CN113849371A - Application abnormity determining method, device, computer equipment and medium - Google Patents
Application abnormity determining method, device, computer equipment and medium Download PDFInfo
- Publication number
- CN113849371A CN113849371A CN202111124345.4A CN202111124345A CN113849371A CN 113849371 A CN113849371 A CN 113849371A CN 202111124345 A CN202111124345 A CN 202111124345A CN 113849371 A CN113849371 A CN 113849371A
- Authority
- CN
- China
- Prior art keywords
- target application
- point information
- buried point
- monitoring
- abnormal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3051—Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3089—Monitoring arrangements determined by the means or processing involved in sensing the monitored data, e.g. interfaces, connectors, sensors, probes, agents
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present disclosure relates to an application anomaly determination method, apparatus, computer device and medium; wherein, the method comprises the following steps: determining that the target application meets an abnormal triggering condition, and acquiring first monitoring buried point information of the target application; acquiring second monitoring buried point information when the target application is normal within a preset time; and determining whether the target application is abnormal or not according to the first monitoring buried point information and the second monitoring buried point information. The embodiment of the disclosure can determine whether the target application is abnormal, which is beneficial to improving the safety of the application using process and is convenient for subsequently adjusting and optimizing the product quality of the target application.
Description
Technical Field
The present disclosure relates to the field of network monitoring technologies, and in particular, to a method, an apparatus, a computer device, and a medium for determining an application exception.
Background
With the Development of network technology, a large number of applications exist in the application market at present, and when an application accesses an external Software Development Kit (SDK), the SDK may have malicious behaviors such as performing a bill-swiping process in the background or downloading a dynamically loaded dex file, so that the application is abnormal.
Therefore, a method is needed to determine the abnormal situation of the application, so as to adjust and optimize the product quality of the application in the following process, and avoid affecting the normal use of the user.
Disclosure of Invention
To solve the above technical problem or at least partially solve the above technical problem, the present disclosure provides an application anomaly determination method, apparatus, computer device, and medium.
In a first aspect, the present disclosure provides an application anomaly determination method, including:
determining that a target application meets an abnormal triggering condition, and acquiring first monitoring buried point information of the target application;
acquiring second monitoring buried point information when the target application is normal within a preset time;
and determining whether the target application is abnormal or not according to the first monitoring buried point information and the second monitoring buried point information.
Optionally, the determining that the target application satisfies the exception triggering condition includes:
acquiring total flow consumption data of the target application in a target time period;
when the total flow consumption data is larger than a corresponding preset threshold value, determining that the target application meets an abnormal triggering condition.
Optionally, the determining whether the target application is abnormal according to the first monitoring buried point information and the second monitoring buried point information includes:
determining whether the first monitoring buried point information is consistent with the second monitoring buried point information;
and if not, determining whether the target application is abnormal or not according to the flow consumption data in the first monitoring buried point information and the flow consumption data in the second monitoring buried point information.
Optionally, the determining whether the target application is abnormal according to each traffic consumption data in the first monitoring buried point information and each traffic consumption data in the second monitoring buried point information includes:
determining the difference value between each flow consumption data in the first monitoring buried point information and each corresponding flow consumption data in the second monitoring buried point information;
and when the difference value is larger than a target threshold value, determining that the target application is abnormal.
Optionally, after determining that the target application is abnormal, the method further includes:
popping up a popup window on a display interface of the target application;
and displaying the information that the target application is abnormal through the popup window.
Optionally, the preset threshold is determined according to at least one of a type of traffic, a category of the target application, configuration information of a terminal to which the target application belongs, and a usage time period of the target application.
Optionally, the first monitoring buried point information includes: the name of the target application, time period information when the target application runs, background traffic consumption data of the target application, foreground traffic consumption data of the target application, and total traffic consumption data of the target application.
In a second aspect, the present disclosure provides an application anomaly determination apparatus, including:
the first acquisition module is used for determining that a target application meets an abnormal triggering condition and acquiring first monitoring buried point information of the target application;
the second acquisition module is used for acquiring second monitoring embedded point information when the target application is normal within preset time;
and the abnormity determining module is used for determining whether the target application is abnormal or not according to the first monitoring buried point information and the second monitoring buried point information.
