Static resource authentication method and system in electronic bidding scene

Abstract

The application provides a static resource authentication method and system in an electronic bidding scene, and relates to the technical field of network information security. The method comprises the following steps: obtaining basic data of static resources; based on the basic data, establishing a binding relationship between a plurality of business modules and the static resources respectively; constructing a static resource gateway; constructing a static resource access anomaly detection model; receiving a static resource access request through the static resource gateway; based on the binding relationship, checking the matching of the static resource corresponding to the static resource access request and the current business module to obtain a checking result; collecting user behavior data according to the checking result; inputting the user behavior data into the static resource access anomaly detection model to output an authentication anomaly detection result; judging whether the access behavior of the static resource is an attack behavior according to the authentication anomaly detection result; if yes, intercepting through the static resource gateway; otherwise, allowing the static resource access request.

Description

Technical Field

[0001] This invention relates to the field of network information security technology, and in particular to a static resource authentication method and system for electronic bidding scenarios. Background Technology

[0002] The stable operation of an electronic bidding system depends on the standardized management of static resources. Static resource authentication, as a key link in controlling resource access permissions and ensuring the order of system resource access, is an important direction for technological research and development and application in the field of electronic bidding. Technological optimization around this link has important practical value for improving system functions.

[0003] Existing technologies have established a basic access management system for static resources, which can realize the basic reception and verification of static resource access requests. At the same time, a basic detection model has been built to identify abnormal behavior in the resource access process. The relevant technologies have laid the technical foundation for the control of static resource access in electronic bidding scenarios and promoted the standardization of resource access management processes.

[0004] However, existing technologies do not achieve dynamic binding between business modules and static resources, have a relatively single dimension for detecting anomalies in static resource access, and cannot collect user behavior data differently based on the verification results of resource access, making it difficult to accurately adapt to the static resource authentication requirements of electronic bidding scenarios. Summary of the Invention

[0005] To address the technical problems of existing technologies failing to dynamically bind business modules to static resources, having a limited scope for detecting anomalies in static resource access, and being unable to collect user behavior data differentiated based on resource access verification results, thus making it difficult to accurately adapt to the static resource authentication requirements of electronic bidding scenarios, this invention provides a static resource authentication method and system for electronic bidding scenarios.

[0006] The technical solutions provided by the embodiments of the present invention are as follows:

[0007] The first aspect of this invention provides a static resource authentication method in an electronic bidding scenario, comprising:

[0008] S1: Obtain basic data for static resources;

[0009] S2: Based on the basic data, establish binding relationships between multiple business modules and static resources respectively;

[0010] S3: Build a static resource gateway;

[0011] S4: Construct a static resource access anomaly detection model;

[0012] S5: Receive static resource access requests through the static resource gateway;

[0013] S6: Based on the binding relationship, verify the matching between the static resource corresponding to the static resource access request and the current business module, and obtain the verification result;

[0014] S7: Collect user behavior data based on the verification results;

[0015] S8: Input user behavior data into the static resource access anomaly detection model and output the authentication anomaly detection result;

[0016] S9: Based on the authentication anomaly detection results, determine whether the access behavior to static resources is an attack; if so, intercept it through the static resource gateway; otherwise, allow the static resource access request.

[0017] A second aspect of this invention provides a static resource authentication system for electronic bidding scenarios, comprising:

[0018] processor;

[0019] A memory storing computer-readable instructions, which, when executed by the processor, implement the static resource authentication method in the electronic bidding scenario as described in the first aspect.

[0020] The beneficial effects of the technical solutions provided in the embodiments of the present invention include at least the following:

[0021] In this embodiment of the invention, addressing the static resource authentication requirements in electronic bidding scenarios, the following steps are taken: First, by establishing a binding relationship between business modules and static resources, the lack of a basis for association between resources and modules is resolved. Second, by constructing a static resource access anomaly detection model, multi-dimensional analysis of access behavior is achieved, overcoming the limitation of a single detection method. Third, by collecting user behavior data based on verification results, data collection strategies can be flexibly adjusted according to access risks. Finally, by constructing a static resource gateway that integrates request reception, verification, and interception, a complete, efficient, and business-scenario-appropriate static resource security authentication chain is formed. Attached Figure Description

[0022] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0023] Figure 1 This is a flowchart illustrating a static resource authentication method in an electronic bidding scenario, as provided in an embodiment of the present invention.

