A web page security processing method and device based on Xinxing adaptation, and a medium
By decomposing components and analyzing the topology of web pages created using domestically developed information technology, risk characteristics are identified and security compensation is implemented. This addresses the problem of insufficient security control for web pages in the context of domestically developed information technology, thereby improving security and stability.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SHENZHEN MEDICAL INNOVATION UNITED TECHNOLOGY CO LTD
- Filing Date
- 2025-09-11
- Publication Date
- 2026-06-30
AI Technical Summary
In the context of information technology innovation, existing technologies struggle to accurately identify component and topology risks in web applications, leading to insufficient security control and poor security and stability.
By decomposing web pages adapted for domestic IT innovation into components, establishing component topology, conducting component confidence evaluation and topology connection risk evaluation, constructing multi-gradient risk blocks, identifying risk adversaries, obtaining risk characteristics, and performing security compensation processing based on risk characteristics.
It enables precise risk control of web pages in the context of information technology innovation, thereby improving security and stability.
Smart Images

Figure CN120956512B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of web page security processing technology, specifically to a web page security processing method, device, and medium based on domestic IT innovation adaptation. Background Technology
[0002] Against the backdrop of the rapid development of the domestic IT innovation industry, web applications need to adapt to the underlying hardware and software system of the domestic IT innovation environment, which consists of domestic IT CPUs, operating systems, databases, middleware, etc., to meet the requirements of independent and controllable technology. However, due to the diverse types of components and the complex dependencies and data flow relationships between components, traditional web security methods are unable to accurately identify security risks in the underlying hardware and software components. They cannot systematically sort out the topological relationships between components to assess connection risks, nor do they have a differentiated classification of risk levels for different components and targeted adversarial detection, resulting in an inability to effectively capture the potential risk characteristics of web applications in the domestic IT innovation scenario. At the same time, existing technologies mostly adopt generalized security hardening strategies without combining the adaptation characteristics of domestic IT innovation components with the contextual requirements of web business scenarios, making it difficult to achieve precise risk control. Ultimately, this makes domestic IT-adapted web applications prone to security vulnerabilities in actual operation, and security and stability cannot be fully guaranteed.
[0003] Existing technologies have technical problems when handling web page security in the context of information technology innovation, such as difficulty in accurately identifying component and topology risks, resulting in insufficient web page security control and poor security and stability. Summary of the Invention
[0004] This application provides a webpage security processing method, device, and medium based on domestic IT innovation adaptation, which is used to address the technical problem that in the existing technology, when processing webpage security under the domestic IT innovation environment, it is difficult to accurately identify component and topology risks, resulting in insufficient webpage security control and poor security and stability.
[0005] In view of the above problems, this application provides a web page security processing method, device and medium based on domestic IT innovation adaptation.
[0006] The first aspect of this application provides a webpage security processing method based on domestic IT innovation adaptation, the method comprising:
[0007] The webpage adapted for domestic IT innovation is decomposed into components to establish a component topology; based on the component topology, component confidence evaluation and topology connection risk evaluation are performed to obtain topology evaluation values; multi-gradient risk blocks are constructed according to the topology evaluation values, and risk adversarial identification is performed on the multi-gradient risk blocks using risk event samples to obtain risk characteristics; security compensation processing is performed based on the risk characteristics, and the obtained compensation strategy is used to strengthen the security of the webpage.
[0008] In a second aspect, this application provides an electronic device comprising: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to execute a webpage security processing method based on domestic IT innovation adaptation provided in this application.
[0009] In a third aspect of this application, a computer-readable storage medium is provided, storing a computer program for executing a webpage security processing method based on domestic IT innovation adaptation provided in this application.
[0010] One or more technical solutions provided in this application have at least the following technical effects or advantages:
[0011] This paper describes a method for decomposing web pages adapted to the domestic IT innovation environment into components and establishing a component topology. It then performs component confidence evaluation and topology connection risk assessment to obtain topology evaluation values. A multi-gradient risk block is constructed, and risk adversarial identification is performed on these blocks to obtain risk characteristics. Based on these risk characteristics, security compensation processing is applied, and the obtained compensation strategy is used to strengthen the security of the web page. This method achieves precise risk control and security protection for web pages under the domestic IT innovation environment, improving the security and stability of the web pages. Attached Figure Description
[0012] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0013] Figure 1 A flowchart illustrating a webpage security processing method based on domestic IT innovation adaptation provided in this application embodiment;
[0014] Figure 2 This is a schematic diagram of the structure of an electronic device provided in this application.