Optionally, the first obtaining module is specifically configured to:
acquiring total flow consumption data of the target application in a target time period;
and when the total flow consumption data is larger than a corresponding preset threshold value, determining that the target application meets an abnormal triggering condition, and acquiring first monitoring buried point information of the target application.
Optionally, the abnormality determining module includes:
the first determining unit is used for determining whether the first monitoring buried point information is consistent with the second monitoring buried point information;
and if the traffic consumption data in the first monitoring buried point information are inconsistent with the traffic consumption data in the second monitoring buried point information, determining whether the target application is abnormal or not according to the traffic consumption data in the first monitoring buried point information and the traffic consumption data in the second monitoring buried point information.
Optionally, the second determining unit is specifically configured to:
if the first monitoring embedded point information is inconsistent with the second monitoring embedded point information, determining the difference value between each flow consumption data in the first monitoring embedded point information and each corresponding flow consumption data in the second monitoring embedded point information;
and when the difference value is larger than a target threshold value, determining that the target application is abnormal.
Optionally, the apparatus further comprises:
the popup window popup module is used for popping up a popup window on a display interface of the target application after determining that the target application is abnormal;
and the display module is used for displaying the information of the abnormity of the target application through the popup window.
Optionally, the preset threshold is determined according to at least one of a type of traffic, a category of the target application, configuration information of a terminal to which the target application belongs, and a usage time period of the target application.
Optionally, the first monitoring buried point information includes: the name of the target application, time period information when the target application runs, background traffic consumption data of the target application, foreground traffic consumption data of the target application, and total traffic consumption data of the target application.
In a third aspect, the present disclosure also provides a computer device, including:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the application exception determining method of any one of the embodiments of the present disclosure.
In a fourth aspect, the present disclosure also provides a computer-readable storage medium on which a computer program is stored, which when executed by a processor, implements the application abnormality determination method described in any one of the embodiments of the present disclosure.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages: the method comprises the steps of firstly determining that the target application meets an abnormal triggering condition, obtaining first monitoring buried point information of the target application, then obtaining second monitoring buried point information when the target application is normal within preset time, and finally determining whether the target application is abnormal according to the first monitoring buried point information and the second monitoring buried point information.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic flowchart of an application anomaly determination method according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of another application anomaly determination method provided in the embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an application anomaly determination device according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a computer device provided in an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
Fig. 1 is a schematic flowchart of an application anomaly determination method according to an embodiment of the present disclosure. The embodiment is applicable to the case of determining whether the application in the terminal device or the operating system is abnormal. The method of the embodiment can be executed by an application exception determining device, which can be implemented in a hardware/software manner and can be configured in computer equipment; the computer device may include a server, and may implement the application exception determining method according to any embodiment of the present application.
As shown in fig. 1, the method specifically includes the following steps:
s110, determining that the target application meets an abnormal triggering condition, and acquiring first monitoring buried point information of the target application.
The target application may be understood as an application installed in a terminal device or an operating system, and particularly an application that accesses an external Software Development Kit (SDK). The operating system may be an Android system, or may be other operating systems, which is not limited in this embodiment. The first monitoring buried point information may specifically include: the method comprises the following steps of obtaining the name of a target application, time period information of the target application during running, background traffic consumption data of the target application, foreground traffic consumption data of the target application and total traffic consumption data of the target application. Preferably, the first monitoring buried point information may include at least one of target application traffic consumption data, a name of the target application, and time period information when the target application is running. The exception triggering condition may be understood as a condition corresponding to the target application being able to trigger the exception, for example, the exception triggering condition may be that the target application has a sudden change in traffic consumption data in a certain time period compared with other time periods. The first monitoring buried point information can be understood as some information collected when the target application meets the abnormal triggering condition, and is used for tracking the use condition of the target application.