[0024] Figure 2 This is a schematic diagram of the structure of a static resource authentication system in an electronic bidding scenario provided by an embodiment of the present invention. Detailed Implementation

[0025] The technical solution of the present invention will now be described with reference to the accompanying drawings.

[0026] In embodiments of the present invention, words such as "exemplarily," "for example," etc., are used to indicate that something is an example, illustration, or description. Any embodiment or design described as "exemplary" in the present invention should not be construed as being more preferred or advantageous than other embodiments or designs. Specifically, the use of the word "exemplary" is intended to present the concept in a concrete manner. Furthermore, in embodiments of the present invention, the meaning expressed by "and / or" can be both, or either one.

[0027] In the embodiments of this invention, the terms "image" and "picture" may sometimes be used interchangeably. It should be noted that, without emphasizing the distinction between them, they convey the same meaning. Similarly, the terms "of," "corresponding (relevant)," and "corresponding" may sometimes be used interchangeably. It should be noted that, without emphasizing the distinction between them, they convey the same meaning.

[0028] In this embodiment of the invention, sometimes a subscript such as W1 may be written in a non-subscript form such as W1. When the difference is not emphasized, the meaning they express is the same.

[0029] To make the technical problems, technical solutions and advantages of the present invention clearer, a detailed description will be given below in conjunction with the accompanying drawings and specific embodiments.

[0030] Reference manual attached Figure 1 The diagram illustrates a flowchart of a static resource authentication method for an electronic bidding scenario provided by an embodiment of the present invention.

[0031] This invention provides a static resource authentication method for electronic bidding scenarios. This method can be implemented by a static resource authentication device for electronic bidding scenarios, which can be a terminal or a server. The processing flow of the static resource authentication method for electronic bidding scenarios may include the following steps:

[0032] S1: Obtain basic data for static resources.

[0033] Static resources refer to various static files and related data that need to be managed in the electronic bidding system, while basic data is the basic information related to static resources used to establish binding relationships.

[0034] Optionally, the basic data includes file list data, static resource attribute information, and association rule data for multiple business modules.

[0035] The file manifest data refers to the source mapping files generated by the front-end project using a packaging tool. Static resource attribute information includes resource name, type, and version identifier. Business module association rule data defines the initial ownership relationship of resources in a business scenario.

[0036] In this embodiment of the invention, by obtaining basic data such as source mapping files generated by the front-end packaging, a unified and reliable metadata source is provided for establishing accurate static resource management relationships, ensuring the accuracy of the authentication basis.

[0037] S2: Based on the basic data, establish binding relationships between multiple business modules and static resources respectively.

[0038] Among them, business modules refer to different functional modules in the electronic bidding system, and binding relationship is the attribution and correspondence between business modules and corresponding static resources.

[0039] Optionally, the binding relationship is specifically an attribution relationship, which includes the static resource name, business module identifier, and resource validity identifier.

[0040] The resource validity identifier is used to mark whether the static resource belongs to the legally accessible resources under the current business module.

[0041] In one possible implementation, S2 specifically includes sub-steps S201 to S204:

[0042] S201: Based on the basic data, establish the initial binding relationship between each business module and static resources.

[0043] For example, when packaging front-end static files, a sourcemap file is generated using packaging tools such as Webpack. After packaging by Jenkins, the sourcemap file is automatically sent to the recognition module. The module extracts the static file names from the sourcemap and adds them to the static file list of the project as the initial relationship.

[0044] S202: Obtain access data for static resources.

[0045] Static resource access data refers to behavioral reporting data generated by users during business operations, which includes records of static resource loading.

[0046] S203: Input the accessed data into the deep learning model.

[0047] Deep learning models refer to machine learning models used to analyze resource access patterns and determine their effectiveness.

