Disclosure of Invention
In view of this, embodiments of the present application provide a threat detection method, apparatus, electronic device, and readable storage medium, which are convenient for improving security of a network environment.
In a first aspect, an embodiment of the present application provides a threat detection method, including: acquiring a flow log; analyzing the flow log to obtain threat element information of the flow log; aggregating the flow logs according to threat element information of the flow logs, and obtaining a threat event set based on the aggregated threat events; scoring the threat event set according to a preset scoring rule; and determining the threat degree of the threat event set according to the score.
According to a specific implementation manner of the embodiment of the present application, the aggregating the traffic log according to threat element information of the traffic log, and obtaining a threat event set based on the aggregated threat event includes: aggregating the flow logs according to preset threat elements of the flow logs to obtain threat events, wherein the preset threat elements corresponding to the flow logs under the same threat event are the same; and respectively aggregating the threat events according to at least one target threat element in the preset threat elements to obtain a threat event set, wherein the target threat elements corresponding to the threat events in the same threat event set are the same.
According to a specific implementation manner of the embodiment of the present application, the preset threat elements of the traffic log include: attack source IP, attacked IP, threat type, detection mode and threat name; the aggregating the flow logs according to the preset threat elements of the flow logs to obtain threat events comprises: according to the attack source IP, the attacked IP, the threat type, the detection mode and the threat name, the traffic log is aggregated to obtain a threat event; the target threat element includes: attack source IP, attacked IP and threat name; the threat events are respectively aggregated according to at least one target threat element in the preset threat elements to obtain a threat event set, wherein the threat event set comprises at least one of the following: aggregating the threat events according to the attack source IP to obtain an attack source IP event set; aggregating the threat events according to the attacked IP to obtain a set of attacked IP events; aggregating the threat events according to the threat names to obtain a threat name event set; the scoring the threat event set according to a preset scoring rule includes: and respectively scoring the attack source IP event set, the attacked IP event set and the threat name event set according to a preset scoring rule.
According to a specific implementation of an embodiment of the present application, scoring components are included in the set of threat events; the scoring the threat event set according to a preset scoring rule includes: and scoring the threat event set according to the corresponding relation between the preset scoring elements and the scores.
According to a specific implementation of an embodiment of the present application, the scoring element includes at least one of: the method comprises the steps of generating a traffic log, generating a threat level of the traffic log, generating a latest threat event, generating the number of threat types in unit time, marking the active time of the assets in the traffic log and the use frequency of the assets corresponding to the traffic log, wherein the number of the attack source IPs, the number of the attacked IPs, the region to which the attack source IPs belong, the occurrence times of the same attack source IPs, the occurrence times of the same attacked IP, the asset level of the traffic log, the threat level of the traffic log, the generation time of the latest threat event, the number of the threat types in unit time and the active time of the marked assets in the traffic log.
According to a specific implementation manner of the embodiment of the application, the method further includes: and sending the threat event set information with the scores exceeding a preset value to an administrator.
In a second aspect, embodiments of the present application provide a threat detection apparatus, comprising: the acquisition module is used for acquiring the flow log; the analysis module is used for analyzing the flow log to obtain threat element information of the flow log; the aggregation module is used for aggregating the flow logs according to threat element information of the flow logs and obtaining a threat event set based on the aggregated threat events; the scoring module is used for scoring the threat event set according to a preset scoring rule; and the determining module is used for determining the threat degree of the threat event set according to the scores.
According to a specific implementation manner of the embodiment of the application, the aggregation module includes: the first aggregation sub-module is used for aggregating the flow logs according to preset threat elements of the flow logs to obtain threat events, and the preset threat elements corresponding to the flow logs under the same threat event are the same; and the second aggregation sub-module is used for respectively aggregating the threat events according to at least one target threat element in the preset threat elements to obtain a threat event set, wherein the target threat elements corresponding to the threat events in the same threat event set are the same.
