阅读说明：本技术 恶意地址管理方法和装置 (Malicious address management method and device ) 是由 马晨 薄明霞 牛剑锋 唐洪玉 刘汉生 于 2019-10-14 设计创作，主要内容包括：本公开提出一种恶意地址管理方法和装置,涉及信息安全技术领域。本公开的一种恶意地址管理方法,包括：采集设备日志数据；根据日志数据获取攻击信息,攻击信息包括攻击源、攻击类型、攻击事件和被攻击方；基于神经网络和日志数据获取预测攻击源地址；将预测攻击源地址补充至恶意地址列表中。通过这样的方法,能够采集网络中的攻击信息,进而进行预测并更新至恶意地址列表,从而能够实现对恶意地址的预估和提前防护,提高设备的安全性。(The disclosure provides a malicious address management method and device, and relates to the technical field of information security. The malicious address management method disclosed by the invention comprises the following steps: collecting equipment log data; acquiring attack information according to the log data, wherein the attack information comprises an attack source, an attack type, an attack event and an attacked party; acquiring a predicted attack source address based on the neural network and the log data; and supplementing the predicted attack source address into the malicious address list. By the method, the attack information in the network can be collected, and then prediction is carried out and the attack information is updated to the malicious address list, so that the malicious addresses can be predicted and protected in advance, and the safety of equipment is improved.)

1. A malicious address management method, comprising:

collecting equipment log data;

acquiring attack information according to the log data, wherein the attack information comprises an attack source, an attack type, an attack event and an attacked party;

acquiring a predicted attack source address based on a neural network and the attack information;

and supplementing the predicted attack source address into a malicious address list.

2. The method of claim 1, wherein the obtaining a predicted attack address based on a neural network and the attack information comprises:

constructing a knowledge graph according to the attack information, wherein a source node of the knowledge graph is an attack source, a target node is an attacked party, an edge is an attack event, and an edge attribute is an attack type;

inputting the knowledge graph into the neural network to obtain a predicted edge;

and determining a source address of the predicted attack according to the source node of the predicted edge.

3. The method of claim 1, further comprising:

configuring the predicted attack source address as a preset life cycle;

deleting from the list of malicious addresses in case the predetermined lifetime is reached.

4. The method of claim 1, further comprising:

acquiring malicious address information from open source data based on a preset first frequency, and generating or updating a static malicious address list;

the supplementing of the predicted attack source address into the malicious address list is as follows: and supplementing the predicted attack source address to a dynamic malicious address list.

5. The method of claim 4, further comprising:

obtaining and determining the credibility of the prediction attack source address according to the neural network;

in the event that an address in the dynamic malicious address list contradicts an address in the static malicious address list:

if the credibility of the predicted attack source address is higher than the preset credibility, adopting a processing scheme for the predicted attack source address in the dynamic malicious address list to synchronize a static malicious address list;

otherwise, a processing scheme for predicting the attack source address in the static malicious address list is adopted to synchronize the dynamic malicious address list.

6. The method of claim 1, further comprising: configuring a data acquisition agent in each device;

the log data of the acquisition equipment is as follows:

the data acquisition agent acquires equipment log data of the equipment at a preset second frequency;

aggregating the device log data from the data collection agents of the respective devices.

7. The method of claim 6, wherein the obtaining attack information from the log data comprises:

cleaning the acquired log data;

and extracting attack information in the log data through natural language understanding.

8. A malicious address management apparatus comprising:

a log collection unit configured to collect device log data;

the attack information acquisition unit is configured to acquire attack information according to the log data, wherein the attack information comprises an attack source, an attack type, an attack event and an attacked party;

a prediction unit configured to acquire a predicted attack source address based on a neural network and the attack information;

a list update unit configured to supplement the predicted attack source address into a list of malicious addresses.

9. The apparatus of claim 8, further comprising:

an expiration management unit configured to configure the predicted attack source address to a predetermined life cycle; deleting from the list of malicious addresses in case the predetermined lifetime is reached.