[0048] S204: Based on the output of the deep learning model, determine whether the data characteristics of the accessed data meet the preset conditions. If yes, add the static resource to the binding relationship. Otherwise, maintain the binding relationship unchanged.

[0049] The preset conditions include access frequency threshold and access success rate threshold.

[0050] Specifically, the front-end collects user interaction data via JavaScript, reporting information such as user access to modules on the web page and the static files called. Static file loading is reported through both the `onload` event and the front-end global `onerror` event. This data is then reported to the static authentication mechanism. The collected data is preprocessed into a large model input format.

[0051] It should be noted that the large model uses a lightweight text table to understand the open-source model, focusing on the analysis of file-module-system relationships. The model operates on a daily basis, and based on the characteristics of access count, frequency, and success rate, it determines whether there is a valid business relationship between the file and the module and system, and whether the access is valid.

[0052] For example, the model automatically marks a file as a valid file for that module in the system based on a daily access count > 500 and a success rate > 90%. The daily access count threshold can be flexibly set according to the system's daily active users.

[0053] In this embodiment of the invention, binding relationships are established based on basic data, and access data is analyzed using a model to achieve dynamic updates. This enables the system to automatically learn and incorporate new legitimate static resources, reducing manual maintenance costs and improving the timeliness and accuracy of binding.

[0054] S3: Build a static resource gateway.

[0055] The static resource gateway is the core module used to receive, verify, and intercept static resource access requests.

[0056] In one possible implementation, S3 specifically includes sub-steps S301 to S303:

[0057] S301: Deploy a script execution environment at the server layer.

[0058] The server layer is the layer used to deploy and run the environment in the electronic bidding system, while the script execution environment is the basic environment used to run scripts and support logic writing.

[0059] S302: Define the access verification logic and access interception logic for static resources based on the script execution environment.

[0060] The access verification logic is used to verify the legality and matching of static resource access requests, while the access interception logic is used to intercept illegal static resource access requests.

[0061] S303: Combine access verification logic and access interception logic to build a static resource gateway.

[0062] In this embodiment of the invention, by building a static resource gateway at the server layer, the authentication logic is brought forward and centralized. This effectively isolates illegal requests from interfering with the backend business system, improving the overall system security and processing efficiency.

[0063] S4: Construct a static resource access anomaly detection model.

[0064] Among them, the static resource access anomaly detection model is a model used to analyze user behavior data and identify access anomalies.

[0065] In one possible implementation, S4 specifically includes sub-steps S401 to S406:

[0066] S401: Construct a behavioral timing analysis model and a static resource loading pattern model.

[0067] Among them, the behavioral time sequence analysis model is a sub-model used to analyze the temporal sequence characteristics of user behavior and assess behavioral risks, while the static resource loading pattern model is a sub-model used to analyze the static resource loading process and identify loading anomalies.

[0068] S402: Obtain historical user behavior data.

[0069] Among them, historical user behavior data refers to user behavior-related data accumulated during the past operation of the electronic bidding system.

[0070] S403: Based on historical user behavior data, train the behavior time series analysis model until the model converges to obtain the trained behavior time series analysis model.

[0071] For example, a behavioral analysis LSTM model can be built using the PyTorch framework, and the behavioral model can be trained using behavioral data from the procurement system to construct the long-term and short-term dependencies of procurement behavior. The model can also be dynamically learned from time-series data to study the dynamic changes in behavioral patterns under different scenarios.

[0072] Specifically, the trained model is used to analyze current procurement behavior according to risk scenarios, such as normal bidding sequence (viewing the tender document - submitting qualifications - quoting) and collusion sequence (multiple accounts viewing the tender document simultaneously - submitting similar qualifications - quoting). Behavioral risk assessment is performed based on temporal characteristics such as similar quotation modification time, consistency of active periods, and abnormal life cycle. If the assessed behavior is unqualified, it is sent to the static resource gateway layer for blacklisting, prohibiting access to static resources and thus preventing collusion.

[0073] S404: Retrieves normal static resource loading data for each business module.

[0074] Among them, normal static resource loading data refers to the relevant data generated during the loading process of static resources in normal access scenarios.

