CN116108445A - Intelligent risk early warning management method and system for information system - Google Patents
Intelligent risk early warning management method and system for information system Download PDFInfo
- Publication number
- CN116108445A CN116108445A CN202211492145.9A CN202211492145A CN116108445A CN 116108445 A CN116108445 A CN 116108445A CN 202211492145 A CN202211492145 A CN 202211492145A CN 116108445 A CN116108445 A CN 116108445A
- Authority
- CN
- China
- Prior art keywords
- risk
- early warning
- operation data
- target
- intelligent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2477—Temporal data queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S10/00—Systems supporting electrical power generation, transmission or distribution
- Y04S10/50—Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications
Abstract
The invention provides an intelligent risk early warning management method and system for an information system, which relate to the technical field of risk early warning, and are used for acquiring a preset information system, collecting historical operation data, training to obtain an intelligent early warning model, acquiring real-time operation data to obtain target operation data, preprocessing the target operation data, taking the preprocessing result of the target operation data as input information of the intelligent early warning model, analyzing output information to obtain real-time risk information, and early warning the real-time risk information through a risk early warning module. The invention solves the technical problem that the prior informatization system cannot timely early-warn and intensively process the security events in the network environment, so that the informatization system faces security threat at any time, realizes the real-time acquisition and supervision of the system state, the security events and the network activities of each component in the network environment, and achieves the technical effect of improving the security of the informatization system.
Description
Technical Field
The invention relates to the technical field of risk early warning, in particular to an intelligent risk early warning management method and system for an information system.
Background
Informationized systems exist conceptually before the advent of computers, but their accelerated development and growing interest has been the rapid development of management science and methodology technology since the creation of science management theory by taro at the beginning of the 20 th century after the widespread use of computers and networks. The informatization system is characterized in that modern information technologies such as computer technology, network technology and software technology are comprehensively utilized, advanced management ideas and technical strategies are integrated, an information network penetrating through all links of production management is established, information data generated by all links are collected, analyzed, processed, controlled and fed back, information resource sharing is realized through the information network, and the intellectualization and automation of production management are realized. The informatization system is a basic support for normal operation of enterprises, and plays a vital role in enterprises. However, the risk management method of the information system commonly used today has a certain disadvantage, and there is a certain space for improving the risk management of the information system.
At present, an informatization system cannot timely early warn and intensively process security events in a network environment, so that the informatization system faces security threats such as intrusion attack at any time.
Disclosure of Invention
The embodiment of the application provides an intelligent risk early warning management method and system for an information system, which are used for solving the technical problem that the information system faces security threats such as intrusion attack at any time because the current information system cannot perform early warning and centralized processing on security events in a network environment.
In view of the above problems, embodiments of the present application provide an intelligent risk early warning management method and system for an information system.
In a first aspect, an embodiment of the present application provides an intelligent risk early warning management method for an information system, where the method includes: acquiring a preset information system and collecting historical operation data of the preset information system; training according to the historical operation data to obtain an intelligent early warning model, wherein the intelligent early warning model is stored in the data analysis module; the operation monitoring module is used for collecting real-time operation data of the preset information system to obtain target operation data; preprocessing the target operation data to obtain a target operation data preprocessing result; taking the target operation data preprocessing result as input information of the intelligent early warning model to obtain output information; analyzing the output information, and obtaining real-time risk information according to an analysis result; and carrying out early warning on the real-time risk information through the risk early warning module.
In a second aspect, an embodiment of the present application provides an intelligent risk early warning management system for an information system, where the system includes: the system comprises a preset information system acquisition module, a control module and a control module, wherein the preset information system acquisition module is used for acquiring a preset information system and acquiring historical operation data of the preset information system; the intelligent early warning model building module is used for obtaining an intelligent early warning model through training according to the historical operation data, wherein the intelligent early warning model is stored in the data analysis module; the real-time operation data acquisition module is used for acquiring real-time operation data of the preset information system through the operation monitoring module to obtain target operation data; the operation data preprocessing module is used for preprocessing the target operation data to obtain a target operation data preprocessing result; the model output information acquisition module is used for taking the target operation data preprocessing result as input information of the intelligent early warning model to obtain output information; the real-time risk information acquisition module is used for analyzing the output information and obtaining real-time risk information according to an analysis result; the real-time risk information early warning module is used for early warning the real-time risk information through the risk early warning module.