10. The apparatus of claim 8, further comprising:

the static list management unit is configured to acquire malicious address information from open source data based on a preset first frequency and generate or update a static malicious address list;

the list updating unit is configured to supplement the predicted attack source address to a dynamic malicious address list.

11. The apparatus of claim 10, further comprising:

a conflict management unit configured to obtain and determine the credibility of the predicted attack source address according to the neural network;

in the event that an address in the dynamic malicious address list contradicts an address in the static malicious address list:

if the credibility of the predicted attack source address is higher than the preset credibility, adopting a processing scheme for the predicted attack source address in the dynamic malicious address list to synchronize a static malicious address list;

otherwise, a processing scheme for predicting the attack source address in the static malicious address list is adopted to synchronize the dynamic malicious address list.

12. A malicious address management apparatus comprising:

a memory; and

a processor coupled to the memory, the processor configured to perform the method of any of claims 1-7 based on instructions stored in the memory.

13. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method of any one of claims 1 to 7.

Technical Field

The present disclosure relates to the field of information security technologies, and in particular, to a malicious address management method and apparatus.

Background

In the process of protecting the network security device from the device, an operation of generating a malicious IP (Internet Protocol) list is performed, where the list is generally updated from an Internet source data set by a fixed period, and an IP that is not in the list needs to be analyzed for attacks according to a data packet and a behavior sent by the IP.

Disclosure of Invention

One object of the present disclosure is to improve security of a network device.

According to an aspect of the present disclosure, a malicious address management method is provided, including: collecting equipment log data; acquiring attack information according to the log data, wherein the attack information comprises an attack source, an attack type, an attack event and an attacked party; acquiring a predicted attack source address based on the neural network and the attack information; and supplementing the predicted attack source address into the malicious address list.

In some embodiments, obtaining the predicted attack address based on the neural network and the attack information comprises: constructing a knowledge graph according to attack information, wherein a source node of the knowledge graph is an attack source, a target node is an attacked party, an edge is an attack event, and an edge attribute is an attack type; inputting the knowledge graph into a neural network to obtain a predicted edge; and determining a source address of the predicted attack according to the source node of the predicted edge.

In some embodiments, the malicious address management method further comprises: configuring a predicted attack source address as a preset life cycle; and in case a predetermined life cycle is reached, deleting from the list of malicious addresses.

In some embodiments, the malicious address management method further comprises: acquiring malicious address information from open source data based on a preset first frequency, and generating or updating a static malicious address list; supplementing the predicted attack source address into the malicious address list is: and supplementing the predicted attack source address to a dynamic malicious address list.

In some embodiments, the malicious address management method further comprises: obtaining and determining the credibility of a prediction attack source address according to a neural network; in the event that an address in the dynamic malicious address list contradicts an address in the static malicious address list: if the credibility of the predicted attack source address which is contradictory is greater than the preset credibility, adopting a processing scheme for predicting the attack source address in the dynamic malicious address list to synchronize the static malicious address list; otherwise, a processing scheme for predicting the attack source address in the static malicious address list is adopted to synchronize the dynamic malicious address list.

In some embodiments, the malicious address management method further comprises: configuring a data acquisition agent in each device; collecting device log data as follows: the data acquisition agent acquires equipment log data of the equipment at a preset second frequency; device log data from data collection agents of the respective devices is aggregated.

In some embodiments, obtaining attack information from log data comprises: cleaning the acquired log data; attack information in log data is extracted through natural language understanding.

By the method, the attack information in the network can be collected, and then prediction is carried out and the attack information is updated to the malicious address list, so that the malicious addresses can be predicted and protected in advance, and the safety of equipment is improved.

According to another aspect of the present disclosure, there is provided a malicious address management apparatus including: a log collection unit configured to collect device log data; the attack information acquisition unit is configured to acquire attack information according to the log data, wherein the attack information comprises an attack source, an attack type, an attack event and an attacked party; a prediction unit configured to acquire a predicted attack source address based on the neural network and the attack information; a list updating unit configured to supplement the predicted attack source address into the malicious address list.

