CN115033455B - Equipment risk monitoring system and method based on TCP state data - Google Patents
Equipment risk monitoring system and method based on TCP state data Download PDFInfo
- Publication number
- CN115033455B CN115033455B CN202210693684.2A CN202210693684A CN115033455B CN 115033455 B CN115033455 B CN 115033455B CN 202210693684 A CN202210693684 A CN 202210693684A CN 115033455 B CN115033455 B CN 115033455B
- Authority
- CN
- China
- Prior art keywords
- risk
- application software
- industrial control
- page
- video monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3089—Monitoring arrangements determined by the means or processing involved in sensing the monitored data, e.g. interfaces, connectors, sensors, probes, agents
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/18—Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Quality & Reliability (AREA)
- Data Mining & Analysis (AREA)
- Mathematical Physics (AREA)
- Computational Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Computing Systems (AREA)
- Mathematical Analysis (AREA)
- Evolutionary Biology (AREA)
- Algebra (AREA)
- Probability & Statistics with Applications (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Operations Research (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a system and a method for monitoring equipment risk based on TCP state data, comprising the following steps of S100: capturing task operation keys of industrial control video monitoring application software loaded on a computer equipment end in each operation page; dividing the task operating keys into basic operating keys and non-basic operating keys; calculating the basic utilization rate of each operation page; step S200: sequencing and sorting operation pages in industrial control video monitoring application software; capturing the position overlapping characteristic condition of a task operation key and an advertisement window appearing in each operation page in the operation page sequence set, and extracting information of a position overlapping scene; step S300: calculating a first risk trapping rate of each operation page; step S400: calculating a second risk trapping rate of each operation page; step S500: performing software risk estimation on each industrial control video monitoring application software; and performing equipment risk estimation on the computer equipment based on the real-time operation condition of the user.
Description
Technical Field
The invention relates to the technical field of equipment risk monitoring, in particular to a system and a method for monitoring equipment risk based on TCP state data.
Background
With the rapid development of the internet era, the application types of computer equipment are also infinite, and automation, efficiency, accuracy, controllability and visualization of factory production and manufacturing processes by using computer technology become possible; however, while the computer realizes the efficient processing of data in the industrial control field, the information security problem hidden in the computer network environment also brings certain influence on the data management in the industrial control field; the data information security problem is often realized along with the invasion of junk advertisements at a computer end, and the junk advertisements are often accompanied by external links which can cause the information leakage risk at the computer end; the spam advertisement is usually obtained by deceiving or inducing a user to click the spam advertisement by designing colorful window content or designing the size of a conspicuous window, so that the additional jump of the link is realized, and in the process of the jump, data information of the user at a computer end is captured.
Usually, the spam advertisement is accompanied by a deceptive design, for example, two or more close keys, so that when a user wants to close a spam advertisement window, the user can have a blind test because the user does not know the position of the true close key, and the user can not perform misoperation on the content of the spam advertisement page due to mistake in the process of the blind test.
Disclosure of Invention
The present invention provides a system and a method for monitoring risk of a device based on TCP status data, so as to solve the problems mentioned in the background art.
In order to solve the technical problems, the invention provides the following technical scheme: the equipment risk monitoring method based on the TCP state data comprises the following steps:
step S100: capturing task operation keys appearing in each operation page in loaded industrial control video monitoring application software in a computer equipment end for industrial control touch screen operation and control; based on different task operation functions corresponding to the task operation keys, dividing the task operation keys into basic operation keys and non-basic operation keys; calculating the basic utilization rate of each operation page based on the distribution condition of basic operation keys and non-basic operation keys;
step S200: sequencing and sorting operation pages in the industrial control video monitoring application software according to the basic utilization rate to obtain an operation page sequence set of the industrial control video monitoring application software; capturing advertisement windows appearing in each operation page; capturing the position overlapping characteristic situation of a task operation key and an advertisement window appearing in each operation page in the operation page sequence set, and extracting information of a position overlapping scene;
step S300: calculating a first risk trapping rate of each operation page based on the extracted position overlapping scene information of each operation page;
step S400: calculating a second risk trapping rate of each operation page based on different page characteristics appearing after clicking the advertisement window in each operation page and user use characteristics of the computer equipment;
step S500: integrating information of a first risk trapping rate and a second risk trapping rate corresponding to each operation page in industrial control video monitoring application software, and performing software risk estimation on each industrial control video monitoring application software loaded on a computer equipment end; and based on the real-time operation condition of the user, performing equipment risk estimation on the computer equipment, and performing real-time feedback reminding on the user.
Further, the step S100 of calculating the basic utilization rate of each operation page in the industrial control video monitoring application software includes:
step S101: extracting industrial control video monitoring application software loaded at a computer equipment end, and extracting task operation keys in each operation page of the industrial control video monitoring application software; acquiring a task operation function corresponding to each task operation key; the task operation functions corresponding to the basic operation keys of the industrial control video monitoring application software comprise: the searching of the video resources, the selection and the viewing of the video resources, the selection and the playing of the video resources and the selection and the downloading of the video resources are realized;
step S102: classifying all task operating keys in industrial control video monitoring application software to obtain basic operating keys and non-basic operating keys except the basic operating keys; calculating the basic utilization rate R of the ith operation page in the industrial control video monitoring application software i :Wherein x is i The number of basic operation keys in the ith operation page of the industrial control video monitoring application software is represented; y is i The number of non-basic operation keys in the ith operation page of the industrial control video monitoring application software is represented;
each application software has a corresponding function, a plurality of task operation keys are needed for realizing the function, and for industrial control video monitoring application software, the task operation keys capable of realizing the functions of playing, video selecting, searching and checking are often the most basic task operation keys; and means that the user is relatively common to the operation keys when correspondingly using the software, and the operation probability is high.
Further, step S200 includes:
step S201: sequencing all operation pages in industrial control video monitoring application software from large to small according to basic utilization rate to obtain an operation page sequence set { w 1 ,w 2 ,…,w n }; wherein n represents the total number of operation pages in the industrial control video monitoring application software; w is a 1 ,w 2 ,…,w n Respectively representing 1 st, 2 nd, 8230th and n operation pages in industrial control video monitoring application software; capturing advertisement windows appearing in each operation page in the operation page sequence set, wherein the advertisement windows comprise an advertisement window appearing in a bouncing mode after a user opens the industrial control video monitoring application software for a period of time threshold, and an advertisement window appearing along with the fixed operation page; taking an advertisement window which appears after clicking and jumps from the current application software to other application software or jumps from the current application software to a browser page as a first target advertisement window; taking an advertisement window with TCP data transmission along with click skip as a second target advertisement window in all the first target advertisement windows;
step S202: if the page w is operated k Key region P in which task operation key a exists a Window area G with the b-th second target advertisement window b There occurs a positional overlap therebetween; extracting a key region P of a task operation key a a Area of the key regionExtracting a window region G of the (b) th second target advertisement window b Window area SG b And a closing key region F b Area of the closed key region SF b Set of false off key regionsSet of false off key areaWherein w k ∈{w 1 ,w 2 ,…,w n }; v represents the total number of false close key regions;
tcp is related to data transmission, and manages initiation of data transmission request, response of data transmission request and data transmission; if skipping occurs after clicking an advertisement link, it is indicated that the advertisement has a risk of revealing current software information, and the skipping process may also acquire the management authority of the user on some software information, and the user defaults or enters the skipped link and often means that the risk of information disclosure is brought to the device.
Further, the step S300 of calculating the first risk trapping rate for each operation page includes:
step S301: obtaining key region areaAnd window area SG b The overlapping area S between e Calculating a first misoperation risk rate d of the task operation key a 1 :Calculating the second misoperation risk rate d of the task operation key a 2 :Calculating the third misoperation risk rate d of the task operation key a 3 :Calculating the comprehensive misoperation risk ratio D of the task operation key a: d = D 1 ×d 2 ×d 3 ;
Step S302: setting a risk rate weight c for a basic operation key 1 Setting a risk rate weight c for the non-basic operation key 2 (ii) a Operation page w in calculation industrial control video monitoring application software k First risk collapse rate of (a):
wherein the content of the first and second substances,representing an operation page w k The comprehensive misoperation risk rate of the inner a-th basic operation key;representing an operation page w k The comprehensive misoperation risk rate of the inner a-th non-basic operation key; m is 1 Representing an operation page w k The total number of the internal basic operation keys; m is 2 Representing an operation page w k The total number of internal non-basic operation keys;representing operation pages w in industrial control video monitoring application software k A first risk-induced collapse rate;
the process of obtaining the operation risk rate is equivalent to a process of obtaining the relative distribution characteristics between the second advertisement window and the task operation keys; the higher the first misoperation risk rate is, the higher the coverage rate between the task key and the advertisement window is, and the higher the probability of mistakenly clicking the advertisement window is when the task key is clicked; the higher the second misoperation risk rate is, the smaller the area occupied by the closing key in the advertisement window is, and the higher the probability of mistakenly clicking the content of the advertisement window is when the closing click operation is performed on the advertisement window; the higher the third misoperation risk rate is, the higher the occupation ratio of the false close key in the advertisement window is, and when the close click operation is performed on the advertisement window, the higher the probability of mistakenly clicking the content of the advertisement window due to mistakenly clicking the wrong close key is.
Further, the step S400 of calculating the second risk trapping rate for each operation page includes:
step S401: capturing second target advertisement windows of all operation pages in the industrial control video monitoring application software respectively, and acquiring the number u of times that a user needs to operate a return key after each second target advertisement window is clicked and jumps to return to the current operation page;
step S402: catchAverage area S of contact between user history and computer equipment screen during screen sliding operation at computer equipment end 1 (ii) a Capturing the average area S of the user history contacted with the screen of the computer equipment when the user clicks any task operation key at the end of the computer equipment 2 (ii) a Extracting key region P of task operation key a a Area of the key regionArea of the closure key region SF b (ii) a Obtaining key region areaAnd window area SG b The overlapping area S between e (ii) a Operation page w in calculation industrial control video monitoring application software k Second risk trapping rate of user:
wherein the content of the first and second substances,operation page w in industrial control video monitoring application software k A second risk trap of the user;
each user is in different habits when using the mobile phone terminal, and the finger thickness degree of each user is different due to individual difference, namely, people with larger fingers are difficult to accurately click the target task operation key on the operation page, namely, the situation that mistaken clicking is easy to happen is also meant, and people with smaller fingers are opposite.
Further, step S500 includes:
step S501: integrating information of a first risk trapping rate and a second risk trapping rate corresponding to each operation page in industrial control video monitoring application software to obtain a comprehensive risk trapping rate risk corresponding to each operation page g :
Step S502: obtaining an operation page sequence set { w) obtained by sequencing each industrial control video monitoring application software from large to small according to basic utilization rate 1 ,w 2 ,…,w n The corresponding integrated risk trapping rate set { risk } g1 ,risk g2 ,…,risk gn }; wherein, risk g1 ,risk g2 ,…,risk gn Respectively represent and operate on the page w 1 ,w 2 ,…,w n Corresponding comprehensive risk sinking rate;
step S503: setting a comprehensive risk trapping rate threshold, and setting a comprehensive risk trapping rate set { risk) corresponding to an industrial control video monitoring application software g1 ,risk g2 ,…,risk gn Any comprehensive risk trapping rate is larger than a comprehensive risk trapping rate threshold value, and a user is prompted that the industrial control video monitoring application software has risks; when a user uses a certain industrial control video monitoring application software and the comprehensive risk trapping rate corresponding to the stopped operation page is larger than the comprehensive risk trapping rate threshold value, the user is prompted to have equipment risks currently.
In order to better realize the method, the system for monitoring the equipment risk based on the TCP state data is also provided, and comprises an operation key information capturing module, an operation page information sorting module, an overlapped scene processing module, a risk trapping rate calculating module and a risk early warning prompting module;
the operation key information capturing module is used for capturing the operation key information in the loaded industrial control video monitoring application software in a computer equipment end for realizing touch screen control of industrial control; respectively acquiring task operation functions corresponding to the task operation keys;
the operation page information sorting module is used for receiving data in the operation key information capturing module and dividing all task operation keys in the industrial control video monitoring application software into basic operation keys and non-basic operation keys except the basic operation keys; calculating the basic utilization rate of each operation page based on the distribution condition of basic operation keys and non-basic operation keys; sequencing and sorting operation pages in the industrial control video monitoring application software based on the basic utilization rate to obtain an operation page sequence set of the industrial control video monitoring application software;
the overlapping scene processing module is used for capturing the advertisement windows appearing in each operation page; capturing the position overlapping characteristic situation of a task operation key and an advertisement window appearing in each operation page in the operation page sequence set, and extracting the characteristic information of a position overlapping scene;
the risk trapping rate calculation module is used for receiving data in the overlapping scene processing module and calculating a first risk trapping rate and a second risk trapping rate for each operation page;
the risk early warning prompting module is used for receiving data in the risk trapping rate calculating module, integrating information of a first risk trapping rate and a second risk trapping rate corresponding to each operation page in the industrial control video monitoring application software, and performing software risk estimation on each industrial control video monitoring application software loaded at the computer equipment end; and based on the real-time operation condition of the user, performing equipment risk estimation on the computer equipment, and performing real-time feedback reminding on the user.
Further, the operation page information sorting module comprises an operation key classification unit, a basic utilization rate calculation unit and an operation page sorting unit;
the operation key classification unit is used for receiving data in the operation key information capturing module and classifying all task operation keys into basic operation keys and non-basic operation keys based on corresponding different task operation functions;
the basic utilization rate calculating unit is used for receiving the data in the operation key classifying unit and calculating the basic utilization rate of each operation page based on the distribution condition of basic operation keys and non-basic operation keys in each operation page;
and the operation page arrangement unit is used for receiving the data in the basic utilization rate calculation unit and sequencing and arranging each operation page in the industrial control video monitoring application software based on the basic utilization rate to obtain an operation page sequence set of the industrial control video monitoring application software.
Further, the risk collapse rate calculation module comprises a first risk collapse rate calculation unit and a second risk collapse rate calculation unit;
the first risk trapping rate calculating unit is used for receiving the data in the overlapped scene processing module and calculating a first risk trapping rate for each operation page based on the extracted position overlapped scene information of each operation page;
and the second risk trapping rate calculating unit is used for receiving the data in the overlapped scene processing module, and calculating the second risk trapping rate for each operation page based on different page characteristics appearing after the advertisement window is clicked in each operation page and the user use characteristics.
Compared with the prior art, the invention has the following beneficial effects: the method analyzes the position relation between the junk advertisements and the task operation keys in each operation page in each industrial control video monitoring application software, and calculates the probability of mistakenly clicking the junk advertisements when a user clicks the task operation keys, which is also the risk trapping rate calculated in the patent; the method also optimizes and supplements the process of calculating the risk trapping rate by combining different user operation characteristics; the method can calculate the risk trapping rate caused by the garbage advertisements for each industrial control video monitoring application software in the equipment, remind the user of knowing the information leakage danger probability corresponding to each downloaded industrial control video monitoring application software, and can play a role in reminding the user of downloading the regular industrial control video monitoring application software.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic structural diagram of a TCP state data-based equipment risk monitoring system according to the present invention;
FIG. 2 is a flow chart of a TCP state data-based equipment risk monitoring method according to the present invention;
FIG. 3 is a schematic diagram of advertisement window closing keys of an embodiment of a TCP status data-based equipment risk monitoring system and method according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-3, the present invention provides a technical solution: the equipment risk monitoring method based on the TCP state data comprises the following steps:
step S100: capturing task operation keys appearing in each operation page in loaded industrial control video monitoring application software in a computer equipment end for industrial control touch screen operation and control; dividing the task operation keys into basic operation keys and non-basic operation keys based on different task operation functions corresponding to the task operation keys; calculating the basic utilization rate of each operation page based on the distribution condition of basic operation keys and non-basic operation keys;
the step S100 of calculating the basic utilization rate of each operation page in the industrial control video monitoring application software includes:
step S101: extracting industrial control video monitoring application software loaded at a computer equipment end, and extracting task operation keys in each operation page of the industrial control video monitoring application software; acquiring a task operation function corresponding to each task operation key; the task operation function corresponding to the basic operation key of the industrial control video monitoring application software comprises the following steps: the method has the advantages that searching of video resources is realized, selection and viewing of the video resources are realized, selection and playing of the video resources are realized, and selection and downloading of the video resources are realized;
step S102: classifying all task operation keys in the industrial control video monitoring application software to obtain basic operation keys and non-basic operation keys except the basic operation keys; computing basis for ith operation page in industrial control video monitoring application softwareThe rate of utilization is as follows:wherein x is i The number of basic operation keys in the ith operation page of the industrial control video monitoring application software is represented; y is i The number of non-basic operation keys in the ith operation page of the industrial control video monitoring application software is represented;
for example, the number of basic operation keys in the 1 st operation page of the industrial control video monitoring application software is 4; the number of non-basic operation keys in the 1 st operation page of the industrial control video monitoring application software is 3, and the basic utilization rate of the 1 st operation page in the industrial control video monitoring application software is
Step S200: sequencing and sorting operation pages in the industrial control video monitoring application software according to the basic utilization rate to obtain an operation page sequence set of the industrial control video monitoring application software; capturing advertisement windows appearing in each operation page; capturing the position overlapping characteristic condition of a task operation key and an advertisement window appearing in each operation page in the operation page sequence set, and extracting information of a position overlapping scene;
wherein, step S200 includes:
step S201: sequencing all operation pages in industrial control video monitoring application software from large to small according to basic utilization rate to obtain an operation page sequence set { w 1 ,w 2 ,…,w n }; wherein n represents the total number of operation pages in the industrial control video monitoring application software; w is a 1 ,w 2 ,…,w n Respectively representing the 1 st, 2 nd, \ 8230and n operation pages in the industrial control video monitoring application software; capturing advertisement windows appearing in each operation page in the operation page sequence set, wherein the advertisement windows comprise an advertisement window appearing in a bouncing mode after a user opens the industrial control video monitoring application software for a period of time threshold, and an advertisement window appearing along with the fixed operation page; skipping occurrences after clicking from current application software to other application software or from current application softwareSkipping to an advertisement window of a browser page as a first target advertisement window; taking an advertisement window with TCP data transmission along with click skip as a second target advertisement window in all the first target advertisement windows;
step S202: if the page w is operated k Key region P in which task operation key a exists a Window area G with the b-th second target advertisement window b There occurs a positional overlap therebetween; extracting key region P of task operation key a a Area of the key regionExtracting a window region G of the b-th second target advertisement window b Window area SG b And a closing key region F b Area of the closed key region SF b Set of false close key regionsSet of false off key areaWherein w k ∈{w 1 ,w 2 ,…,w n }; v represents the total number of false close key regions; as shown in fig. 3, a plurality of close keys appear in the figure, and the close keys are not the same in size;
step S300: calculating a first risk trapping rate of each operation page based on the extracted position overlapping scene information of each operation page;
the step S300 of calculating the first risk trapping rate for each operation page includes:
step S301: obtaining key region areaAnd window area SG b The overlapping area S between e Calculating a first misoperation risk rate d of the task operation key a 1 :Calculating the second misoperation risk rate d of the task operation key a 2 :Calculating the third misoperation risk rate d of the task operation key a 3 :Calculating the comprehensive misoperation risk rate D of the task operation key a: d = D 1 ×d 2 ×d 3 ;
For example, the key region area corresponding to the "library" keyIs 20cm 2 The window area SG corresponding to the second advertisement A b Is 45cm 2 (ii) a Area of the closure key region SF b Is 6cm 2 (ii) a The set of false off key regions is {3cm 2 ,8cm 2 Area of key regionAnd window area SG b The overlapping area S between e Is 9cm 2 (ii) a The first misoperation risk rate d 1 :Second rate of risk of malfunction d 2 :Third rate of risk of maloperation d 3 :So the comprehensive misoperation risk ratio D corresponding to the 'library' key is as follows:
step S302: setting a risk rate weight c for a basic operation key 1 Setting a risk rate weight c for the non-basic operation key 2 (ii) a Operation page w in calculation industrial control video monitoring application software k First risk collapse rate of (a):
wherein the content of the first and second substances,representing an operation page w k The comprehensive misoperation risk rate of the inner a-th basic operation key;representing an operation page w k The comprehensive misoperation risk rate of the inner a-th non-basic operation key; m is 1 Representing an operation page w k The total number of the internal basic operation keys; m is 2 Representing an operation page w k The total number of internal non-basic operation keys;representing operation page w in industrial control video monitoring application software k First risk collapse rate of (a);
step S400: calculating a second risk trapping rate of each operation page based on different page characteristics appearing after the advertisement window is clicked in each operation page and user use characteristics of the computer equipment;
the step S400 of calculating the second risk trapping rate for each operation page includes:
step S401: capturing second target advertisement windows of all operation pages in the industrial control video monitoring application software respectively, and acquiring the number u of times that a user needs to operate a return key when each second target advertisement window is clicked and then returns to the current operation page after jumping occurs;
step S402: capturing average area S contacted with screen of computer equipment when user history is subjected to screen sliding operation at computer equipment end 1 (ii) a Key for capturing user history at computer equipment end to operate any taskAverage area S in contact with computer equipment screen during clicking operation 2 (ii) a Extracting key region P of task operation key a a Area of the key regionArea of the closure key region SF b (ii) a Obtaining key region areaAnd window area SG b S of the overlapping area therebetween e (ii) a Operation page w in calculation industrial control video monitoring application software k Second risk trapping rate of user:
wherein the content of the first and second substances,operation page w in industrial control video monitoring application software k A second risk trap of the user;
step S500: integrating information of a first risk trapping rate and a second risk trapping rate corresponding to each operation page in industrial control video monitoring application software, and performing software risk estimation on each industrial control video monitoring application software loaded on a computer equipment end; and based on the real-time operation condition of the user, performing equipment risk estimation on the computer equipment, and performing real-time feedback reminding on the user.
Wherein, step S500 includes:
step S501: integrating information of a first risk trapping rate and a second risk trapping rate corresponding to each operation page in industrial control video monitoring application software to obtain a comprehensive risk trapping rate risk corresponding to each operation page g :
Step S502: obtaining an operation page sequence set { w) obtained by sequencing each industrial control video monitoring application software from large to small according to the basic utilization rate 1 ,w 2 ,…,w n The corresponding integrated risk trapping rate set { risk } g1 ,risk g2 ,…,risk gn }; wherein, risk g1 ,risk g2 ,…,risk gn Respectively represent and operate on pages w 1 ,w 2 ,…,w n Corresponding comprehensive risk sinking rate;
step S503: setting a comprehensive risk trapping rate threshold, and setting a comprehensive risk trapping rate set { risk) corresponding to an industrial control video monitoring application software g1 ,risk g2 ,…,risk gn In the fourth step, any one comprehensive risk trapping rate is larger than a comprehensive risk trapping rate threshold value, and a user is prompted that the industrial control video monitoring application software has risks; when a user uses a certain industrial control video monitoring application software and the comprehensive risk trapping rate corresponding to the stopped operation page is larger than the comprehensive risk trapping rate threshold value, the user is prompted to have equipment risks currently.
In order to better realize the method, the system for monitoring the equipment risk based on the TCP state data is also provided, and comprises an operation key information capturing module, an operation page information sorting module, an overlapped scene processing module, a risk trapping rate calculating module and a risk early warning prompting module;
the operation key information capturing module is used for capturing the operation key information in the loaded industrial control video monitoring application software in a computer equipment end for realizing touch screen operation and control of industrial control; respectively acquiring task operation functions corresponding to the task operation keys;
the operation page information sorting module is used for receiving data in the operation key information capturing module and dividing all task operation keys in the industrial control video monitoring application software into basic operation keys and non-basic operation keys except the basic operation keys; calculating the basic utilization rate of each operation page based on the distribution condition of basic operation keys and non-basic operation keys; sequencing and sorting operation pages in the industrial control video monitoring application software based on the basic utilization rate to obtain an operation page sequence set of the industrial control video monitoring application software;
the operation page information sorting module comprises an operation key classification unit, a basic utilization rate calculation unit and an operation page sorting unit;
the operation key classification unit is used for receiving data in the operation key information capturing module and classifying all task operation keys into basic operation keys and non-basic operation keys based on corresponding different task operation functions;
the basic utilization rate calculating unit is used for receiving the data in the operation key classifying unit and calculating the basic utilization rate of each operation page based on the distribution condition of basic operation keys and non-basic operation keys in each operation page;
the operation page arrangement unit is used for receiving the data in the basic utilization rate calculation unit and sequencing and arranging each operation page in the industrial control video monitoring application software based on the basic utilization rate to obtain an operation page sequence set of the industrial control video monitoring application software;
the overlapped scene processing module is used for capturing advertisement windows appearing in each operation page; capturing the position overlapping characteristic situation of a task operation key and an advertisement window appearing in each operation page in the operation page sequence set, and extracting the characteristic information of a position overlapping scene;
the risk trapping rate calculation module is used for receiving data in the overlapping scene processing module and calculating a first risk trapping rate and a second risk trapping rate for each operation page;
the risk collapse rate calculation module comprises a first risk collapse rate calculation unit and a second risk collapse rate calculation unit;
the first risk trapping rate calculating unit is used for receiving the data in the overlapped scene processing module and calculating a first risk trapping rate for each operation page based on the extracted position overlapped scene information of each operation page;
the second risk trapping rate calculating unit is used for receiving data in the overlapping scene processing module, and calculating a second risk trapping rate for each operation page based on different page characteristics appearing after the advertisement window is clicked in each operation page and the user use characteristics;
the risk early warning prompting module is used for receiving data in the risk trapping rate calculating module, integrating information of a first risk trapping rate and a second risk trapping rate corresponding to each operation page in the industrial control video monitoring application software, and performing software risk estimation on each industrial control video monitoring application software loaded at the computer equipment end; and based on the real-time operation condition of the user, performing equipment risk estimation on the computer equipment, and performing real-time feedback reminding on the user.
It should be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. The equipment risk monitoring method based on the TCP state data is characterized by comprising the following steps:
step S100: capturing task operation keys appearing in each operation page in loaded industrial control video monitoring application software in a computer equipment end for industrial control touch screen operation and control; dividing the task operation keys into basic operation keys and non-basic operation keys based on different task operation functions corresponding to the task operation keys; calculating the basic utilization rate of each operation page based on the distribution condition of basic operation keys and non-basic operation keys;
step S200: sequencing and sorting the operation pages in the industrial control video monitoring application software according to the basic utilization rate to obtain an operation page sequence set of the industrial control video monitoring application software; capturing advertisement windows appearing in each operation page; capturing the position overlapping characteristic situation of a task operation key and an advertisement window appearing in each operation page in the operation page sequence set, and extracting information of a position overlapping scene;
step S300: calculating a first risk trapping rate of each operation page based on the extracted position overlapping scene information of each operation page;
step S400: calculating a second risk trapping rate of each operation page based on different page characteristics appearing after clicking an advertisement window in each operation page and the user use characteristics for operating the computer equipment;
step S500: integrating information of a first risk trapping rate and a second risk trapping rate corresponding to each operation page in the industrial control video monitoring application software, and performing software risk estimation on each industrial control video monitoring application software loaded at a computer equipment end; and based on the real-time operation condition of the user, performing equipment risk estimation on the computer equipment, and performing real-time feedback reminding on the user.
2. The method for monitoring equipment risk based on TCP state data according to claim 1, wherein the step S100 of calculating the basic usage rate of each operation page in the industrial control video monitoring application software includes:
step S101: extracting industrial control video monitoring application software loaded at a computer equipment end, and extracting task operation keys in each operation page of the industrial control video monitoring application software; acquiring a task operation function corresponding to each task operation key; the task operation functions corresponding to the basic operation keys of the industrial control video monitoring application software comprise: the method has the advantages that searching of video resources is realized, selection and viewing of the video resources are realized, selection and playing of the video resources are realized, and selection and downloading of the video resources are realized;
step S102: classifying all task operation keys in the industrial control video monitoring application software to obtain basic operation keys and non-basic operation keys except the basic operation keys; calculating the basic utilization rate of the ith operation page in the industrial control video monitoring application software:(ii) a Wherein the content of the first and second substances,the number of basic operation keys in the ith operation page of the industrial control video monitoring application software is represented;and the number of the non-basic operation keys in the ith operation page of the industrial control video monitoring application software is shown.
3. The TCP state data-based equipment risk monitoring method according to claim 1, wherein the step S200 comprises:
step S201: sequencing all operation pages in industrial control video monitoring application software from large to small according to basic utilization rate to obtain an operation page sequence set(ii) a Wherein n represents the total number of operation pages in the industrial control video monitoring application software;respectively represent industrial control video monitors1 st, 2 nd in the control application software,N operation pages; capturing advertisement windows appearing in each operation page in the operation page sequence set, wherein the advertisement windows comprise an advertisement window appearing in a bouncing manner after a user opens the industrial control video monitoring application software for a period of time threshold, and an advertisement window appearing along with the fixed operation page; taking an advertisement window which appears after clicking and jumps from the current application software to other application software or jumps from the current application software to a browser page as a first target advertisement window; taking an advertisement window with TCP data transmission along with click skip as a second target advertisement window in all the first target advertisement windows;
step S202: if the page is operatedKey area in which task operation key a existsWindow area with the b-th second target advertisement windowThere occurs a positional overlap therebetween; extracting key region of task operation key aArea of the key region(ii) a Extracting a window region of a (b) th second target advertisement windowWindow areaClosing key areaArea of the closing key regionSet of false close key regionsSet of area of false close key(ii) a Wherein, the first and the second end of the pipe are connected with each other,(ii) a v denotes the total number of false close key regions.
4. The method for monitoring equipment risk based on TCP state data according to claim 3, wherein the step S300 of calculating the first risk trapping rate for each operation page comprises:
step S301: obtaining key region areaArea of window regionArea of overlap therebetweenCalculating the first misoperation risk rate of the task operation key a:(ii) a Calculating the second misoperation risk rate of the task operation key a:(ii) a Calculating the third misoperation risk rate of the task operation key a:(ii) a Calculating comprehensive misoperation risk rate of task operation key a:;
Step S302: setting a risk rate weight for a basic operation keySetting a risk ratio weight for the non-basic operation key(ii) a Operation page in computer industrial control video monitoring application softwareFirst risk trapping rate of (1):
wherein, the first and the second end of the pipe are connected with each other,representing an operation pageThe comprehensive misoperation risk rate of the inner a-th basic operation key;representing an operation pageThe comprehensive misoperation risk rate of the inner a-th non-basic operation key;presentation operation pageThe total number of the internal basic operation keys;representing an operation pageThe total number of internal non-basic operation keys;representing operation pages in industrial control video monitoring application softwareThe first risk trapping rate.
5. The method for monitoring risk of equipment based on TCP state data according to claim 4, characterized in that the step S400 of calculating the second risk trapping rate for each operation page includes:
step S401: capturing second target advertisement windows of all operation pages in the industrial control video monitoring application software respectively, and acquiring the number u of times that a user needs to operate a return key after clicking each second target advertisement window and skipping to return to the current operation page;
step S402: capturing the average area of a user history contacted with a screen of a computer device when the user history is subjected to screen sliding operation at the computer device(ii) a Capturing the average area of the user history contacted with the screen of the computer equipment when the user clicks any task operation key at the end of the computer equipment(ii) a Extracting key region of task operation key aArea of the key regionArea of the closing key region(ii) a Obtaining key region areaArea of window regionArea of overlap therebetween(ii) a Operation page in computing industrial control video monitoring application softwareSecond risk trapping rate of user:
6. The TCP state data-based equipment risk monitoring method according to claim 5, wherein the step S500 comprises:
step S501: integrating information of a first risk trapping rate and a second risk trapping rate corresponding to each operation page in industrial control video monitoring application software to obtain a comprehensive risk trapping rate corresponding to each operation page:;
Step S502: obtaining an operation page sequence set obtained by sequencing each industrial control video monitoring application software from big to small according to the basic utilization rateCorresponding comprehensive risk trapping rate set(ii) a Wherein, the first and the second end of the pipe are connected with each other,separately representing and manipulating pagesCorresponding comprehensive risk sinking rate;
step S503: setting a comprehensive risk trapping rate threshold value, and monitoring when an industrial control videoComprehensive risk trapping rate set corresponding to application softwareIn the method, any one comprehensive risk trapping rate is larger than a comprehensive risk trapping rate threshold value, and a user is prompted that the industrial control video monitoring application software has risks; when a user uses a certain industrial control video monitoring application software and the comprehensive risk trapping rate corresponding to the stopped operation page is larger than the comprehensive risk trapping rate threshold value, the user is prompted to have equipment risks currently.
7. The TCP state data-based equipment risk monitoring system applied to the TCP state data-based equipment risk monitoring method of any one of claims 1-6, characterized in that the system comprises an operation key information capturing module, an operation page information sorting module, an overlapping scene processing module, a risk trapping rate calculating module and a risk early warning prompting module;
the operation key information capturing module is used for capturing task operation keys appearing in each operation page in the loaded industrial control video monitoring application software in a computer equipment end for realizing touch screen operation of industrial control; respectively acquiring task operation functions corresponding to the task operation keys;
the operation page information sorting module is used for receiving the data in the operation key information capturing module and dividing all task operation keys in the industrial control video monitoring application software into basic operation keys and non-basic operation keys except the basic operation keys; calculating the basic utilization rate of each operation page based on the distribution condition of basic operation keys and non-basic operation keys; sequencing and sorting operation pages in the industrial control video monitoring application software based on the basic utilization rate to obtain an operation page sequence set of the industrial control video monitoring application software;
the overlapping scene processing module is used for capturing advertisement windows appearing in each operation page; capturing the position overlapping characteristic situation of a task operation key and an advertisement window appearing in each operation page in the operation page sequence set, and extracting the characteristic information of a position overlapping scene;
the risk trapping rate calculation module is used for receiving the data in the overlapping scene processing module and calculating a first risk trapping rate and a second risk trapping rate for each operation page;
the risk early warning prompting module is used for receiving the data in the risk trapping rate calculating module, integrating information of a first risk trapping rate and a second risk trapping rate corresponding to each operation page in the industrial control video monitoring application software, and performing software risk estimation on each industrial control video monitoring application software loaded at the computer equipment end; and based on the real-time operation condition of the user, performing equipment risk estimation on the computer equipment, and performing real-time feedback reminding on the user.
8. The TCP state data-based equipment risk monitoring system according to claim 7, wherein the operation page information sorting module includes an operation key classification unit, a basic usage rate calculation unit, an operation page sorting unit;
the operation key classification unit is used for receiving the data in the operation key information capturing module and classifying all task operation keys into basic operation keys and non-basic operation keys based on corresponding different task operation functions;
the basic utilization rate calculating unit is used for receiving the data in the operation key classifying unit and calculating the basic utilization rate of each operation page based on the distribution condition of basic operation keys and non-basic operation keys in each operation page;
and the operation page arrangement unit is used for receiving the data in the basic utilization rate calculation unit and sequencing and arranging each operation page in the industrial control video monitoring application software based on the basic utilization rate to obtain an operation page sequence set of the industrial control video monitoring application software.
