An operation and maintenance management assisted processing method and system

By creating assisted prediction templates and pre-set algorithms to generate sets of instructions to be operated, the problem of poor compatibility of operation and maintenance methods in existing technologies has been solved, thereby improving operation and maintenance efficiency and compatibility, and optimizing operation and maintenance processes and security.

CN115878164BActive Publication Date: 2026-06-12BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF 2 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
BEIJING TOPSEC NETWORK SECURITY TECH
Filing Date
2022-12-23
Publication Date
2026-06-12

AI Technical Summary

Technical Problem

The existing operation and maintenance method based on behavior recording scripts cannot be used when operation and maintenance personnel perform manual operation and maintenance, resulting in poor compatibility and failing to meet the needs of diverse operation and maintenance scenarios.

Method used

By creating an assisted prediction template, the system obtains the current operation instructions of the operation and maintenance personnel, generates a set of instructions to be operated using a preset assisted prediction algorithm, and sends it to the operation and maintenance interface for the operation and maintenance personnel to choose from. It also combines big data statistics and historical operation data to perform self-learning and anomaly detection, thereby optimizing the operation and maintenance process.

🎯Benefits of technology

It improved operational efficiency and compatibility, reduced the massive auditing work and repetitive manual auditing workload caused by rule configuration, reduced internal permission configuration vulnerabilities, optimized internal security standards, and improved the work efficiency of operations and maintenance personnel.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115878164B_ABST
    Figure CN115878164B_ABST
Patent Text Reader

Abstract

The embodiment of the application provides an operation and maintenance management assisting processing method and system, and relates to the technical field of network operation and maintenance. The operation and maintenance management assisting processing method comprises the following steps: creating an assisting prediction template; obtaining a current operation and maintenance instruction of an operation and maintenance personnel; generating a to-be-operated instruction set according to the assisting prediction template, the current operation and maintenance instruction and a preset assisting prediction algorithm, wherein the to-be-operated instruction set comprises a plurality of operation and maintenance instructions associated with the current operation and maintenance instruction; and sending the to-be-operated instruction set to an operation and maintenance interface, so that the operation and maintenance personnel selects a corresponding operation and maintenance instruction from the operation and maintenance interface. The operation and maintenance management assisting processing method can achieve the technical effects of improving operation and maintenance efficiency and operation and maintenance compatibility.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of network operation and maintenance technology, and more specifically, to an auxiliary processing method and system for operation and maintenance management. Background Technology

[0002] Currently, with the development of information technology, operation and maintenance (O&M) management has become a major theme in the era of information technology construction. When the scale of IT (Information Technology) in enterprises and institutions reaches a certain level, numerous resources such as networks, IT facilities, and business operations need to be effectively managed to ensure the normal operation of their IT systems and support normal office work and business production. More importantly, managing enterprise assets well demonstrates the contribution of O&M to the enterprise, going beyond simply putting out fires; it's about maintaining the stability and efficient operation of enterprise systems. As O&M management becomes increasingly demanding, more and more complex O&M tasks require O&M personnel to perform. Therefore, O&M personnel need an auxiliary O&M method that can effectively assist them and alleviate their O&M management pressure in different O&M scenarios.

[0003] In existing technologies, operation and maintenance management is generally assisted by behavior recording scripts. Although it can realize the subsequent operation and maintenance work of the operation and maintenance object, it has the following drawbacks: it is implemented by automated tasks and cannot be used when operation and maintenance personnel perform manual operation and maintenance; it only supports scripts, which will result in some scenarios not being usable and poor compatibility. Summary of the Invention

[0004] The purpose of this application is to provide an auxiliary processing method, system, electronic device, and computer-readable storage medium for operation and maintenance management, which can achieve the technical effect of improving operation and maintenance efficiency and compatibility.

[0005] In a first aspect, embodiments of this application provide an auxiliary processing method for operation and maintenance management, including:

[0006] Create a template to assist in forecasting;

[0007] Obtain the current operation and maintenance instructions from the maintenance personnel;

[0008] Based on the assisted prediction template, the current operation and maintenance instruction, and the preset assisted prediction algorithm, a set of instructions to be operated is generated, which includes multiple operation and maintenance instructions associated with the current operation and maintenance instruction.

[0009] The set of instructions to be operated is sent to the operation and maintenance interface so that the operation and maintenance personnel can select the corresponding operation and maintenance operation instructions from the operation and maintenance interface.

[0010] In the above implementation process, the operation and maintenance management assistance method calculates the current operation and maintenance instructions of the operation and maintenance personnel based on the assistance prediction template and the preset assistance prediction algorithm to generate a set of instructions to be operated. This set of instructions is then used to predict the next operation of the operation and maintenance personnel, and the prediction results are returned to the operation and maintenance interface for the personnel to choose from. If the prediction results happen to include an operation that the operation and maintenance personnel are about to perform, it can provide effective operation and maintenance assistance, thereby greatly improving the work efficiency of the operation and maintenance personnel. Simultaneously, the assistance prediction method based on the preset assistance prediction algorithm can reduce the massive audit work caused by rule configuration and the repetitive workload of manual auditing in the configuration management of traditional operation and maintenance security audit systems. It improves the flexibility caused by the lack of rule configuration, reduces internal permission configuration vulnerabilities, continuously optimizes internal security standards and systems, and improves compatibility. Therefore, this operation and maintenance management assistance method can achieve the technical effects of improving operation and maintenance efficiency and compatibility.