In some embodiments, the malicious address management apparatus further comprises: an expiration management unit configured to configure a predicted attack source address as a predetermined life cycle; and in case a predetermined life cycle is reached, deleting from the list of malicious addresses.

In some embodiments, the malicious address management apparatus further comprises: the static list management unit is configured to acquire malicious address information from open source data based on a preset first frequency and generate or update a static malicious address list; a list update unit configured to supplement the predicted attack source address to the dynamic malicious address list.

In some embodiments, the malicious address management apparatus further comprises: a conflict management unit configured to acquire and determine the credibility of the predicted attack source address according to the neural network; in the event that an address in the dynamic malicious address list contradicts an address in the static malicious address list: if the credibility of the predicted attack source address which is contradictory is greater than the preset credibility, adopting a processing scheme for predicting the attack source address in the dynamic malicious address list to synchronize the static malicious address list; otherwise, a processing scheme for predicting the attack source address in the static malicious address list is adopted to synchronize the dynamic malicious address list.

According to still another aspect of the present disclosure, there is provided a malicious address management apparatus including: a memory; and a processor coupled to the memory, the processor configured to perform any of the above malicious address management methods based on instructions stored in the memory.

The device can collect attack information in the network, and then predict and update the attack information to the malicious address list, so that the estimation and early protection of the malicious address can be realized, and the safety of equipment is improved.

According to yet another aspect of the present disclosure, a computer-readable storage medium is proposed, on which computer program instructions are stored, which instructions, when executed by a processor, implement the steps of any one of the above malicious address management methods.

By executing the instructions on the computer-readable storage medium, the attack information in the network can be collected, and then prediction is carried out and the attack information is updated to the malicious address list, so that the prediction and early protection of the malicious address can be realized, and the safety of equipment is improved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this disclosure, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure and not to limit the disclosure. In the drawings:

fig. 1 is a flow diagram of some embodiments of a malicious address management method of the present disclosure.

FIG. 2 is a flow diagram of further embodiments of a malicious address management method of the present disclosure.

Fig. 3 is a flowchart of some embodiments of a network device management process in the malicious address management method of the present disclosure.

Fig. 4 is a schematic diagram of some embodiments of a malicious address management apparatus of the present disclosure.

FIG. 5 is a schematic diagram of another embodiment of a malicious address management apparatus according to the present disclosure.

Fig. 6 is a schematic diagram of malicious address management apparatuses according to still other embodiments of the present disclosure.

Detailed Description

The technical solution of the present disclosure is further described in detail by the accompanying drawings and examples.

The inventor finds that the network security protection in the related art has many disadvantages, such as:

the timeliness is poor, the false alarm and missing report rate is high: when an attacker conducts an attack action, an IP deception technology is often used, the life cycle of each malicious IP is short, and the timeliness of an updating mode of a fixed cycle is poor, so that the false alarm and the missing report rate of attack interception are high;

static, passive update mode: in the traditional network security protection equipment, the mode wastes equipment computing resources and cannot sense the attack behavior of an attacker in advance;

the accuracy is low: historical data such as relational data, attack chains, topology and the like are utilized in an attack detection mode based on artificial intelligence, and the mutual relation information of original data can be lost when the data are processed, so that the accuracy of an artificial intelligence algorithm is reduced.

A flow diagram of some embodiments of a malicious address management method of the present disclosure is shown in fig. 1.

In step 101, device log data is collected. In some embodiments, a data collection agent, such as a smart agent, may be installed in the network defense device to collect device logs periodically and in batches. In some embodiments, the collected logs may also be pre-processed, such as to clean out irrelevant, duplicate data, and the like. In some embodiments, each data collection agent may obtain device log data of the device at a predetermined frequency, and aggregate the device log data from the data collection agents of the respective devices to perform the next operation.