According to a specific implementation manner of the embodiment of the present application, the preset threat elements of the traffic log include: attack source IP, attacked IP, threat type, detection mode and threat name; the first aggregation sub-module is specifically configured to: according to the attack source IP, the attacked IP, the threat type, the detection mode and the threat name, the traffic log is aggregated to obtain a threat event; the target threat element includes: attack source IP, attacked IP and threat name; the second polymerization submodule is at least specifically configured to: aggregating the threat events according to the attack source IP to obtain an attack source IP event set; aggregating the threat events according to the attacked IP to obtain a set of attacked IP events; aggregating the threat events according to the threat names to obtain a threat name event set; the scoring module is specifically configured to: and respectively scoring the attack source IP event set, the attacked IP event set and the threat name event set according to a preset scoring rule.
According to a specific implementation of an embodiment of the present application, scoring components are included in the set of threat events; the scoring module includes: and the scoring module is used for scoring the threat event set according to the corresponding relation between the preset scoring element and the score.
According to a specific implementation of an embodiment of the present application, the scoring element includes at least one of: the method comprises the steps of generating a traffic log, generating a threat level of the traffic log, generating a latest threat event, generating the number of threat types in unit time, marking the active time of the assets in the traffic log and the use frequency of the assets corresponding to the traffic log, wherein the number of the attack source IPs, the number of the attacked IPs, the region to which the attack source IPs belong, the occurrence times of the same attack source IPs, the occurrence times of the same attacked IP, the asset level of the traffic log, the threat level of the traffic log, the generation time of the latest threat event, the number of the threat types in unit time and the active time of the marked assets in the traffic log.
According to a specific implementation manner of the embodiment of the application, the apparatus further includes: and the sending module is used for sending the threat event set information with the scores exceeding a preset value to an administrator.
In a third aspect, an embodiment of the present application provides an electronic device, including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing the threat detection method of any of the foregoing implementations.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium storing one or more programs executable by one or more processors to implement the threat detection method of any of the foregoing implementations.
According to the threat detection method, the device, the electronic equipment and the readable storage medium, threat element information of the flow log is obtained by analyzing the flow log, the flow log is aggregated according to the threat element information of the flow log, a threat event set is obtained based on the aggregated threat events, then the threat event set is scored according to a preset scoring rule, the threat degree of the threat event set is determined according to the score, the flow log is aggregated according to the threat element information of the flow log, and then the threat event set obtained based on the aggregated threat events is scored, so that the threat event set is scored after the deep association of the flow log is realized, a manager can easily acquire the threat degree of the threat event set, further, the threat information of larger risks or higher values in a network environment is determined, and accordingly relevant strategies are timely adopted to prevent attacks.
Detailed Description
Embodiments of the present application are described in detail below with reference to the accompanying drawings. It should be understood that the described embodiments are merely some, but not all, of the embodiments of the present application. All other embodiments, based on the embodiments herein, which would be apparent to one of ordinary skill in the art without making any inventive effort, are intended to be within the scope of the present application.
In order that those skilled in the art will better understand the technical concepts, embodiments and advantages of the examples of the present application, a detailed description will be given below by way of specific examples.
The threat detection method provided by an embodiment of the application includes: acquiring a flow log, analyzing the flow log to obtain threat element information of the flow log, aggregating the flow log according to the threat element information of the flow log, obtaining a threat event set based on the aggregated threat event, scoring the threat event set according to a preset scoring rule, and determining the threat degree of the threat event set according to the scoring, so that the safety of a network environment is effectively improved.
Fig. 1 is a flow chart of a threat detection method provided in an embodiment of the present application, as shown in fig. 1, the threat detection method in this embodiment may include:
s101, acquiring a flow log.
The obtained traffic log may be a traffic log generated by the network asset, and in some examples, the traffic log may be a traffic log with threat information. The number of the flow logs can be one or a plurality of. It can be understood that the more the number of flow logs, the more accurate the scoring result is obtained.
During the running process of the network equipment, a log-called event record is generated, and each log records the description of the related operations such as date, time, user, action and the like. Performing threat-related operations on network devices may generate traffic logs in which the associated threat elements are recorded, and may include log detection times, threat levels, tags, logged asset information, and the like.
S102, analyzing the flow log to obtain threat element information of the flow log.
Analyzing the flow log, and extracting threat element information, wherein the threat element information can be threat related information.
S103, according to threat element information of the flow logs, the flow logs are aggregated, and a threat event set is obtained based on the aggregated threat events.