[0075] S405: Based on normal static resource loading data, train the static resource loading pattern model until the model converges to obtain the trained static resource loading pattern model.

[0076] S406: Combine the trained behavioral time-series analysis model and the static resource loading pattern model to determine the static resource access anomaly detection model.

[0077] For example, for static files, the Isolation Forest model, which is more efficient for static data, is introduced. By using normal static file data from each module as the training set, the model learns the normal static file request patterns under each functional module to build an isolation tree. Then, anomaly analysis is performed on the static data collected in the current project to analyze abnormal file access and add new normal static file requests to the dependency relationship.

[0078] Furthermore, static resource-related features are extracted: the module sequence to which the resource belongs, key resource missing markers, and the number of times resource loading anomalies occur. By inputting these features into the model to process temporal features (module + resource loading) and static features (resource missing / loading failure), the accuracy of anomaly identification is improved.

[0079] The formula for calculating the comprehensive score of module-level anomalies is as follows:

[0080]

[0081]

[0082] Among them, S score This represents the module-level anomaly comprehensive score, where ω1 represents the weight of the temporal anomaly coefficient of the module to which the resource belongs, ω2 represents the weight of the critical resource missing marker, and ω3 represents the weight of the normalized value of the number of resource loading anomalies. C seq F represents the temporal anomaly coefficient of the module sequence to which the resource belongs. mIndicates a missing critical resource, N err This represents the normalized value of the number of times resource loading errors occurred.

[0083] In this embodiment of the invention, a dual model is constructed, consisting of behavioral temporal analysis and static resource loading pattern analysis, and trained using historical behavioral data and normal loading data respectively. This enables anomaly detection to integrate multi-dimensional features of user operation sequences and resource loading patterns, significantly improving the accuracy of identifying complex attacks.

[0084] S5: Receive static resource access requests through the static resource gateway.

[0085] Among them, static resource access requests are requests initiated by users to obtain static resources.

[0086] S6: Based on the binding relationship, verify the matching between the static resource corresponding to the static resource access request and the current business module, and obtain the verification result.

[0087] The verification result is a judgment on whether the static resource matches the current business module, which is the electronic bidding system function module currently accessed by the user.

[0088] In one possible implementation, S6 specifically includes sub-steps S601 to S603:

[0089] S601: Determine the static resource and the current business module corresponding to the static resource access request respectively.

[0090] S602: Based on the binding relationship, determine whether the static resource belongs to the current business module. If yes, it is considered a match. Otherwise, it is considered a mismatch.

[0091] S603: Based on the judgment result, obtain the verification result.

[0092] In this embodiment of the invention, by verifying the resource and module information in the access request against the predefined binding relationship in real time, the legitimacy of the current access can be determined quickly and accurately, thus realizing fine-grained access control based on business scenarios.

[0093] S7: Collect user behavior data based on the verification results.

[0094] User behavior data refers to user operation and resource loading information collected in a differentiated manner based on the degree of risk.

[0095] For example, when static file access passes through this static file detection device, it first checks whether the file belongs to the project based on the aforementioned binding relationship, and then checks whether it belongs to the current operating module. If the file is not a static file under the project or module, it is considered an illegal object. The static file detection device will add a custom request header, uploadLevel, to the current user at the nginx layer, which is divided into low and high. When collecting information, the front-end JS will obtain this request header level. When it is low, only some basic static file binding relationship data is reported. When it is marked as high, all behavioral data including all clicks, mouse traces, page dwell events, static file requests, API requests, etc. will be reported.

[0096] In this embodiment of the invention, the granularity (basic or full) of user behavior collection is dynamically determined based on the verification result (match or non-match). This differentiated strategy ensures that the data needed to capture abnormal behavior is captured while minimizing unnecessary performance overhead.

[0097] S8: Input user behavior data into the static resource access anomaly detection model and output the authentication anomaly detection results.

[0098] Among them, the authentication anomaly detection result is a conclusion drawn from the model's analysis of user behavior data regarding whether the access behavior is abnormal.

[0099] In one possible implementation, S8 specifically includes sub-steps S801 to S804:

[0100] S801: Input user behavior data into the trained behavior time series analysis model and the trained static resource loading pattern model respectively.