In step 102, attack information is obtained according to the log data, wherein the attack information comprises an attack source, an attack type, an attack event and an attacked party. In some embodiments, the entities and relationships may be extracted in a multi-format network security guard based on natural language algorithms. The entity includes an attack source and an attacked party, identified by their IP addresses. The relationship may be an attack event.

In some embodiments, taking a certain network security protection device as an example, the command parsed by the network security protection device is:

output alert_syslog:LOG_AUTH LOG_ALERT facility priority options

in step 103, a predicted attack source address is obtained based on the neural network and the attack information. In some embodiments, the attack information may be input into the neural network algorithm as a data set, and the predicted attack source address, such as the IP address, may be obtained through intelligent prediction.

In step 104, the predicted attack source address is supplemented into the list of malicious addresses.

By the method, the attack information in the network can be collected, and then prediction is carried out and the attack information is updated to the malicious address list, so that the malicious addresses can be predicted and protected in advance, and the safety of equipment is improved.

In some embodiments, to improve the goal and accuracy of neural network prediction, a knowledge graph may be generated based on attack information, the addresses of the attacking and attacked devices being nodes of the graph, and the attack events being edges of the knowledge graph. In some embodiments, a source node of the knowledge graph is an attack source, a destination node is an attacked party, an edge is an attack event, and an attribute of the edge is an attack type; the knowledge graph is input into a neural network, and the neural network acquires a predicted edge. And the source node of the predicted edge is the source address of the predicted attack. In some embodiments, logical reasoning capabilities of the knowledge graph may also be utilized to discover implicit relationships of entities with respect to one another. ILP (Inductive Logic Programming) uses first-order predicate Logic for knowledge representation, and completes the induction of data by modifying and expanding Logic expressions: FOIL _ GAIN ^ m + (log2m ^ m + + m ^ -log2m + m + + m-).

By the method, scattered attack behaviors can be converted into a map form for representation, and prediction is oriented to the edge of a prediction map, so that the target and accuracy of neural network prediction are improved, and the prediction efficiency is improved; the advantages of a traditional updating mode and artificial intelligence analysis are combined, the relation reasoning capability of the knowledge graph and the prediction capability of the neural network are utilized, and the accuracy and the perception capability of malicious address analysis are improved besides the advantages of the working mode of the traditional malicious address list are guaranteed.

In some embodiments, one end of the predicted edge attacks the source address, and the other end is the attacked node address, and the predicted attacking source address can be emphatically added into the malicious address list of the attacked node to strengthen the protection of the node, so that the predicted result is fully applied.

A flow diagram of further embodiments of the malicious address management methods of the present disclosure is shown in fig. 2.

In step 201, malicious address information is acquired from open source data based on a predetermined first frequency, and a static malicious address list is generated or updated. The static malicious address list may be generated and maintained as in the related art.

Independent of the generation of the static malicious address list, the dynamic malicious address list can be generated in the following manner in steps 202-204.

In step 202, device log data is collected, and attack information is obtained according to the log data, wherein the attack information includes an attack source, an attack type, an attack event and an attacked party.

In step 203, a predicted attack source address is obtained based on the neural network and the log data, and a predetermined life cycle is configured, where the predetermined life cycle may be 4-8 hours, such as 6 hours.

In step 204, the predicted attack source address is supplemented into the dynamic malicious address list.

By the method, the static malicious address list and the dynamic malicious address list can be generated relatively independently, and the reliability of safety protection is improved by matching the two lists.

In some embodiments, to avoid the malicious address list occupying too much space than it is bulky, the address list may be maintained through steps 205, 206:

in step 205, it is determined whether each address in the dynamic malicious address list reaches a predetermined life cycle. If the predetermined life cycle is reached, step 206 is performed.

In step 206, addresses that reach a predetermined life cycle are removed from the dynamic malicious address list.

By the method, the malicious address list can be updated in time, on one hand, the malicious address list is prevented from occupying too much space due to too large volume, on the other hand, the characteristic of quick update of the malicious address can be fully utilized, unnecessary search is reduced, and the interception efficiency is improved.