In order to determine whether the target application is abnormal, when it is determined that the target application meets the abnormal triggering condition, the first monitoring buried point information of the target application at that time needs to be acquired, for example, the name of the target application, the time period information when the target application runs, the traffic consumption data of the target application, and the like are acquired. The first monitoring buried point information can be queried through a system function, for example, the Android can open the first monitoring buried point information which is called by a third-party developer through the system function, and when a target application meets an exception triggering condition, traffic data in different time periods can be queried specifically, for example: the time range such as month/week/day, etc., may be specific to the flow consumption data in a certain time period of a certain day, etc.
And S120, acquiring second monitoring buried point information when the target application is normal within a preset time.
The preset time may be preset, for example, a month, and may also be determined according to specific situations, and the embodiment is not particularly limited. The second monitoring site information can be understood as information collected when the target application is normal. The second monitoring site information may specifically include: the method comprises the following steps of obtaining the name of a target application, running time period information of the target application in preset time, background traffic consumption data of the target application in the preset time, foreground traffic consumption data of the target application in the preset time and total traffic consumption data of the target application in the preset time. Preferably, the second monitoring site information may include at least one of traffic consumption data of the target application within a preset time, a name of the target application, and operation time period information of the target application within the preset time.
After the first monitoring buried point information when the target application meets the abnormal triggering condition is acquired, second monitoring buried point information when the target application is normal within a preset time needs to be acquired, for example, the name of the target application, the running time period information of the target application within the preset time, the flow consumption data of the target application within the preset time, and the like are acquired, so that the second monitoring buried point information is used as a reference to determine whether the target application is abnormal. And the second monitoring buried point information can be inquired through a system function.
And S130, determining whether the target application is abnormal or not according to the first monitoring buried point information and the second monitoring buried point information.
After the first monitoring buried point information and the second monitoring buried point information are obtained, a comparison result is obtained by comparing the content included in the first monitoring buried point information with the corresponding content in the second monitoring buried point information, and whether the target application is abnormal or not can be determined according to the comparison result.
In this embodiment, it is first determined that the target application satisfies an exception triggering condition, first monitoring buried point information of the target application is obtained, second monitoring buried point information when the target application is normal within a preset time is then obtained, and finally, whether the target application is abnormal or not is determined according to the first monitoring buried point information and the second monitoring buried point information.
In some embodiments, optionally, the determining that the target application satisfies the exception triggering condition may specifically include:
acquiring total flow consumption data of the target application in a target time period; when the total flow consumption data is larger than a corresponding preset threshold value, determining that the target application meets an abnormal triggering condition.
The target time period may be preset, or may be determined according to specific situations, and the embodiment is not particularly limited. For example, a day may be divided into a plurality of target time periods, the target time periods are represented by int values, and if the int value is 1, the target time periods do not need to be split; if the int value is 2, the method represents that 0 hour-12 hour in a day is divided into one target time period for embedding points, and 12 hour-24 hour is divided into another target time period for embedding points. The preset threshold may be preset, or may be determined according to specific situations, and the embodiment is not particularly limited.
At present, when a user uses a target application, flow consumption data are usually generated, so that the total flow consumption data of the target application in a target time period are obtained, then the total flow consumption data are compared with a corresponding preset threshold value, and if the total flow consumption data are larger than the corresponding preset threshold value, the target application is determined to meet an abnormal triggering condition; conversely, if the total traffic consumption data is less than or equal to the corresponding preset threshold, it is determined that the target application does not satisfy the exception triggering condition.
In this embodiment, it is determined by the above method that the target application satisfies the abnormal triggering condition, and it can be determined under what conditions the first monitoring embedded point information of the target application is obtained, and the first monitoring embedded point information does not need to be obtained in real time, thereby avoiding resource waste and memory storage burden.
In this embodiment, optionally, the preset threshold is determined according to at least one of a type of traffic, a category of the target application, configuration information of a terminal to which the target application belongs, and a usage time period of the target application.
The type of traffic may include mobile traffic, wireless network communication technology (WIFI) traffic, other traffic, and the like. The categories of target applications may include video-type applications, text-type applications, financial-type applications (e.g., payment applications), and super applications (e.g., communication applications), among others. The configuration information of the terminal to which the target application belongs may be model configuration information of the terminal. The usage period of the target application may vary from user to user. The influence factors influencing the preset threshold may also be other, and this embodiment is not limited.