One or more technical solutions provided in the embodiments of the present application at least have the following technical effects or advantages:
the intelligent risk early warning management method for the information system comprises the steps of obtaining a preset information system, collecting historical operation data of the preset information system, training according to the historical operation data to obtain an intelligent early warning model, storing the intelligent early warning model in a data analysis module, collecting real-time operation data of the preset information system through an operation monitoring module to obtain target operation data, preprocessing the target operation data to obtain a target operation data preprocessing result, taking the target operation data preprocessing result as input information of the intelligent early warning model to obtain output information, analyzing the output information, obtaining real-time risk information according to the analysis result, and carrying out early warning on the real-time risk information through a risk early warning module. The technical problem that the prior informatization system cannot timely early-warn and intensively process security events in a network environment, so that the informatization system faces security threats such as intrusion attack at any time is solved, the real-time acquisition and supervision of system states, security events and network activities of all components in the network environment are realized, and the technical effect of improving the security of the informatization system is achieved.
The foregoing description is only an overview of the technical solutions of the present application, and may be implemented according to the content of the specification in order to make the technical means of the present application more clearly understood, and in order to make the above-mentioned and other objects, features and advantages of the present application more clearly understood, the following detailed description of the present application will be given.
Drawings
Fig. 1 is a schematic flow chart of an intelligent risk early warning management method of an information system according to an embodiment of the present application;
fig. 2 is a schematic flow chart of constructing an intelligent early warning model in an intelligent risk early warning management method of an information system according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an intelligent risk early warning management system of an information system according to an embodiment of the present application.
Reference numerals illustrate: the system comprises a preset information system acquisition module 10, an intelligent early warning model construction module 20, a real-time operation data acquisition module 30, an operation data preprocessing module 40, a model output information acquisition module 50, a real-time risk information acquisition module 60 and a real-time risk information early warning module 70.
Detailed Description
The embodiment of the application provides an intelligent risk early warning management method for an information system, which is used for solving the technical problem that the information system faces security threats such as intrusion attack at any time because the current information system cannot timely early warn and intensively process security events in a network environment.
Example 1
As shown in fig. 1, an embodiment of the present application provides an information system intelligent risk early warning management method, which is applied to an information system intelligent risk early warning management system, where the information system intelligent risk early warning management system includes an operation monitoring module, a data analysis module, and a risk early warning module, and the information system intelligent risk early warning management method includes:
step S100: acquiring a preset information system and collecting historical operation data of the preset information system;
specifically, the intelligent risk early warning management method for the information system is applied to the intelligent risk early warning management system for the information system, and the intelligent risk early warning management system for the information system comprises an operation monitoring module, a data analysis module and a risk early warning module, wherein the operation monitoring module is used for carrying out real-time operation data acquisition, the data analysis module is used for storing an intelligent early warning model, and the risk early warning module is used for carrying out early warning on real-time risk information. Firstly, the preset information system is a system for receiving, storing and processing information preset by a user and counting the information according to set time, wherein the system comprises real-time operation data and historical operation data, and preliminary grasp of the information system is realized through acquisition of the historical operation data, so that a foundation is laid for subsequent risk early warning management.
Step S200: training according to the historical operation data to obtain an intelligent early warning model, wherein the intelligent early warning model is stored in the data analysis module;
specifically, a historical risk record in the historical operation data is extracted, a historical risk record set is formed, a target historical risk record in the historical risk record set is extracted, a preset risk list is obtained, the target historical risk record is traversed on the preset risk list, target historical risk content is obtained, the target historical operation data in the target historical risk record is extracted, the target historical operation data and the target historical risk content have a corresponding relation, and a training data set is formed based on the target historical operation data, the target historical risk content and the corresponding relation of the target historical risk content, wherein the training data set is used for training the intelligent early warning model. By constructing the intelligent early warning model, self-organizing and adaptive data processing is realized, and various input information relations are well coordinated.
Step S300: the operation monitoring module is used for collecting real-time operation data of the preset information system to obtain target operation data;
specifically, the operation monitoring module is used for collecting real-time operation data of a preset information system, extracting risk records in the collected real-time operation data to form a risk record set, extracting target risk records in the risk record set, obtaining a preset risk list, traversing the target risk records in the preset risk list to obtain target risk content, and extracting target operation data in the target risk records, wherein the target operation data and the target risk content have a corresponding relation. By collecting real-time operation data, real-time grasping of operation data of a preset information system is realized, and the effect of timely processing abnormal data and improving risk early warning efficiency is achieved.
