CN-121984755-A - Method and device for collaborative processing of gateway log analysis and abnormal access

Abstract

A gateway log analysis and abnormal access collaborative processing method comprises the steps of carrying out multidimensional log analysis and visual processing on a gateway log, carrying out statistics and association analysis on access requests of users by adopting a machine learning method based on the gateway access log to extract user attributes and dynamically adjusting access authorities of the corresponding users according to the user attributes, judging whether access is abnormal access or not based on a multidimensional analysis result and the user attributes, and automatically executing blocking or limiting measures when the access is judged to be abnormal access. The method can automatically take blocking or other limiting measures for abnormal access in a high-performance computing environment, avoid resource waste, ensure normal operation of service and improve the safety and stability of the system.

Inventors

• HE RONG
• XIAO HAILI
• WANG XIAONING
• ZHAO YINING
• LU SHASHA
• WU CAN

Assignees

• 中国科学院计算机网络信息中心

Dates

Publication Date

20260505

Application Date

20260203

Claims (10)

1. 1. A method for collaborative processing of gateway log analysis and exception access, the method comprising: performing multidimensional log analysis and visualization processing on the gateway log, wherein the dimensions comprise client IP, access time and access service; Based on the gateway access log, carrying out statistics and association analysis on the access request of the user by adopting a machine learning method so as to extract the user attribute and dynamically adjusting the access authority of the corresponding user according to the user attribute; based on the multidimensional analysis result and the user attribute, judging whether the access is abnormal access or not, and automatically executing blocking or limiting measures when the access is judged to be abnormal access.
2. 2. The method of claim 1, wherein the performing multidimensional log analysis and visualization on the gateway log comprises: Counting the number of requests for IP access to a specific service from a specific client in a specified time period; based on the statistical results, a visual chart reflecting the access condition of each service is generated and displayed.
3. 3. The method of claim 1, wherein the user attributes comprise at least one of access frequency, access time, and API calls.
4. 4. A method according to claim 3, wherein automatically performing the blocking or limiting measure comprises, if the user attribute indicates that the user frequently triggers an abnormal access: automatically lowering the user's access rights or restricting access to a particular resource.
5. 5. The method of claim 1, further comprising generating a report of the processing results and detailed information of the exception access and feeding back to a system administrator in real time.
6. 6. A gateway log analysis and exception access co-processing apparatus, the apparatus comprising: The acquisition module is used for acquiring the gateway log; The processing module is used for carrying out multidimensional log analysis and visualization processing on the gateway log, and the dimensionality comprises client IP, access time and access service; the processing module is also used for carrying out statistics and association analysis on the access request of the user by adopting a machine learning method based on the gateway access log so as to extract the user attribute and dynamically adjusting the access authority of the corresponding user according to the user attribute; The processing module is further configured to determine whether the access is abnormal based on the multidimensional analysis result and the user attribute, and automatically execute blocking or limiting measures when the access is determined to be abnormal.
7. 7. The apparatus of claim 6, wherein the multi-dimensional log analysis and visualization process for the gateway log comprises: Counting the number of requests for IP access to a specific service from a specific client in a specified time period; based on the statistical results, a visual chart reflecting the access condition of each service is generated and displayed.
8. 8. The apparatus of claim 6, wherein the user attributes comprise at least one of access frequency, access time, and API calls.
9. 9. The apparatus of claim 8, wherein automatically performing the blocking or limiting means if the user attribute indicates that the user frequently triggers abnormal access comprises: automatically lowering the user's access rights or restricting access to a particular resource.
10. 10. The apparatus of claim 6, wherein the processing module is further configured to generate a report of the processing result and the detailed information of the abnormal access, and feed back the report to a system administrator in real time.

Description

Method and device for collaborative processing of gateway log analysis and abnormal access Technical Field The invention relates to the technical field of high-performance computing, in particular to a method and a device for collaborative processing of gateway log analysis and abnormal access. Background Through years of development, high-performance computing environments have been connected to more than twenty nodes, and open source software, commercial software and independent research and development software related to the fields of quantum chemistry, molecular simulation, high-energy physics, bioscience and the like are provided. With the development of the environment, users of high-performance computing environment services and application communities and business platforms are increasing. In order to unify access portals and facilitate management and monitoring, all services are accessed through the gateway, i.e. the unified portal. At present, in order to ensure the safety of environmental resources, prevent malicious attacks and improve the gateway access efficiency, the existing technical scheme generally adopts a log analysis and anomaly detection mechanism based on fixed rules and combines manual auditing to respond. However, the scheme faces the problems of response lag, insufficient expansibility, low intelligent degree and the like in a multi-source heterogeneous and high-concurrency scene, and is difficult to adapt to the dynamic security requirement of a high-performance computing environment. Disclosure of Invention In order to solve the problems in the prior art, the embodiment of the application provides a method, a device, a computing device, a computer storage medium and a product containing a computer program for collaborative processing of gateway log analysis and abnormal access, which can automatically take blocking or other limiting measures for abnormal access in a high-performance computing environment, avoid resource waste, ensure normal operation of service and improve the safety and stability of a system. The embodiment of the application provides a gateway log analysis and abnormal access collaborative processing method, which comprises the steps of carrying out multidimensional log analysis and visualization processing on a gateway log, carrying out statistics and association analysis on access requests of users by adopting a machine learning method based on the gateway access log to extract user attributes and dynamically adjusting access rights of corresponding users according to the user attributes, judging whether access is abnormal access or not based on a multidimensional analysis result and the user attributes, and automatically executing blocking or limiting measures when the access is judged to be abnormal access. In some possible implementations, the multi-dimensional log analysis and visualization processing of the gateway log includes counting the number of requests for accessing a specific service from a specific client IP in a specific time period, and generating and displaying a visualization chart reflecting the access condition of each service based on the counting result. In some possible implementations, the user attributes include at least one of access frequency, access time, and API call. In some possible implementations, the automatically performing the blocking or limiting measure includes automatically reducing the user's access rights or limiting access to a particular resource if the user attribute indicates that the user frequently triggers abnormal access. In some possible implementations, the method further includes generating a report of the processing results and detailed information of the exception access and feeding back to a system administrator in real time. The embodiment of the application provides a gateway log analysis and abnormal access cooperative processing device, which comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a gateway log, the processing module is used for carrying out multidimensional log analysis and visualization processing on the gateway log, the dimensionality comprises a client IP, access time and access service, the processing module is also used for carrying out statistics and association analysis on access requests of users by adopting a machine learning method based on the gateway access log so as to extract user attributes and dynamically adjust the access authority of corresponding users according to the user attributes, and the processing module is also used for judging whether the access is abnormal access or not based on the multidimensional analysis result and the user attributes and automatically executing blocking or limiting measures when the abnormal access is judged. In some possible implementations, the multi-dimensional log analysis and visualization processing of the gateway log includes counting the number of r