[0015] Explanation of reference numerals in the attached drawings: Processor 21, Memory 22, Input device 23, Output device 24. Detailed Implementation
[0016] This application provides a webpage security processing method, device, and medium based on domestic IT innovation adaptation, which addresses the technical problem in the prior art that it is difficult to accurately identify component and topology risks when processing webpage security in the domestic IT innovation environment, resulting in insufficient webpage security control and poor security and stability.
[0017] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of this application, and not all of them. All other embodiments obtained by those skilled in the art based on the embodiments of this application without creative effort are within the scope of protection of this application.
[0018] Example 1, as Figure 1 As shown, this application provides a webpage security processing method based on domestic IT innovation adaptation, the method comprising:
[0019] Step S100: Decompose the webpages adapted for domestic IT innovation into components and establish a component topology.
[0020] Specifically, the first step is to comprehensively identify and decompose the underlying hardware and software components upon which domestically developed (IT) adapted web pages running in an IT innovation environment depend for their normal operation. The scope of these components is clearly defined, including at least the IT CPU, operating system, database, middleware, and web application. After component decomposition, the dependencies, calling logic, and data flow paths between components are further analyzed. For example, it clarifies how the web application calls the middleware to implement functions, how the middleware establishes connections with the database and transmits data, and how the operating system allocates resources to the IT CPU to support the operation of the database, middleware, and web application. Based on these clearly defined relationships between components, a component topology structure is constructed that intuitively presents the component relationships. This structure clearly reflects the role and interaction of each component within the web application system.
[0021] Step S200: Based on the component topology, perform component confidence evaluation and topology connection risk evaluation to obtain topology evaluation value.
[0022] Specifically, a static confidence evaluation of components is performed, analyzing the security and reliability of each component by considering its source, the number and severity of known vulnerabilities, and the strength of its security configuration, and calculating the inherent confidence value of each component. Next, a dynamic exposure risk evaluation is conducted based on the component topology, assessing the risk level of inter-component connections from dimensions such as the strength of inter-component communication protocols, data transmission sensitivity, access path complexity, and compatibility, determining the connection risk value corresponding to each component connection. Then, topology risk aggregation is performed to generate a topology evaluation value: first, the component topology is converted into a directed graph structure, where each vertex corresponds to a component, and each directed edge identifies the dependency, call, or data flow relationship between components; each vertex is assigned an initial risk attribute, the value of which is obtained by standardization and inverse mapping of the inherent confidence value; simultaneously, each directed edge is assigned a risk weight attribute, the value of which is obtained by standardization of the connection risk value; finally, based on the node connection relationships in the directed graph, the number of nodes and their outgoing edges are weighted and aggregated accordingly, and the aggregated risk evaluation value is projected onto the corresponding component in the topology relationship, ultimately obtaining a topology evaluation value that reflects the overall risk status.
[0023] Step S300: Construct a multi-gradient risk block based on the topology evaluation value, and use risk event samples to identify risk adversarial behavior in the multi-gradient risk block to obtain risk characteristics.
[0024] Specifically, the attributes and corresponding aggregated risk assessment values of each component are first extracted according to the topology evaluation value. The aggregated risk assessment value is then divided into risk gradients using a pre-defined risk threshold range to obtain the initial risk gradient. Subsequently, the business scenarios carried by the domestically developed web pages are identified, and a processing pipeline consisting of ordered execution components is constructed. The importance of each component in the pipeline within the scenario context is evaluated to obtain an importance assessment value. Based on the predefined rule base, the corresponding gradient control coefficient is matched according to the importance assessment value. This coefficient is used to correct the initial risk gradient to determine the risk gradient of each component. All component risk gradients are then integrated in sequence to construct a multi-gradient risk block. Next, risk adversarial identification is carried out: risk event samples are collected based on the entire usage cycle of web application scenarios to construct a risk event sample set; using the risk samples of each usage cycle node in the sample set, risk adversarial simulations are performed on multi-level risk blocks in sequence to monitor the response status, attack path diffusion range and attack success probability of different blocks when facing sample attacks, and record adversarial monitoring data; finally, based on the adversarial monitoring data, quantitative indicators are extracted for the successful attack paths and component sequences in each risk block, the risk transmission relationship between different risk blocks, the breakthrough time, success frequency and impact degree of various attack samples in the blocks, and finally the risk characteristics are obtained.
[0025] Step S400: Perform security compensation processing based on the risk characteristics, and use the obtained compensation strategy to strengthen the security of the webpage.