For example, when the preset threshold is determined, the preset threshold corresponding to the mobile traffic in the traffic type is usually smaller than the preset threshold corresponding to the WIFI traffic; the preset threshold corresponding to the video application in the category of the target application is usually larger than the preset threshold corresponding to the financial application; when the configuration information of the terminal to which the target application belongs is different, the corresponding preset threshold values may be set to be different; when the usage time periods of the target application are different, the corresponding preset threshold may be set differently, for example, the preset threshold at night (24 hours-6 hours) is usually smaller than the preset threshold at noon (12 hours-2 hours).
In the embodiment, the preset threshold is determined in the above manner, so that the method is more targeted and more accurate, and the accuracy of the subsequent target application determination meeting the abnormal triggering condition is improved.
In some embodiments, optionally, the determining whether the target application is abnormal according to the first monitoring buried point information and the second monitoring buried point information may specifically include:
determining whether the first monitoring buried point information is consistent with the second monitoring buried point information; and if not, determining whether the target application is abnormal or not according to the flow consumption data in the first monitoring buried point information and the flow consumption data in the second monitoring buried point information.
Specifically, it is determined whether the first monitoring buried point information is consistent with the second monitoring buried point information, for example, it is determined whether a name of a target application in the first monitoring buried point information is consistent with a name of a target application in the second monitoring buried point information, and it is determined whether total flow consumption data of the target application in the first monitoring buried point information is consistent with total flow consumption data of the target application in the second monitoring buried point information within a preset time. If the first monitoring buried point information is inconsistent with the second monitoring buried point information, it is indicated that the target application may be abnormal, and at this time, each flow consumption data in the first monitoring buried point information and each flow consumption data in the second monitoring buried point information need to be analyzed, so as to determine whether the target application is abnormal; on the contrary, if the first monitoring buried point information is consistent with the second monitoring buried point information, the target application is not abnormal.
In this embodiment, because the traffic consumption data generated by the target application in different time periods may be different, or the first monitoring embedded point information is inconsistent with the second monitoring embedded point information due to other special conditions, the method can avoid the occurrence of erroneous judgment, and is beneficial to improving the accuracy of the target application abnormal judgment result.
In some embodiments, optionally, the determining whether the target application is abnormal according to each traffic consumption data in the first monitoring buried point information and each traffic consumption data in the second monitoring buried point information may specifically include:
determining the difference value between each flow consumption data in the first monitoring buried point information and each corresponding flow consumption data in the second monitoring buried point information;
and when the difference value is larger than a target threshold value, determining that the target application is abnormal.
The target threshold may be preset, or may be determined according to specific situations, and this embodiment is not particularly limited.
Specifically, when the first monitoring buried point information is inconsistent with the second monitoring buried point information, a difference value between each flow consumption data in the first monitoring buried point information and each corresponding flow consumption data in the second monitoring buried point information is determined, for example, a first difference value between background flow consumption data of a target application in the first monitoring buried point information and background flow consumption data of the target application in the second monitoring buried point information within a preset time may be determined; a second difference value between foreground traffic consumption data of the target application in the first monitoring buried point information and foreground traffic consumption data of the target application in the second monitoring buried point information within a preset time can be determined; and determining a third difference value between the total flow consumption data of the target application in the first monitoring buried point information and the total flow consumption data of the target application in the second monitoring buried point information within the preset time. Then comparing the difference value with a target threshold value, and determining that the target application is abnormal when the difference value is larger than the target threshold value; and when the difference is smaller than or equal to the target threshold, determining that the target application is not abnormal.
In the embodiment, the target application is determined to be abnormal by the method, so that the method is more in line with the actual situation, the accuracy of the final determination result is improved, and the subsequent adjustment and optimization of the product quality of the target application are facilitated.