The threat event may include threat element information for the traffic log, the number of attacks, and other information derived from the traffic log, such as threat duration and tag type information.
The method comprises the steps of aggregating flow logs according to threat element information of the flow logs to obtain threat events, and obtaining a threat event set based on the aggregated threat events, wherein the threat event set can comprise the aggregated threat events, and it is understood that the threat event set can also comprise information of the threat events and can also comprise other information obtained according to the information of the threat events.
S104, scoring the threat event set according to a preset scoring rule.
S105, determining the threat degree of the threat event set according to the scores.
The higher the score, the more serious the threat level of the threat event set.
And the threat degree of the threat event set is more accurate when the massive flow logs are processed.
According to the embodiment, threat element information of the flow log is obtained by analyzing the flow log, the flow log is aggregated according to the threat element information of the flow log, a threat event set is obtained based on the aggregated threat events, and then the threat event set is scored according to a preset scoring rule, and the threat degree of the threat event set is determined according to the score.
Referring to fig. 2, an embodiment of the present application is basically the same as the above embodiment, except that the aggregating the traffic log according to the threat element information of the traffic log, and obtaining a threat event set based on the aggregated threat event (S103) according to the present embodiment includes:
s103a, aggregating the flow logs according to preset threat elements of the flow logs to obtain threat events.
In this embodiment, the preset threat elements corresponding to the flow logs under the same threat event are the same.
In some examples, the threat elements of the traffic log include: attack source IP, attacked IP, threat type, detection means, and/or threat name.
The attack source IP may be an IP address for launching an attack, where IP is an abbreviation for english internet protocol (protocol for interconnection between networks), chinese is simply referred to as "networking protocol", i.e., a protocol designed for communication with computer networks. In the internet, it is a set of rules that enables all computer networks connected to the network to communicate with each other, specifying the rules that the computer should follow when communicating over the internet. Any manufacturer's computer system can be interconnected with the Internet as long as it complies with the IP protocol, and the IP address has uniqueness.
The attacked IP may be an IP address under attack. Threat types may include APT attacks, phishing, remote control, trojans, botnet, fin7, spam, and so forth. The detection mode may be a detection mode for threat detection on the log, for example, if the threat of the log is determined through information detection, then the detection mode is information detection, and the threat name may be Trojan/win32.Kimsuky, etc.
Threat elements to the traffic log include: the attack source IP, the attacked IP, the threat type, the detection mode, and the threat name, in some examples, the traffic log is aggregated according to a preset threat element of the traffic log to obtain a threat event (S103 a), including:
A. and aggregating the flow logs according to the attack source IP, the attacked IP, the threat type, the detection mode and the threat name to obtain a threat event.
In a specific embodiment, traffic logs with consistent Attack source IP, attack IP, threat type, detection mode and threat name may be aggregated into one event, for example, all traffic logs with Attack source IP 114.114.114, attack IP 10.255.8.54, threat type APT Attack, detection mode intelligence detection, threat name Trojan/win32.Kimsuky may be aggregated into one threat event a, and all traffic logs with Attack source IP 114.114.114, attack IP 10.255.10.22, threat type far-control Attack, detection mode intelligence detection, threat name atack/ioc. Generic. C … may be aggregated into another threat event B.
S103b, respectively aggregating the threat events according to at least one target threat element in the preset threat elements to obtain a threat event set.
In this embodiment, the target threat elements corresponding to the threat events in the same threat event set are the same.
The at least one target threat element may be one threat element of the preset threat elements, may be two threat elements of the preset threat elements, or may be all threat elements of the preset threat elements.
According to the embodiment, the threat event is obtained by aggregating the flow logs according to the preset threat elements of the flow logs, the threat event is respectively aggregated according to at least one target threat element in the preset threat elements to obtain a threat event set, and the flow logs can be deeply associated by aggregating twice, so that the attacked risk can be comprehensively analyzed, and the accuracy of the threat detection result is improved.
In some examples, the target threat element includes: attack source IP, attacked IP, and/or threat name.
For the target threat element, comprising: in the case of an attack source IP, a compromised IP, and a threat name, in some examples, the threat events are respectively aggregated according to at least one target threat element of the preset threat elements to obtain a threat event set, including at least one of the following (S103 b), including:
And B1, aggregating threat events according to the attack source IP to obtain an attack source IP event set.