[0011] Further, the step of generating a set of instructions to be operated based on the assisted prediction template, the current operation and maintenance instructions, and the preset assisted prediction algorithm includes:

[0012] The current operation and maintenance instructions are evaluated and calculated using the assistance prediction template and the preset assistance prediction algorithm to generate the set of instructions to be operated. The assistance prediction template includes one or more of the following: correlation data of operation and maintenance nodes, risk command whitelist, and risk command blacklist. The preset assistance prediction algorithm includes one or more of the following: assistance prediction of bastion host behavior anomaly detection, assistance prediction of change script detection, assistance prediction of operation and maintenance behavior profiling, and external rule internalization.

[0013] In the above implementation process, based on the command currently being executed by the operation and maintenance personnel, i.e. the current operation and maintenance operation instruction, the current operation and maintenance operation instruction is evaluated through the self-learning of the assistance prediction template and the preset assistance prediction algorithm, and the possible commands to be executed next are calculated to generate a set of instructions to be operated.

[0014] Furthermore, the assistance in predicting abnormal behavior detection of the bastion host includes one or more of the following: high-risk command detection, abnormal command sequence detection, operation without work order detection, bastion host bypass detection, and login to non-regulated devices detection.

[0015] Furthermore, after the step of evaluating and calculating the current operation and maintenance instructions using the assisted prediction template and the preset assisted prediction algorithm to generate the set of instructions to be operated, the method further includes:

[0016] Obtain the login information of the operation and maintenance personnel, wherein the login information includes one or more of the following: asset information, account information, and agreement information of the operation and maintenance personnel.

[0017] The login information and the current operation and maintenance instructions are integrated and calculated by the preset assistance prediction algorithm to generate a first set of instructions to be operated, and the first set of instructions to be operated is added to the set of instructions to be operated; wherein, the preset assistance prediction algorithm performs layered decoupling of the login information and the current operation and maintenance instructions and extracts internal and external rules keywords, performs text similarity matching, and obtains the matching result of the first set of instructions to be operated.

[0018] In the above implementation process, based on the login information of the current operation and maintenance personnel, namely the logged-in asset information, account information, and agreement information, the operation integration calculation that conforms to the current operation and maintenance management session is performed to obtain the commands that may be executed next and generate the first set of instructions to be operated.

[0019] Furthermore, after the step of evaluating and calculating the current operation and maintenance instructions using the assisted prediction template and the preset assisted prediction algorithm to generate the set of instructions to be operated, the method further includes:

[0020] Obtain big data statistics;

[0021] Based on the big data statistics and the current operation and maintenance instructions, a related command calculation is performed to generate a second set of instructions to be operated, and the second set of instructions to be operated is added to the set of instructions to be operated.

[0022] In the above implementation process, based on big data statistics and combined with the commands currently executed by the maintenance personnel, the related commands are calculated, and the command with the highest correlation with the command currently executed by the maintenance personnel is calculated to generate the second set of instructions to be operated.

[0023] Furthermore, after the step of sending the set of instructions to be operated to the operation and maintenance interface, the method further includes:

[0024] Obtain historical operation commands from maintenance personnel to the bastion host;

[0025] Based on the preset assistance prediction algorithm, the historical operation instructions are trained to obtain an assistance detection model;

[0026] Based on the aforementioned collaborative detection model and rule-based detection, anomaly detection is performed on the current operation and maintenance instructions to generate anomaly detection results.

[0027] In the above implementation process, a model is trained on the historical operation instructions of the bastion host based on a preset assistance prediction algorithm. Then, dual detection is performed based on the assistance detection model and rule detection to detect anomalies in the operation commands executed by the bastion host, thereby strengthening the audit of the operation security of maintenance personnel. Thus, the anomaly detection results can effectively standardize the behavior of maintenance personnel in operation and maintenance, and reduce the operational risks in management. The standardization of the preset assistance prediction algorithm strengthens the analysis of the behavior of maintenance personnel, discovers abnormal operation behaviors and intervenes in a timely manner, thereby reducing macro-level management risks.

[0028] Furthermore, after the step of sending the set of instructions to be operated to the operation and maintenance interface, the method further includes:

[0029] Obtain feedback operation instructions from maintenance personnel;

[0030] The priority of the operation and maintenance operation instructions corresponding to the set of instructions to be operated can be increased or decreased according to the feedback operation instructions.

[0031] In the above implementation process, based on the operation instructions fed back by the operation and maintenance personnel, the selection results of the operation and maintenance personnel in the low-wait operation instruction set are obtained, and self-learning is carried out based on the selection results: if the operation and maintenance personnel select the operation and maintenance instruction, the priority of the operation and maintenance instruction is increased and it will be recommended in the next time; otherwise, the priority of the operation and maintenance instruction is decreased.

[0032] Secondly, embodiments of this application provide an auxiliary processing system for operation and maintenance management, including:

[0033] Create a module for creating predictive templates;

[0034] The instruction acquisition module is used to acquire the current operation and maintenance instructions from the operation and maintenance personnel.

[0035] The assisted prediction module is used to generate a set of instructions to be operated based on the assisted prediction template, the current operation and maintenance instruction, and the preset assisted prediction algorithm. The set of instructions to be operated includes multiple operation and maintenance instructions associated with the current operation and maintenance instruction.

[0036] The sending module is used to send the set of instructions to be operated to the operation and maintenance interface, so that the operation and maintenance personnel can select the corresponding operation and maintenance operation instructions from the operation and maintenance interface.

[0037] Furthermore, the assisted prediction module is specifically used for:

[0038] The current operation and maintenance instructions are evaluated and calculated using the assistance prediction template and the preset assistance prediction algorithm to generate the set of instructions to be operated. The assistance prediction template includes one or more of the following: correlation data of operation and maintenance nodes, risk command whitelist, and risk command blacklist. The preset assistance prediction algorithm includes one or more of the following: assistance prediction of bastion host behavior anomaly detection, assistance prediction of change script detection, assistance prediction of operation and maintenance behavior profiling, and external rule internalization.

[0039] Furthermore, the operation and maintenance management assistance system also includes:

[0040] The login information acquisition module is used to acquire the login information of operation and maintenance personnel. The login information includes one or more of the following: asset information, account information, and agreement information of the operation and maintenance personnel.

[0041] The assisted prediction module is further configured to: integrate and calculate the login information and the current operation and maintenance instructions using the preset assisted prediction algorithm to generate a first set of instructions to be operated, and add the first set of instructions to be operated to the set of instructions to be operated; wherein, the preset assisted prediction algorithm performs layered decoupling of the login information and the current operation and maintenance instructions and extracts internal and external rules keywords, performs text similarity matching, and obtains the matching result of the first set of instructions to be operated.

[0042] Furthermore, the operation and maintenance management assistance system also includes:

[0043] The big data acquisition module is used to acquire big data statistical data;

[0044] The prediction assistance module is also used to: perform correlation command calculation based on the big data statistics and the current operation and maintenance instructions, generate a second set of instructions to be operated, and add the second set of instructions to be operated to the set of instructions to be operated.

[0045] Furthermore, the operation and maintenance management assistance system also includes:

[0046] The historical operation acquisition module is used to acquire the historical operation instructions of the operation and maintenance personnel to the bastion host;

[0047] The model training module is used to train the historical operation instructions based on the preset assistance prediction algorithm to obtain an assistance detection model;

[0048] The anomaly detection module is used to perform anomaly detection on the current operation and maintenance command based on the assisted detection model and rule detection, and generate anomaly detection results.

[0049] Furthermore, the operation and maintenance management assistance system also includes:

[0050] The feedback acquisition module is used to acquire feedback operation instructions from maintenance personnel.

[0051] The priority module is used to increase or decrease the priority of the operation and maintenance operation instructions corresponding to the set of instructions to be operated based on the feedback operation instructions.

[0052] Thirdly, an electronic device provided in this application includes: a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the steps of the method as described in any of the first aspects.

[0053] Fourthly, embodiments of this application provide a computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform the method described in any of the first aspects.

[0054] Fifthly, embodiments of this application provide a computer program product that, when run on a computer, causes the computer to perform the method described in any of the first aspects.

[0055] Other features and advantages disclosed in this application will be set forth in the following description, or some features and advantages may be inferred from the description or determined without doubt, or may be learned by practicing the above-described technology disclosed in this application.

[0056] To make the above-mentioned objectives, features and advantages of this application more apparent and understandable, preferred embodiments are described below in detail with reference to the accompanying drawings. Attached Figure Description

[0057] To more clearly illustrate the technical solutions of the embodiments of this application, the accompanying drawings used in the embodiments of this application will be briefly introduced below. It should be understood that the following drawings only show some embodiments of this application and should not be regarded as a limitation of the scope. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.

[0058] Figure 1 A flowchart illustrating an assistance method for operation and maintenance management provided in an embodiment of this application;

[0059] Figure 2 A flowchart illustrating another operation and maintenance management assistance method provided in this application embodiment;

[0060] Figure 3 This is a flowchart illustrating the process of detecting anomalies in the current operation and maintenance instructions, provided in an embodiment of this application.

[0061] Figure 4 A structural block diagram of the operation and maintenance management assistance system provided in the embodiments of this application;

[0062] Figure 5 This is a structural block diagram of an electronic device provided in an embodiment of this application. Detailed Implementation

[0063] The technical solutions in the embodiments of this application will now be described with reference to the accompanying drawings.

[0064] It should be noted that similar reference numerals and letters in the following figures indicate similar items; therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures. Furthermore, in the description of this application, terms such as "first," "second," etc., are used only to distinguish descriptions and should not be construed as indicating or implying relative importance.

[0065] This application provides an assistance processing method, system, electronic device, and computer-readable storage medium for operation and maintenance management, which can be applied to assistance prediction for operation and maintenance scenarios. The assistance processing method generates a set of instructions to be performed based on the current operation and maintenance instructions of the operation and maintenance personnel, according to an assistance prediction template and a preset assistance prediction algorithm. It then predicts the next operation to be performed by the operation and maintenance personnel based on this set of instructions, returning the prediction results to the operation and maintenance interface for the personnel to choose from. If the prediction results match the operation that the personnel are about to perform, it provides effective operation and maintenance assistance, thereby greatly improving the work efficiency of the operation and maintenance personnel. Simultaneously, the assistance prediction method based on the preset assistance prediction algorithm can reduce the massive audit work caused by rule configuration and the repetitive workload of manual auditing in the configuration management of traditional operation and maintenance security audit systems. It improves the flexibility caused by the lack of rule configuration, reduces internal permission configuration vulnerabilities, continuously optimizes internal security regulations, and improves compatibility. Therefore, this assistance processing method for operation and maintenance management can achieve the technical effects of improving operation and maintenance efficiency and compatibility.

[0066] Please see Figure 1 , Figure 1 The flowchart illustrates an operation and maintenance management assistance method provided in this application embodiment. The operation and maintenance management assistance method includes the following steps:

[0067] S100: Create an auxiliary prediction template.

[0068] For example, before the first operation and maintenance, the operation and maintenance personnel can create a specified template based on the characteristics of the current operation and maintenance assets to obtain an assisted prediction template; optionally, the assisted prediction template mainly serves to provide basic dependencies in the calculation process of assisted prediction.

[0069] S200: Obtain the current operation and maintenance instructions from the operation and maintenance personnel.

[0070] For example, when the operations and maintenance personnel start to perform operations and maintenance operations, the current operations and maintenance operation instructions of the operations and maintenance personnel are obtained; a preset assistance prediction algorithm is combined with the current operations and maintenance scenario (login information of the operations and maintenance personnel, current operations and maintenance operation instructions, etc.) to perform calculations in the background to predict the probability of the operations and maintenance personnel's next operation.

[0071] S300: Generates a set of instructions to be operated based on the assisted prediction template, the current operation and maintenance instructions, and the preset assisted prediction algorithm. The set of instructions to be operated includes multiple operation and maintenance instructions associated with the current operation and maintenance instructions.

[0072] S400: Sends the set of instructions to be operated to the operation and maintenance interface so that operation and maintenance personnel can select the corresponding operation and maintenance instructions from the operation and maintenance interface.

[0073] For example, by using the calculation of the assisted prediction template and the preset assisted prediction algorithm, commands associated with the current operation and maintenance instructions are obtained, and a set of instructions to be operated is obtained; optionally, multiple operation and maintenance instructions in the set of instructions to be operated are displayed in the operation and maintenance interface in order of priority.

[0074] In some implementations, when maintenance personnel see the above set of instructions to be executed on the maintenance interface, they will refer to it. If there is a command to be executed, they can select it; otherwise, they can ignore it.

[0075] For example, this operation and maintenance management assistance method calculates a set of instructions to be performed based on the current operation and maintenance instructions of the operation and maintenance personnel, according to the assistance prediction template and the preset assistance prediction algorithm. It then predicts the next operation to be performed by the operation and maintenance personnel based on this set of instructions, and returns the prediction results to the operation and maintenance interface for the personnel to choose from. If the prediction results happen to include an operation that the operation and maintenance personnel are about to perform, it can provide effective operation and maintenance assistance, thereby greatly improving the work efficiency of the operation and maintenance personnel. Simultaneously, the assistance prediction method based on the preset assistance prediction algorithm can reduce the massive audit work caused by rule configuration and the repetitive workload of manual auditing in the configuration management of traditional operation and maintenance security audit systems. It improves the flexibility caused by the lack of rule configuration, reduces internal permission configuration vulnerabilities, continuously optimizes internal security standards and systems, and improves compatibility. Therefore, this operation and maintenance management assistance method can achieve the technical effects of improving operation and maintenance efficiency and compatibility.

[0076] Please see Figure 2 , Figure 2 This is a flowchart illustrating another operation and maintenance management assistance method provided in an embodiment of this application.

[0077] For example, S300: The step of generating a set of instructions to be operated based on the assistance prediction template, the current operation and maintenance instructions, and the preset assistance prediction algorithm includes:

[0078] S310: The current operation and maintenance operation instructions are evaluated and calculated by using the assistance prediction template and the preset assistance prediction algorithm to generate a set of instructions to be operated. The assistance prediction template includes one or more of the following: the correlation data of operation and maintenance operation nodes, the risk command whitelist, and the risk command blacklist. The preset assistance prediction algorithm includes one or more of the following: assistance prediction of bastion host behavior anomaly detection, assistance prediction of change script detection, assistance prediction of operation and maintenance behavior profiling, and external rule internalization.

[0079] For example, based on the command currently being executed by the operations and maintenance personnel, i.e. the current operations and maintenance operation instruction, the current operations and maintenance operation instruction is evaluated through the self-learning of the assistance prediction template and the preset assistance prediction algorithm, and the possible commands to be executed next are calculated to generate a set of instructions to be executed.

[0080] Optionally, the assistance prediction template is a template added by the operation and maintenance personnel themselves according to the operation and maintenance scenario. The assistance prediction template summarizes the correlation of operation and maintenance operation nodes, risk command whitelist, risk command blacklist, etc. When the preset assistance prediction algorithm hits the relevant operation, it will prioritize the calculation according to the settings of the assistance prediction template.

[0081] Optionally, the specific logic of the preset predictive algorithm includes, but is not limited to, using multiple machine algorithms to process and learn data, establishing different algorithm models, and achieving pre-event prediction, in-event intervention, and post-event tracing for high-risk behaviors.

[0082] For example, assisting in predicting abnormal bastion host behavior detection includes one or more of the following: high-risk command detection, abnormal command sequence detection, operation without work order detection, bastion host bypass detection, and login to non-regulated devices detection.

[0083] For example, after step S310: evaluating and calculating the current operation and maintenance instructions using the assisted prediction template and the preset assisted prediction algorithm to generate a set of instructions to be operated, the method further includes:

[0084] S321: Obtain the login information of the operation and maintenance personnel. The login information includes one or more of the following: asset information, account information, and agreement information of the operation and maintenance personnel.

[0085] S322: The login information and current operation and maintenance instructions are integrated and calculated by a preset auxiliary prediction algorithm to generate a first set of instructions to be operated, and the first set of instructions to be operated is added to the set of instructions to be operated; wherein, the preset auxiliary prediction algorithm performs hierarchical decoupling of the login information and current operation and maintenance instructions and extracts internal and external rules keywords, performs text similarity matching, and obtains the matching result of the first set of instructions to be operated.

[0086] For example, based on the login information of the current operation and maintenance personnel, namely the logged-in asset information, account information, and agreement information, an operation integration calculation is performed that conforms to the current operation and maintenance management session to obtain the commands that may be executed next and generate the first set of instructions to be operated.

[0087] Optionally, the preset assistance prediction algorithm will perform layered decoupling based on the entire command executed by the operation and maintenance personnel, use automatic splitting technology to split the entire command and internal files, extract internal and external rules keywords based on the assistance operation and maintenance algorithm, perform text similarity matching, and quickly obtain matching results, ensuring that the preset assistance prediction algorithm can perform more comprehensive self-learning while providing assistance prediction.

[0088] For example, after step S310: evaluating and calculating the current operation and maintenance instructions using the assisted prediction template and the preset assisted prediction algorithm to generate a set of instructions to be operated, the method further includes:

[0089] S331: Obtain big data statistics;

[0090] S332: Calculate the associated commands based on big data statistics and current operation and maintenance instructions, generate a second set of instructions to be operated, and add the second set of instructions to be operated to the set of instructions to be operated.

[0091] For example, based on big data statistics and the commands currently executed by the operations and maintenance personnel, the relevant commands are calculated, and the command with the highest relevance to the command currently executed by the operations and maintenance personnel is calculated to generate a second set of instructions to be operated.

[0092] For example, after step S400: sending the set of instructions to be operated to the operation and maintenance interface, the method further includes:

[0093] S510: Obtain feedback operation instructions from maintenance personnel;

[0094] S520: Increase or decrease the priority of the corresponding operation and maintenance operation instructions in the set of instructions to be operated based on the feedback operation instructions.

[0095] For example, based on the operation instructions provided by the operation and maintenance personnel, the selection results of the operation and maintenance personnel in the low-wait operation instruction set are obtained, and self-learning is performed based on the selection results: if the operation and maintenance personnel select the operation and maintenance instruction, the priority of the operation and maintenance instruction is increased and it will be recommended in the next time; otherwise, the priority of the operation and maintenance instruction is decreased.

[0096] Please see Figure 3 , Figure 3 This is a flowchart illustrating the process of detecting anomalies in the current operation and maintenance instructions, as provided in an embodiment of this application.

[0097] For example, after step S400: sending the set of instructions to be operated to the operation and maintenance interface, the method further includes:

[0098] S610: Obtain historical operation commands from maintenance personnel to the bastion host;

[0099] S620: Train a model based on a preset assistance prediction algorithm to obtain an assistance detection model by training historical operation instructions.

[0100] S630: Based on the collaborative detection model and rule detection, perform anomaly detection on the current operation and maintenance instructions and generate anomaly detection results.

[0101] For example, a model is trained on the historical operation commands of the bastion host based on a preset assistance prediction algorithm. Then, dual detection is performed based on the assistance detection model and rule detection to detect anomalies in the operation commands executed by the bastion host, thereby strengthening the audit of the operation security of maintenance personnel. Thus, the anomaly detection results can effectively regulate the behavior of maintenance personnel in operation and maintenance, and reduce the risk of operation in management. By using the standardization of the preset assistance prediction algorithm to strengthen the analysis of the behavior of maintenance personnel, abnormal operation behavior can be detected and intervened in a timely manner to reduce macro-level management risks.

[0102] In some implementation scenarios, combined with Figures 1 to 3 In actual operation and maintenance scenarios, operation and maintenance operations are often carried out through operation and maintenance security audit management systems. When faced with tedious and repetitive operation and maintenance instructions, which bring a large workload to operation and maintenance personnel, effective operation and maintenance assistance during the operation and maintenance process can help improve the work efficiency of operation and maintenance personnel, reduce daily work pressure, and enhance operation and maintenance capabilities. The specific process example of the operation and maintenance management assistance method described in detail in the embodiments of this application is as follows:

[0103] 1. Currently, operations and maintenance personnel use the operations and maintenance security audit management system to perform operations and maintenance using the SSH protocol, and also use the SSH protocol to deploy programs.

[0104] 2. Operation and maintenance personnel can set the template before starting the operation and maintenance work, such as the image name required for this deployment, the set management address, the corresponding configuration file, etc.

[0105] 3. During the operation and maintenance process, assist the prediction program (preset prediction algorithm) to perform algorithm calculations, and push recommended commands in combination with the real-time operation of the operation and maintenance personnel;

[0106] 4. When operations and maintenance personnel execute image deployment, after recognizing the current operation, the program combines the executed instructions, template settings, and algorithm data statistics to push the command with the highest compliance rate to the operations and maintenance personnel for selection.

[0107] 5. The operation and maintenance personnel can make further selections based on the commands provided by the assistance prediction program. When a matching command appears, the operation and maintenance personnel can directly use it without having to enter it again.

[0108] In summary, the operation and maintenance management assistance method provided in this application embodiment has at least the following beneficial effects:

[0109] First, it can effectively improve the work efficiency of maintenance personnel and reduce the maintenance pressure for tedious and repetitive maintenance tasks.

[0110] Second, by using the self-learning of the operation and maintenance assistance prediction program, complex operation and maintenance operations can be simplified, and simple operation and maintenance operations can be automated with high compatibility.

[0111] Please see Figure 4 , Figure 4 This is a structural block diagram of an operation and maintenance management assistance system provided in an embodiment of this application. The operation and maintenance management assistance system includes:

[0112] Create module 100 to create prediction templates;

[0113] The instruction acquisition module 200 is used to acquire the current operation and maintenance instructions of the operation and maintenance personnel;

[0114] The assisted prediction module 300 is used to generate a set of instructions to be operated based on the assisted prediction template, the current operation and maintenance instructions, and the preset assisted prediction algorithm. The set of instructions to be operated includes multiple operation and maintenance instructions associated with the current operation and maintenance instructions.

[0115] The sending module 400 is used to send the set of instructions to be operated to the operation and maintenance interface, so that the operation and maintenance personnel can select the corresponding operation and maintenance operation instructions from the operation and maintenance interface.

[0116] For example, the prediction assistance module 300 is specifically used for:

[0117] The current operation and maintenance instructions are evaluated and calculated by using the assistance prediction template and the preset assistance prediction algorithm to generate a set of instructions to be operated. The assistance prediction template includes one or more of the following: the correlation data of operation and maintenance operation nodes, the risk command whitelist, and the risk command blacklist. The preset assistance prediction algorithm includes one or more of the following: assistance prediction of bastion host behavior anomaly detection, assistance prediction of change script detection, assistance prediction of operation and maintenance behavior profiling, and external rule internalization.

[0118] For example, the operation and maintenance management assistance system also includes:

[0119] The login information acquisition module is used to acquire the login information of operation and maintenance personnel. The login information includes one or more of the following: asset information, account information, and agreement information of the operation and maintenance personnel.

[0120] The assisted prediction module 300 is also used to: integrate and calculate the login information and the current operation and maintenance instructions through a preset assisted prediction algorithm to generate a first set of instructions to be operated, and add the first set of instructions to be operated to the set of instructions to be operated; wherein, the preset assisted prediction algorithm performs layered decoupling of the login information and the current operation and maintenance instructions and extracts internal and external rules keywords, performs text similarity matching, and obtains the matching result of the first set of instructions to be operated.

[0121] For example, the operation and maintenance management assistance system also includes:

[0122] The big data acquisition module is used to acquire big data statistical data;

[0123] The prediction assistance module 300 is also used to: perform correlation command calculations based on big data statistics and current operation and maintenance instructions, generate a second set of instructions to be operated, and add the second set of instructions to be operated to the set of instructions to be operated.

[0124] For example, the operation and maintenance management assistance system also includes:

[0125] The historical operation acquisition module is used to acquire the historical operation instructions of the operation and maintenance personnel to the bastion host;

[0126] The model training module is used to train a model based on a preset assist prediction algorithm for historical operation instructions to obtain an assist detection model.

[0127] The anomaly detection module is used to perform anomaly detection on the current operation and maintenance instructions based on the collaborative detection model and rule detection, and generate anomaly detection results.

[0128] For example, the operation and maintenance management assistance system also includes:

[0129] The feedback acquisition module is used to acquire feedback operation instructions from maintenance personnel.

[0130] The priority module is used to increase or decrease the priority of the corresponding operation and maintenance operation instructions in the set of instructions to be operated based on the feedback operation instructions.

[0131] It should be noted that the operation and maintenance management assistance system provided in this application embodiment is related to... Figures 1 to 3 The method embodiments shown correspond to each other, and will not be described again here to avoid repetition.

[0132] This application also provides an electronic device, please refer to [link to application]. Figure 5 , Figure 5 This is a structural block diagram of an electronic device provided in an embodiment of this application. The electronic device may include a processor 510, a communication interface 520, a memory 530, and at least one communication bus 540. The communication bus 540 is used to enable direct communication between these components. In this embodiment, the communication interface 520 of the electronic device is used for signaling or data communication with other node devices. The processor 510 may be an integrated circuit chip with signal processing capabilities.

[0133] The processor 510 described above can be a general-purpose processor, including a central processing unit (CPU), a network processor (NP), etc.; it can also be a digital signal processor (DSP), an application-specific integrated circuit (ASIC), an off-the-shelf programmable gate array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components. It can implement or execute the methods, steps, and logic block diagrams disclosed in the embodiments of this application. The general-purpose processor can be a microprocessor, or the processor 510 can be any conventional processor.

[0134] The memory 530 may be, but is not limited to, random access memory (RAM), read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), etc. The memory 530 stores computer-readable instructions. When these computer-readable instructions are executed by the processor 510, the electronic device can perform the aforementioned operations. Figures 1 to 3 The various steps involved in the method implementation examples.

[0135] Alternatively, the electronic device may also include a storage controller and an input / output unit.

[0136] The memory 530, storage controller, processor 510, peripheral interface, and input / output unit are electrically connected directly or indirectly to achieve data transmission or interaction. For example, these components can be electrically connected to each other through one or more communication buses 540. The processor 510 is used to execute executable modules stored in the memory 530, such as software function modules or computer programs included in electronic devices.

[0137] The input / output unit is used to provide users with the ability to create tasks and to set optional start periods or preset execution times for those tasks, thereby enabling user-server interaction. The input / output unit may be, but is not limited to, a mouse and keyboard.

[0138] Understandable. Figure 5 The structure shown is for illustrative purposes only; the electronic device may also include components that are more advanced than those shown. Figure 5 The more or fewer components shown, or having the same Figure 5 The different configurations shown. Figure 5 The components shown can be implemented using hardware, software, or a combination thereof.

[0139] This application also provides a storage medium storing instructions. When the instructions are run on a computer, the computer program is executed by a processor to implement the method described in the method embodiment. To avoid repetition, the method will not be described again here.

[0140] This application also provides a computer program product that, when run on a computer, causes the computer to perform the method described in the method embodiment.

[0141] In the several embodiments provided in this application, it should be understood that the disclosed apparatus and methods can also be implemented in other ways. The apparatus embodiments described above are merely illustrative. For example, the flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods, and computer program products according to various embodiments of this application. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions marked in the blocks may occur in a different order than those marked in the drawings. For example, two consecutive blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in a block diagram and / or flowchart, and combinations of blocks in block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or action, or using a combination of dedicated hardware and computer instructions.

[0142] In addition, the functional modules in the various embodiments of this application can be integrated together to form an independent part, or each module can exist independently, or two or more modules can be integrated to form an independent part.

[0143] If the aforementioned functions are implemented as software functional modules and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or a portion of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0144] The above description is merely an embodiment of this application and is not intended to limit the scope of protection of this application. Various modifications and variations can be made to this application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the scope of protection of this application. It should be noted that similar reference numerals and letters in the following figures indicate similar items; therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures.

[0145] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

[0146] It should be noted that, in this document, relational terms such as "first" and "second" are used only to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.

Claims

1. A method for assisting in operation and maintenance management, characterized in that, include: Create an assisted prediction template, which includes one or more of the following: correlation data of operation and maintenance nodes, risk command whitelist, and risk command blacklist; Obtain the current operation and maintenance instructions from the maintenance personnel; Based on the assisted prediction template, the current operation and maintenance instruction, and the preset assisted prediction algorithm, a set of instructions to be operated is generated, which includes multiple operation and maintenance instructions associated with the current operation and maintenance instruction. The set of instructions to be operated is sent to the operation and maintenance interface so that the operation and maintenance personnel can select the corresponding operation and maintenance operation instructions from the operation and maintenance interface. After the step of evaluating and calculating the current operation and maintenance instructions using the assisted prediction template and the preset assisted prediction algorithm to generate the set of instructions to be operated, the method further includes: Obtain the login information of the operation and maintenance personnel, wherein the login information includes one or more of the following: asset information, account information, and agreement information of the operation and maintenance personnel. The login information and the current operation and maintenance instructions are integrated and calculated by the preset assistance prediction algorithm to generate a first set of instructions to be operated, and the first set of instructions to be operated is added to the set of instructions to be operated; wherein, the preset assistance prediction algorithm performs layered decoupling of the login information and the current operation and maintenance instructions and extracts internal and external rules keywords, performs text similarity matching, and obtains the matching result of the first set of instructions to be operated; After the step of sending the set of instructions to be operated to the operation and maintenance interface, the method further includes: Obtain feedback operation instructions from maintenance personnel; The priority of the operation and maintenance operation instructions corresponding to the set of instructions to be operated can be increased or decreased according to the feedback operation instructions.

2. The operation and maintenance management assistance method according to claim 1, characterized in that, The step of generating a set of instructions to be operated based on the assisted prediction template, the current operation and maintenance instructions, and the preset assisted prediction algorithm includes: The current operation and maintenance instructions are evaluated and calculated using the assistance prediction template and the preset assistance prediction algorithm to generate the set of instructions to be operated. The preset assistance prediction algorithm includes one or more of the following: assistance prediction of bastion host behavior anomaly detection, assistance prediction of change script detection, assistance prediction of operation and maintenance behavior profiling, and external rule internalization.

3. The operation and maintenance management assistance method according to claim 2, characterized in that, The assistance in predicting abnormal behavior of the bastion host includes one or more of the following: high-risk command detection, abnormal command sequence detection, operation without work order detection, bastion host bypass detection, and login to non-regulated devices detection.

4. The operation and maintenance management assistance method according to claim 1 or 2, characterized in that, After the step of evaluating and calculating the current operation and maintenance instructions using the assisted prediction template and the preset assisted prediction algorithm to generate the set of instructions to be operated, the method further includes: Obtain big data statistics; Based on the big data statistics and the current operation and maintenance instructions, a related command calculation is performed to generate a second set of instructions to be operated, and the second set of instructions to be operated is added to the set of instructions to be operated.

5. The operation and maintenance management assistance method according to claim 1, characterized in that, After the step of sending the set of instructions to be operated to the operation and maintenance interface, the method further includes: Obtain historical operation commands from maintenance personnel to the bastion host; Based on the preset assistance prediction algorithm, the historical operation instructions are trained to obtain an assistance detection model; Based on the aforementioned collaborative detection model and rule-based detection, anomaly detection is performed on the current operation and maintenance instructions to generate anomaly detection results.

6. A collaborative processing system for operation and maintenance management, characterized in that, include: A creation module is used to create an assisted prediction template, which includes one or more of the following: correlation data of operation and maintenance nodes, risk command whitelist, and risk command blacklist; The instruction acquisition module is used to acquire the current operation and maintenance instructions from the operation and maintenance personnel. The assisted prediction module is used to generate a set of instructions to be operated based on the assisted prediction template, the current operation and maintenance instruction, and the preset assisted prediction algorithm. The set of instructions to be operated includes multiple operation and maintenance instructions associated with the current operation and maintenance instruction. The sending module is used to send the set of instructions to be operated to the operation and maintenance interface, so that the operation and maintenance personnel can select the corresponding operation and maintenance operation instructions from the operation and maintenance interface. The login information acquisition module is used to acquire the login information of operation and maintenance personnel. The login information includes one or more of the following: asset information, account information, and agreement information of the operation and maintenance personnel. The assisted prediction module is further configured to: integrate and calculate the login information and the current operation and maintenance instructions through the preset assisted prediction algorithm to generate a first set of instructions to be operated, and add the first set of instructions to be operated to the set of instructions to be operated; wherein, the preset assisted prediction algorithm performs layered decoupling of the login information and the current operation and maintenance instructions and extracts internal and external rules keywords, performs text similarity matching, and obtains the matching result of the first set of instructions to be operated; The operation and maintenance management assistance system also includes: The feedback acquisition module is used to acquire feedback operation instructions from maintenance personnel. The priority module is used to increase or decrease the priority of the operation and maintenance operation instructions corresponding to the set of instructions to be operated based on the feedback operation instructions.

7. An electronic device, characterized in that, include: A memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor, when executing the computer program, implements the steps of the operation and maintenance management assistance method as described in any one of claims 1 to 5.

8. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores instructions that, when executed on a computer, cause the computer to perform the operation and maintenance management assistance method as described in any one of claims 1 to 5.