Fig. 2 is a schematic flowchart of another application anomaly determination method provided in the embodiment of the present disclosure. The embodiment is optimized on the basis of the embodiment. Optionally, the present embodiment explains in detail a process of determining whether the target application is abnormal. As shown in fig. 2, the method specifically includes the following steps:
s210, determining that the target application meets an abnormal triggering condition, and acquiring first monitoring buried point information of the target application.
And S220, acquiring second monitoring buried point information when the target application is normal within a preset time.
And S230, determining whether the first monitoring buried point information is consistent with the second monitoring buried point information.
If yes, go to S240; if not, go to S250.
And S240, determining that the target application is not abnormal.
And S250, determining the difference value between each flow consumption data in the first monitoring buried point information and each corresponding flow consumption data in the second monitoring buried point information.
And S260, determining whether the difference value is larger than a target threshold value.
If yes, go to S270; if not, go to S240.
And S270, determining that the target application is abnormal.
In this embodiment, it is first determined that a target application meets an exception triggering condition, first monitoring buried point information of the target application is obtained, second monitoring buried point information when the target application is normal within a preset time is obtained, whether the first monitoring buried point information is consistent with the second monitoring buried point information is determined, and if so, it is determined that the target application is not abnormal; if the difference values are not consistent, determining the difference value between each flow consumption data in the first monitoring buried point information and each corresponding flow consumption data in the second monitoring buried point information, finally determining whether the difference value is larger than a target threshold value, and if the difference value is larger than the target threshold value, determining that the target application is abnormal; if the difference is smaller than or equal to the target threshold, the target application is determined not to be abnormal, whether the target application is abnormal or not can be determined more accurately through the method, the method is more in line with the actual situation, misjudgment is prevented, the safety of the application using process is improved, and the follow-up adjustment and optimization of the product quality of the target application are facilitated.
In this embodiment, optionally, after determining that the target application is abnormal, the method may further specifically include:
popping up a popup window on a display interface of the target application; and displaying the information that the target application is abnormal through the popup window.
In this embodiment, after determining that the target application is abnormal, a popup window pops up on a display interface of the target application, and information that the target application is abnormal is displayed through the popup window, for example, characters are displayed in the popup window: when the target application is abnormal, the method can remind the user in time, improve the use experience of the user and avoid the loss of the user.
Fig. 3 is a schematic structural diagram of an application anomaly determination device according to an embodiment of the present disclosure; the device is configured in computer equipment, and can realize the application abnormity determining method in any embodiment of the application. The device specifically comprises the following steps:
a first obtaining module 310, configured to determine that a target application meets an exception triggering condition, and obtain first monitoring buried point information of the target application;
a second obtaining module 320, configured to obtain second monitoring embedded point information when the target application is normal within a preset time;
an exception determining module 330, configured to determine whether the target application is abnormal according to the first monitoring buried point information and the second monitoring buried point information.
In this embodiment, optionally, the first obtaining module 310 is specifically configured to:
acquiring total flow consumption data of the target application in a target time period;
and when the total flow consumption data is larger than a corresponding preset threshold value, determining that the target application meets an abnormal triggering condition, and acquiring first monitoring buried point information of the target application.
In this embodiment, optionally, the abnormality determining module 330 includes:
the first determining unit is used for determining whether the first monitoring buried point information is consistent with the second monitoring buried point information;
and if the traffic consumption data in the first monitoring buried point information are inconsistent with the traffic consumption data in the second monitoring buried point information, determining whether the target application is abnormal or not according to the traffic consumption data in the first monitoring buried point information and the traffic consumption data in the second monitoring buried point information.
In this embodiment, optionally, the second determining unit is specifically configured to:
if the first monitoring embedded point information is inconsistent with the second monitoring embedded point information, determining the difference value between each flow consumption data in the first monitoring embedded point information and each corresponding flow consumption data in the second monitoring embedded point information;
and when the difference value is larger than a target threshold value, determining that the target application is abnormal.
In this embodiment, optionally, the apparatus further includes:
the popup window popup module is used for popping up a popup window on a display interface of the target application after determining that the target application is abnormal;
and the display module is used for displaying the information of the abnormity of the target application through the popup window.