All events with the same attack source IP may be aggregated, if the attack source IP in the threat event a is 114.114.114 and the attack source IP in the threat event B is 114.114.114, the threat event a and the threat event B are aggregated into a threat event set a.
And B2, aggregating threat events according to the attacked IP to obtain a set of the attacked IP events.
All events with the same attacked IP may be aggregated, for example, if the attacked IP in threat event C is 10.255.8.54 and the attacked IP in threat event D is 10.255.8.54, threat event C and threat event D are aggregated into a threat event set B.
And B3, aggregating the threat events according to threat names to obtain a threat name event set.
All events with the same threat name can be aggregated, if the threat name in the threat event E is Trojan and the threat name in the threat event F is Trojan, the threat event E and the threat event F are aggregated into one threat event set C.
Scoring the set of threat events according to a preset scoring rule (S104) may include:
and S104a, respectively scoring the attack source IP event set, the attacked IP event set and the threat name event set according to a preset scoring rule.
And scoring the attack source IP event set, the attacked IP event set and the threat name event set respectively, and taking the attack source IP corresponding to the attack source IP event set as threat information focused if the threat degree corresponding to the attack source IP event set score is serious.
In order to simplify the calculation process of the score and improve the calculation efficiency of determining the threat degree of the threat event set, another embodiment of the present application is basically the same as the above embodiment, except that in the threat detection method of the present embodiment, the score element is included in the threat event set; scoring (S104) the set of threat events according to a preset scoring rule, including:
and S104b, scoring the threat event set according to the corresponding relation between the preset scoring element and the score.
The corresponding relation between the scoring elements and the scores is established in advance, after the threat event set is obtained, the corresponding scores can be determined according to the scoring elements in the threat event set, and if the number of the scoring elements is multiple, the total score of the threat event set can be determined according to the multiple scores corresponding to the multiple scoring elements.
The score may be determined based on threat-related factors, which may include, in particular: threat impact scope, attack source territory, asset information, risk, timeliness, threat diversity per unit time of customer, inter-asset communication relationship, asset activity time, asset access baseline, and the like.
Correspondingly, in some examples, the scoring element may include at least one of: the method comprises the steps of generating a traffic log, generating a threat level of the traffic log, generating a latest threat event, generating the number of threat types in unit time, marking the active time of the assets in the traffic log and the use frequency of the assets corresponding to the traffic log, wherein the number of the attack source IPs, the number of the attacked IPs, the region to which the attack source IPs belong, the occurrence times of the same attack source IPs, the occurrence times of the same attacked IP, the asset level of the traffic log, the threat level of the traffic log, the generation time of the latest threat event, the number of the threat types in unit time and the active time of the marked assets in the traffic log.
The number of attack source IPs may be the number of different attack source IPs in one event set, for example, if the threat event set includes 3 114.114.114 attack source IPs and 1 IP 10.255.8.54 attack source IPs, the number of attack source IPs in the threat event set as scoring elements is 2. The number of attacked IPs is determined in a similar manner to the number of attack source IPs. The more the number of attack source IPs and the number of attacked IPs, the higher the score. Specifically, more than 1 attack source or more than 1 impact target in the threat event set is scored 5.
The region to which the attack source IP belongs may be specifically that the attack source IP belongs to the united states, belongs to singapore, belongs to haerbin, and has different scores.
The number of occurrences of the same attack source IP may be 3 times when 114.114.114 is used as the attack source IP in one event set, and the number of occurrences of the same attack source IP is 3. The number of occurrences of the same attacked IP is determined in a similar manner as the same attack source IP. The more times the same attack source IP appears or the same attacked IP appears, the higher the score.
The asset class of generating the traffic log may determine the asset class from the asset information carried in the traffic log, specifically, the asset class includes class 2, class 4, class 5, etc., where classes 4 and 5 may be referred to as important assets, the greater the number of important assets, the higher the score.
The time of occurrence of the latest threat event may be the time of occurrence of the threat event closest to the current time among all threat events included in the threat event set, for example, the latest event in the event set is 1 day or less, which is the latest occurring event or the event of continuous hazard, and the score is higher as the threat event is closer to the current time.