[0101] S802: Using the trained behavioral time-series analysis model, risk assessment is performed on the behavioral time-series features in user behavior data to obtain time-series risk assessment results.

[0102] Among them, behavioral temporal characteristics are the time sequence and operation sequence of user behavior, and the temporal risk assessment result is the user behavior risk judgment conclusion output by the behavioral temporal analysis model.

[0103] S803: By using the trained static resource loading pattern model, anomaly analysis is performed on the resource loading characteristics in user behavior data to obtain loading anomaly analysis results.

[0104] Among them, resource loading characteristics are the order, time interval and other related characteristics of static resource loading, and loading anomaly analysis results are the loading anomaly judgment conclusions output by the static resource loading law model.

[0105] Furthermore, the calculation of the resource temporal characteristic score (SS) involves the standard temporal location:

[0106]

[0107] Wherein, SS represents the resource time-series feature score. p represents the summation of all resource nodes within the module. i s represents the actual loading location of the i-th resource node. i This represents the standard timing position of the i-th resource node, and K represents the total number of resource nodes with standard loading timing within the module.

[0108] Furthermore, the formula for calculating the resource time interval anomaly score (ST) is as follows:

[0109]

[0110] Where ST represents the resource time interval anomaly score, N represents the total number of resources, and t i This represents the actual time interval between the i-th resource node and the (i+1)-th resource node. This represents the normal average time interval, and min indicates the operation of taking the minimum value.

[0111] S804: Combining the results of the time-series risk assessment and the results of the loading anomaly analysis, the results of the authentication anomaly detection are obtained.

[0112] In this embodiment of the invention, the collected behavioral data is input into a trained dual model for analysis, and the temporal risks and loading anomaly results are considered together. This achieves intelligent comprehensive judgment of covert attack behaviors, improving the comprehensiveness and reliability of authentication decisions.

[0113] S9: Based on the authentication anomaly detection results, determine whether the access behavior to static resources constitutes an attack. If so, intercept it through the static resource gateway. Otherwise, allow the static resource access request.

[0114] Among them, attack behavior refers to acts that endanger the security of electronic bidding system and illegally access static resources.

[0115] Among them, behavioral risk assessment indicators are used to calculate risk scores:

[0116]

[0117] Among them, S final This represents the overall risk score, where M represents the number of risk indicators, and S represents the risk level. j W represents the score of the j-th risk indicator. j This represents the weight of the j-th risk indicator.

[0118] It should be noted that the risk indicators include the risk of identical user registration fingerprints, risk of identical devices and environments, short intervals between bid document uploads, similar bid modification times, consistent activity periods, abnormal lifecycle risks, risks associated with script tools, risks of identical itemized bids, suspected bid-rigging, and risks of identical identity information association.

[0119] Furthermore, the formula for calculating the deviation rate of suspected bid-rigging is as follows:

[0120]

[0121] Where D represents the deviation rate, P bid P represents the current bid price. base This indicates the benchmark price.

[0122] In this embodiment of the invention, real-time interception or permission is executed based on the model's assessment results, completing a closed loop from risk detection to security handling. Simultaneously, legitimate access records provide a data foundation for the continuous optimization of binding relationships, enabling the system to possess self-evolving security protection capabilities.

[0123] Optionally, following S9, the following may also be included:

[0124] S10: Collect valid static resource access records corresponding to static resource access requests.

[0125] Among them, the static resource legal access record is a record that records the relevant information of the static resource access after it has been determined to be legal.

[0126] S11: Based on the valid access records of static resources, update the binding relationship between each business module and the static resources.

[0127] Reference manual attached Figure 2 The diagram shows a structural schematic of a static resource authentication system for an electronic bidding scenario provided by the present invention.

[0128] This invention also provides a static resource authentication system 20 for electronic bidding scenarios, applied to the aforementioned static resource authentication method for electronic bidding scenarios, comprising:

[0129] Processor 201.

[0130] The memory 202 stores computer-readable instructions. When the computer-readable instructions are executed by the processor 201, they implement the static resource authentication method in the electronic bidding scenario as described in the method embodiment.

[0131] The static resource authentication system 20 for electronic bidding scenarios provided by this invention can execute the static resource authentication method for electronic bidding scenarios described above and achieve the same or similar technical effects. To avoid duplication, this invention will not elaborate further.

[0132] It should be understood that the processor in the embodiments of the present invention can be a central processing unit (CPU), or it can be other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor can be a microprocessor or any conventional processor.

[0133] It should also be understood that the memory in the embodiments of the present invention can be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory. The non-volatile memory can be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), or flash memory. The volatile memory can be random access memory (RAM), which is used as an external cache. By way of example, but not limitation, many forms of random access memory (RAM) are available, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate synchronous DRAM (DDR SDRAM), enhanced synchronous DRAM (ESDRAM), synchronous linked DRAM (SLDRAM), and direct rambus RAM (DR RAM).

[0134] The above embodiments can be implemented, in whole or in part, by software, hardware (such as circuits), firmware, or any other combination thereof. When implemented using software, the above embodiments can be implemented, in whole or in part, as a computer program product. The computer program product includes one or more computer instructions or computer programs. When the computer instructions or computer programs are loaded or executed on a computer, all or part of the processes or functions described in the embodiments of the present invention are generated. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another. For example, the computer instructions can be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wired (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium can be any available medium that a computer can access or a data storage device such as a server or data center that includes one or more sets of available media. The available medium can be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. A semiconductor medium can be a solid-state drive.

[0135] It should be understood that the term "and / or" in this article is merely a description of the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can represent: A existing alone, A and B existing simultaneously, or B existing alone. A and B can be singular or plural. Additionally, the character " / " in this article generally indicates an "or" relationship between the preceding and following related objects, but it can also represent an "and / or" relationship. Please refer to the context for a more accurate understanding.

[0136] In this invention, "at least one" means one or more, and "more than one" means two or more. "At least one of the following" or similar expressions refer to any combination of these items, including any combination of a single item or a plurality of items. For example, at least one of a, b, or c can represent: a, b, c, ab, ac, bc, or abc, where a, b, and c can be a single item or multiple items.

[0137] It should be understood that, in various embodiments of the present invention, the order of the above-mentioned process numbers does not imply the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present invention.

[0138] Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementations should not be considered beyond the scope of this invention.

[0139] Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific working processes of the devices, apparatuses, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.

[0140] In the several embodiments provided by this invention, it should be understood that the disclosed devices, apparatuses, and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another device, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between devices or units may be electrical, mechanical, or other forms.

[0141] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0142] In addition, the functional units in the various embodiments of the present invention can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit.

[0143] If the aforementioned functions are implemented as software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this invention, or the part that contributes to the prior art, or a part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0144] This invention provides a computer-readable storage medium storing a computer program thereon, which, when executed by a processor, implements the static resource authentication method in an electronic bidding scenario as described in the method embodiments.

[0145] The computer-readable storage medium provided by this invention can implement the steps and effects of the static resource authentication method in the electronic bidding scenario of the above method embodiments. To avoid repetition, this invention will not repeat them.

[0146] The above description is merely a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in the present invention should be included within the scope of protection of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

[0147] The following points need to be explained:

[0148] (1) The accompanying drawings of the embodiments of the present invention only involve the structures involved in the embodiments of the present invention. Other structures can refer to the general design.

[0149] (2) For clarity, the thickness of layers or regions is enlarged or reduced in the drawings used to describe embodiments of the invention, i.e., these drawings are not drawn to scale. It is understood that when an element such as a layer, film, region or substrate is referred to as being “above” or “below” another element, the element may be “directly” located “above” or “below” the other element or there may be intermediate elements.

[0150] (3) Where there is no conflict, the embodiments of the present invention and the features in the embodiments can be combined with each other to obtain new embodiments.

[0151] The above are merely specific embodiments of the present invention, but the scope of protection of the present invention is not limited thereto. The scope of protection of the present invention should be determined by the scope of the claims.

Claims

1. A static resource authentication method in an electronic bidding scenario, characterized in that, include: S1: Obtain basic data for static resources; S2: Based on the aforementioned basic data, establish binding relationships between multiple business modules and the static resources respectively; S3: Build a static resource gateway; S4: Construct a static resource access anomaly detection model; S5: Receive static resource access requests through the static resource gateway; S6: Based on the binding relationship, verify the matching between the static resource corresponding to the static resource access request and the current business module, and obtain the verification result; S7: Collect user behavior data based on the verification results; S8: Input the user behavior data into the static resource access anomaly detection model and output the authentication anomaly detection result; S9: Based on the authentication anomaly detection result, determine whether the access behavior of the static resource is an attack behavior; if so, intercept it through the static resource gateway; otherwise, allow the static resource access request.

2. The static resource authentication method in the electronic bidding scenario according to claim 1, characterized in that, The basic data includes file list data, static resource attribute information, and association rule data for multiple business modules.

3. The static resource authentication method in the electronic bidding scenario according to claim 1, characterized in that, The binding relationship is specifically an attribution relationship, which includes a static resource name, a business module identifier, and a resource validity identifier.

4. The static resource authentication method in the electronic bidding scenario according to claim 1, characterized in that, S2 specifically includes: S201: Based on the aforementioned basic data, establish an initial binding relationship between each of the aforementioned business modules and the aforementioned static resources; S202: Obtain the access data of the static resource; S203: Input the accessed data into the deep learning model; S204: Based on the output of the deep learning model, determine whether the data characteristics of the accessed data meet the preset conditions; if so, add the static resource to the binding relationship; otherwise, maintain the binding relationship unchanged.

5. The static resource authentication method in the electronic bidding scenario according to claim 1, characterized in that, S3 specifically includes: S301: Deploy a script execution environment at the server layer; S302: Define the access verification logic and access interception logic for the static resources according to the script execution environment; S303: Combine the access verification logic and the access interception logic to construct the static resource gateway.

6. The static resource authentication method in the electronic bidding scenario according to claim 1, characterized in that, S4 specifically includes: S401: Construct a behavioral timing analysis model and a static resource loading pattern model; S402: Obtain historical user behavior data; S403: Based on the historical user behavior data, train the behavior time series analysis model until the model converges to obtain the trained behavior time series analysis model; S404: Obtain the normal static resource loading data for each of the aforementioned business modules; S405: Based on the normal static resource loading data, train the static resource loading pattern model until the model converges to obtain the trained static resource loading pattern model. S406: Combine the trained behavior time sequence analysis model and the static resource loading pattern model to determine the static resource access anomaly detection model.

7. The static resource authentication method in the electronic bidding scenario according to claim 1, characterized in that, S6 specifically includes: S601: Determine the static resource corresponding to the static resource access request and the current business module respectively; S602: Based on the binding relationship, determine whether the static resource belongs to the current business module; if yes, determine that it matches; otherwise, determine that it does not match. S603: Based on the judgment result, the verification result is obtained.

8. The static resource authentication method in the electronic bidding scenario according to claim 6, characterized in that, S8 specifically includes: S801: Input the user behavior data into the trained behavior time series analysis model and the trained static resource loading pattern model respectively; S802: Using the trained behavior time series analysis model, perform risk assessment on the behavior time series features in the user behavior data to obtain the time series risk assessment result; S803: Using the trained static resource loading pattern model, perform anomaly analysis on the resource loading characteristics in the user behavior data to obtain loading anomaly analysis results; S804: Combining the time-series risk assessment results with the loading anomaly analysis results, the authentication anomaly detection results are obtained.

9. The static resource authentication method in the electronic bidding scenario according to claim 1, characterized in that, Following S9, the following is also included: S10: Collect the valid static resource access records corresponding to the static resource access requests; S11: Based on the legal access records of the static resources, update the binding relationship between each of the business modules and the static resources.

10. A static resource authentication system for electronic bidding scenarios, characterized in that, include: processor; A memory storing computer-readable instructions, which, when executed by the processor, implement the static resource authentication method in the electronic bidding scenario as described in any one of claims 1 to 9.

Images