In this embodiment, optionally, the preset threshold is determined according to at least one of a type of traffic, a category of the target application, configuration information of a terminal to which the target application belongs, and a usage time period of the target application.
In this embodiment, optionally, the first monitoring buried point information includes: the name of the target application, time period information when the target application runs, background traffic consumption data of the target application, foreground traffic consumption data of the target application, and total traffic consumption data of the target application.
According to the application abnormity determining device provided by the embodiment of the disclosure, firstly, the target application is determined to meet an abnormity triggering condition, the first monitoring buried point information of the target application is obtained, then the second monitoring buried point information when the target application is normal in the preset time is obtained, and finally, whether the target application is abnormal or not is determined according to the first monitoring buried point information and the second monitoring buried point information.
The application abnormity determining device provided by the embodiment of the disclosure can execute the application abnormity determining method provided by any embodiment of the disclosure, and has corresponding functional modules and beneficial effects of the executing method.
Fig. 4 is a schematic structural diagram of a computer device provided in an embodiment of the present disclosure. As shown in fig. 4, the computer apparatus includes a processor 410 and a storage device 420; the number of the processors 410 in the computer device may be one or more, and one processor 410 is taken as an example in fig. 4; the processor 410 and the storage 420 in the computer device may be connected by a bus or other means, as exemplified by the bus connection in fig. 4.
The storage device 420, which is a computer-readable storage medium, may be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the application exception determining method in the embodiments of the present disclosure. The processor 410 executes various functional applications and data processing of the computer device by executing software programs, instructions and modules stored in the storage device 420, that is, implements the application exception determining method provided by the embodiment of the present disclosure.
The storage device 420 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the storage 420 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the storage 420 may further include memory located remotely from the processor 410, which may be connected to a computer device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The computer device provided by the embodiment can be used for executing the application abnormality determining method provided by any of the above embodiments, and has corresponding functions and beneficial effects.
The disclosed embodiments also provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are used to implement the application anomaly determination method provided by the disclosed embodiments.
Of course, the storage medium provided by the embodiments of the present disclosure contains computer-executable instructions, and the computer-executable instructions are not limited to the method operations described above, and may also perform related operations in the application exception determining method provided by any embodiment of the present disclosure.
From the above description of the embodiments, it is obvious for a person skilled in the art that the present disclosure can be implemented by software and necessary general hardware, and certainly can be implemented by hardware, but in many cases, the former is a better embodiment. Based on such understanding, the technical solutions of the present disclosure may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present disclosure.
It should be noted that, in the embodiment of the application exception determining apparatus, the included units and modules are only divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only used for distinguishing one functional unit from another, and are not used for limiting the protection scope of the present disclosure.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. An application anomaly determination method, characterized in that the method comprises:
determining that a target application meets an abnormal triggering condition, and acquiring first monitoring buried point information of the target application;
acquiring second monitoring buried point information when the target application is normal within a preset time;
and determining whether the target application is abnormal or not according to the first monitoring buried point information and the second monitoring buried point information.
2. The method of claim 1, wherein determining that a target application satisfies an exception triggering condition comprises:
acquiring total flow consumption data of the target application in a target time period;
when the total flow consumption data is larger than a corresponding preset threshold value, determining that the target application meets an abnormal triggering condition.
3. The method of claim 1, wherein the determining whether the target application is abnormal according to the first monitoring site information and the second monitoring site information comprises:
determining whether the first monitoring buried point information is consistent with the second monitoring buried point information;
and if not, determining whether the target application is abnormal or not according to the flow consumption data in the first monitoring buried point information and the flow consumption data in the second monitoring buried point information.
4. The method of claim 3, wherein the determining whether the target application is abnormal according to the traffic consumption data in the first monitoring site information and the traffic consumption data in the second monitoring site information comprises:
determining the difference value between each flow consumption data in the first monitoring buried point information and each corresponding flow consumption data in the second monitoring buried point information;
and when the difference value is larger than a target threshold value, determining that the target application is abnormal.
5. The method of claim 4, wherein after determining that the target application is abnormal, further comprising:
popping up a popup window on a display interface of the target application;
and displaying the information that the target application is abnormal through the popup window.