The number of threat types in unit time can be the ratio of the number of threat types to time, the time can be determined according to the first detection time and the latest detection time in the threat event set, the score can be carried out according to the percentage, and the score is higher as the number of threat types in unit time is more.
The marked asset livetime in the traffic log may be the marked on-use status on the asset, the longer the asset livetime, the higher the score.
The frequency of use of the asset corresponding to the flow log may be that the asset is frequently used or not frequently used, specifically, the frequency of access of the asset in unit time is higher.
The establishment of the correspondence between the score elements and the scores will be exemplarily described below using the attack source IP as an example.
The corresponding relation between the number of the attack source IPs and the scores can be established in advance, for example, when the number of the attack source IPs included in the threat event set is 1, the corresponding score is 1, and when the number of the attack source IPs is greater than 1 and less than 4, the corresponding score is 4, and the corresponding relation between the number of the attack source IPs and the scores can be established in such a way that the number of the attack source IPs is gradually increased, the scores are also gradually increased, and the like.
In some examples, the threat event set information with the score exceeding the preset value can be sent to an administrator, so that the administrator can comprehensively analyze whether the target system is at risk of being attacked, realize pre-warning, comprehensively study and judge the currently-received attack threat, and more accurately understand intention and backward track, thereby timely adopting related strategies to prevent attacks and realizing in-process blocking.
According to the threat detection method, the flow logs are aggregated according to threat element information of the flow logs, then the threat event sets obtained based on the aggregated threat events are scored, after deep association of the flow logs is achieved, the threat event sets are scored, so that an administrator can easily acquire the threat degrees of the threat event sets, further, greater risk or threat information with higher value in a network environment is determined, accordingly, relevant strategies are timely adopted to prevent attacks, the security of the network environment is improved, the aggregated threat events are further aggregated according to at least one threat element of the flow logs to obtain threat event sets, the threat event sets can be deeply associated, the threat detection accuracy is improved, the attack sources IP, the attack types, the detection modes and the threat names are used as threat elements, the first aggregation is conducted on the flow logs, the attack source IP, the attack event sets and the threat names are respectively conducted on the second aggregation according to the attack sources IP, the attack event sets and the threat names, the threat event sets can be determined on the basis of the second aggregation, the attack source IP event sets, the attack event sets and the threat event sets can be scored according to at least one threat element, the threat event sets can be further, the three threat event sets can be set to the threat element corresponding to the threat element scoring values, and the threat event sets can be detected to be set to the threat element scoring values, and the threat element scoring relation can be set to be set convenient to be set sent to the corresponding to the threat element score values.
The threat detection apparatus provided in an embodiment of the application includes: the acquisition module is used for acquiring the flow log; the analysis module is used for analyzing the flow log to obtain threat element information of the flow log; the aggregation module is used for aggregating the flow logs according to threat element information of the flow logs and obtaining a threat event set based on the aggregated threat events; the scoring module is used for scoring the threat event set according to a preset scoring rule; and the determining module is used for determining the threat degree of the threat event set according to the scores so as to be convenient for effectively improving the security of the network environment.
Fig. 3 is a schematic structural diagram of a threat detection apparatus provided in an embodiment of the present application, and as shown in fig. 3, the apparatus for preventing suspected malicious lux software attacks in this embodiment includes: an acquisition module 11, configured to acquire a flow log; the analysis module 12 is configured to analyze the flow log to obtain threat element information of the flow log; the aggregation module 13 is configured to aggregate the flow logs according to threat element information of the flow logs, and obtain a threat event set based on the aggregated threat events; a scoring module 14, configured to score the threat event set according to a preset scoring rule; a determining module 15 for determining a threat level of the set of threat events based on the score.
The device of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 1, and its implementation principle and technical effects are similar, and are not described here again.
According to the device, threat element information of the flow log is obtained by analyzing the flow log, the flow log is aggregated according to the threat element information of the flow log, a threat event set is obtained based on the aggregated threat events, and then the threat event set is scored according to a preset scoring rule.