[0026] Specifically, based on the risk characteristics obtained in the risk identification phase, the system analyzes the specific risk scenarios and threat paths faced by web applications and underlying components, and generates targeted security compensation strategies accordingly. If the risk characteristics indicate that an attack has moved laterally from component A to component B by exploiting a vulnerability in a certain domestic IT middleware, the system first analyzes the normal business scenarios of interaction between component A and component B, clarifies the differences between normal and abnormal request methods, and only prohibits abnormal request methods from A to B, such as prohibiting specific HTTP methods or malicious SQL statements involved in the vulnerability exploit, rather than blocking all traffic between A and B, thereby ensuring uninterrupted normal business operations. At the same time, the policy binding object does not depend on the IP addresses of component A and component B, but is associated with their digital identity certificates. Even if the components are subsequently expanded or migrated, as long as the digital identity certificates remain unchanged, the policy will continue to be effective. In addition, the policy will be marked as temporary. After component B completes the vulnerability patch deployment, the system automatically identifies the patch's effectiveness status and rolls back the temporary policy, achieving dynamic adaptation of the policy. After generating the security compensation strategy, perform security hardening operations on the web pages adapted to the domestic IT innovation environment and their dependent software and hardware components according to the strategy content. This includes configuring access control rules between components, updating security patches for the domestic IT innovation middleware, etc., to comprehensively eliminate security risks corresponding to risk characteristics and improve the security protection capabilities of web pages in the domestic IT innovation environment.
[0027] In one possible implementation, step S100 further includes:
[0028] Step S110: Identify and decompose the underlying hardware and software components on which the web applications running in the domestic IT innovation environment depend. The components include at least the domestic IT innovation CPU, operating system, database, middleware, and web application.
[0029] Step S120: Analyze the dependencies, calls, and data flow relationships between components to construct the component topology.
[0030] Specifically, for web applications running in a domestically developed IT environment, a comprehensive identification and decomposition of underlying hardware and software components is conducted using domestically developed IT environment adaptation detection tools and component dependency scanning technology. During this process, the core components essential for the normal operation of the web application are identified, and the scope of these components is clearly defined. These components include at least the domestically developed CPU, operating system, database, middleware, and web application. By scanning the runtime dependency chain of the web application one by one, the direct or indirect relationship between each type of component and the web application is confirmed, unnecessary component interference is eliminated, and a complete and comprehensive list of underlying hardware and software components is finally compiled, providing a foundation for subsequent analysis of inter-component relationships and topology construction.
[0031] First, for each type of component in the list, clarify their dependencies. For example, the operating system relies on the hardware resources provided by the domestically developed CPU, the database and middleware rely on the operating system to build the runtime environment, and the web application relies on the middleware to complete function calls and data interactions. Next, clarify the calling logic between components. For example, the web application calls the middleware's service modules through preset interfaces, and the middleware calls the database's query or write functions according to the request instructions. Simultaneously, trace the data flow paths between components, such as how user request data generated by the web application is transmitted to the middleware, how the middleware processes the data and then transmits it to the database for storage, and how the database's feedback data is returned to the web application via the middleware. Integrate these clarified dependencies, calling logics, and data flow relationships into a system, constructing a component topology in a visual or structured form that intuitively presents the component relationships. This structure clearly reflects the roles and interactions of each underlying hardware and software component within the web application's runtime system.
[0032] In one possible implementation, step S200 further includes:
[0033] Step S210: Perform a static confidence evaluation of the component based on its source, the number and level of known vulnerabilities, and the strength of its security configuration to obtain an inherent confidence value.
[0034] Step S220: Based on the component topology, perform a dynamic risk assessment based on the strength of the inter-component communication protocol, data transmission sensitivity, access path complexity, and compatibility to obtain a connection risk value.
[0035] Step S230: Generate the topology evaluation value by performing topology risk aggregation based on the inherent confidence value and the connectivity risk value.
[0036] Specifically, each underlying hardware and software component is analyzed from three core dimensions: component origin, known vulnerabilities, and security configuration strength. This involves determining whether the component originates from a certified and compliant vendor and whether it has undergone security testing to assess its reliability; counting the number of known vulnerabilities and categorizing them as high-, medium-, or low-risk to clarify their level of risk; and checking whether the component has enabled security configurations such as access control, data encryption, and vulnerability patch updates to measure the completeness and enforcement strength of these security configurations. Based on the evaluation results from these three dimensions, a security reliability coefficient is calculated for each component using pre-defined quantitative scoring rules; this coefficient represents the component's inherent confidence value.
[0037] Based on the component topology, the dependencies, calls, and data flow relationships between components are clarified, and a dynamic risk assessment is conducted focusing on the interaction links between components. The assessment process revolves around four core dimensions: First, the strength of the communication protocols between components is analyzed to determine whether the protocols used during component interaction are encrypted, whether the protocol versions comply with the domestic IT security standards, and whether there are any protocol vulnerabilities that could be exploited; second, the sensitivity of data transmission is assessed, identifying the types of data transmitted between components, determining whether the data involves core business information, user privacy data, or sensitive configuration parameters, and clarifying the degree of risk of data leakage or tampering; third, the complexity of the access path is considered, analyzing the number of nodes, the number of jumps, and whether there are any unnecessary intermediate nodes in the access link between components, and analyzing the potential increase in risk points due to a more complex path; fourth, component compatibility is checked to confirm whether the versions of the interactive components are compatible, whether the interface specifications are unified, and whether there are any security risks such as abnormal data transmission or functional failures due to compatibility conflicts. Finally, the evaluation results of the four dimensions are weighted according to the preset weighting rules, such as communication protocol strength accounting for 30%, data transmission sensitivity accounting for 25%, access path complexity accounting for 25%, and compatibility accounting for 20%, to obtain the risk quantification value corresponding to each component interaction link. This value is the connection risk value.
[0038] The component topology is transformed into a directed graph structure, where each vertex corresponds to a low-level hardware or software component. The initial risk attribute value of each vertex is standardized from its inherent confidence value, mapping the inherent confidence values of different components to a 0-1 range and then performing a reverse mapping (the lower the inherent confidence value, the higher the initial risk attribute value). Simultaneously, the risk weight attribute value of each directed edge in the directed graph, which identifies dependencies, calls, or data flow relationships between components, is determined by standardizing the connection risk value of the corresponding component interaction link and also mapping it to a 0-1 range. Subsequently, based on the association relationships between nodes and edges in the directed graph, the initial risk attribute value of each vertex is weighted and calculated with the risk weight attribute values of all outgoing edges from that vertex. For example, using a weighting rule of 60% for node risk and 40% for edge risk, an aggregated risk assessment value is obtained for each component and its associated connections. Finally, all aggregated risk assessment values are integrated to form a topology assessment value that comprehensively reflects the overall risk status of the component topology.
[0039] In one possible implementation, step S230 further includes:
[0040] Step S231: Convert the component topology into a directed graph structure, where each vertex in the vertex set corresponds to a component, and each directed edge in the edge set identifies the dependency, call, and data flow relationships between components.
[0041] Step S232: Based on the directed graph structure, assign an initial risk attribute to each vertex. The value of the initial risk attribute is obtained by standardization and inverse mapping of the inherent confidence value. At the same time, assign an edge risk weight attribute to each directed edge. The value of the risk weight attribute is obtained by standardization of the connection risk value.
[0042] Step S233: Based on the node connection relationship of the directed graph structure, perform weighted aggregation of the corresponding values of the number of nodes and the number of outgoing edges of the nodes, and project the aggregated risk assessment value into the components of the topology relationship to obtain the topology assessment value.
[0043] Specifically, the first step is to transform the component topology into a directed graph structure. Based on the underlying hardware and software components and their relationships identified in the component topology, a directed graph model is constructed: each identified and decomposed component is mapped to a vertex in the directed graph vertex set, ensuring that each component has a unique corresponding vertex in the graph; at the same time, the dependencies, calling logic, and data flow relationships between components are transformed into directed edges in the directed graph edge set. The initiating and receiving components of the relationship are clearly identified through the starting and ending vertices of the directed edges, so that the various relationships between components are clearly presented in the directed graph.
[0044] Based on the constructed directed graph structure, for each vertex of a corresponding component in the graph, the inherent confidence value of the components associated with that vertex is extracted. The inherent confidence values are processed according to a pre-defined standardization algorithm, mapping the numerical ranges of the inherent confidence values of different components to the same interval. Then, a reverse mapping rule is used to transform the standardized values, converting the inherent confidence values, which originally represented the safety and reliability of the components, into initial risk attribute values that reflect the risk level of the components themselves. These values are then assigned to the corresponding vertices. Simultaneously, for each directed edge in the directed graph that identifies the relationship between components, the connection risk value of the corresponding component interaction link is extracted. The connection risk value is processed using the same standardization algorithm as the inherent confidence value, mapping it to a unified numerical interval to form an edge risk weight attribute value. Finally, this value is assigned to the corresponding directed edge, thus completing the comprehensive assignment of initial risk attributes to vertices and risk weight attributes to edges in the directed graph.
[0045] The connection relationships between nodes in the directed graph are analyzed to determine the number of outgoing edges associated with each node (vertex), i.e., the number of interaction links initiated by the component. Then, according to a preset weighting rule, the initial risk attribute value of each node is calculated with the risk weight attribute values of all outgoing edges of that node. For example, the risk values of a single node and its associated outgoing edges are weighted and summed at a ratio of 60% for the initial risk attribute value of the node and 40% for the average risk weight attribute value of all outgoing edges, to obtain the aggregated risk assessment value corresponding to the node. Finally, the aggregated risk assessment value of each node is back-projected onto the corresponding component and component relationships in the component topology, and the aggregated risk assessment values of all components are integrated to form a topology assessment value that can comprehensively reflect the overall risk status of the component topology.
[0046] In one possible implementation, step S300 further includes:
[0047] Step S310: Extract component attributes and component aggregate risk evaluation values according to the topology evaluation values, and perform risk gradient evaluation on the aggregate risk evaluation values using a preset risk threshold range to obtain an initial risk gradient.
[0048] Step S320: Configure gradient control coefficients based on the component attributes in the context of the adapted webpage.
[0049] Step S330: Use the gradient adjustment coefficient to perform gradient correction on the initial risk gradient, determine the component risk gradient, and sequentially integrate all component risk gradients to construct the multi-gradient risk block.
[0050] Specifically, referring to the previously generated topology evaluation values, the component attributes and aggregated risk evaluation values corresponding to each component are extracted from the component topology structure. The component attributes cover key information such as the component's functional type, its level within the web application, and its business role. Then, a pre-set risk threshold range is invoked, which has been divided into different risk level ranges, each with a clearly defined risk level. The aggregated risk evaluation value of each component is compared one by one with the pre-set risk threshold range to determine which risk level range the aggregated risk evaluation value falls into, thereby determining the corresponding risk level for each component. This completes the risk gradient evaluation of all components, ultimately obtaining the initial risk gradient for each component.
[0051] The process involves identifying the specific business scenarios carried by the adapted web pages and outlining the scenario processing pipeline. This pipeline consists of components that execute tasks in an orderly manner according to business logic, clearly showing the collaborative order and functional connections of the components in scenario processing. Next, for each component in the pipeline, the actual role of the component in scenario operation is analyzed in conjunction with the scenario processing context and response relationship of the adapted web page. This determines whether the component directly participates in key aspects affecting the normal operation of the scenario, such as core business data processing, user authentication, and execution of critical instructions, or only undertakes non-core functions such as logging and auxiliary page display. Based on this, the scenario importance of each component is evaluated, and a corresponding importance evaluation value is obtained. Finally, a predefined rule base is invoked to match the corresponding gradient adjustment coefficient based on the component's importance evaluation value. Components with higher importance evaluation values receive larger gradient adjustment coefficients to ensure that subsequent risk gradient correction more accurately reflects the risk impact weight of the component in the scenario.
[0052] The configured gradient control coefficients of each component are correlated with the initial risk gradient of the corresponding component. Using a preset gradient correction formula, the corrected risk gradient of a component is calculated as: Component corrected risk gradient = Initial risk gradient value × Gradient control coefficient. The initial risk gradient of each component is adjusted, and the corrected result is the component risk gradient that better reflects the actual risk impact of the scenario. Subsequently, according to the functional association logic and topological position of components in the domestically developed web application system, all component risk gradients are sequentially integrated. For example, according to the execution order of components in the business processing pipeline, or according to the functional hierarchy of the core layer, support layer, and auxiliary layer to which the component belongs, component risk gradients of different risk levels are classified and integrated to form a structured set of risk blocks. Finally, a multi-gradient risk block that can clearly distinguish the risk distribution and level differences of components is constructed.
[0053] In one possible implementation, step S300 further includes:
[0054] Step S340: Based on the web application scenario, collect risk event samples throughout the entire usage cycle of the scenario and construct a risk event sample set.
[0055] Step S350: Using the risk samples of each periodic node in the risk event sample set, perform risk adversarial simulation on the multi-gradient risk blocks in sequence, identify risk features based on the risk adversarial results, and obtain the risk features.
[0056] Specifically, the first step is to clarify the specific application scenarios of the web pages adapted for domestic IT innovation, such as government data query scenarios and enterprise internal office scenarios. The complete usage cycle of these scenarios, from user access and business processing to session termination, is then analyzed, identifying key usage cycle nodes such as initial access, functional interaction, data transmission, session maintenance, and session destruction. Subsequently, risk monitoring tools are used to proactively simulate or passively capture potential risk events at each cycle node. Examples include unauthorized IP login attempts during the initial access phase, malicious parameter injection during the functional interaction phase, sensitive information theft during data transmission, session hijacking during the session maintenance phase, and exploitation of residual sessions during the session destruction phase. Simultaneously, the attack method, triggering conditions, impact scope, and original data for each risk event are recorded. These collected risk events are then categorized and organized according to usage cycle nodes, ultimately constructing a risk event sample set covering the entire lifecycle of the scenario.
[0057] Risk samples corresponding to each usage cycle node are extracted from the risk event sample set. These risk samples are then applied sequentially to the constructed multi-tiered risk blocks according to the chronological order of web application usage cycles to conduct risk adversarial simulation tests. During the simulation, the response status, attack path propagation range, and attack success probability of different risk blocks in the face of various risk sample attacks are continuously monitored, and these key data are recorded in real time to form adversarial monitoring data. After the risk sample adversarial simulation of all cycle nodes is completed, the collected adversarial monitoring data is systematically analyzed. From this, quantitative indicators are extracted, including the successful attack paths within each risk block and the sequence of components they pass through, the risk transmission relationship between different risk blocks, and the breakthrough time, success frequency, and impact degree of various attack samples within the blocks. This extracted information is then integrated to ultimately obtain risk characteristics that accurately reflect the risk patterns and threat characteristics of the multi-tiered risk blocks.
[0058] In one possible implementation, step S320 further includes:
[0059] Step S321: Identify the business scenario carried by the adapted webpage and construct a processing pipeline, which consists of components executed in an orderly manner.
[0060] Step S322: For each component in the processing pipeline, perform an importance evaluation in the scene context to obtain an importance evaluation value.
[0061] Step S323: Using a predefined rule base, match the corresponding gradient control coefficient based on the importance evaluation value.
[0062] Specifically, by analyzing the functional positioning, user operation flow, and business objectives of the adapted webpage, the specific business scenarios carried by the webpage are identified, such as online transaction scenarios, government information query scenarios, and enterprise internal data management scenarios. Subsequently, based on the complete processing logic of this business scenario, the key components required to implement the business functions are identified, and these components are linked together to form a processing pipeline according to the execution sequence of the business process. Each component in this processing pipeline executes a specific task in an orderly manner according to business requirements. The components are connected through pre-defined dependencies, calling logic, and data flow paths to jointly support the normal operation of the business scenario. For example, the processing pipeline for the online transaction scenario may sequentially include a user authentication component, a product order generation component, a payment interface component, and a transaction data storage component, thereby ensuring that the business process proceeds efficiently and orderly through component collaboration.
[0063] A dimensional grading quantification algorithm is adopted to divide the three evaluation dimensions of business criticality, data influence, and path inevitability into five levels. The higher the score, the stronger the importance. Clear judgment criteria are set for each level. Then, a weighted summation algorithm is used to assign weights to the three dimensions according to the characteristics of the business scenario. For example, in the financial payment scenario, the weight of business criticality is 40%, the weight of data influence is 40%, and the weight of path inevitability is 20%. The importance evaluation value of each component is calculated by the formula: importance evaluation value = business criticality score × 40% + data influence score × 40% + path inevitability score × 20%, thus obtaining the component importance evaluation value and realizing the accurate quantification of the importance of different components in the scenario context.
[0064] A predefined rule base is used to match gradient control coefficients. This rule base pre-defines the correspondence between importance evaluation values and gradient control coefficients, following the principle of high adjustment for important components, no adjustment for low-importance components, and minimal adjustment for intermediate-importance components. For example, the rule specifies that if a component's importance evaluation value is in the highest range (e.g., 8-10 points), the corresponding gradient control coefficient is 1.5, suitable for the core accounting database component with the highest data influence in online payment scenarios; if the importance evaluation value is in the middle range (e.g., 4-7 points), the corresponding gradient control coefficient is 1.2, suitable for order generation components that handle general business data; and if the importance evaluation value is in the lowest range (e.g., 0-3 points), the corresponding gradient control coefficient is 1.0, suitable for transaction record query components that only perform auxiliary functions. If a component participates in multiple business scenarios simultaneously, such as a risk control service component participating in both online payment and large-amount transfer scenarios, the maximum gradient control coefficient matched by the component in different scenarios is taken as the final coefficient. This ensures that the coefficient fully reflects the highest risk impact weight of the component in each scenario, ultimately completing the configuration of gradient control coefficients for all components.
[0065] In one possible implementation, step S350 further includes:
[0066] Step S351: Record the adversarial monitoring data by monitoring the response status, attack path spread range and attack success probability of different blocks when facing sample attacks;
[0067] Step S352: Based on the adversarial monitoring data, extract the successful attack paths and component sequences within each risk block, the risk transmission relationship between different risk blocks, the breakthrough time, success frequency, and impact of various attack samples in the blocks, and obtain the risk characteristics.
[0068] Specifically, during the risk adversarial simulation of multi-tiered risk blocks using risk event samples, a real-time monitoring system is activated to comprehensively track the dynamic performance of different risk blocks. The monitoring content mainly includes three core dimensions: first, the block's response status, such as whether a security alert is triggered when the block is attacked by a sample, whether functional lag or paralysis occurs, and whether abnormal error codes are returned; second, the attack path's diffusion range, i.e., whether the attack sample spreads from the initial attack block to other related blocks, the number of blocks involved in the diffusion, and the node distribution of the diffusion path; and third, the attack success probability, calculated by statistically analyzing the percentage of successful breaches of the block's defenses in multiple attack attempts by the attack sample on the same block. The monitoring system uses timestamps as indexes to record real-time data from the above three dimensions by block category, forming a structured adversarial monitoring dataset.
[0069] The collected adversarial monitoring data undergoes preprocessing, including data cleaning to remove invalid data and outliers, ensuring data accuracy and integrity. Key information is then extracted from the preprocessed dataset: First, the successful attack paths within each risk block and the sequence of components they traverse, identifying the order of component nodes a successful attack sample passes through to pinpoint vulnerable component links within the block. Second, the risk transmission relationships between different risk blocks, analyzing how attacks on high-risk blocks trigger security issues in low-risk blocks through component dependencies or data flow, determining the risk transmission patterns between blocks. Third, quantitative indicators for various attack samples within the blocks, including the average breach time required for an attack sample to breach block defenses, the frequency of successful attacks under the same conditions, and the impact on block functionality and data after a successful attack, such as specific values for data leakage and duration of functional paralysis. These extracted path information, transmission patterns, and quantitative indicators are integrated to ultimately form a risk profile that comprehensively reflects the security vulnerabilities and threat characteristics of multi-tiered risk blocks.
[0070] Example 2, Figure 2 This is a schematic diagram of the structure of an electronic device provided in Embodiment 2 of this application, and a block diagram of an exemplary electronic device suitable for implementing the embodiments of the present invention. Figure 2The electronic device shown is merely an example and should not be construed as limiting the functionality or scope of the embodiments of the present invention. Figure 2 As shown, the electronic device includes a processor 21, a memory 22, an input device 23, and an output device 24; the number of processors 21 in the electronic device can be one or more. Figure 2 Taking a processor 21 as an example, the processor 21, memory 22, input device 23, and output device 24 in an electronic device can be connected via a bus or other means. Figure 2 Taking the example of a connection between China and Israel via a bus.
[0071] In embodiment three, the memory 22, as a computer-readable storage medium, can be used to store software programs, computer-executable programs, and modules, such as the program instructions / modules corresponding to a webpage security processing method based on domestic IT innovation in this embodiment. The processor 21 executes various functional applications and data processing of the computer device by running the software programs, instructions, and modules stored in the memory 22, thereby realizing the aforementioned webpage security processing method based on domestic IT innovation.
[0072] It should be noted that the order of the embodiments described above is merely for descriptive purposes and does not represent the superiority or inferiority of the embodiments. Furthermore, the above description focuses on specific embodiments of this specification. Additionally, the processes depicted in the accompanying drawings do not necessarily require a specific or sequential order to achieve the desired results. In some implementations, multitasking and parallel processing are possible or may be advantageous.
[0073] The above description is only a preferred embodiment of this application and is not intended to limit this application. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the protection scope of this application.
[0074] This specification and accompanying drawings are merely illustrative examples of this application and are intended to cover any and all modifications, variations, combinations, or equivalents within the scope of this application. Clearly, those skilled in the art can make various alterations and modifications to this application without departing from its scope. Therefore, if such modifications and variations fall within the scope of this application and its equivalents, this application intends to include such modifications and variations.
Claims
1. A webpage security processing method based on domestic IT innovation adaptation, characterized in that, include: Decompose the web pages adapted for domestic IT innovation into components and establish a component topology structure; Based on the component topology, component confidence evaluation and topology connection risk evaluation are performed to obtain topology evaluation values; Based on the topology evaluation value, a multi-gradient risk block is constructed, and risk adversarial identification is performed on the multi-gradient risk block using risk event samples to obtain risk characteristics; Based on the aforementioned risk characteristics, security compensation processing is performed, and the obtained compensation strategy is used to strengthen the security of the webpage. The step of constructing multi-gradient risk blocks based on the topology evaluation value includes: Component attributes and aggregate risk assessment values of components are extracted according to the topology evaluation values. The aggregate risk assessment values are then evaluated using a pre-set risk threshold range to obtain an initial risk gradient. Configure gradient control coefficients based on the component attributes and the context response relationship in the adapted webpage scenario. The initial risk gradient is corrected using the gradient control coefficient to determine the component risk gradient. All component risk gradients are then sequentially integrated to construct the multi-gradient risk block. The step of configuring gradient adjustment coefficients based on the component attributes in the context of adapting the webpage and processing the response relationship includes: Identify the business scenario carried by the adapted webpage and construct a processing pipeline, which consists of components executed in an orderly manner; For each component in the processing pipeline, an importance evaluation is performed in the scene context to obtain an importance evaluation value; Using a predefined rule base, the corresponding gradient control coefficient is matched based on the importance evaluation value.
2. The webpage security processing method based on domestic IT innovation adaptation according to claim 1, characterized in that, The webpages adapted for domestic IT innovation are decomposed into components, and a component topology is established, including: Identify and decompose the underlying hardware and software components on which web applications running in the domestic IT innovation environment depend. The components include at least the domestic IT innovation CPU, operating system, database, middleware, and web application. Analyze the dependencies, calls, and data flow relationships between components to construct the component topology.
3. The webpage security processing method based on domestic IT innovation adaptation according to claim 1, characterized in that, Based on the component topology, component confidence evaluation and topology connectivity risk evaluation are performed to obtain topology evaluation values, including: Static confidence evaluation of components is performed based on component source, number and level of known vulnerabilities, and security configuration strength to obtain inherent confidence values; Based on the component topology, a dynamic risk assessment is performed according to the strength of the inter-component communication protocol, data transmission sensitivity, access path complexity, and compatibility to obtain a connection risk value. The topology evaluation value is generated by aggregating the inherent confidence value and the connectivity risk value.
4. The webpage security processing method based on domestic IT innovation adaptation according to claim 3, characterized in that, Based on the inherent confidence value and the connectivity risk value, topology risk aggregation is performed to generate the topology evaluation value, including: The component topology is converted into a directed graph structure, where each vertex in the vertex set corresponds to a component, and each directed edge in the edge set identifies the dependency, call, and data flow relationships between components. Based on the directed graph structure, each vertex is assigned an initial risk attribute, the value of which is obtained by standardization and inverse mapping of the inherent confidence value. At the same time, each directed edge is assigned an edge risk weight attribute, the value of which is obtained by standardization of the connection risk value. Based on the node connection relationship in the directed graph structure, the initial risk attribute value of each node is weighted and summed with the risk weight attribute values of all outgoing edges of the node to obtain the aggregated risk assessment value of the node. The aggregated risk assessment value of each node is then back-projected onto the corresponding component and component relationship in the component topology, and the aggregated risk assessment values of all components are integrated to form the topology assessment value.
5. A webpage security processing method based on domestic IT innovation adaptation according to claim 1, characterized in that, Risk adversarial identification is performed on the multi-gradient risk blocks using risk event samples to obtain risk characteristics, including: Based on web application scenarios, risk event samples are collected throughout the entire usage cycle of the scenario, and a risk event sample set is constructed. Using the risk event samples from each usage period node in the risk event sample set, risk adversarial simulations are performed on multi-gradient risk blocks in sequence. Based on the risk adversarial results, risk features are identified to obtain the risk features.
6. A webpage security processing method based on domestic IT innovation adaptation according to claim 5, characterized in that, Based on the risk mitigation results, risk characteristics are identified to obtain the risk characteristics, including: By monitoring the response status, attack path spread range, and attack success probability of different risk blocks when facing sample attacks, the adversarial monitoring data is recorded. Based on the adversarial monitoring data, the successful attack paths and their component sequences within each risk block, the risk transmission relationship between different risk blocks, the breakthrough time, success frequency, and impact of various attack samples in the blocks are extracted to obtain the aforementioned risk characteristics.
7. An electronic device, characterized in that, The electronic device includes: Memory, used to store executable instructions; The processor, when executing executable instructions stored in the memory, implements the webpage security processing method based on domestic IT innovation adaptation as described in any one of claims 1-6.
8. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the program is executed by the processor, it implements a web page security processing method based on domestic IT innovation adaptation as described in any one of claims 1-6.