6. The method according to claim 2, wherein the preset threshold is determined according to at least one of a type of traffic, a category of the target application, configuration information of a terminal to which the target application belongs, and a usage period of the target application.
7. The method of any one of claims 1-6, wherein the first monitoring site information comprises: the name of the target application, time period information when the target application runs, background traffic consumption data of the target application, foreground traffic consumption data of the target application, and total traffic consumption data of the target application.
8. An application anomaly determination apparatus, characterized in that the apparatus comprises:
the first acquisition module is used for determining that a target application meets an abnormal triggering condition and acquiring first monitoring buried point information of the target application;
the second acquisition module is used for acquiring second monitoring embedded point information when the target application is normal within preset time;
and the abnormity determining module is used for determining whether the target application is abnormal or not according to the first monitoring buried point information and the second monitoring buried point information.
9. A computer device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111124345.4A CN113849371A (en) | 2021-09-24 | 2021-09-24 | Application abnormity determining method, device, computer equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111124345.4A CN113849371A (en) | 2021-09-24 | 2021-09-24 | Application abnormity determining method, device, computer equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113849371A true CN113849371A (en) | 2021-12-28 |
Family
ID=78979724
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111124345.4A Pending CN113849371A (en) | 2021-09-24 | 2021-09-24 | Application abnormity determining method, device, computer equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113849371A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118400519A (en) * | 2024-06-27 | 2024-07-26 | 南京财经大学 | Intelligent inspection method and system for abnormal behavior of video monitoring |
-
2021
- 2021-09-24 CN CN202111124345.4A patent/CN113849371A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118400519A (en) * | 2024-06-27 | 2024-07-26 | 南京财经大学 | Intelligent inspection method and system for abnormal behavior of video monitoring |
| CN118400519B (en) * | 2024-06-27 | 2024-08-20 | 南京财经大学 | Intelligent inspection method and system for abnormal behavior of video monitoring |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10558544B2 (en) | Multiple modeling paradigm for predictive analytics | |
| CN109299135A (en) | Abnormal inquiry recognition methods, identification equipment and medium based on identification model | |
| CN112231174A (en) | Abnormity warning method, device, equipment and storage medium | |
| CN108762885B (en) | Virtual machine creating method and device, management equipment and terminal equipment | |
| CN109240912B (en) | Webpage application performance evaluation method and terminal based on big data analysis | |
| CN109145590B (en) | Function hook detection method, detection equipment and computer readable medium | |
| CN107133063A (en) | The method for upgrading software and mobile terminal of a kind of customization | |
| CN111143165A (en) | Monitoring method and device | |
| CN110688168A (en) | Method, device and equipment for improving starting speed of application program and storage medium | |
| CN105631747A (en) | Risk event determining method and apparatus | |
| CN113508381A (en) | Machine learning based anomaly detection for embedded software applications | |
| CN113722134A (en) | Cluster fault processing method, device and equipment and readable storage medium | |
| CN113849371A (en) | Application abnormity determining method, device, computer equipment and medium | |
| WO2019028986A1 (en) | Application upgrade method and apparatus, terminal device and computer readable storage medium | |
| CN111835536B (en) | Flow prediction method and device | |
| CN115378713A (en) | Block chain application early warning defense method, storage medium and electronic equipment | |
| CN113123955B (en) | Plunger pump abnormity detection method and device, storage medium and electronic equipment | |
| CN111076373B (en) | Display method, display device, terminal and readable storage medium | |
| CN109658082B (en) | Method and equipment for identifying abnormal charging | |
| CN106708706B (en) | Alarm information processing method and device for task program abnormity | |
| CN105590057B (en) | Webpage security index evaluation method and device | |
| CN104268231B (en) | A kind of file access method, device and Intelligent File System | |
| CN111638892A (en) | Method, device, system and storage medium for optimizing application update sequencing | |
| CN112733151B (en) | Embedded device firmware analysis method, device, medium and electronic device | |
| CN111352825B (en) | Data interface testing method and device and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |