Webpage permission identification method and device, electronic equipment and storage medium

By acquiring webpage runtime information to construct a logical relationship tree and utilizing the k-means clustering algorithm, the problem of low efficiency in webpage permission identification in existing technologies is solved, achieving fast and accurate permission identification and data security management.

CN115809389BActive Publication Date: 2026-06-23CHINA TELECOM CORP LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA TELECOM CORP LTD
Filing Date
2022-12-21
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

Existing technologies have low efficiency in identifying web page permissions, making it difficult to quickly and accurately determine whether a user's access to a web page is compliant or unauthorized.

Method used

By acquiring the runtime information of users driving specified events on web pages, runtime logic information and logical relationship trees are constructed to determine runtime permission information. Event classification is then performed using the k-means clustering algorithm to improve the efficiency of permission recognition.

Benefits of technology

It enables rapid and accurate identification of webpage permissions, improving the efficiency and accuracy of permission identification, and can promptly detect unauthorized or illegal behavior, thus ensuring data security.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115809389B_ABST
    Figure CN115809389B_ABST
Patent Text Reader

Abstract

The present disclosure provides a webpage permission identification method and device, electronic equipment and storage medium, and relates to the technical field of network security. The webpage permission identification method comprises: when a user drives a specified event on a webpage, obtaining running information of webpage data code involved in the process of the user driving the specified event; determining running logic information based on the running information, wherein the running logic information is permission information for jumping from one running node to another running node, and the running node is a webpage involved in the process of the user driving the specified event; determining running permission information of each running node based on the running logic information; and determining event permission information of the user driving the specified event according to the running permission information of each running node. The present disclosure improves the efficiency of webpage permission identification.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This disclosure relates to the field of network security technology, and in particular to a webpage permission identification method, apparatus, electronic device, and storage medium. Background Technology

[0002] Data security is an area that countries, enterprises, and individuals attach great importance to. Data security incidents are also emerging one after another, both domestically and internationally. The ability to quickly and accurately detect whether users' access to information systems or web pages is compliant or unauthorized is an important part of early warning of data security incidents and strengthening data security management in government and enterprise units.

[0003] Current methods for determining user permissions to interact with webpage code typically involve parsing and executing the webpage code to obtain the permissions triggered by the user, or determining permissions based on unique permission characteristics. However, when these characteristics are lost, the difficulty of permission identification increases. Therefore, the efficiency of current webpage permission identification methods cannot meet practical needs.

[0004] Therefore, improving the efficiency of webpage permission recognition has become an urgent technical problem to be solved.

[0005] It should be noted that the information disclosed in the background section above is only used to enhance the understanding of the background of this disclosure, and therefore may include information that does not constitute prior art known to those skilled in the art. Summary of the Invention

[0006] This disclosure provides a webpage permission identification method, apparatus, electronic device, and storage medium, which at least to some extent overcomes the problem of low efficiency in webpage permission identification in related technologies.

[0007] Other features and advantages of this disclosure will become apparent from the following detailed description, or may be learned in part from practice of this disclosure.

[0008] According to one aspect of this disclosure, a webpage permission identification method is provided, comprising: when a user drives a specified event on a webpage, obtaining runtime information of webpage data code involved in the user driving the specified event; determining runtime logic information based on the runtime information, wherein the runtime logic information is permission information for jumping from one runtime node to another runtime node, and the runtime node is the webpage involved in the user driving the specified event; determining runtime permission information of each runtime node based on the runtime logic information; and determining event permission information of the user driving the specified event based on the runtime permission information of each runtime node.

[0009] In one embodiment of this disclosure, the running information includes running node data, wherein the running node data is the jump logic between two running nodes; determining running logic information based on the running information includes: determining running logic information based on the running node data.

[0010] In one embodiment of this disclosure, determining the running permission information of each running node based on the running logic information includes: constructing a logical relationship tree between running nodes based on the running logic information, wherein the logical relationship tree is used to represent the logical relationship between each running node; and determining the running permission information of each running node based on the logical relationship tree.

[0011] In one embodiment of this disclosure, determining the event permission information of a user-driven specified event based on the running permission information of each running node includes: combining the permissions in the running permission information to determine the event permission information of the user-driven specified event.

[0012] In one embodiment of this disclosure, the running permission information includes permission information of multiple parent nodes and permission information of multiple child nodes; combining the permissions in the running permissions to obtain the user's event permission information includes: combining the permission information of all parent nodes in the running permissions to determine overall event permission information; combining the permission information of all child nodes in the running permissions to determine event-specific permission information; and determining the event permission information for the user to drive a specified event based on the overall event permission information and the event-specific permission information.

[0013] In one embodiment of this disclosure, after determining the event permission information of a user-driven specified event based on the running permission information of each running node, the method further includes: obtaining event description information of multiple user-driven specified events, and event permission information corresponding to each event description information, to obtain a sample dataset; constructing a distance matrix based on the sample dataset, wherein the elements of the distance matrix are used to represent the Euclidean distance between corresponding two events; determining the clustering result based on the distance matrix and the k-means clustering algorithm; and determining the event classification result of each user-driven specified event based on the clustering result.