As an alternative embodiment, the aggregation module includes: the first aggregation sub-module is used for aggregating the flow logs according to preset threat elements of the flow logs to obtain threat events, and the preset threat elements corresponding to the flow logs under the same threat event are the same; and the second aggregation sub-module is used for respectively aggregating the threat events according to at least one target threat element in the preset threat elements to obtain a threat event set, wherein the target threat elements corresponding to the threat events in the same threat event set are the same.
As an alternative embodiment, the preset threat elements of the traffic log include: attack source IP, attacked IP, threat type, detection mode and threat name; the first aggregation sub-module is specifically configured to: according to the attack source IP, the attacked IP, the threat type, the detection mode and the threat name, the traffic log is aggregated to obtain a threat event; the target threat element includes: attack source IP, attacked IP and threat name; the second polymerization submodule is at least specifically configured to: aggregating the threat events according to the attack source IP to obtain an attack source IP event set; aggregating the threat events according to the attacked IP to obtain a set of attacked IP events; aggregating the threat events according to the threat names to obtain a threat name event set; the scoring module is specifically configured to: and respectively scoring the attack source IP event set, the attacked IP event set and the threat name event set according to a preset scoring rule.
As an alternative embodiment, scoring components are included in the set of threat events; the scoring module includes: and the scoring module is used for scoring the threat event set according to the corresponding relation between the preset scoring element and the score.
As an alternative embodiment, the scoring element includes at least one of: the method comprises the steps of generating a traffic log, generating a threat level of the traffic log, generating a latest threat event, generating the number of threat types in unit time, marking the active time of the assets in the traffic log and the use frequency of the assets corresponding to the traffic log, wherein the number of the attack source IPs, the number of the attacked IPs, the region to which the attack source IPs belong, the occurrence times of the same attack source IPs, the occurrence times of the same attacked IP, the asset level of the traffic log, the threat level of the traffic log, the generation time of the latest threat event, the number of the threat types in unit time and the active time of the marked assets in the traffic log.
As an alternative embodiment, the apparatus further comprises: and the sending module is used for sending the threat event set information with the scores exceeding a preset value to an administrator.
The device of the above embodiment may be used to implement the technical solution of the above method embodiment, and its implementation principle and technical effects are similar, and are not repeated here.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application, as shown in fig. 4, may include: the processor 62 and the memory 63 are arranged on the circuit board 64, wherein the circuit board 64 is arranged in a space surrounded by the shell 61; a power supply circuit 65 for supplying power to the respective circuits or devices of the above-described electronic apparatus; the memory 63 is for storing executable program code; the processor 62 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 63, so as to perform any threat detection method provided in the foregoing embodiment, and thus, the foregoing detailed description is omitted herein.
Such electronic devices exist in a variety of forms including, but not limited to:
(1) A mobile communication device: such devices are characterized by mobile communication capabilities and are primarily aimed at providing voice, data communications. Such terminals include: smart phones (e.g., iPhone), multimedia phones, functional phones, and low-end phones, etc.
(2) Ultra mobile personal computer device: such devices are in the category of personal computers, having computing and processing functions, and generally also having mobile internet access characteristics. Such terminals include: PDA, MID, and UMPC devices, etc., such as iPad.
(3) Portable entertainment device: such devices may display and play multimedia content. The device comprises: audio, video players (e.g., iPod), palm game consoles, electronic books, and smart toys and portable car navigation devices.
(4) And (3) a server: the configuration of the server includes a processor, a hard disk, a memory, a system bus, and the like, and the server is similar to a general computer architecture, but is required to provide highly reliable services, and thus has high requirements in terms of processing capacity, stability, reliability, security, scalability, manageability, and the like.
(5) Other electronic devices with data interaction functions.
Accordingly, embodiments of the present application further provide a computer readable storage medium storing one or more programs, where the one or more programs may be executed by one or more processors to implement any one of the threat detection methods provided in the foregoing embodiments, so that corresponding technical effects may also be achieved, and the foregoing details have been set forth herein and are not repeated herein.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments.
In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.
For convenience of description, the above apparatus is described as being functionally divided into various units/modules, respectively. Of course, the functions of each unit/module may be implemented in one or more pieces of software and/or hardware when implementing the present application.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), or the like.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions easily conceivable by those skilled in the art within the technical scope of the present application should be covered in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.