safety problem corresponding to the target terminal equipment;
and if the unique identifier does not exist, adding the unique identifier corresponding to the target terminal equipment into the alarm information data table, and setting the number of times of triggering the safety problem corresponding to the target terminal equipment to be 1.
4. The method of claim 1, wherein the alarm rules further comprise a monitoring period; the method further comprises the following steps:
and clearing the data contained in the alarm information data table according to the monitoring period.
5. The method of claim 1, further comprising:
sending the target operation log and the unique identifier corresponding to the target terminal equipment to a third party alarm platform;
and when receiving alarm information sent by the third-party alarm platform based on the target operation log and the unique identifier corresponding to the target terminal equipment, sending the alarm information to the terminal safety management system.
6. The method according to claim 1, wherein the sending the alarm information data table to a terminal security management system comprises:
sending an alarm mail carrying the alarm information data table to the terminal security management system; and/or
And sending the alarm information data table to a database corresponding to the terminal safety management system.
7. The method according to claim 1, wherein the determining whether the alarm rule is satisfied based on the data contained in the alarm information data table comprises:
carrying out multi-dimensional statistical processing on data contained in the alarm information data table according to a preset rule to obtain a plurality of statistical results;
and judging whether a plurality of alarm conditions are met according to a plurality of statistical results.
8. The method according to any of claims 1-7, wherein the plurality of alarm conditions comprises: the method comprises the steps that N terminal devices in a current monitoring period trigger safety problems, the number of times that any one terminal device in the current monitoring period triggers safety problems is larger than M times, P terminal devices in a target group in the current monitoring period trigger safety problems, and the number of times that any one terminal device in the target group in the current monitoring period triggers safety problems is larger than any number of Q times, wherein N, M, P, Q are positive integers.
9. A security alarm system, comprising:
the receiving unit is used for receiving a target operation log sent by target terminal equipment and a unique identifier corresponding to the target terminal equipment;
the updating unit is used for updating an alarm information data table according to the target operation log and the unique identifier corresponding to the target terminal equipment, wherein the alarm information data table comprises the unique identifier corresponding to each triggered safety problem terminal equipment and the number of times of triggering safety problems corresponding to each triggered safety problem terminal equipment in the current monitoring period;
the judging unit is used for judging whether an alarm rule is met or not based on data contained in the alarm information data table, wherein the alarm rule contains a plurality of alarm conditions;
and the first sending unit is used for sending the alarm information data table to a terminal safety management system when the judging unit judges that the alarm rule is met.
10. A storage medium, characterized in that the storage medium comprises a stored program, wherein when the program runs, a device in which the storage medium is located is controlled to execute the security alarm method of the terminal device according to any one of claims 1 to 8.
11. A security alarm device of a terminal device, characterized in that the device comprises a storage medium; and one or more processors, the storage medium coupled with the processors, the processors configured to execute program instructions stored in the storage medium; the program instructions when executed perform a security alarm method of a terminal device according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111676067.3A CN114328121A (en) | 2021-12-31 | 2021-12-31 | Safety warning method and safety warning system of terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111676067.3A CN114328121A (en) | 2021-12-31 | 2021-12-31 | Safety warning method and safety warning system of terminal equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114328121A true CN114328121A (en) | 2022-04-12 |
Family
ID=81023850
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111676067.3A Pending CN114328121A (en) | 2021-12-31 | 2021-12-31 | Safety warning method and safety warning system of terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114328121A (en) |
-
2021
- 2021-12-31 CN CN202111676067.3A patent/CN114328121A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110661659B (en) | Alarm method, device and system and electronic equipment | |
| EP3425524A1 (en) | Cloud platform-based client application data calculation method and device | |
| US10911447B2 (en) | Application error fingerprinting | |
| CN112416645A (en) | Fault root cause inference positioning method and device based on artificial intelligence | |
| CN112015618A (en) | Abnormity warning method and device | |
| CN105404581A (en) | Database evaluation method and device | |
| CN112199394A (en) | Alarm information pushing method and system, intelligent terminal and storage medium | |
| CN110941632A (en) | Database auditing method, device and equipment | |
| CN110858166A (en) | Application exception processing method and device, storage medium and processor | |
| CN111046068B (en) | Method and device for displaying alarm generation process | |
| CN116032725B (en) | Method and device for generating fault root cause positioning model | |
| CN112416974A (en) | Data processing method, device and equipment and readable storage medium | |
| CN114328121A (en) | Safety warning method and safety warning system of terminal equipment | |
| CN102986151A (en) | Monitoring system and data transfer device and method thereof | |
| CN111160874B (en) | Method and device for judging abnormal well entry and exit based on coal mine personnel networking system | |
| CN115757318A (en) | Log query method and device, storage medium and electronic equipment | |
| CN113472881B (en) | Statistical method and device for online terminal equipment | |
| CN110502404B (en) | Early warning processing method based on data management platform and related equipment | |
| CN114095523B (en) | Communication data processing method, device and system in comprehensive scheduling system | |
| CN113885958A (en) | Method and system for intercepting dirty data | |
| CN112686742A (en) | Sales invoice risk early warning method and device, storage medium and electronic equipment | |
| CN111222928A (en) | Method and system for monitoring enterprise standard invoicing | |
| CN113965414B (en) | Network monitoring method and device, electronic equipment and storage medium | |
| US20170359215A1 (en) | Persistent alert notes | |
| CN114548443A (en) | Recovery management method and device for production equipment, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |