A server data security reinforcement method and system for vulnerability dynamic monitoring
By setting data classification rules and utilizing pre-trained risk analysis models in the server data security hardening solution, the hardening method is dynamically adjusted, which solves the problems of ineffective early warning and low protection efficiency in existing technologies, and achieves accurate risk assessment and efficient hardening operation, adapting to the dynamic changes of server data.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- ZHONGJING TECH (GUANGZHOU) CO LTD
- Filing Date
- 2026-02-05
- Publication Date
- 2026-07-07
AI Technical Summary
Existing server data security hardening solutions lack intelligent hierarchical monitoring, risk prediction and flexible layered hardening capabilities. They cannot adapt to the differences in the sensitivity of the data carried by the server, resulting in ineffective early warning and low protection efficiency. They cannot predict vulnerability exploitation trends in advance, and the hardening methods lack flexibility, making it difficult to balance data security and business availability.
By setting data classification rules, combining multi-source security data and real-time operational data, and using pre-trained risk analysis models to determine risks, the hardening methods are dynamically adjusted to form a closed loop of monitoring-decision-hardening-verification-optimization, enabling targeted hardening operations and iterative optimization.
It enables precise risk assessment and response based on differences in data sensitivity, improving protection efficiency and accuracy, ensuring timely protection of high-risk data, dynamically adapting to risk changes, and balancing data security with business operations.
Smart Images

Figure CN121637517B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of server data protection technology, specifically to a method and system for dynamic vulnerability monitoring and server data security hardening. Background Technology
[0002] As enterprises expand their digital businesses, servers, as the storage and processing carriers of core data, increasingly hold more valuable user privacy data and core business data. Server vulnerabilities (such as system version vulnerabilities, application code vulnerabilities, and configuration vulnerabilities) have become a core risk factor for data leakage, tampering, and unavailability. Currently, mainstream server data security hardening solutions in the industry have upgraded from the traditional "periodic static vulnerability scanning + indiscriminate hardening" to a technical solution of "dynamic vulnerability monitoring + targeted hardening." By collecting server system operation, application access, and data operation data in real time, combined with the updated information from official vulnerability databases (such as CVE, CNNVD, and CNVD), corresponding hardening actions are triggered, thereby shortening the time for vulnerability risk exposure.
[0003] Existing technologies still have significant shortcomings and are unable to meet the high requirements of server data security: their dynamic monitoring and early warning rules are mostly generalized and fixed settings, failing to be adapted to the different sensitivity of the data carried by the server, and lacking behavioral learning capabilities. They cannot distinguish the risk response priorities of core sensitive data and ordinary data, nor can they identify normal operations by maintenance / business personnel, easily generating a large number of invalid warnings and consuming maintenance resources. At the same time, the monitoring only synchronizes the disclosed vulnerability information in the official vulnerability database, without integrating vulnerability exploitation status data released by publicly available industry security organizations. It cannot predict the trend of large-scale exploitation of vulnerabilities in advance, and can only respond passively after an attack occurs, lacking the ability to provide proactive protection against new vulnerabilities without official patches. In addition, the hardening methods lack flexibility, only providing permanent hardening modes such as installing patches and modifying code. In scenarios where there are no official security patches and business systems cannot be shut down, it is difficult to balance data security and business availability. Moreover, the matching of monitoring results and hardening strategies relies on manual judgment, and cannot adaptively select hardening methods according to the vulnerability risk level and impact scope, resulting in low protection efficiency and accuracy.
[0004] Therefore, there is an urgent need for a server data security hardening solution with intelligent hierarchical monitoring, risk prediction, and flexible layered hardening capabilities to make up for the shortcomings of existing technologies and improve the efficiency and reliability of server data security protection. Summary of the Invention
[0005] To overcome the shortcomings of existing technologies, this invention provides a method and system for dynamic vulnerability monitoring and server data security hardening, in order to solve the problems in existing technologies.
[0006] One embodiment of the present invention provides a method for server data security hardening through dynamic vulnerability monitoring, comprising the following steps:
[0007] S10. Set data classification rules according to the data attributes carried by the server, and synchronously acquire multi-source security data and real-time operation data of the server based on the preset data synchronization rules;
[0008] S20. Input multi-source security data and real-time operational data into the pre-trained risk analysis model, adjust the risk judgment weights based on the protection priority of the data classification rules, and output the risk level and risk development trend.
[0009] S30. Based on the risk level and risk development trend, and combined with the protection priority of the data classification rules, determine the type of reinforcement method and execution priority of the corresponding classification data;
[0010] S40. According to the execution priority, use the determined reinforcement method type to perform security reinforcement operations on the corresponding graded data carried by the server;
[0011] S50. For the corresponding graded data, verify the effectiveness of the security hardening operations performed to protect against the corresponding risk level and risk development trend, and generate hardening verification results.
[0012] S60. Based on the risk level and risk development trend of the corresponding graded data, the type of reinforcement method, the execution priority and the reinforcement verification results, dynamically adjust the training parameters of the data grading rules, data synchronization rules and / or risk analysis model to complete iterative optimization.
[0013] This application also relates to a server data security hardening system for dynamic vulnerability monitoring, including:
[0014] The data acquisition module is used to set data classification rules according to the data attributes carried by the server, and synchronously acquire multi-source security data and real-time operation data of the server based on preset data synchronization rules.
[0015] The risk analysis module is used to input multi-source security data and real-time operational data into a pre-trained risk analysis model, adjust the risk judgment weights based on the protection priority of data classification rules, and output the risk level and risk development trend.
[0016] The execution determination module is used to determine the type of reinforcement method and execution priority for corresponding data based on the risk level and risk development trend, combined with the protection priority of the data classification rules.
[0017] The hardening execution module is used to perform security hardening operations on the corresponding level of data carried by the server according to the execution priority and the determined hardening method type.
[0018] The hardening verification module is used to verify the effectiveness of the security hardening operations performed on the corresponding risk level and risk development trend for the corresponding graded data, and generate hardening verification results.
[0019] The iterative optimization module is used to dynamically adjust the training parameters of data classification rules, data synchronization rules, and / or risk analysis models based on the risk level and risk development trend of the corresponding graded data, the type of reinforcement method, the execution priority, and the reinforcement verification results, so as to complete the iterative optimization.
[0020] This application also relates to a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the steps of the above-described method for dynamic vulnerability monitoring and server data security hardening.
[0021] This application also relates to a computer-readable storage medium storing a computer program that, when executed by a processor, implements the steps of the above-described method for dynamic vulnerability monitoring and server data security hardening.
[0022] The server data security hardening method and system for dynamic vulnerability monitoring provided in the above embodiments have the following beneficial effects:
[0023] This invention establishes data grading rules based on the data attributes carried by the server, and simultaneously acquires multi-source security data and real-time server operation data according to preset data synchronization rules, providing comprehensive and data-characteristic-adaptive foundational support for risk monitoring. The two types of data are then input into a pre-trained risk analysis model, and risk judgment weights are adjusted based on the protection priority of the grading rules. This achieves tiered risk assessment tailored to differences in data sensitivity, effectively distinguishing the risk response priority between core sensitive data and ordinary data, and improving the accuracy of risk level and development trend output. Subsequently, based on the risk assessment results and protection priorities, the corresponding hardening method and execution are automatically determined for the tiered data. Prioritization replaces the manual judgment and matching of hardening strategies, significantly improving the efficiency and targeting of protection decisions; and security hardening operations are executed according to priority to ensure that high-risk data is protected in a timely manner; by verifying the effectiveness of hardening and generating verification results, data classification rules, data synchronization rules and model training parameters are dynamically adjusted in combination with risk-related parameters and hardening information, forming a complete closed loop of "monitoring-decision-hardening-verification-optimization", continuously optimizing the protection logic, ensuring the targeting and effectiveness of data security protection, adapting to the dynamic changes of server data and risk situation, balancing the coordination between data security and business operations, and avoiding ineffective protection and waste of resources. Attached Figure Description
[0024] Figure 1A flowchart illustrating a server data security hardening method for dynamic vulnerability monitoring provided in an embodiment of the present invention;
[0025] Figure 2 This is a schematic block diagram of a computer device provided in an embodiment of the present invention. Detailed Implementation
[0026] The technical solutions in the embodiments of the present invention will now be clearly and completely described in conjunction with the accompanying drawings.
[0027] Reference Figure 1 One embodiment of the present invention provides a server data security hardening method for dynamic vulnerability monitoring, comprising:
[0028] S10. Set data classification rules according to the data attributes carried by the server, and synchronously acquire multi-source security data and real-time operation data of the server based on the preset data synchronization rules;
[0029] S20. Input multi-source security data and real-time operational data into the pre-trained risk analysis model, adjust the risk judgment weights based on the protection priority of the data classification rules, and output the risk level and risk development trend.
[0030] S30. Based on the risk level and risk development trend, and combined with the protection priority of the data classification rules, determine the type of reinforcement method and execution priority of the corresponding classification data;
[0031] S40. According to the execution priority, use the determined reinforcement method type to perform security reinforcement operations on the corresponding graded data carried by the server;
[0032] S50. For the corresponding graded data, verify the effectiveness of the security hardening operations performed to protect against the corresponding risk level and risk development trend, and generate hardening verification results.
[0033] S60. Based on the risk level and risk development trend of the corresponding graded data, the type of reinforcement method, the execution priority and the reinforcement verification results, dynamically adjust the training parameters of the data grading rules, data synchronization rules and / or risk analysis model to complete iterative optimization.
[0034] In this embodiment, the core of step S10 is to complete the basic preparation and data collection for security hardening. Specifically, it involves: First, based on the actual attributes of the data carried by the server (such as data access permission requirements, business importance, and the scope of impact of leakage), setting data classification rules adapted to the characteristics of the server data attributes. These rules provide a basis for subsequent differentiated risk assessment and hardening decisions by clarifying the data classification logic and establishing the corresponding relationship between data levels and protection priorities. Simultaneously, based on preset data synchronization rules, multi-source security data and real-time server operation data are collected synchronously. The preset data synchronization rules are a set of pre-configured synchronization trigger logic, data scope limitations, and transmission security requirements. Specifically, the synchronization trigger logic supports timed synchronization (such as regular synchronization performed every hour) and triggered synchronization (such as service-based synchronization). The system performs real-time synchronization when abnormal traffic or data access is detected. The data scope is limited to the sources and types of secure data to be synchronized. Transmission security requires the use of encrypted transmission protocols to complete data synchronization and prevent data leakage during the process. The collected multi-source security data includes, but is not limited to, vulnerability status data released by industry security organizations, data from the CNVD National Information Security Vulnerability Sharing Platform, CVE general vulnerability disclosure data, and threat perception data from network security monitoring platforms. The collected real-time server operation data includes, but is not limited to, data access operation logs, system resource usage logs, process running status logs, and data transmission traffic logs. Through comprehensive and standardized data collection, subsequent risk analysis can be conducted based on complete and real-time data sources, laying the foundation for accurately identifying server data security risks.
[0035] As needed, step S10, after synchronously collecting multi-source security data and server real-time operation data, also includes preprocessing operations such as filtering and marking the multi-source security data and anomaly labeling the server real-time operation data; specifically, the filtering and marking of multi-source security data involves: extracting situational information related to vulnerability exploitation dynamics from the collected multi-source security data (including vulnerability situational data released by industry security organizations, data from the CNVD National Information Security Vulnerability Sharing Platform, CVE general vulnerability disclosure data, threat perception data from network security monitoring platforms, etc.) (this type of information is real-time dynamic data of vulnerabilities being attempted to be exploited, compiled and published by industry security organizations or monitoring platforms), and marking those with large-scale... Vulnerabilities exhibiting large-scale exploitation trends and newly added vulnerabilities without official patches are identified. The criteria for "large-scale exploitation trends" are determined through a comprehensive analysis of multiple dimensions, including the month-on-month increase in exploitation frequency after vulnerability disclosure (e.g., an increase of over 50% in the past 30 days), high-risk warning levels issued by industry security organizations, and the coverage of publicly disseminated exploitation tools. Specific criteria and thresholds can be flexibly adjusted according to actual needs. Furthermore, based on the protection priority of the corresponding tiered data, differentiated risk weighting is assigned to the marked vulnerabilities. For example, vulnerabilities with a month-on-month increase in exploitation frequency exceeding 50% in the past 30 days and zero-day vulnerabilities without official patches are prioritized for marking, while vulnerabilities corresponding to core sensitive data are assigned a 20%-50% risk weighting. The risk weighting is applied by assigning a 10%-20% weight to marked vulnerabilities corresponding to ordinary data, thereby obtaining optimized multi-source security data. This provides differentiated vulnerability risk references for subsequent risk analysis models to determine risk levels and risk development trends, improving the accuracy of risk assessment. Anomaly labeling of real-time server operation data specifically involves: based on historical server operation logs and historical business operation logs, combined with the attribute characteristics of pre-defined corresponding data levels, constructing normal operation behavior baselines for different levels of data. For example, the normal operation baseline for core sensitive data can be set to "only specify maintenance personnel to perform data backup and maintenance operations within a preset maintenance period," while the baseline for ordinary business data can be set to... The normal operation baseline for data can be set to "only for business department personnel to perform query and routine modification operations during working hours". The real-time server operation data collected in real time is matched one by one with the normal operation behavior baseline of the corresponding level of data. Normal operation-related data that completely matches the baseline is removed. Operation data that does not match successfully (such as access requests initiated by unauthorized personnel, operation behaviors outside the preset time period, data transmission behaviors that exceed the normal range, etc.) are marked with an anomaly mark, and the corresponding data level information is associated with it. In this way, real-time operation data with anomaly marks is obtained, so that subsequent risk analysis can be carried out directly on the abnormal data, reducing the analysis of invalid data and improving the targeting and efficiency of risk identification.
[0036] The core of step S20 is to complete the security risk assessment of server data. Specifically, the multi-source security data (or multi-source security data after optional preprocessing and optimization) collected in step S10 and the real-time server operation data (or real-time operation data after optional anomaly labeling) are input into a pre-trained risk analysis model. This pre-trained risk analysis model is an analysis model pre-trained for server data security risk scenarios, which can extract and comprehensively determine risk-related features. During the risk determination process, the model will call the data classification rules set in step S10 and adjust the weight of risk determination based on the protection priority of the corresponding classification data. For example, the higher the protection priority of the classification data, the higher the weight of its corresponding operation anomaly records and associated vulnerability information in the risk determination will be, thereby achieving differentiated risk determination adapted to data priority. Finally, the model outputs the risk level and risk development trend of the corresponding classification data. The risk level is used to characterize the severity of the security risk faced by the current classification data, and the risk development trend is used to characterize the possibility and speed of the subsequent spread and deterioration of the risk, providing a direct and accurate risk reference for subsequent reinforcement decisions.
[0037] The core of step S30 is to complete the targeted reinforcement decision-making. As a key link connecting risk assessment and actual reinforcement operation, it specifically involves: combining the risk level and risk development trend of the corresponding graded data output from the previous steps, and the protection priority of the data grading rules set in step S10, constructing a multi-dimensional comprehensive decision-making basis. By matching the preset reinforcement strategy adaptation logic, the reinforcement method type and execution priority corresponding to each type of graded data are determined. Among them, the reinforcement method type includes two categories: temporary reinforcement operation and permanent reinforcement method. For example, core data with a high risk level and a rapidly deteriorating trend will be matched with a combination of temporary reinforcement and permanent reinforcement, while ordinary data with a low risk level and a slow development trend can be matched with a single permanent reinforcement method. The execution priority is determined according to the comprehensive sorting logic of "protection priority + risk severity + trend urgency". For example, core sensitive data with the highest protection priority, if it is also at a high risk level and the risk spreads rapidly, will have its execution priority set to the highest, while ordinary data with a lower protection priority, even if it has low risk, will have a lower execution priority, ensuring that the high-risk hidden dangers of core sensitive data can be dealt with first to avoid risk spread. This step transforms abstract risk assessment results into specific and actionable reinforcement decisions, ensuring the targetedness and adaptability of reinforcement measures. It also avoids disorder when multiple types of data need reinforcement at the same time by clarifying execution priorities, providing clear guidance for subsequent orderly and efficient security reinforcement operations.
[0038] The core of step S40 is to translate the hardening decision into actual server data security protection operations. Specifically, this involves strictly following the execution priority determined in step S30, prioritizing the handling of security risks in the highest-priority data category to ensure timely protection of high-risk core data. During execution, the corresponding hardening method type determined in step S30 is used. This type of hardening method is adapted to the risk characteristics and data attributes of the corresponding data category. For example, for high-risk core sensitive data with the highest execution priority, temporary hardening methods (such as temporarily restricting external network access permissions or suspending unnecessary data transmission channels) are first used to quickly suppress the spread and deterioration of risks. Then, permanent hardening methods (such as fixing corresponding security vulnerabilities and re-organizing and strictly configuring the data's access permission system) are used to completely eliminate the risks. For low-risk ordinary business data with lower execution priority, permanent hardening methods (such as batch updating server security configuration rules and optimizing the data's regular access verification mechanism) are directly applied. All hardening operations are only performed on server data of the corresponding category to avoid interfering with the normal business operations of other data categories. Through orderly hardening operations, the security risks of the corresponding data are directly reduced, achieving the desired security protection effect.
[0039] The core of step S50 is to conduct a closed-loop verification of the actual protective effect of the safety reinforcement operation to ensure that the risks are effectively controlled. Specifically, for the corresponding graded data of the reinforcement completed in step S40, combined with the original risk level and risk development trend output in step S20, the effectiveness verification is carried out using a three-dimensional verification method of "risk indicator comparison + simulated scenario test + actual operation monitoring". First, risk indicators are compared. Real-time operational data of the corresponding data after hardening (such as vulnerability status, frequency of abnormal access, and data transmission security level) is collected and quantitatively compared with the baseline risk indicators before hardening. For example, if the number of high-risk vulnerabilities in the core data before hardening is 3 and the average number of abnormal accesses per day is 15, after hardening, it is necessary to verify whether these indicators have dropped to within the security threshold (such as zeroing the number of vulnerabilities and ≤2 abnormal accesses per day). Second, simulated scenario tests are conducted to simulate security threat scenarios consistent with the original risk type (such as simulating attack attempts against the target vulnerability and unauthorized access requests from unauthorized personnel) to verify whether the hardening measures can effectively intercept or resist such threats. At the same time, the actual operational status of the data after hardening is continuously monitored to observe whether the risk development trend changes from "rapid deterioration" to "stable and controllable" or "gradually receding". Based on the results of the above three-dimensional verification, a standardized reinforcement verification result is generated. This result must clearly include three core contents: First, the effectiveness judgment conclusion (such as "fully effective", "partially effective", "ineffective"). Fully effective means that the risk level has been reduced to a safe range and the trend is stable after reinforcement. Partially effective means that the core risk has been controlled but there are still minor hidden dangers. Ineffective means that the risk indicators have not improved significantly or continue to deteriorate. Second, specific verification data support (such as a comparison table of indicators before and after reinforcement, the interception success rate of simulation tests, and the risk trend curve data of actual operation). Third, a description of residual hidden dangers (if any), which provides clear guidance for possible secondary reinforcement or rule optimization in the future, ensuring that the entire security protection process forms a closed loop and avoiding reinforcement operations becoming a mere formality.
[0040] The core of step S60 is to complete the dynamic iterative optimization of the entire server data security protection system, so that the protection-related rules and models can adapt to the ever-changing security threats and data operation status. Specifically, it involves: combining the current risk level and risk development trend of the corresponding graded data, the type of reinforcement method and execution priority determined in step S30, and the reinforcement verification results generated in step S50, to make targeted adjustments to the training parameters of the data grading rules, data synchronization rules and / or risk analysis models in the existing system.
[0041] Regarding adjustments to data classification rules, for example, if the reinforcement verification results show that a certain type of business data, which was originally classified as ordinary data, has repeatedly shown high-risk vulnerabilities and the reinforcement effect is not good, it indicates that the original classification and protection priority matching logic is unreasonable. The classification standard and corresponding protection priority of this type of data can be adjusted, such as changing it from ordinary data to secondary core data, and increasing the weight of this type of data in risk assessment.
[0042] Adjustments to data synchronization rules can be made, for example: if verification reveals that the spread of a certain type of risk is much faster than expected, and the time interval of the original data synchronization rules is too long, causing the risk warning to lag, the synchronization triggering logic can be adjusted. For example, the regular synchronization interval for this type of data can be shortened from 1 hour to 30 minutes, or a new rule can be added that "instant synchronization is triggered when the risk development trend rises to the safety warning line".
[0043] Adjustments can be made to the training parameters of the risk analysis model. For example, if verification reveals that the model has a large deviation in judging the risk level of a certain type of vulnerability (e.g., the actual risk is high but the model judges it as medium risk), the training parameters of the relevant features of that type of vulnerability in the model can be adjusted. For example, the judgment weight of the exploitation situation data of that type of vulnerability can be increased, or the judgment logic of the model can be optimized by supplementing the corresponding type of risk samples.
[0044] Through the above dynamic adjustments, the entire security protection system can adapt to new risk characteristics and data status. In subsequent protection processes, risks can be identified more accurately, reinforcement decisions can be made, and a continuously optimized closed-loop protection mechanism can be formed.
[0045] To more intuitively demonstrate the complete execution flow of this method to those skilled in the art, it is assumed that this method is applied to a user transaction data server cluster of a large e-commerce platform. This server cluster carries three types of business data with different attributes: core sensitive data (user payment account information, transaction details), secondary core data (user real-name authentication information, shipping address), and general data (user product browsing history, favorites data), as detailed below:
[0046] Step S10: First, set hierarchical rules based on the attributes of the three types of data: core sensitive data has the highest protection priority, followed by secondary core data, and ordinary data has the lowest priority; at the same time, configure data synchronization rules: synchronize once every hour under normal conditions, and trigger immediate synchronization when the server detects abnormal access to payment data. The synchronized multi-source security data includes payment interface vulnerability status data released by the e-commerce industry security alliance, CNVD platform vulnerability data, threat data from the e-commerce security monitoring platform, and real-time server operation data including data access logs, traffic logs, etc.; after synchronization, filter the multi-source security data, mark vulnerabilities related to e-commerce payment interfaces that have seen a 60% increase in the frequency of exploitation in the past 30 days and have a large-scale exploitation trend, and assign a 40% risk weight bonus to the corresponding vulnerability for core sensitive data; at the same time, construct the operation baseline for the three types of data. The baseline for core sensitive data is "only designated maintenance personnel can operate within the maintenance window from 04:00 to 06:00 every day", and mark the 12 unauthorized personnel payment data access records at 2:00 am as abnormal.
[0047] Step S20: Input the preprocessed payment interface vulnerability data and marked abnormal access records into the pre-trained e-commerce data risk analysis model. The model calls the classification rules and sets a 60% judgment weight for abnormal records and associated vulnerabilities of core sensitive data. The final output is: the risk level of core sensitive data is "high risk" and the risk development trend is "rapid deterioration"; the risk level of ordinary data is "low risk" and the risk development trend is "stable".
[0048] Step S30: Based on the risk results and classification rules, determine the reinforcement strategy: core sensitive data is matched with the combination type of "temporary reinforcement + permanent reinforcement", with an execution priority of level 1 (highest); ordinary data is matched with a single permanent reinforcement type, with an execution priority of level 3 (lowest).
[0049] Step S40: First, handle the core sensitive data with a priority of 1: the temporary hardening operation is to close the external non-official payment channel access permissions for payment data to suppress the spread of risks; complete the permanent hardening within 24 hours: fix the corresponding vulnerabilities of the payment interface and reconfigure the permission rules that only official payment channels can access it; then handle the ordinary data with a priority of 3: batch update the server's product browsing data access verification rules.
[0050] Step S50: Verify core sensitive data: Before reinforcement, there were 18 abnormal payment accesses per day, which dropped to 1 after reinforcement; simulated attacks targeting the payment interface vulnerability were 100% blocked by the reinforcement measures; monitoring showed that the risk development trend turned to "stable and controllable", and the reinforcement verification result was "completely effective" with no residual hidden dangers.
[0051] Step S60: Combining the risk results (core sensitive data "high risk", ordinary data "low risk") and the reinforcement verification results (core sensitive data reinforcement "fully effective"), adjust the data synchronization rules: shorten the regular synchronization interval of core sensitive data from 1 hour to 30 minutes, and add a rule to "trigger instant synchronization when abnormal access volume of payment data is ≥5 times / minute"; at the same time, adjust the data classification rules: increase the business relevance weight of payment-related data in core sensitive data from 60% to 65%, maintain the weight of leakage impact scope at 40%, and optimize the lower limit of the classification threshold for core sensitive data from 80 points to 78 points to ensure strong correlation with payment transactions. The second-highest scoring data (such as cross-border payment auxiliary information) can be accurately included in the core sensitive data category and matched with the Level 1 protection priority. At the same time, the dynamic adjustment trigger conditions of the secondary core data (user real-name authentication information) are refined, changing "≥5 risk warnings in 7 consecutive days" to "≥4 risk warnings in 5 consecutive days" to improve the risk response sensitivity of the secondary core data. In addition, the training parameters of the risk analysis model are adjusted to increase the judgment weight of e-commerce payment interface vulnerability-related features (such as SQL injection vulnerabilities and interface privilege escalation vulnerabilities) by 20% from the original basic weight, optimizing the subsequent risk identification accuracy and enabling the model to capture high-risk vulnerability features in payment scenarios more quickly.
[0052] It should be noted that the above embodiment, using a large e-commerce platform user transaction data server cluster as an application scenario, is not intended to limit the application scope, applicable data types, or execution details of this vulnerability dynamic monitoring server data security hardening method. It is merely intended to more intuitively demonstrate the complete execution flow, the logical coordination of each step, and the practical application value to those skilled in the art, helping them quickly understand the core design principles of this method. This method is adaptable to any scenario with server data security protection needs, such as finance, government affairs, and healthcare. The specific execution parameters of each step can be flexibly adjusted according to the server data attributes and security risk characteristics under different scenarios, all of which fall within the protection scope of this method.
[0053] In one embodiment, step S10, setting the data classification rules, includes the following steps:
[0054] S11. Based on the data attributes carried by the server, determine at least two core attribute dimensions from the access frequency, business relevance and scope of leakage impact of the data attributes, and configure differentiated weights for each core attribute dimension.
[0055] S12. For each core attribute dimension and its corresponding weight, set the corresponding grading threshold and grading standard;
[0056] S13. Based on the grading threshold, grading standards, and differentiated weights of each core attribute dimension, perform comprehensive grading of the server-borne data to generate initial data grading results.
[0057] S14. Configure corresponding protection priorities for each level of categorized data, establish a mapping relationship between levels and protection priorities, and set dynamic adjustment trigger conditions for data classification rules to form the data classification rules.
[0058] In this embodiment, the core of steps S11-S14 is to construct quantitative, accurate, and dynamically adjustable data classification rules. This avoids the one-sidedness of relying solely on a single data attribute for classification, making the data classification more aligned with the security protection needs of server data. This provides a more scientific basis for subsequent risk assessment weight adjustments and reinforcement priority formulation. The specific implementation logic of each step is as follows:
[0059] Step S11 involves determining the core attribute dimensions and weight allocation for data classification. The core of this step is to select the attribute dimensions most valuable for data security protection and highlight the impact of key attributes through weight allocation. Specifically, at least two dimensions are selected from data access frequency, business relevance, and the scope of leakage impact as the core basis for classification. Based on the business scenario characteristics of the data hosted on the server, differentiated weights are configured for each core dimension. For example, for the user transaction data server of the aforementioned e-commerce platform, business relevance and the scope of leakage impact are selected as the core attribute dimensions. The weight of business relevance is configured as 60%, and the weight of the scope of leakage impact is configured as 40%. This is because the degree of business relevance of e-commerce transaction data directly affects the transaction process, while the impact of leakage directly relates to user property security, making them core reference factors for security protection.
[0060] Step S12 involves setting the grading thresholds and classification standards for core attribute dimensions. The core purpose is to provide a quantifiable and actionable basis for grading each core dimension, avoiding subjectivity in the grading process. Specifically, for each selected core attribute dimension, a corresponding grading threshold is set based on the security requirements of the business scenario (using a percentage-based quantitative scoring system; higher scores indicate higher security importance of the data under that dimension). Simultaneously, the grading standards for that dimension are clearly defined. For example, for the aforementioned e-commerce platform's business relevance dimension, grading thresholds are set as follows: those directly related to payment settlement and transaction fulfillment are high thresholds (e.g., 80-100 points, the judgment standard being "data operations directly affect transaction completion or fund flow"); those indirectly related to user identity authentication and delivery address management are medium thresholds (e.g., 60-79 points, the judgment standard being "data operations affect user account security but do not directly involve funds"); and those related to non-transactional behaviors such as product browsing, favorites, and reviews are low thresholds. The data is categorized into several thresholds based on its impact: a high threshold (e.g., 0-59 points, judged by the criterion that "data operations only relate to user preferences and do not involve account or fund security"); a medium threshold (e.g., 70-89 points, judged by the criterion that "the leak affects user information security but does not result in direct economic loss"); and a low threshold (e.g., 0-69 points, judged by the criterion that "the leak does not affect user rights and platform business security"). The percentage range and corresponding judgment criteria can be flexibly adjusted based on factors such as the security compliance requirements of the actual business scenario, data volume, and user scale to ensure that the thresholds accurately match actual security needs.
[0061] Step S13 involves completing the comprehensive classification of the data. Its core is to achieve accurate data classification through multi-dimensional weighted calculations, avoiding the bias of single-dimensional classification. Specifically: First, extract the actual characteristics of the data carried by the server in each core attribute dimension. Then, compare these characteristics with the classification thresholds and judgment criteria set in step S12 to obtain a percentage-based classification score for each dimension (the score directly corresponds to the security importance level of the data in that dimension). Next, according to the differentiated weights configured in step S11, perform a weighted summation of the scores for each dimension to obtain the comprehensive classification score. Finally, based on the interval standards defined by the comprehensive score, classify the data into comprehensive levels to generate the initial data classification results. For example, regarding the user payment account information of the aforementioned e-commerce platform, because it is directly related to fund flows, it scores 90 points in the high threshold of business relevance. Its leakage would cause direct economic losses, so it scores 95 points in the high threshold of the scope of impact of the leakage. The weighted calculation is: 90 × 60% + 95 × 40% = 92 points. User real-name authentication information, while associated with account security, does not directly involve funds, scoring 75 points (medium threshold) in the business relevance dimension. Its leakage would only expose private information, so it scores 85 points (high threshold) in the scope of impact dimension. The weighted calculation is: 75 × 60% + 85 × 40% = 79 points. User product browsing records, which do not involve account or fund security, scoring 20 points (low threshold) in the business relevance dimension. Its leakage would have no substantial impact, so it scores 15 points (low threshold) in the scope of impact dimension. The weighted calculation is: 20 × 60% + 15 × 40% = 18 points. Data with a comprehensive score of ≥80 is classified as core sensitive data, 60-79 as secondary core data, and <60 as ordinary data. The data is then categorized as core sensitive data, secondary core data, or ordinary data.
[0062] Step S14 establishes a mapping between data levels and protection priorities and sets adjustment conditions. Its core is to associate data levels with subsequent security protection actions, while ensuring that the classification rules can dynamically adapt to changes in business and risks. Specifically: First, based on the initial data classification results, a unique corresponding protection priority is configured for each level, establishing a fixed "level-priority" mapping relationship to ensure that higher-level data receives higher priority protection resources. Then, combined with the risk fluctuation characteristics of the business scenario, dynamic adjustment trigger conditions for the data classification rules are set, forming a complete and iterative data classification rule system. For example, for the aforementioned e-commerce platform, the mapping relationship is clearly defined: core sensitive data (comprehensive score ≥ 80 points) corresponds to protection priority level 1 (highest), secondary core data (60-79 points) corresponds to protection priority level 2, and ordinary data (< 60 points) corresponds to protection priority level 3 (lowest). Three types of dynamic adjustment trigger conditions are set: ① The number of risk warnings triggered for a certain level of data is ≥ 5 times within 7 consecutive days; ② Significant changes occur in the business scenario (such as the addition of cross-border payment business), resulting in changes in the security risk type associated with the data attributes; ③ Regulatory compliance requirements are updated (such as the addition of sensitive data definition standards in the Data Security Law). When any triggering condition is met, the data classification rule adjustment process can be initiated. For example, the weight allocation of core attribute dimensions can be adjusted, the percentage range of classification thresholds can be optimized, or new core attribute dimensions can be added to ensure that the classification rules always match the actual security requirements.
[0063] In one embodiment, step S20, the training process of the pre-trained risk analysis model includes the following steps:
[0064] S21. Obtain historical security data of the data carried by the server. The historical security data includes core attribute dimension information of each data, historical risk level records, risk evolution trajectory data and corresponding core attribute dimension weight configuration.
[0065] S22. Perform data preprocessing on historical security data, extract core attribute dimension features, risk time series features and weight correlation features to obtain the training dataset;
[0066] S23. Construct a risk analysis model architecture that includes a time-series feature extraction module, a weight adaptation module, and a dual-objective output module. The time-series feature extraction module is used to extract risk development trend features, the weight adaptation module is used to integrate differentiated weights of core attribute dimensions, and the dual-objective output module is used to output risk level and risk development trend.
[0067] S24. Divide the training dataset into a training set, a validation set, and a test set. Train the risk analysis model based on the training set. Adjust the model parameters in real time using the validation set. Optimize the model training process using a bi-objective loss function.
[0068] S25. The performance of the trained model is evaluated using a test set. When the accuracy of the output risk level judgment and the prediction of risk development trend both meet the preset threshold, the pre-trained risk analysis model is obtained.
[0069] In this embodiment, the core of steps S21-S25 is to construct a dual-objective prediction model adapted to server data security risk scenarios. Through historical data training and multi-module architecture design, the model is equipped with the ability to accurately extract risk features, integrate weight differences, and simultaneously output risk levels and development trends, providing reliable model support for the risk assessment in step S20. The specific implementation logic of each step is as follows:
[0070] Step S21 involves acquiring historical security data required for model training. Its core purpose is to provide a comprehensive and realistic data source for model training, ensuring that the model learns risk patterns that align with real-world scenarios. Specifically, this involves collecting historical security data from the server within a preset period (e.g., the past 6 months). This data must cover the core information required for model training, including core attribute dimensions of each data point (e.g., the business relevance and impact scope of user payment data on e-commerce platforms), historical risk level records (e.g., high / medium / low risk labels corresponding to a payment interface vulnerability), risk evolution trajectory data (e.g., a timeline record from abnormal access triggering to risk spread, including changes in abnormal access frequency, vulnerability exploitation progress, and the magnitude of impact data), and corresponding core attribute dimension weight configurations (e.g., a weight configuration record of 60% for historical business relevance and 40% for the impact scope of leakage).
[0071] Step S22 involves data preprocessing and feature extraction, the core of which is data purification and extraction of effective features to provide high-quality input data for model training. Specifically, this involves preprocessing the collected historical security data, including removing outliers (such as risk level labels that are obviously illogical or records lacking key information), supplementing missing data (using temporal interpolation to fill in missing values in the risk evolution trajectory), and data standardization (mapping features of different magnitudes to the [0,1] interval). Subsequently, based on the preprocessed data, three types of core features are extracted: core attribute dimension features (such as quantitative features of business relevance scores and leakage impact range scores), risk temporal features (such as the risk diffusion speed within 72 hours after a risk event and the temporal change features of the impact data magnitude), and weight correlation features (such as the correlation features between core attribute dimension weights and risk levels). These three types of features are then combined to form a structured training dataset.
[0072] Step S23 involves constructing the risk analysis model architecture. Its core is designing a model structure that adapts to dual-objective output and weight fusion, ensuring the model can accurately output both risk level and development trend simultaneously. Specifically, this involves building a model architecture comprising three core modules, each with its own function and working collaboratively: ① Temporal Feature Extraction Module: Employing a bidirectional LSTM network structure, it extracts risk development trend features (such as risk diffusion rate and stable / deteriorating trend features) by capturing the temporal dependencies of historical risk evolution trajectories; ② Weight Adaptation Module: Using an attention mechanism, it uses the differentiated weights of core attribute dimensions as attention weights to weightedly fuse the features of core attribute dimensions, highlighting the impact of high-weight dimensions on risk assessment; ③ Dual-Objective Output Module: Containing two parallel fully connected layers, one outputting multi-class risk levels (high / medium / low risk) through a Softmax activation function, and the other outputting a quantitative value of the risk development trend (e.g., 0-10 points, with higher scores indicating a more pronounced deteriorating trend) through a linear activation function. It should be noted that the specific network parameter settings of each module in the model architecture (such as the number of hidden layer neurons in bidirectional LSTM, the weight calculation coefficients of the attention mechanism), the mathematical calculation logic of feature fusion, etc., are all conventional implementation methods well known to those skilled in the art, and no additional limitations are required. This embodiment only focuses on the functional division and collaborative logic of the core modules, and the specific calculation details will not be elaborated here, which is clear to those skilled in the art.
[0073] Step S24 involves model training and parameter optimization. Its core is to improve the model's training effectiveness and generalization ability through training on a split dataset, real-time parameter adjustment, and a dual-objective loss function. Specifically: the training dataset is divided into training, validation, and test sets according to a preset ratio (e.g., 7:2:1); the model is iteratively trained based on the training set, and the model performance is evaluated using the validation set after each iteration, with parameters such as the learning rate and the number of neurons in the network layer adjusted in real-time (e.g., reducing the learning rate to 0.8 times the original value when the validation set accuracy decreases); a dual-objective loss function is used for optimization during training. This function is a weighted sum of risk level classification loss (cross-entropy loss) and risk development trend prediction loss (mean squared error loss), with the weight coefficients set according to the scenario requirements (e.g., both weights are 0.5 in e-commerce scenarios). The total loss value is minimized through backpropagation, ensuring that the model optimizes both output objectives simultaneously.
[0074] Step S25 is model performance evaluation and acceptance, the core of which is to verify whether the model's output accuracy meets the needs of practical applications and ensure that the model is reliable and usable. Specifically, the test set is input into the trained model to evaluate the accuracy of two core output indicators: ① Risk level determination accuracy (the proportion of consistency between the model's output level and the actual level in the test set); ② Risk development trend prediction accuracy (the proportion of error between the model's predicted trend quantification value and the actual trend quantification value within the allowable range); preset thresholds for both indicators (e.g., ≥95% in e-commerce scenarios). When both indicators meet the threshold requirements, the model training is complete, and a pre-trained risk analysis model that can be used in step S20 is obtained.
[0075] It should be noted that in the actual risk assessment process of step S20, after inputting the multi-source security data processed in step S10 (such as the marked payment interface vulnerability data) and the real-time running data after anomaly marking (such as unauthorized payment data access records) into the pre-trained model, the model will call the data classification rules set in step S10 through the built-in weight adaptation module to convert the protection priority into dynamic weights for risk judgment: For core sensitive data with protection priority level 1 (such as user payment account information), the model will further increase the weight ratio of its core attribute dimension features (business relevance, scope of leakage impact) (e.g., from the basic weight of 60%+40% in the training stage to 70%+30% in the risk judgment stage), while strengthening the feature weights of such data related vulnerabilities and abnormal access records; for ordinary data with protection priority level 3 (such as product browsing records), the basic weight configuration will be maintained or appropriately reduced (e.g., adjusted to 50%+50%) to weaken the impact of non-critical risk features. Through this dynamic weight adjustment that adapts to protection priorities, the model can focus on the core risk points of high-priority data, accurately extract risk characteristics and integrate time-series trend information, and finally output the risk level (such as "high risk" for core sensitive data) and risk development trend (such as "rapid deterioration" and corresponding quantitative value of 8.5 points) of each type of graded data, thus achieving differentiated and accurate risk assessment.
[0076] In one embodiment, step S30, determining the reinforcement method type and execution priority corresponding to the hierarchical data, includes the following steps:
[0077] S31. Obtain the risk level, risk development trend, and corresponding protection priority of the corresponding classification data;
[0078] S32. Determine the type of reinforcement method, which includes two categories: temporary reinforcement and permanent reinforcement.
[0079] When the risk level of the corresponding graded data is the first preset risk level and the risk development trend is the first preset risk trend, and / or the protection priority is the first preset priority, temporary reinforcement is selected as the immediate reinforcement method, and the subsequent execution process of permanent reinforcement is triggered.
[0080] When the risk level of the corresponding graded data is the second preset risk level and the risk development trend is the second preset risk trend, and / or the protection priority is the second preset priority, permanent reinforcement shall be selected as the reinforcement method.
[0081] S33. Adjust the execution parameters of the selected reinforcement method based on the differentiated weights of the core attribute dimensions of the corresponding hierarchical data;
[0082] S34. Based on the emergency attributes of the reinforcement method, determine the reinforcement execution priority of the corresponding grade data. The execution priority of temporary reinforcement is higher than that of permanent reinforcement with the same protection priority.
[0083] In this embodiment, steps S31-S34 are based on a dual consideration of risk characteristics and data priority, accurately matching the type of hardening method and clarifying the execution order. This ensures both the efficiency of emergency response to high-risk hazards and the long-term protection needs of data at different levels, ensuring that hardening decisions are accurately adapted to actual security scenarios. The specific implementation logic of each step is as follows:
[0084] Step S31 involves collecting the core input data required for reinforcement decisions. Its core purpose is to provide a complete basis for subsequent reinforcement methods and priority determination, avoiding biased decision-making. Specifically, it involves extracting the risk level (e.g., high / medium / low risk) and risk development trend (e.g., rapid deterioration / stable / gradual decline) of the corresponding graded data from the risk assessment results of step S20. Simultaneously, it retrieves the corresponding protection priority (e.g., level 1 / 2 / 3) from the grading rules of step S10, integrating these three types of information into the basic dataset for reinforcement decisions. For example, for user payment account information on e-commerce platforms (core sensitive data), the risk level is extracted as "high risk," the risk development trend as "rapid deterioration," and the protection priority as level 1; for user product browsing records (ordinary data), the risk level is extracted as "low risk," the risk development trend as "stable," and the protection priority as level 3.
[0085] Step S32 determines the appropriate reinforcement method type. Its core is to select either an "emergency response" or "long-term protection" reinforcement mode based on the urgency of the risk and the importance of the data. Specifically, two judgment criteria are preset: the first preset risk level is "high risk," the first preset risk trend is "rapid deterioration / accelerated spread," and the first preset priority is "Level 1 (highest)"; the second preset risk level is "medium risk / low risk," the second preset risk trend is "stable / gradually receding," and the second preset priority is "Level 2 / Level 3." The "temporary reinforcement + permanent reinforcement" combination is selected when any of the following conditions are met: ① the risk level is the first preset risk level and the risk development trend is the first preset risk trend; ② the protection priority is the first preset priority; ③ the risk level, trend, and protection priority all meet the first preset criteria. A single "permanent reinforcement" type is selected when any of the following conditions are met: ① the risk level is the second preset risk level and the risk development trend is the second preset risk trend; ② the protection priority is the second preset priority.
[0086] Step S33 adjusts the hardening execution parameters based on the weights of core attribute dimensions. Its core purpose is to make the hardening operation more aligned with the core security needs of the data, thereby improving the targeting of the hardening. Specifically, it retrieves the differentiated weights of the core attribute dimensions set in step S11 (e.g., business relevance 60%, leakage impact range 40%), and adjusts the execution parameters of the selected hardening method according to the weight percentage, focusing on strengthening the protection corresponding to high-weight dimensions. For example, for user payment account information on e-commerce platforms (business relevance 60% > leakage impact range 40%), the execution parameters for "temporary hardening" are adjusted to: prioritize closing external access channels directly related to payment transactions (e.g., temporarily disabling third-party payment interfaces), rather than generalizing and restricting all external access; the execution parameters for "permanent hardening" are adjusted to: prioritize payment interface vulnerability repair (60%), and prioritize access permission reconstruction (40%).
[0087] Step S34 involves determining the priority of reinforcement execution. Its core is establishing a "response priority + level adaptation" sorting rule to ensure that reinforcement operations of high urgency and importance are implemented first. Specifically, it involves: classifying basic priorities based on the emergency attributes of the reinforcement methods; temporary reinforcement has stronger emergency response attributes and its execution priority is higher than permanent reinforcement with the same protection priority; then, combining this with the data protection priority (Level 1 > Level 2 > Level 3), a multi-level execution sorting is formed. Through this sorting, the high-risk spread of core data can be quickly suppressed first, and then long-term protection can be gradually completed, avoiding resource waste or risk omissions caused by disordered reinforcement.
[0088] If necessary, the following steps may be included after step S34 and before step S40:
[0089] S351. Based on the business correlation degree in the core attribute dimension determined in step S11, construct a business correlation transmission map of the data carried by the server. The business correlation transmission map is marked with the business correlation strength between data of different levels. The judgment criteria for the business correlation strength reuse the business correlation degree classification threshold set in step S12 (≥80 points is strong correlation, 60-79 points is medium correlation, <60 points is weak correlation).
[0090] S352. Obtain the risk level and risk development trend of the corresponding graded data output in step S20, and combine it with the business association strength of the business association transmission map to determine whether there is a possibility of the risk of the corresponding graded data being transmitted to other graded data; wherein, when the risk level of the corresponding graded data is the first preset risk level (high risk) defined in step S32 and the risk development trend is the first preset risk trend (rapid deterioration / accelerated diffusion), and the business association strength with other graded data is a preset strong association strength (≥80 points), it is determined that there is a possibility of risk transmission.
[0091] S353. If it is determined that there is a possibility of risk transmission, adjust the reinforcement execution priority and reinforcement execution parameters of the corresponding associated hierarchical data:
[0092] The priority of hardening the associated hierarchical data is adjusted to the "linkage priority" level under the same level (priority order is updated as follows: ① temporary hardening of core sensitive data → ② linkage priority hardening of associated data → ③ temporary hardening of secondary core data → ④ permanent hardening of core sensitive data → ⑤ permanent hardening of secondary core data → ⑥ permanent hardening of ordinary data).
[0093] At the same time, based on the core attribute dimension weight adjustment logic in step S33, the proportion of reinforcement execution parameters corresponding to the business association dimension is increased (e.g., if the business association weight of the associated data is 60%, then the proportion of the protection parameters corresponding to that dimension is increased from the original 60% to 70%).
[0094] S354. If it is determined that there is no possibility of risk transmission, the reinforcement method type, execution priority and execution parameters of the corresponding graded data determined in step S34 shall remain unchanged.
[0095] In this embodiment, the core of steps S351-S354 is to fill the risk protection blind spots across hierarchical data. Based on the business relationships between data, the risk transmission path is predicted, and the hardening strategy of related data is adjusted in advance to prevent the vulnerabilities of high-risk data from spreading to related data. At the same time, the core logic of the original hardening decision is not changed, and only the transmission risk is precisely optimized. The specific implementation logic of each step is as follows:
[0096] Step S351 forms the basis for determining risk transmission. Its core is to transform the abstract "business relationship" into a quantifiable graph, providing a basis for subsequent transmission judgments. Specifically, it reuses the core dimension of "business relationship" determined in step S11, combined with the business flow logic of server data (such as the binding relationship of "payment account data → real-name authentication data → delivery address data" in an e-commerce scenario), and marks the strength of the relationship between different levels of data according to the percentage threshold in S12, forming a visualized business relationship transmission graph. For example, in the business relationship transmission graph of an e-commerce platform, the relationship between core sensitive data (payment account) and secondary core data (real-name authentication information) is 90 points (strong relationship), the relationship between secondary core data (real-name authentication information) and ordinary data (delivery address) is 75 points (medium relationship), and the relationship between core sensitive data and ordinary data is 50 points (weak relationship).
[0097] Step S352 is to accurately determine the likelihood of risk transmission. Its core is to avoid "over-linkage" or "missed transmission," and to trigger adjustments only for high-risk and strongly correlated scenarios. Specifically, a transmission risk is only determined when the core conditions of "high risk + rapid deterioration" and the transmission condition of "strong correlation" are met simultaneously, thus avoiding the inclusion of medium / low-risk data or weakly correlated data in the linkage scope, which would lead to a waste of resources.
[0098] Step S353 involves targeted adjustments to the linkage strategy, the core of which is "priority protection + enhanced association dimension." This ensures both the timeliness of protection for associated data and the strength of protection for association dimensions. For example, in an e-commerce platform, payment account data (core sensitive data) is classified as "high risk + rapidly deteriorating." The associated real-name authentication data (secondary core data) originally had an execution priority of level 4 (permanent hardening of secondary core data), which has been adjusted to level 2 (priority hardening of linkage data). At the same time, the execution parameters for permanent hardening of real-name authentication data are adjusted as follows: 70% of resources are used to optimize the identity verification interface associated with payment (business association dimension), and 30% of resources are used for encrypted storage (leakage impact scope dimension), thus blocking attackers from stealing real-name authentication data through payment vulnerabilities in advance.
[0099] Step S354 maintains the stability of the original strategy. Its core is to ensure that scenarios without transmission risk are not adjusted additionally to avoid affecting the normal reinforcement process. Specifically: if the data risk level is medium / low risk, or the correlation strength is medium / weak correlation, the original decision of S34 remains unchanged; assuming that ordinary data (product browsing history) is "low risk + stable", even if it has a weak correlation with other data, its level 3 execution priority will not be adjusted; the secondary core data (shipping address) has a medium correlation with the core data, but the core data is "medium risk + stable", so the original execution priority is also maintained.
[0100] In one embodiment, step S40 specifically involves:
[0101] Based on the determined hardening execution priority and hardening method type, security hardening operations are performed on the corresponding graded data carried by the server, including:
[0102] When the determined reinforcement method type is temporary reinforcement, based on the adjusted temporary reinforcement execution parameters, priority is given to performing immediate security reinforcement operations on the corresponding grade data, including at least one of temporarily restricting data access permissions, temporarily encrypting target data, and temporarily blocking abnormal access requests;
[0103] When the determined reinforcement method is permanent reinforcement, or when the conditions for starting the subsequent execution process of permanent reinforcement are met after the execution of temporary reinforcement, long-term security reinforcement operations are performed on the corresponding graded data based on the adjusted permanent reinforcement execution parameters. These operations include at least one of fixing data storage vulnerabilities, configuring long-term data access permissions, and encrypting the target data.
[0104] In this embodiment, the core of step S40 is to strictly follow the execution priority and method type of the hardening decision, and to translate the hardening strategy of "emergency response + long-term protection" into specific and executable operations. This not only quickly suppresses high-urgent risks but also completely eliminates hidden dangers, while ensuring that the operations are consistent with data attributes and risk characteristics. The specific implementation logic is as follows:
[0105] Step S40 is executed based on the "execution priority" determined in step S30, using the "adjusted reinforcement execution parameters" as the operational basis, and carrying out targeted reinforcement according to different reinforcement method types:
[0106] When the determined reinforcement method is temporary reinforcement, the core objective is "immediate risk control." Based on the temporary reinforcement execution parameters adjusted in step S33, immediate security reinforcement operations should be performed on the corresponding tiered data first to prevent further spread or deterioration of risks. Temporary reinforcement operations focus on "rapid effectiveness and low-cost intervention," specifically including at least one of the following: temporarily restricting data access permissions, temporarily encrypting target data, and temporarily blocking abnormal access requests. For example, the core sensitive data with the highest execution priority in the e-commerce platform (user payment account information, Level 1 priority) has had its temporary reinforcement execution parameters adjusted based on a high weight of "60% business relevance" to "prioritizing protection related to payment transactions." Therefore, the temporary reinforcement operations specifically include: temporarily disabling external access permissions for third-party payment interfaces, temporarily encrypting payment data for incomplete transactions, and blocking abnormal payment access requests from unofficial IPs through firewall rules to quickly cut off the risk propagation path.
[0107] When the determined reinforcement method is permanent reinforcement, or when the conditions for initiating the subsequent execution process of permanent reinforcement are met after the temporary reinforcement is completed (such as risk indicators stabilizing below the security threshold and no new abnormal events being triggered within 12 hours after temporary reinforcement), the core objective is "complete risk elimination." Based on the permanent reinforcement execution parameters adjusted in step S33, long-term security reinforcement operations must be performed on the corresponding graded data to build continuous protection capabilities. Permanent reinforcement operations focus on "root cause repair and long-term stability," specifically including at least one of the following: repairing data storage vulnerabilities, configuring long-term data access permissions, and encrypting the target data. For example:
[0108] For core sensitive data (user payment account information), after temporary hardening is completed and the risk is stabilized, permanent hardening is initiated: based on the parameter configuration of "60% business relevance", the core security vulnerabilities of the payment interface (such as SQL injection vulnerabilities) are repaired first, then long-term access permissions are re-examined and configured (only the official payment system IP whitelist is retained, and dual-authorization access is granted to maintenance personnel), and finally, all payment account data is persistently stored using the AES-256 encryption algorithm;
[0109] For ordinary data with low execution priority (user product browsing history, level 3 priority), perform permanent hardening directly: based on the adjusted parameters (business relevance and leakage impact weight 50%+50%), batch fix minor vulnerabilities in server log storage, optimize data access verification rules (such as adding user login status timeliness verification), and store browsing history using conventional encryption methods.
[0110] All reinforcement operations are strictly carried out in accordance with the execution priority order to ensure that temporary reinforcement of high-priority data is implemented first, and then permanent reinforcement of various types of data is completed in sequence. This not only avoids resource misallocation, but also ensures the targeted and long-term effectiveness of the reinforcement operations, and ultimately achieves precise risk control.
[0111] In one embodiment, after step S40, the following step is further included:
[0112] S401. During the reinforcement process, the reinforcement operation status data corresponding to the hierarchical data is collected in real time. The reinforcement operation status data includes risk status change data, reinforcement operation effect data and corresponding core attribute dimension information.
[0113] S402. Synchronize the collected reinforcement operation status data to the server's historical security data set for dynamic adjustment of risk analysis models and data classification rules.
[0114] In this embodiment, the core of steps S401-S402 is to build a bridge linking hardening execution and system optimization. By collecting dynamic data in real time during the hardening process and reusing it to historical datasets, fresh and real-world data support is provided for risk analysis model iteration and data grading rule adjustment, enabling the entire security protection system to have a closed-loop capability of "real-world feedback - dynamic optimization". The specific implementation logic of each step is as follows:
[0115] Step S401 involves real-time collection of key operational data during the hardening process. Its core is capturing risk changes and operational effects during hardening execution, providing firsthand practical data for subsequent system optimization. Specifically, during the hardening operation in step S40, the server's real-time monitoring module continuously collects three types of hardening operational status data corresponding to the corresponding classification data: ① Risk status change data (such as real-time changes in abnormal access frequency and vulnerability exploitation attempts during hardening, and the transition point from "rapid deterioration" to "stable" in risk development trends); ② Hardening operation effect data (such as the success rate of abnormal access interception for temporary hardening, the vulnerability remediation completion rate for permanent hardening, and the degree of impact on business during operation execution); ③ Corresponding core attribute dimension information (such as the data's business relevance score, leakage impact range score, and weight configuration, ensuring consistency between the data and the core dimensions of the classification rules and model training).
[0116] Step S402 involves synchronizing the hardening operation data to the historical security dataset. Its core purpose is to reuse real-world data and provide data reserves for subsequent system optimization. Specifically, the hardening operation status data collected in real-time during step S401 is structured (e.g., organized in the format of "data level - hardening method - collection time - risk change - effect index") and synchronously written into the server's historical security dataset, merging it with existing historical security data (e.g., the model training data from step S21). This newly added data will be directly used for the dynamic adjustment of the subsequent risk analysis model (e.g., supplementing training samples related to hardening effects, optimizing the model's prediction logic for post-hardening risk trends), and the dynamic adaptation of data grading rules (e.g., verifying the rationality of the protection priority corresponding to the current grading through hardening effect data).
[0117] Through steps S401 to S402, the hardening process is no longer a "one-off operation" but becomes a "data collection link" in the entire security protection system. This ensures that the effect of each hardening operation is traceable and provides continuous practical data support for subsequent model iteration and rule optimization, further enhancing the dynamic adaptability of the protection system.
[0118] In one embodiment, step S60, the dynamic adjustment of the data classification rules, includes the following steps:
[0119] S611. Obtain the risk level, risk development trend, reinforcement method type, execution priority, reinforcement verification results, and reinforcement operation status data of the corresponding classification data;
[0120] S612. Based on the acquired data, determine whether the dynamic adjustment triggering conditions of the data classification rules are met;
[0121] S613. If the dynamic adjustment triggering conditions are met, the core content of the data classification rules shall be adjusted, including at least one of the following: adjusting the differentiated weights of the core attribute dimensions, optimizing the classification threshold, and updating the mapping relationship between the level and the protection priority.
[0122] S614. The corresponding graded data currently carried by the server is re-graded using the adjusted data grading rules, and the risk matching degree between the re-graded risk level and the actual risk status of the corresponding graded data is verified.
[0123] S615. If the risk matching degree meets the preset threshold, the adjusted data classification rule will be determined as the new data classification rule.
[0124] In this embodiment, the core of steps S611-S615 is to construct a closed-loop dynamic optimization process for data classification rules. Adjustments are made based on actual operational data across the entire security protection chain, avoiding subjective rule modifications and ensuring that the adjusted classification rules more accurately match the true risk status of server data, thereby improving the adaptability of subsequent risk assessments and hardening decisions. The specific implementation logic of each step is as follows:
[0125] Step S611 involves obtaining the full-link support data required for rule adjustments. Its core purpose is to provide comprehensive and accurate evidence for adjustment decisions, avoiding the bias of adjustments based solely on single data points. Specifically, this involves integrating and retrieving core data from each stage of the security protection process, including the risk level and risk development trend of the corresponding graded data output in step S20, the type of reinforcement method and execution priority determined in step S30, the reinforcement verification results generated in step S50, and the reinforcement operation status data collected in step S401. This data is then structured and integrated according to the dimensions of "data level - risk characteristics - reinforcement action - effect feedback." For example, for user real-name authentication data (original secondary core data) from an e-commerce platform, the integrated data retrieved is: risk level "medium risk," risk development trend "stable but with potential privacy leaks," reinforcement method type "permanent reinforcement," execution priority level 2, reinforcement verification result "partially effective (3% of abnormal authentication requests were not intercepted)," and reinforcement operation status data "when the business relevance weight is 60%, the protection effect against privacy leaks is only 85%."
[0126] Step S612 determines whether an adjustment to the data classification rules has been triggered. Its core is to verify the adaptability of the current rules based on end-to-end data, avoiding meaningless rule changes. Specifically, it compares the dynamic adjustment trigger conditions set in step S14 (≥5 risk warnings for a certain level of data within 7 consecutive days, changes in business scenarios, updates to regulatory requirements), and combines this with the newly added judgment logic in the retrieved end-to-end data (such as the reinforcement verification result being "partially effective / ineffective," and the matching degree between the risk level and the actual risk status being < the preset benchmark), to determine whether the adjustment trigger conditions are met.
[0127] Step S613 is the core of the targeted adjustment of data grading rules. Its core is to precisely optimize the parts of the rules that do not match actual risks based on feedback from the entire data chain. Specifically, based on the reason for the adjustment, at least one of the following is selected: adjusting the differentiated weights of core attribute dimensions, optimizing grading thresholds, and updating the mapping relationship between levels and protection priorities.
[0128] If the triggering reason is insufficient weight adaptability, adjust the differentiated weights of the core attribute dimensions. For example, for e-commerce real-name authentication data, adjust the business relevance weight from 60% to 55% and the leakage impact weight from 40% to 45% (because the data from the hardened operation shows that the actual risk impact of privacy leakage is underestimated).
[0129] If the triggering cause is an ambiguous grading threshold, optimize the grading threshold. For example, adjust the comprehensive score threshold for secondary core data from 60-79 points to 65-80 points to narrow the overlapping range of grading between secondary core and core sensitive data.
[0130] If the triggering reason is poor protection priority adaptability, update the mapping relationship between the protection level and the protection priority. For example, adjust the protection priority of secondary core data from level 2 to "level 2 (priority)", which is slightly higher than the original level 2 and lower than level 1 core sensitive data.
[0131] Step S614 verifies the risk matching degree of the adjusted rules. Its core is to ensure that the adjusted rules accurately match the actual risk status of the data, preventing the adjusted rules from becoming ineffective. Specifically, the adjusted data classification rules are used to reclassify the corresponding classified data currently carried by the server. The reclassified risk level and protection priority are extracted and compared with the actual risk status of the data (such as the frequency of abnormal accesses and the existence of vulnerabilities monitored in real time). The risk matching degree (i.e., the ratio of the expected risk of the reclassification to the actual risk status) is then calculated.
[0132] Step S615 confirms and implements the adjusted data classification rules. Its core is to ensure the adjusted rules meet security requirements before officially enabling them. Specifically, a threshold for risk matching is preset (e.g., ≥90%). If the risk matching degree calculated in step S614 meets this threshold, it indicates that the adjusted rules accurately adapt to the actual risks. The adjusted data classification rules are then determined as the new data classification rules for the server, and subsequent step S10 will directly adopt these rules. If the threshold is not met, the process returns to step S613 to readjust the rule content until the matching degree meets the requirements.
[0133] Specifically, the dynamic adjustment of the risk analysis model after synchronizing the hardening operation status data to the historical security dataset involves iterative optimization of the model based on the historical security dataset supplemented with actual hardening operation status data. This ensures the model accurately adapts to changes in risk characteristics before and after hardening. The specific process is as follows: First, extract newly added hardening operation status data (such as the success rate of temporary hardening interception of e-commerce platform payment account information, the effect of vulnerability repair after permanent hardening, and complete time-series data of risk trends changing from "rapid deterioration" to "stable") from the updated historical security dataset. Merge this data with the original training data at a ratio of 1:9 to form a new training dataset, while retaining the original validation and test set structures. Second, perform targeted parameter adjustments for the core modules of the model: learn the correlation between hardening effect and core attribute dimension weights through the weight adaptation module (such as the pattern in e-commerce scenarios where "when the business relevance weight increases to 70%, the risk decline speed after hardening increases by 30%), and optimize... The dynamic weight adjustment coefficients are used to enhance the ability to capture features of the "risk evolution trajectory after reinforcement intervention" through the temporal feature extraction module (e.g., adjusting the number of hidden layer neurons in the bidirectional LSTM to improve the accuracy of temporal trend prediction when the risk drops from "high risk" to "low risk"). Subsequently, the original bi-objective loss function (cross-entropy loss + mean squared error loss, weight coefficient 5:5) is used to iteratively train the model. After each round of training, the accuracy of risk level determination and trend prediction is evaluated using the validation set. Finally, when both indicators are maintained above the preset threshold (e.g., ≥95%), the model is dynamically adjusted, and the optimized model is used as a new pre-trained risk analysis model for risk assessment in the subsequent step S20.
[0134] In one embodiment, a server data security hardening system with dynamic vulnerability monitoring is provided, which corresponds to the server data security hardening method with dynamic vulnerability monitoring described in the above embodiments. This server data security hardening system with dynamic vulnerability monitoring includes:
[0135] The data acquisition module is used to set data classification rules according to the data attributes carried by the server, and synchronously acquire multi-source security data and real-time operation data of the server based on preset data synchronization rules.
[0136] The risk analysis module is used to input multi-source security data and real-time operational data into a pre-trained risk analysis model, adjust the risk judgment weights based on the protection priority of data classification rules, and output the risk level and risk development trend.
[0137] The execution determination module is used to determine the type of reinforcement method and execution priority for corresponding data based on the risk level and risk development trend, combined with the protection priority of the data classification rules.
[0138] The hardening execution module is used to perform security hardening operations on the corresponding level of data carried by the server according to the execution priority and the determined hardening method type.
[0139] The hardening verification module is used to verify the effectiveness of the security hardening operations performed on the corresponding risk level and risk development trend for the corresponding graded data, and generate hardening verification results.
[0140] The iterative optimization module is used to dynamically adjust the training parameters of data classification rules, data synchronization rules, and / or risk analysis models based on the risk level and risk development trend of the corresponding graded data, the type of reinforcement method, the execution priority, and the reinforcement verification results, so as to complete the iterative optimization.
[0141] For specific limitations regarding a server data security hardening system with dynamic vulnerability monitoring, please refer to the limitations of a server data security hardening method with dynamic vulnerability monitoring described above, which will not be repeated here. Each module in the aforementioned server data security hardening system with dynamic vulnerability monitoring can be implemented entirely or partially through software, hardware, or a combination thereof. These modules can be embedded in or independent of the processor in a computer device, or stored in the memory of a computer device as software, so that the processor can call and execute the corresponding operations of each module.
[0142] In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as follows. Figure 2As shown, the computer device includes a processor, memory, network interface, and database connected via a system bus. The processor provides computing and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system, computer programs, and database. The internal memory provides the environment for the operation of the operating system and computer programs stored in the non-volatile storage media. The database is used for data storage, data processing, and data analysis. The network interface is used for communication with external terminals via a network connection. When the computer program is executed by the processor, it implements a server data security hardening method for dynamic vulnerability monitoring.
[0143] In one embodiment, a computer device is provided, including a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the computer program, it implements a server data security hardening method for dynamic vulnerability monitoring.
[0144] In one embodiment, a computer-readable storage medium is provided having a computer program stored thereon, which, when executed by a processor, implements a server data security hardening method for dynamic vulnerability monitoring.
[0145] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in a non-volatile computer-readable storage medium. When executed, the computer program can include the processes of the embodiments of the above methods. Any references to memory, storage, databases, or other media used in the embodiments provided in this application can include non-volatile and / or volatile memory. Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link DRAM (SLDRAM), RAMbus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
[0146] Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the above-described division of functional units and modules is used as an example. In practical applications, the above functions can be assigned to different functional units and modules as needed, that is, the internal structure of the device can be divided into different functional units or modules to complete all or part of the functions described above.
[0147] The above-described embodiments are only used to illustrate the technical solutions of this application, and are not intended to limit them. Although this application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of this application, and should all be included within the protection scope of this application.
Claims
1. A method for server data security hardening through dynamic vulnerability monitoring, characterized in that, Includes the following steps: Data classification rules are set according to the data attributes carried by the server, and multi-source security data and real-time operation data of the server are synchronously acquired based on preset data synchronization rules; this also includes preprocessing operations such as filtering and marking multi-source security data and anomaly labeling of real-time operation data of the server. The specific filtering and labeling process is as follows: For the collected multi-source security data, extract the situational information related to the dynamics of vulnerability exploitation, label vulnerabilities with a large-scale exploitation trend and newly added vulnerabilities without official patches, and then configure differentiated risk weights for the labeled vulnerabilities based on the protection priority of the corresponding graded data, thereby obtaining optimized multi-source security data. The anomaly labeling process is as follows: Based on the server's historical operation and maintenance logs and historical business operation logs, and combined with the attribute characteristics of the corresponding data at different levels, normal operation behavior baselines for different levels of data are constructed. The real-time server operation data collected in real time is matched one by one with the normal operation behavior baselines of the corresponding levels of data. Normal operation-related data that completely matches the baseline is removed. Anomaly labels are marked on the operation data that does not match successfully, and the corresponding data level information is associated with them. This is how real-time operation data with anomaly labels is obtained. The setting of the data classification rules includes the following steps: Based on the data attributes carried by the server, at least two core attribute dimensions are determined from the access frequency, business relevance and scope of impact of data attribute leakage, and differentiated weights are configured for each core attribute dimension. For each core attribute dimension and its corresponding weight, set corresponding grading thresholds and grading standards for that dimension in combination with the security requirements of the business scenario; Based on the grading threshold, grading standards, and differentiated weights for each core attribute dimension, the server-borne data is comprehensively categorized to generate initial data grading results. Specifically, the actual characteristics of the server-borne data in each core attribute dimension are extracted, and the grading scores for each dimension are obtained by comparing them with the set grading threshold and grading standards. Then, the scores for each dimension are weighted and summed according to the configured differentiated weights to obtain the comprehensive grading score of the server-borne data. Based on the interval standards defined by the comprehensive grading score, the server-borne data is comprehensively categorized to generate initial data grading results. Based on the initial data classification results, a unique corresponding protection priority is configured for each level of classified data, establishing a mapping relationship between level and protection priority to ensure that higher-level data receives more priority protection resources. In addition, dynamic adjustment trigger conditions for data classification rules are set in combination with the risk fluctuation characteristics of business scenarios to form a complete and iterative data classification rule. Input multi-source security data and real-time operational data, or optimized multi-source security data and real-time operational data with anomaly labels, into a pre-trained risk analysis model. Adjust the risk judgment weights based on the protection priority of data classification rules, and output the risk level and risk development trend. Based on the risk level and risk development trend, and combined with the protection priority of the data classification rules, determine the type of reinforcement method and execution priority for the corresponding data classification. Based on the execution priority, a defined hardening method is used to perform security hardening operations on the corresponding graded data carried by the server. Before performing the security hardening operation, the following steps are also included: Based on the business relevance in the determined core attribute dimensions, and combined with the business flow logic of server data, the relevance of different levels of data is marked with a percentage threshold to construct a business relevance transmission map of server-borne data. The business relevance transmission map is marked with the business relevance strength between different levels of data. Obtain the risk level and risk development trend of the corresponding graded data output, and combine the business association strength of the business association transmission map to determine whether there is a possibility that the risk of the corresponding graded data will be transmitted to other graded data. If it is determined that there is a possibility of risk transmission, the reinforcement execution priority and reinforcement execution parameters of the corresponding associated hierarchical data will be adjusted. If it is determined that there is no possibility of risk transmission, the reinforcement method type, execution priority and execution parameters of the corresponding graded data will remain unchanged. For the corresponding graded data, verify the effectiveness of the security hardening operations performed to protect against the corresponding risk level and risk development trend, and generate hardening verification results; Based on the risk level and risk development trend of the corresponding graded data, the type of reinforcement method, the execution priority, and the reinforcement verification results, the data grading rules, data synchronization rules, and / or the training parameters of the risk analysis model are dynamically adjusted to complete iterative optimization.
2. The server data security hardening method for dynamic vulnerability monitoring as described in claim 1, characterized in that, The training process of the pre-trained risk analysis model includes the following steps: Obtain historical security data of the data carried by the server. The historical security data includes core attribute dimension information of each data, historical risk level records, risk evolution trajectory data and corresponding core attribute dimension weight configuration. Historical security data is preprocessed to extract core attribute dimension features, risk time series features, and weight correlation features to obtain a training dataset; A risk analysis model architecture is constructed, which includes a time-series feature extraction module, a weight adaptation module, and a dual-objective output module. The time-series feature extraction module is used to extract risk development trend features, the weight adaptation module is used to integrate differentiated weights of core attribute dimensions, and the dual-objective output module is used to output risk level and risk development trend. The training dataset is divided into a training set, a validation set, and a test set. The risk analysis model is trained based on the training set, and the model parameters are adjusted in real time using the validation set. The model training process is optimized using a bi-objective loss function. The trained model is evaluated using a test set. When the accuracy of the output risk level judgment and the prediction of risk development trend both meet the preset thresholds, the pre-trained risk analysis model is obtained.
3. The server data security hardening method for dynamic vulnerability monitoring as described in claim 1, characterized in that, The determination of the reinforcement method type and execution priority of the corresponding hierarchical data includes the following steps: Obtain the risk level, risk development trend, and corresponding protection priority of the corresponding classification data; The type of reinforcement method is determined, which includes two categories: temporary reinforcement and permanent reinforcement. When the risk level of the corresponding graded data is the first preset risk level and the risk development trend is the first preset risk trend, and / or the protection priority is the first preset priority, temporary reinforcement is selected as the immediate reinforcement method, and the subsequent execution process of permanent reinforcement is triggered. When the risk level of the corresponding graded data is the second preset risk level and the risk development trend is the second preset risk trend, and / or the protection priority is the second preset priority, permanent reinforcement shall be selected as the reinforcement method. Adjust the execution parameters of the selected reinforcement method based on the differentiated weights of the core attribute dimensions of the corresponding hierarchical data; Based on the emergency attributes of the reinforcement method, the reinforcement execution priority of the corresponding grade data is determined, with temporary reinforcement having a higher execution priority than permanent reinforcement with the same protection priority.
4. The server data security hardening method for dynamic vulnerability monitoring as described in claim 3, characterized in that, The step of performing security hardening operations on the corresponding graded data carried by the server according to the execution priority and using a determined hardening method type is specifically as follows: Based on the determined hardening execution priority and hardening method type, security hardening operations are performed on the corresponding graded data carried by the server, including: When the determined reinforcement method type is temporary reinforcement, based on the adjusted temporary reinforcement execution parameters, priority is given to performing immediate security reinforcement operations on the corresponding grade data, including at least one of temporarily restricting data access permissions, temporarily encrypting target data, and temporarily blocking abnormal access requests; When the determined reinforcement method is permanent reinforcement, or when the conditions for starting the subsequent execution process of permanent reinforcement are met after the execution of temporary reinforcement, long-term security reinforcement operations are performed on the corresponding graded data based on the adjusted permanent reinforcement execution parameters. These operations include at least one of fixing data storage vulnerabilities, configuring long-term data access permissions, and encrypting the target data.
5. The server data security hardening method for dynamic vulnerability monitoring as described in claim 1, characterized in that, After the step of performing security hardening operations on the corresponding graded data carried by the server according to the execution priority and using a determined hardening method type, the following steps are also included: During the reinforcement process, reinforcement operation status data corresponding to the hierarchical data is collected in real time. The reinforcement operation status data includes risk status change data, reinforcement operation effect data, and corresponding core attribute dimension information. The collected reinforcement operation status data is synchronized to the server's historical security data set for dynamic adjustment of risk analysis models and data classification rules.
6. The server data security hardening method for dynamic vulnerability monitoring as described in claim 5, characterized in that, The dynamic adjustment of the data classification rules includes the following steps: Obtain the risk level, risk development trend, reinforcement method type, execution priority, reinforcement verification results, and reinforcement operation status data of the corresponding classification data; Based on the acquired data, determine whether the dynamic adjustment triggering conditions of the data classification rules are met; If the dynamic adjustment triggering conditions are met, the core content of the data classification rules will be adjusted, including at least one of the following: adjusting the differentiated weights of core attribute dimensions, optimizing classification thresholds, and updating the mapping relationship between classification level and protection priority. The adjusted data classification rules are used to reclassify the corresponding classification data currently carried by the server, and the risk matching degree between the reclassified risk level and the actual risk status of the corresponding classification data is verified. If the risk matching degree meets the preset threshold, the adjusted data classification rule will be determined as the new data classification rule.
7. A server data security hardening system for dynamic vulnerability monitoring, used to implement the steps of the server data security hardening method for dynamic vulnerability monitoring as described in any one of claims 1-6, characterized in that, include: The data acquisition module is used to set data classification rules according to the data attributes carried by the server, and synchronously acquire multi-source security data and real-time operation data of the server based on preset data synchronization rules. The risk analysis module is used to input multi-source security data and real-time operational data into a pre-trained risk analysis model, adjust the risk judgment weights based on the protection priority of data classification rules, and output the risk level and risk development trend. The execution determination module is used to determine the type of reinforcement method and execution priority for corresponding data based on the risk level and risk development trend, combined with the protection priority of the data classification rules. The hardening execution module is used to perform security hardening operations on the corresponding level of data carried by the server according to the execution priority and the determined hardening method type. The hardening verification module is used to verify the effectiveness of the security hardening operations performed on the corresponding risk level and risk development trend for the corresponding graded data, and generate hardening verification results. The iterative optimization module is used to dynamically adjust the training parameters of data classification rules, data synchronization rules, and / or risk analysis models based on the risk level and risk development trend of the corresponding graded data, the type of reinforcement method, the execution priority, and the reinforcement verification results, so as to complete the iterative optimization.
8. A computer device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, When the processor executes the computer program, it implements the steps of the server data security hardening method for dynamic vulnerability monitoring as described in any one of claims 1-6.
9. A computer-readable storage medium storing a computer program, characterized in that, When the computer program is executed by the processor, it implements the steps of the server data security hardening method for dynamic vulnerability monitoring as described in any one of claims 1-6.