In some embodiments, since the dynamic malicious address list and the static malicious address list are generated in different ways, information contradictions may occur, for example, an address is not included in the static malicious address list, or the address is listed in a white list, but the address is included in the dynamic malicious address list; or a certain address recorded once in the dynamic malicious address list is deleted due to expiration, but the address is still included in the dynamic malicious address list.

In step 207, the reliability of the predicted attack source address is determined from the neural network acquisition. In some embodiments, the confidence level of the address is scored according to the accuracy of the neural network prediction model, which may be the accuracy of the neural network itself, and gradually increases with use; the prediction accuracy of the neural network for the output of the current predicted behavior can also be

In step 208, it is determined whether there is a discrepancy between the addresses in the dynamic malicious address list and the addresses in the static malicious address list. If the information is inconsistent, go to step 209; otherwise, the dynamic malicious address list and the static malicious address list can be merged to be used as an address basis for intercepting the malicious data packets.

In step 209, it is determined whether the reliability of the predicted attack source address where the contradiction occurs is greater than a predetermined reliability. The predetermined confidence level may be set empirically and adjusted during application based on the effect. If the confidence level of the source address of the predicted attack in which the conflict occurs is greater than the predetermined confidence level, step 210 is performed.

In step 210, the predicted attack source address is processed according to the dynamic malicious address list. In some embodiments, the processing scheme may be synchronized to a list of static malicious addresses.

In step 211, the predicted attack source address is processed according to the static malicious address list. In some embodiments, the processing scheme may be synchronized to a dynamic malicious address list.

By the method, the dynamic malicious address list and the static malicious address list can be mutually verified, and the accuracy of malicious flow interception is improved by taking the credibility as a standard.

A flowchart of some embodiments of a network device management process in the malicious address management method of the present disclosure is shown in fig. 3.

In 301-306, the protective equipment intercepts flow and access based on the malicious address list; and analyzing whether the IP is an attack or not according to the data packet and the behavior sent by the IP, and passing the access and the traffic under the condition of determining non-abnormal access. The list of malicious addresses based on comprises two parts, namely a dynamic malicious address list (such as a dynamic IP blacklist in the figure) and a static malicious address list (such as a static IP blacklist in the figure). The static malicious address list is updated based on the network open source data or the vendor data set, as shown at 304.

In 307-312, extracting attack information based on the collected log, predicting the attack behavior to be generated, and updating a dynamic malicious address list. In some embodiments, the dynamic malicious address list may be generated and managed by using the malicious address management method described in any one of the above. In some embodiments, a malicious address list for use by a network security protection device may be generated in conjunction with a dynamic, static malicious address list in the manner described above in the embodiment illustrated in fig. 2.

By the method, the generation of the malicious IP list based on the relation reasoning prediction is realized. By utilizing the characteristics of semantic characteristics, context relationships, entity attack relationships, behavior similarity and the like hidden in logs and interactive data streams of network safety protection equipment, the generation of a malicious IP list with high accuracy, low false alarm rate and strong sensing capability is realized, the problems that the updating mode of the traditional malicious IP list is lagged, the timeliness is poor, and partial information of original data is lost by using data such as relational types, attack chains, topological relationships and the like in a neural network prediction algorithm are solved, and the generation method of the malicious IP list with high accuracy, low false alarm rate and strong sensing capability is realized. By the method, the malicious address list is upgraded from the traditional static update of the day, week and month level to the dynamic update of the millisecond level, and the accuracy rate reaches above 98.52% through testing.

A schematic diagram of some embodiments of a malicious address management apparatus of the present disclosure is shown in fig. 4.

The log collection unit 401 is capable of collecting device log data. In some embodiments, a data collection agent, such as a smart agent, may be installed in the network defense device to collect device logs periodically and in batches. In some embodiments, the collected logs may also be pre-processed, such as to clean out irrelevant, duplicate data, and the like.

The attack information acquisition unit 402 can acquire attack information including an attack source, an attack type, an attack event, and an attacked party from log data. In some embodiments, the entities and relationships may be extracted in a multi-format network security guard based on natural language algorithms. The entity includes an attack source and an attacked party, identified by their IP addresses. The relationship may be an attack event.

The prediction unit 403 can acquire a predicted attack source address based on the neural network and the attack information. In some embodiments, the attack information may be input into the neural network algorithm as a data set, and the predicted attack source address, such as the IP address, may be obtained through intelligent prediction.

The list update unit 404 can supplement the predicted attack source address into the malicious address list.

The device can collect attack information in the network, and then predict and update the attack information to the malicious address list, so that the estimation and early protection of the malicious address can be realized, and the safety of equipment is improved.

In some embodiments, the malicious address management apparatus may include an expiration management unit 405, which is capable of obtaining a predicted attack source address based on a neural network and log data, and configuring a predetermined life cycle, where the predetermined life cycle may be 4-8 hours, such as 6 hours; the expiration management unit 405 monitors the life cycle of each predicted attack source address, and deletes addresses that reach a predetermined life cycle from the dynamic malicious address list.

In some embodiments, the malicious address management apparatus may further include a static list management unit 406, which obtains the malicious address information from the open source data based on the predetermined first frequency, and generates or updates the static malicious address list. The static malicious address list can be generated and maintained through operations in the related technology, so that the static malicious address list and the dynamic malicious address list can be generated relatively independently, and the reliability of safety protection is improved through the cooperation of the two lists.

In some embodiments, the malicious address management apparatus may further include a contradiction management unit 407, which is capable of determining whether an address in the dynamic malicious address list and an address in the static malicious address list have a contradiction. If no information contradiction exists, combining the dynamic malicious address list and the static malicious address list to serve as an address basis for intercepting the malicious data packet. If so, judging whether the credibility of the predicted attack source address with the contradiction is greater than the preset credibility.

If the credibility of the predicted attack source address in contradiction is greater than the preset credibility, the processing scheme can be synchronized to a static malicious address list in some embodiments based on the processing of the predicted attack source address in a dynamic malicious address list; otherwise, the processing of the predicted attack source address in the static malicious address list is taken as the standard; in some embodiments, the processing scheme may be synchronized to a dynamic malicious address list.

The device can verify the dynamic malicious address list and the static malicious address list mutually, and improves the accuracy of malicious flow interception by taking the credibility as a standard.

Fig. 5 is a schematic structural diagram of an embodiment of a malicious address management apparatus according to the present disclosure. The malicious address management apparatus includes a memory 501 and a processor 502. Wherein: the memory 501 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory is for storing instructions in the corresponding embodiments of the malicious address management methods above. The processor 502 is coupled to the memory 501 and may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 502 is configured to execute instructions stored in a memory, and can implement prediction and early protection on a malicious address, thereby improving the security of the device.

In one embodiment, as also shown in fig. 6, the malicious address management apparatus 600 includes a memory 601 and a processor 602. The processor 602 is coupled to the memory 601 by a BUS 603. The malicious address management apparatus 600 may be further connected to an external storage 605 through a storage interface 604 to call external data, and may be further connected to a network or another computer system (not shown) through a network interface 606. And will not be described in detail herein.

In the embodiment, the data instruction is stored in the memory, and the instruction is processed by the processor, so that the estimation and early protection of the malicious address can be realized, and the safety of the equipment is improved.

In another embodiment, a computer readable storage medium has stored thereon computer program instructions which, when executed by a processor, implement the steps of the method in a corresponding embodiment of the malicious address management method. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.

The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.

Finally, it should be noted that: the above examples are intended only to illustrate the technical solutions of the present disclosure and not to limit them; although the present disclosure has been described in detail with reference to preferred embodiments, those of ordinary skill in the art will understand that: modifications to the specific embodiments of the disclosure or equivalent substitutions for parts of the technical features may still be made; all such modifications are intended to be included within the scope of the claims of this disclosure without departing from the spirit thereof.