9. The TCP state data-based equipment risk monitoring system according to claim 7, wherein the risk trapping rate calculation module includes a first risk trapping rate calculation unit, a second risk trapping rate calculation unit;
the first risk trapping rate calculating unit is used for receiving the data in the overlapped scene processing module and calculating a first risk trapping rate for each operation page based on the extracted position overlapped scene information of each operation page;
and the second risk trapping rate calculating unit is used for receiving the data in the overlapped scene processing module, and calculating a second risk trapping rate for each operation page based on different page characteristics appearing after the advertisement window is clicked in each operation page and the user use characteristics.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210693684.2A CN115033455B (en) | 2022-06-18 | 2022-06-18 | Equipment risk monitoring system and method based on TCP state data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210693684.2A CN115033455B (en) | 2022-06-18 | 2022-06-18 | Equipment risk monitoring system and method based on TCP state data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115033455A CN115033455A (en) | 2022-09-09 |
CN115033455B true CN115033455B (en) | 2023-03-17 |
Family
ID=83124047
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210693684.2A Active CN115033455B (en) | 2022-06-18 | 2022-06-18 | Equipment risk monitoring system and method based on TCP state data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115033455B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116437006B (en) * | 2023-06-14 | 2023-09-08 | 深圳市英迈通信技术有限公司 | Information security management system and method for mobile phone screen throwing |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108363587A (en) * | 2018-03-07 | 2018-08-03 | 平安普惠企业管理有限公司 | Application program operation and monitoring method, device, computer equipment and storage medium |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8176433B2 (en) * | 2008-08-18 | 2012-05-08 | International Business Machines Corporation | Application window area change surveillance |
CN108280014B (en) * | 2018-02-06 | 2021-03-16 | 武汉斗鱼网络科技有限公司 | Method and device for monitoring browser page and computer equipment |
US10951496B2 (en) * | 2018-12-24 | 2021-03-16 | Threat Stack, Inc. | System and method for cloud-based control-plane event monitor |
CN109933503A (en) * | 2019-02-13 | 2019-06-25 | 平安科技(深圳)有限公司 | User's operation risk factor determines method, apparatus and storage medium, server |
CN112491626A (en) * | 2020-12-02 | 2021-03-12 | 云南财经大学 | Information security defense system based on big data |
CN113342972B (en) * | 2021-05-24 | 2023-02-28 | 支付宝(杭州)信息技术有限公司 | Public opinion recognition model training method and system and public opinion risk monitoring method and system |
-
2022
- 2022-06-18 CN CN202210693684.2A patent/CN115033455B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108363587A (en) * | 2018-03-07 | 2018-08-03 | 平安普惠企业管理有限公司 | Application program operation and monitoring method, device, computer equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN115033455A (en) | 2022-09-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109997104B (en) | Notification display method and terminal | |
CN102859524B (en) | Optionally for web search increases social factor | |
EP2817735B1 (en) | A system and a method for detecting state change of a mobile device | |
CN105224462B (en) | The recognition methods of control element and device | |
CN110674279A (en) | Question-answer processing method, device, equipment and storage medium based on artificial intelligence | |
CN1655119A (en) | Statistical models and methods to support the personalization of applications and services via consideration of preference encodings of a community of users | |
CN106021449A (en) | Searching method and device for mobile terminal and mobile terminal | |
CN115033455B (en) | Equipment risk monitoring system and method based on TCP state data | |
Sufi | Identifying the drivers of negative news with sentiment, entity and regression analysis | |
WO2008057178A2 (en) | Collecting votes in a decision model | |
CN108011928A (en) | A kind of information-pushing method, terminal device and computer-readable medium | |
CN103488465A (en) | Method and system for recommending functional configuration | |
CN111311030A (en) | User credit risk prediction method and device based on influence factor detection | |
CN109343926A (en) | Application program image target display methods, device, terminal and storage medium | |
EP2817738A1 (en) | Predictive service access | |
CN106796618A (en) | Time series forecasting device and time sequence forecasting method | |
CN107657033A (en) | Reading behavior monitoring method and device, storage medium and electronic equipment | |
EP4064711A1 (en) | Method and apparatus for providing video stream based on machine learning | |
CN111949859B (en) | User portrait updating method, device, computer equipment and storage medium | |
CN107918509A (en) | Software shortcut prompting method to set up, device and readable storage medium storing program for executing | |
CN114862488A (en) | Identification method of resource consumption abnormal object and related device | |
CN112612393B (en) | Interaction method and device of interface function | |
CN113111648A (en) | Information processing method and device, terminal and storage medium | |
CN111612280B (en) | Data analysis method and device | |
CN114648075A (en) | Information processing method, information processing apparatus, storage medium, and electronic device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information | ||
CB03 | Change of inventor or designer information |
Inventor after: Liu Zhiyong Inventor after: Chen Lianghan Inventor after: Hong Chao Inventor after: Zhong Haiwei Inventor before: Chen Lianghan Inventor before: Hong Chao Inventor before: Zhong Haiwei |
|
GR01 | Patent grant | ||
GR01 | Patent grant |