[0014] In one embodiment of this disclosure, determining the clustering result based on the distance matrix and the k-means clustering algorithm includes: constructing a first similarity graph matrix using a Gaussian kernel function based on the distance matrix, wherein the elements in the first similarity graph matrix represent the target similarity between two corresponding events; adding random noise under a given privacy calculation to the symmetric elements in the first similarity graph matrix to obtain a second similarity graph matrix; constructing a degree matrix based on the second similarity graph matrix; constructing a normalized Laplacian matrix based on the degree matrix and the second similarity matrix; selecting the number of clusters k based on the eigenvalue maximum margin algorithm, calculating the eigenvectors corresponding to the first k smallest eigenvalues ​​of the Laplacian matrix to obtain multiple eigenvectors; constructing a feature matrix based on the multiple eigenvectors, and assigning the elements in the feature matrix to the corresponding clusters using the k-means clustering algorithm to obtain the clustering result.

[0015] According to another aspect of this disclosure, a webpage permission identification device is provided, comprising: a runtime information acquisition module, configured to acquire runtime information of webpage data code involved in the user-driven specified event when the user drives the specified event on the webpage; a runtime logic information determination module, configured to determine runtime logic information based on the runtime information, wherein the runtime logic information is permission information for jumping from one runtime node to another runtime node, and the runtime node is the webpage involved in the user-driven specified event; a runtime permission information determination module, configured to determine runtime permission information of each runtime node based on the runtime logic information; and an event permission information determination module, configured to determine event permission information of the user-driven specified event based on the runtime permission information of each runtime node.

[0016] In one embodiment of this disclosure, the running information includes running node data, wherein the running node data is the jump logic between two running nodes; the aforementioned running logic information determination module is further configured to determine running logic information based on the running node data.

[0017] In one embodiment of this disclosure, the running permission information determination module is further configured to construct a logical relationship tree between running nodes based on the running logic information, wherein the logical relationship tree is used to represent the logical relationship between each running node; and to determine the running permission information of each running node based on the logical relationship tree.

[0018] In one embodiment of this disclosure, the event permission information determination module is further configured to combine the permissions in the running permission information to determine the event permission information of the user-driven specified event.

[0019] In one embodiment of this disclosure, the running permission information includes permission information of multiple parent nodes and permission information of multiple child nodes; the event permission information determination module is further configured to combine the permission information of all parent nodes in the running permission to determine the overall event permission information; combine the permission information of all child nodes in the running permission to determine the event local permission information; and determine the event permission information of the user-driven specified event based on the overall event permission information and the event local permission information.

[0020] In one embodiment of this disclosure, the apparatus further includes an event classification module, which is configured to acquire event description information of multiple user-driven specified events and event permission information corresponding to each event description information to obtain a sample dataset; construct a distance matrix based on the sample dataset, wherein the elements of the distance matrix are used to represent the Euclidean distance between corresponding two events; determine the clustering result based on the distance matrix and the k-means clustering algorithm; and determine the event classification result of each user-driven specified event based on the clustering result.

[0021] In one embodiment of this disclosure, the event classification module is further configured to: construct a first similarity graph matrix based on the distance matrix using a Gaussian kernel function, wherein the elements in the first similarity graph matrix represent the target similarity between two corresponding events; add random noise under a given privacy calculation to the symmetric elements in the first similarity graph matrix to obtain a second similarity graph matrix; construct a degree matrix based on the second similarity graph matrix; construct a normalized Laplacian matrix based on the degree matrix and the second similarity matrix; select the number of clusters k based on the eigenvalue maximum margin algorithm, calculate the eigenvectors corresponding to the first k smallest eigenvalues ​​of the Laplacian matrix to obtain multiple eigenvectors; construct a feature matrix based on the multiple eigenvectors, and assign the elements in the feature matrix to the corresponding clusters using a k-means clustering algorithm to obtain the clustering result.

[0022] According to another aspect of this disclosure, an electronic device is provided, comprising: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the above-described webpage permission identification method by executing the executable instructions.

[0023] According to another aspect of this disclosure, a computer-readable storage medium is provided having a computer program stored thereon, which, when executed by a processor, implements the above-described webpage permission identification method.

[0024] This disclosure provides a webpage permission identification method, apparatus, electronic device, and storage medium. The webpage permission identification method includes: when a user drives a specified event on a webpage, acquiring runtime information of webpage data code involved in the user-driven specified event process; determining runtime logic information based on the runtime information, wherein the runtime logic information is permission information for jumping from one runtime node to another, and the runtime node is the webpage involved in the user-driven specified event process; determining runtime permission information for each runtime node based on the runtime logic information; and determining event permission information for the user-driven specified event based on the runtime permission information of each runtime node. This disclosure improves the efficiency of webpage permission identification.

[0025] It should be understood that the above general description and the following detailed description are exemplary and explanatory only, and are not intended to limit this disclosure. Attached Figure Description

[0026] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this disclosure and, together with the description, serve to explain the principles of this disclosure. It is obvious that the drawings described below are merely some embodiments of this disclosure, and those skilled in the art can obtain other drawings based on these drawings without any inventive effort.

[0027] Figure 1 This diagram illustrates a communication system architecture according to an embodiment of the present disclosure;

[0028] Figure 2 This diagram illustrates a flowchart of a webpage permission identification method according to an embodiment of the present disclosure.

[0029] Figure 3 This diagram illustrates another webpage permission identification method in an embodiment of the present disclosure.

[0030] Figure 4 This diagram illustrates another webpage permission identification method in an embodiment of the present disclosure.

[0031] Figure 5 This diagram illustrates another webpage permission identification method in an embodiment of the present disclosure.

[0032] Figure 6 This diagram illustrates a webpage permission identification device according to an embodiment of the present disclosure; and

[0033] Figure 7 A structural block diagram of an electronic device according to an embodiment of the present disclosure is shown. Detailed Implementation

[0034] Exemplary embodiments will now be described more fully with reference to the accompanying drawings. However, these exemplary embodiments can be implemented in many forms and should not be construed as limited to the examples set forth herein; rather, they are provided so that this disclosure will be more comprehensive and complete, and will fully convey the concept of the exemplary embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

[0035] Furthermore, the accompanying drawings are merely illustrative of this disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and therefore repeated descriptions of them will be omitted. Some block diagrams shown in the drawings are functional entities and do not necessarily correspond to physically or logically independent entities. These functional entities may be implemented in software, in one or more hardware modules or integrated circuits, or in different network and / or processor devices and / or microcontroller devices.

[0036] As mentioned in the background section above, data security is an area that countries, enterprises, and individuals attach great importance to. Data security incidents are also emerging one after another, both domestically and internationally. How to quickly and accurately detect whether a user's access to an information system or webpage is compliant or unauthorized is an important part of early warning of data security incidents and strengthening data security management in government and enterprise units.

[0037] Currently, when determining user permissions for webpage code, the industry typically parses and executes the webpage code to obtain the permissions triggered by the user, or determines the permissions based on unique permission characteristics. However, when characteristics are lost, the difficulty of permission identification increases.

[0038] For example, patent CN113641939A discloses a data security processing method, a browser system, an electronic device, and a storage medium. The data security processing method includes: obtaining the webpage code to be executed and the webpage code provider's access permission information for browser data; parsing and executing the webpage code in a pre-built browser secure execution environment; and, through the browser secure execution environment, detecting and filtering access operations that exceed the permissions indicated by the browser's data access permission information during the webpage code execution process. However, this method obtains the webpage code to be executed through a script, which cannot fully acquire all permissions of the webpage code. This may lead to incomplete and inaccurate subsequent analysis of unauthorized behavior and an inability to quickly and accurately obtain the webpage code's permissions.

[0039] Based on this, this disclosure provides a webpage permission identification method, apparatus, electronic device, and storage medium. It extracts the execution information of the webpage data code corresponding to a user driving a specified event on a webpage, performs execution logic analysis on this information to obtain execution logic information, and obtains the execution permission information of the webpage data code based on the logical relationship tree determined by this execution logic information. This disclosure improves the efficiency of webpage permission identification.

[0040] Figure 1 A schematic diagram of an exemplary system architecture that can be applied to the webpage permission identification method or webpage permission identification device in the embodiments of this disclosure is shown.

[0041] like Figure 1 As shown, the system architecture 100 may include terminal devices 101, 102, and 103, a network 104, and a server 105.

[0042] Network 104 is a medium used to provide a communication link between terminal devices 101, 102, 103 and server 105, and can be a wired network or a wireless network.

[0043] Optionally, the aforementioned wireless or wired networks use standard communication technologies and / or protocols. The network is typically the Internet, but can also be any network, including but not limited to Local Area Networks (LANs), Metropolitan Area Networks (MANs), Wide Area Networks (WANs), mobile, wired or wireless networks, private networks, or any combination of virtual private networks. In some embodiments, technologies and / or formats including Hyper Text Markup Language (HTML), Extensible Markup Language (XML), etc., are used to represent data exchanged over the network. Furthermore, conventional encryption technologies such as Secure Socket Layer (SSL), Transport Layer Security (TLS), Virtual Private Networks (VPNs), and Internet Protocol Security (IPsec) can be used to encrypt all or some links. In other embodiments, custom and / or dedicated data communication technologies can be used to replace or supplement the aforementioned data communication technologies.

[0044] Terminal devices 101, 102, and 103 can be various electronic devices, including but not limited to smartphones, tablets, laptops, desktop computers, wearable devices, augmented reality devices, virtual reality devices, etc.

[0045] Optionally, the client applications installed on different terminal devices 101, 102, and 103 may be the same, or clients of the same type of application based on different operating systems. Depending on the terminal platform, the specific form of the application client may also differ; for example, the application client may be a mobile client, a PC client, etc.

[0046] Server 105 can be a server that provides various services, such as a backend management server that supports the devices operated by users using terminal devices 101, 102, and 103. The backend management server can analyze and process received requests and other data, and feed the processing results back to the terminal devices.

[0047] Optionally, the server can be a standalone physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server providing basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN (Content Delivery Network), and big data and artificial intelligence platforms. The terminal can be a smartphone, tablet, laptop, desktop computer, smart speaker, smartwatch, etc., but is not limited to these. The terminal and server can be directly or indirectly connected via wired or wireless communication, which is not limited herein.

[0048] Those skilled in the art will know that Figure 1 The number of terminal devices, networks, and servers shown is merely illustrative; any number of terminal devices, networks, and servers can be included depending on actual needs. This disclosure does not limit the scope of the embodiments.

[0049] The following detailed description of this exemplary implementation method is provided in conjunction with the accompanying drawings and embodiments.

[0050] First, this disclosure provides a webpage permission identification method, which can be executed by any electronic device with computing power.

[0051] Figure 2 This diagram illustrates a flowchart of a webpage permission identification method according to an embodiment of the present disclosure, such as... Figure 2 As shown, the webpage permission identification method provided in this embodiment includes the following steps:

[0052] S202, When a user drives a specified event on a webpage, obtain the execution information of the webpage data code involved in the user driving the specified event;

[0053] It should be noted that the execution information of webpage data code can represent the event permissions of a specified event when driven by a user. This webpage data code runs based on the event permissions of the specified event, thus allowing the extraction of execution information. The specified event can be a webpage login event, which, upon logging in, enters the user interface. This user interface contains multiple clickable icons, item tables, item directories, etc. The webpage login event can include event permission information, such as login permissions or post-login operation permissions. During login, the login permissions can be fixed. For example, when logging in, the user can select a login window corresponding to their permissions, thus allowing the acquisition of the execution information of the webpage data code corresponding to the login window. After successful login, permission checks can be performed based on the webpage data codes corresponding to the icons, item tables, item directories, etc., clicked by the user, thereby obtaining the execution data of the webpage data codes corresponding to those icons, item tables, item directories, etc. The above explanation uses a webpage login event as an example and is not intended to be specific.

[0054] S204, Based on the running information, determine the running logic information, wherein the running logic information is the permission information for jumping from one running node to another running node, and the running node is the webpage involved in the user-driven specified event process;

[0055] It should be noted that the running logic can be determined based on the running information. Each running state has a corresponding running logic, thus the running logic information corresponding to the running information can be obtained.

[0056] In one embodiment of this disclosure, the running information includes running node data, wherein the running node data is the jump logic between two running nodes; determining running logic information based on the running information includes: determining running logic information based on the running node data.

[0057] It's important to note that runtime node data can be extracted from runtime information, and runtime logic information can be determined based on this data. Runtime node data can be understood as follows: when navigating from page A to page B, pages A and B can be considered two runtime nodes. Therefore, the runtime logic between nodes A (page A) and B (page B) can be derived from the navigation logic between them. For example, if node B is a paraphrase node of node A, its runtime logic can be determined as paraphrase logic. Similarly, if node B is an associated node of node A, its runtime logic can be determined as association logic, parallel logic, etc. Of course, node A can navigate to multiple new nodes, and the permissions for navigating to different new nodes can vary. The subsequent runtime permissions can then be obtained based on the runtime logic information derived from the runtime information. For instance, the logic for navigating from node A to node B is different from that for navigating from node A to node C, and the permissions for nodes B and C are also different. Therefore, the runtime logic information can reflect the permissions between node A and the navigated-to nodes, thus achieving permission identification.

[0058] S206, Based on the running logic information, determine the running permission information of each running node;

[0059] It should be noted that each piece of runtime logic information is defined under runtime permissions, which allows the runtime logic to be analyzed to obtain runtime permission information.

[0060] In one embodiment of this disclosure, see Figure 3 The flowchart of another webpage permission identification method shown above, which determines the running permission information of each running node based on running logic information, may include the following steps:

[0061] S302, Based on the running logic information, construct a logical relationship tree between running nodes, wherein the logical relationship tree is used to represent the logical relationship between each running node;

[0062] S304, based on the logical relationship tree, determines the running permission information of each running node.

[0063] It should be noted that a logical relationship tree between running nodes can be constructed based on the operational logic information; and operational permission information can be determined based on this constructed logical relationship tree. The logical relationship tree reflects the logic between running nodes and includes parent nodes and child nodes. A parent node can have logical relationships with multiple child nodes, while a child node can only have a logical relationship with one parent node. Logical relationships can exist between parent nodes, and logical relationships can also exist between child nodes. Therefore, it can clearly and accurately show the logical relationships between each running node. Operational permission information between running nodes can be obtained based on the logical relationship tree.

[0064] In one embodiment of this disclosure, the above-mentioned running permission information can be represented by a running permission information table, which is used to represent the running permission information between a parent node and its child nodes, the running permission information between parent nodes, the running permission information between child nodes, and so on.

[0065] S208 determines the event permission information of the user-driven specified event based on the running permission information of each running node.

[0066] It should be noted that event permission information refers to the permissions required for a user to drive a certain event. Different execution permission information and different user event permission information can be used to derive event permission information.

[0067] In one embodiment of this disclosure, determining the event permission information of a user-driven specified event based on the running permission information of each running node includes: combining the permissions in the running permission information to determine the event permission information of the user-driven specified event.

[0068] In one embodiment of this disclosure, the execution permission information includes permission information for multiple parent nodes and permission information for multiple child nodes; see also Figure 4 The flowchart of another webpage permission identification method shown below combines permissions in the execution permissions to obtain the user's event permission information, and may include the following steps:

[0069] S402, combine the permission information of all parent nodes in the running permissions to determine the overall event permission information;

[0070] S404 combines the permission information of all child nodes in the running permissions to determine the local permission information of the event;

[0071] S406, determine the event permission information for the user-driven specified event based on the overall event permission information and the event local permission information.

[0072] It should be noted that, for example, the permissions of the parent node can be combined to obtain combined parent node permission information, and the overall event permission information can be obtained based on the combined parent node permission information; similarly, the permission information of the child nodes can be combined to obtain combined child node permission information, and the local event permission information can be obtained based on the combined child node permission information. Thus, the overall event permission information and the local event permission information are recognized as the event permission information. The above method can quickly and accurately obtain event permission information.

[0073] The webpage permission identification method provided in this embodiment extracts the running information of the webpage data code corresponding to the user driving a specified event on the webpage, performs running logic analysis on the running information to obtain running logic information, and obtains the running permission information of the webpage data code based on the logical relationship tree determined by the running logic information, thereby improving the efficiency of webpage permission identification.

[0074] In one embodiment of this disclosure, see Figure 5 The flowchart of another webpage permission identification method shown above, after determining the event permission information of the user-driven specified event based on the running permission information of each running node, may further include the following steps:

[0075] S502, obtain event description information for multiple user-driven specified events, as well as event permission information corresponding to each event description information, to obtain a sample dataset;

[0076] S504, Based on the sample dataset, construct a distance matrix, where the elements of the distance matrix represent the Euclidean distance between the corresponding two events;

[0077] S506, based on the distance matrix and the k-means clustering algorithm, determines the clustering results;

[0078] S508, based on the clustering results, determine the event classification results for each user-driven specified event.

[0079] It should be noted that, in one embodiment of this disclosure, the sample dataset X = (x1, x2, ..., x...). n ), where x n For the nth user, specify the event description and event permission information for the event. After obtaining the sample dataset, the sample data in the sample dataset can be preprocessed. Distance matrix dist n×n The element dist in the distance matrix i×j Define the Euclidean distance between the i-th user-driven specified event and the j-th user-driven specified event.

[0080] In one embodiment of this disclosure, after constructing the distance matrix based on the sample dataset, the distance matrix dist can be... n×n Sort each row in descending order and record the distance matrix dist. n×n The index of each element after sorting is determined. Then, based on the index of each element after sorting, the scale parameter σ is calculated. For i = 1, 2, ..., n, dist iThis represents the distance between the element in the i-th row of the distance matrix and all other elements. All elements in each row of the distance matrix are sorted in descending order, and the index l of each element in that row is recorded in the queue after sorting. Then, elements with larger indices represent those with smaller distances to that point; the greater the similarity between two points, the larger the corresponding scale parameter σ.

[0081] In one embodiment of this disclosure, the clustering result is determined based on the distance matrix and the k-means clustering algorithm, including:

[0082] Based on the distance matrix, a first similarity graph matrix is ​​constructed using a Gaussian kernel function, where the elements in the first similarity graph matrix represent the target similarity between two corresponding events;

[0083] Add random noise under a given privacy computation to the symmetric elements of the first similarity graph matrix to obtain the second similarity graph matrix;

[0084] Construct the degree matrix based on the second similarity graph matrix;

[0085] Based on the degree matrix and the second similarity matrix, construct the standardized Laplacian matrix;

[0086] Based on the maximum eigenspace algorithm, the number of clusters k is selected, and the eigenvectors corresponding to the first k smallest eigenvalues ​​of the Laplacian matrix are calculated to obtain multiple eigenvectors.

[0087] Based on multiple feature vectors, a feature matrix is ​​constructed, and the elements in the feature matrix are assigned to the corresponding clusters using the k-means clustering algorithm to obtain the clustering results.

[0088] It should be noted that, in one embodiment of this disclosure, an n×n first similarity graph matrix S is constructed using the distance calculation formula of the Gaussian kernel function. n×n Where n is the total number of events; the first similarity graph matrix S n×n element S in ij This represents the target similarity between the i-th user-driven specified event and the j-th user-driven specified event. This target similarity can be the similarity between the two events, including the similarity between event information and the similarity between event permission information. Specifically, the similarity between event information can be obtained by text comparison based on event description information; the similarity between event permission information can be obtained by comparing the similarity between the logical relationship trees corresponding to the two events. Let S be the first similarity graph matrix. n×n By adding random noise to the symmetric elements in the matrix under a given privacy computation, we obtain the second similarity matrix S'. n×nRandom noise can be randomly specified from a noise database or randomly generated noise. Symmetrical elements are elements under a preset symmetry mode, which can be a diagonal symmetry or a cross-shaped symmetry, etc.

[0089] When calculating the degree matrix D, D is a diagonal matrix with values ​​only on the main diagonal, corresponding to the degree of the i-th node in the i-th row. Based on the similarity matrix and the second similarity matrix, a normalized Laplacian matrix is ​​constructed, where the Laplacian matrix L = I - (D) -1 / 2 S'(D) -1 / 2 , where I is the identity matrix.

[0090] The eigenvalue maximum margin algorithm is used to select the optimal number of clusters k. Here, the eigenvalue maximum margin algorithm aims to select the number of clusters k such that all eigenvalues ​​λ1,…,λ2 are equal. k Very small, but λ k+2 The value is relatively large. There are several explanations for this. The first is based on perturbation theory, since in the ideal case of k completely disconnected clusters, the eigenvalues ​​have k multiplicity, and then, with the (k+2)th eigenvalue λ... k+2 There exists an interval, which is a λ. k+1 With λ k+2 θ k The interval between them is based on the use of λ k+2 If the difference is significant, then λ can be reduced. k+1 The interference caused by the floating, λ k+1 With λ k+2 The differences between them are small. Other explanations can be given through spectral theory. This method uses the feature interval as a standard to measure the value of k. The feature interval refers to the absolute value of the difference between two adjacent eigenvalues. Then, the eigenvectors f corresponding to the first k smallest eigenvalues ​​of the Laplacian matrix L are calculated;

[0091] The feature matrix U, composed of multiple feature vectors f, is row-normalized to generate an n×k dimensional feature matrix T, where the elements of the feature matrix T are... Use the kmeans++ algorithm to divide the point (t) i ) i=1,...,n Clustered into clusters c1,...,c k In the process, if the i-th row of the feature matrix T is labeled as the c-th class, then the original data point x is labeled. i This is classified as category c, thus enabling the categorization and processing of events.

[0092] The clustering process disclosed herein can dynamically and adaptively calculate the scale parameter required to construct the first similarity graph matrix in the algorithm, making the similarity between different points decrease faster as the distance increases, thus more accurately describing the similarity between data points. Furthermore, appropriate random noise satisfying a specific distribution is added during the iteration process of the spectral clustering algorithm, causing the clustering results to be distorted to a certain extent, achieving the purpose of privacy protection, while ensuring the usability and stability of the clustering results.

[0093] After obtaining event permission information, this disclosure can also perform cluster analysis on the events to determine their types. Users can then categorize and determine the probability of events occurring to guide subsequent business operations, including promptly identifying and addressing any unauthorized or illegal user actions to ensure data security of information systems or websites.

[0094] Based on the same inventive concept, this disclosure also provides a webpage permission identification device, as shown in the following embodiments. Since the principle by which this device embodiment solves the problem is similar to that of the above-described method embodiments, the implementation of this device embodiment can refer to the implementation of the above-described method embodiments, and repeated details will not be elaborated further.

[0095] Figure 6 This diagram illustrates a webpage permission identification device according to an embodiment of the present disclosure, such as... Figure 6 As shown, the device includes:

[0096] The runtime information acquisition module 610 is used to acquire runtime information of web page data code involved in the user driving the specified event when the user drives the specified event on the web page.

[0097] The runtime logic information determination module 620 is used to determine runtime logic information based on runtime information. The runtime logic information is the permission information for jumping from one runtime node to another. The runtime node is the webpage involved in the user-driven specified event process.

[0098] The execution permission information determination module 630 is used to determine the execution permission information of each running node based on the execution logic information;

[0099] The event permission information determination module 640 is used to determine the event permission information of a user-driven specified event based on the running permission information of each running node.

[0100] In one embodiment of this disclosure, the running information includes running node data, wherein the running node data is the jump logic between two running nodes; the aforementioned running logic information determination module 620 is further used to determine the running logic information based on the running node data.

[0101] In one embodiment of this disclosure, the running permission information determination module 630 is further configured to construct a logical relationship tree between running nodes based on running logic information, wherein the logical relationship tree is used to represent the logical relationship between each running node; and to determine the running permission information of each running node based on the logical relationship tree.

[0102] In one embodiment of this disclosure, the event permission information determination module 640 is further configured to combine the permissions in the running permission information to determine the event permission information of the user-driven specified event.

[0103] In one embodiment of this disclosure, the running permission information includes permission information of multiple parent nodes and permission information of multiple child nodes; the event permission information determination module 640 is further configured to combine the permission information of all parent nodes in the running permission to determine the overall event permission information; combine the permission information of all child nodes in the running permission to determine the event local permission information; and determine the event permission information of the user-driven specified event based on the overall event permission information and the event local permission information.

[0104] In one embodiment of this disclosure, the apparatus further includes an event classification module, which is configured to obtain event description information of multiple user-driven specified events and event permission information corresponding to each event description information to obtain a sample dataset; construct a distance matrix based on the sample dataset, wherein the elements of the distance matrix are used to represent the Euclidean distance between corresponding two events; determine the clustering result based on the distance matrix and the k-means clustering algorithm; and determine the event classification result of each user-driven specified event based on the clustering result.

[0105] In one embodiment of this disclosure, the event classification module is further configured to construct a first similarity graph matrix based on a distance matrix using a Gaussian kernel function, wherein the elements in the first similarity graph matrix represent the target similarity between two corresponding events; add random noise under a given privacy calculation to the symmetric elements in the first similarity graph matrix to obtain a second similarity graph matrix; construct a degree matrix based on the second similarity graph matrix; construct a normalized Laplacian matrix based on the degree matrix and the second similarity matrix; select the number of clusters k based on the eigenvalue maximum margin algorithm, calculate the eigenvectors corresponding to the first k smallest eigenvalues ​​of the Laplacian matrix to obtain multiple eigenvectors; construct a feature matrix based on the multiple eigenvectors, and use the k-means clustering algorithm to assign the elements in the feature matrix to the corresponding clusters to obtain the clustering result.

[0106] Those skilled in the art will understand that various aspects of this disclosure can be implemented as a system, method, or program product. Therefore, various aspects of this disclosure can be specifically implemented in the following forms: a completely hardware implementation, a completely software implementation (including firmware, microcode, etc.), or a combination of hardware and software aspects, collectively referred to herein as a "circuit," "module," or "system."

[0107] The following reference Figure 7 To describe an electronic device 700 according to such an embodiment of the present disclosure. Figure 7 The electronic device 700 shown is merely an example and should not impose any limitation on the functionality and scope of use of the embodiments disclosed herein.

[0108] like Figure 7 As shown, the electronic device 700 is manifested in the form of a general-purpose computing device. The components of the electronic device 700 may include, but are not limited to: at least one processing unit 710, at least one storage unit 720, and a bus 730 connecting different system components (including storage unit 720 and processing unit 710).

[0109] The storage unit stores program code, which can be executed by the processing unit 710, causing the processing unit 710 to perform the steps described in the "Exemplary Methods" section of this specification according to various exemplary embodiments of this disclosure. For example, the processing unit 710 can perform the following steps of the above method embodiment: when a user drives a specified event on a webpage, obtain the running information of the webpage data code involved in the user driving the specified event; based on the running information, determine running logic information, wherein the running logic information is permission information for jumping from one running node to another running node, and the running node is the webpage involved in the user driving the specified event; based on the running logic information, determine the running permission information of each running node; and based on the running permission information of each running node, determine the event permission information of the user driving the specified event.

[0110] Storage unit 720 may include a readable medium in the form of a volatile storage unit, such as random access memory (RAM) 7201 and / or cache memory 7202, and may further include a read-only memory (ROM) 7203.

[0111] The storage unit 720 may also include a program / utility 7204 having a set (at least one) program module 7205, such program module 7205 including but not limited to: an operating system, one or more application programs, other program modules and program data, each or some combination of these examples may include an implementation of a network environment.

[0112] Bus 730 can represent one or more of several types of bus structures, including a memory cell bus or memory cell controller, a peripheral bus, a graphics acceleration port, a processing unit, or a local bus using any of the various bus structures.

[0113] Electronic device 700 can also communicate with one or more external devices 740 (e.g., keyboard, pointing device, Bluetooth device, etc.), and with one or more devices that enable a user to interact with electronic device 700, and / or with any device that enables electronic device 700 to communicate with one or more other computing devices (e.g., router, modem, etc.). This communication can be performed via input / output (I / O) interface 750. Furthermore, electronic device 700 can also communicate with one or more networks (e.g., local area network (LAN), wide area network (WAN), and / or public networks, such as the Internet) via network adapter 760. As shown, network adapter 760 communicates with other modules of electronic device 700 via bus 730. It should be understood that, although not shown in the figures, other hardware and / or software modules can be used in conjunction with electronic device 700, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems.

[0114] From the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein can be implemented by software or by combining software with necessary hardware. Therefore, the technical solutions according to the embodiments of this disclosure can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (such as a CD-ROM, USB flash drive, external hard drive, etc.) or on a network, including several instructions to cause a computing device (such as a personal computer, server, terminal device, or network device, etc.) to execute the methods according to the embodiments of this disclosure.

[0115] In exemplary embodiments of this disclosure, a computer-readable storage medium is also provided, which may be a readable signal medium or a readable storage medium. A program product capable of implementing the methods described above is stored thereon. In some possible implementations, various aspects of this disclosure may also be implemented as a program product including program code, which, when run on a terminal device, causes the terminal device to perform the steps described in the "Exemplary Methods" section of this specification according to various exemplary embodiments of this disclosure.

[0116] More specific examples of computer-readable storage media in this disclosure may include, but are not limited to: electrical connections having one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the foregoing.

[0117] In this disclosure, a computer-readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, carrying readable program code. Such propagated data signals may take various forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination thereof. A readable signal medium may also be any readable medium other than a readable storage medium, capable of transmitting, propagating, or transmitting a program for use by or in connection with an instruction execution system, apparatus, or device.

[0118] Optionally, the program code contained on the computer-readable storage medium may be transmitted using any suitable medium, including but not limited to wireless, wired, optical fiber, RF, etc., or any suitable combination thereof.

[0119] In practical implementation, program code for performing the operations of this disclosure can be written in any combination of one or more programming languages, including object-oriented programming languages ​​such as Java and C++, and conventional procedural programming languages ​​such as C or similar languages. The program code can execute entirely on the user's computing device, partially on the user's device, as a standalone software package, partially on the user's computing device and partially on a remote computing device, or entirely on a remote computing device or server. In cases involving remote computing devices, the remote computing device can be connected to the user's computing device via any type of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computing device (e.g., via the Internet using an Internet service provider).

[0120] It should be noted that although several modules or units for the device used to perform actions have been mentioned in the detailed description above, this division is not mandatory. In fact, according to embodiments of this disclosure, the features and functions of two or more modules or units described above can be embodied in one module or unit. Conversely, the features and functions of one module or unit described above can be further divided and embodied by multiple modules or units.

[0121] Furthermore, although the steps of the method in this disclosure are described in a specific order in the accompanying drawings, this does not require or imply that the steps must be performed in that specific order, or that all the steps shown must be performed to achieve the desired result. Additional or alternative steps may be omitted, multiple steps may be combined into one step, and / or a step may be broken down into multiple steps.

[0122] From the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein can be implemented by software or by combining software with necessary hardware. Therefore, the technical solutions according to the embodiments of this disclosure can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (such as a CD-ROM, USB flash drive, external hard drive, etc.) or on a network, including several instructions to cause a computing device (such as a personal computer, server, mobile terminal, or network device, etc.) to execute the methods according to the embodiments of this disclosure.

[0123] Other embodiments of this disclosure will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of this disclosure that follow the general principles of this disclosure and include common knowledge or customary techniques in the art not disclosed herein. The specification and examples are to be considered exemplary only, and the true scope and spirit of this disclosure are indicated by the appended claims.

Claims

1. A method for identifying webpage permissions, characterized in that, include: When a user drives a specified event on a webpage, obtain the execution information of the webpage data code involved in the user-driven event. Based on the running information, running logic information is determined, wherein the running logic information is the permission information for jumping from one running node to another running node, and the running node is the webpage involved in the user-driven specified event process; Based on the aforementioned operational logic information, the operational permission information of each operational node is determined; Based on the running permission information of each running node, determine the event permission information of the user-driven specified event; The running permission information includes permission information for multiple parent nodes and permission information for multiple child nodes. Specifically, determining the event permission information for a user-driven specified event based on the running permission information of each running node includes: combining the permission information of all parent nodes in the running permission to determine the overall event permission information; combining the permission information of all child nodes in the running permission to determine the event local permission information; and determining the event permission information for a user-driven specified event based on the overall event permission information and the event local permission information.

2. The webpage permission identification method according to claim 1, characterized in that, The operation information includes operation node data, wherein the operation node data is the jump logic between two operation nodes; Based on the aforementioned operational information, operational logic information is determined, including: Based on the running node data, the running logic information is determined.

3. The webpage permission identification method according to claim 1, characterized in that, Based on the aforementioned operational logic information, the operational permission information of each operational node is determined, including: Based on the aforementioned operational logic information, a logical relationship tree is constructed between operational nodes, wherein the logical relationship tree is used to represent the logical relationships between the various operational nodes; Based on the logical relationship tree, the running permission information of each running node is determined.

4. The webpage permission identification method according to claim 1, characterized in that, After determining the event permission information of the user-driven specified event based on the running permission information of each running node, the method further includes: Obtain event description information for multiple user-driven specified events, as well as event permission information corresponding to each event description, to obtain a sample dataset; Based on the sample dataset, a distance matrix is ​​constructed, wherein the elements of the distance matrix are used to represent the Euclidean distance between two corresponding events; Based on the distance matrix and the k-means clustering algorithm, the clustering results are determined; Based on the clustering results, the event classification results for each user-driven specified event are determined.

5. The webpage permission identification method according to claim 4, characterized in that, Based on the distance matrix and the k-means clustering algorithm, the clustering results are determined, including: Based on the distance matrix, a first similarity graph matrix is ​​constructed using a Gaussian kernel function, wherein the elements in the first similarity graph matrix are used to represent the target similarity between two corresponding events; Add random noise under a given privacy calculation to the symmetric elements in the first similarity graph matrix to obtain the second similarity graph matrix; Construct the degree matrix based on the second similarity graph matrix; Based on the degree matrix and the second similarity graph matrix, a normalized Laplacian matrix is ​​constructed; The number of clusters is selected based on the eigenmaximal margin algorithm. k Before calculating the Laplacian matrix k The eigenvectors corresponding to the smallest eigenvalues ​​are used to obtain multiple eigenvectors; Based on the multiple feature vectors, a feature matrix is ​​constructed, and the elements in the feature matrix are assigned to the corresponding clusters using the k-means clustering algorithm to obtain the clustering results.

6. A webpage permission identification device, characterized in that, include: The runtime information acquisition module is used to acquire runtime information of web page data code involved in the user-driven specified event process when the user drives the specified event on the web page. The runtime logic information determination module is used to determine runtime logic information based on the runtime information, wherein the runtime logic information is permission information for jumping from one runtime node to another runtime node, and the runtime node is a webpage involved in the user-driven specified event process; The execution permission information determination module is used to determine the execution permission information of each execution node based on the execution logic information. The event permission information determination module is used to determine the event permission information of a user-driven specified event based on the running permission information of each running node. The running permission information includes permission information for multiple parent nodes and permission information for multiple child nodes. The event permission information determination module is further configured to: combine the permission information of all parent nodes in the running permission to determine the overall event permission information; combine the permission information of all child nodes in the running permission to determine the event local permission information; and determine the event permission information of the user-driven specified event based on the overall event permission information and the event local permission information.

7. An electronic device, characterized in that, include: processor; as well as Memory for storing the executable instructions of the processor; The processor is configured to execute the webpage permission identification method of any one of claims 1 to 5 by executing the executable instructions.

8. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by the processor, it implements the webpage permission identification method according to any one of claims 1 to 5.