Step S400: preprocessing the target operation data to obtain a target operation data preprocessing result;
specifically, a first data processing layer is built based on a gray correlation algorithm principle, a second data processing layer is built based on a coefficient of variation method weighting principle, and the first data processing layer and the second data processing layer are combined to obtain a hierarchical preprocessing model, wherein the hierarchical preprocessing model is used for preprocessing the target operation data. And processing the target operation data through the first data processing layer in the hierarchical preprocessing model to obtain a first data processing result, analyzing the first data processing result, screening to obtain first operation data, processing the first operation data through the second data processing layer to obtain a second data processing result, analyzing the second data processing result, screening to obtain second operation data, and taking the second operation data as the target operation data preprocessing result. The method realizes the dimension reduction processing of the operation data of the respective targets based on the correlation and the importance, achieves the effects of reducing the storage space and accelerating the calculation speed,
step S500: taking the target operation data preprocessing result as input information of the intelligent early warning model to obtain output information;
specifically, the target operation data preprocessing result is input into an intelligent early warning model through an output layer, the model is a BP neural network model, the BP network is a multi-layer network for carrying out weight training on a nonlinear differentiable function, and the method is characterized in that the method can realize the highly nonlinear mapping from pm space to yn space n, which is formed by mode vectors p of m input neurons, to the system only by means of sample data without establishing a mathematical model of the system. And training an intelligent early warning model, obtaining target risk content corresponding to a target operation data preprocessing result based on target history operation data, target history risk content and corresponding relation thereof, taking the target risk content as output information, and outputting the output information through an output layer.
Step S600: analyzing the output information, and obtaining real-time risk information according to an analysis result;
specifically, the output information is target risk content corresponding to a target operation data preprocessing result, namely, risk content of real-time operation data of an information system is preset, wherein the target risk content comprises functional risk, stability risk, hardware condition risk, software condition risk, adaptability risk, personnel flow risk, communication risk, super budget risk, system upgrading maintenance risk, network risk and tool risk, one or more target risk contents corresponding to the output information are obtained, and risk degree, risk importance and risk correlation of the target risk content are identified, so that real-time risk information is obtained. Accurate control of real-time risk information is achieved, accurate basis is provided for risk early warning, and the effect of improving the accuracy and efficiency of risk early warning is achieved.
Step S700: and carrying out early warning on the real-time risk information through the risk early warning module.
Specifically, the risk early warning module is used for early warning real-time risk information, classifying each risk content, for example, for functional risks, classifying the risk content into S, A, B grades according to the influence degree of the risk, wherein the grade S is the most serious risk, the early warning grade is the highest, the early warning strength is the highest, measures should be immediately taken when workers receive the risk information, the grade B is the weakest, the workers can slowly handle the risk information according to the situation when receiving the risk information, and classifying other risk contents according to the same principle. And matching corresponding early warning grades according to the grade of the real-time risk information, so as to perform early warning. The centralized alarm and the timely processing are realized, and the effect of timely preventing the threat generated to the safety mechanism of the informatization system is achieved.
Further, as shown in fig. 2, step S200 of the present application further includes:
step S210: extracting historical risk records in the historical operation data, and forming a historical risk record set;
step S220: extracting a target historical risk record in the historical risk record set;
step S230: obtaining a preset risk list, and traversing the target historical risk record in the preset risk list to obtain target historical risk content;
step S240: extracting target historical operation data in the target historical risk record, wherein the target historical operation data has a corresponding relation with the target historical risk content;
step S250: constructing a training data set based on the target historical operating data, the target historical risk content and the corresponding relation thereof;
step S260: the training data set is used for training the intelligent early warning model.
Specifically, the historical risk record in the historical operation data records progressive documents of the results of all risk management processes in the project life period in all systems, including information such as risk content, risk grade, risk management process, i.e. management result, and the like, the target historical risk record is the historical risk record of the preset information system, and the target historical operation data in the target historical risk record is extracted. The risk list is built based on big data, a risk category set is built based on the big data, wherein the risk category set comprises subjective type risks and objective type risks, the subjective type risks are personnel risks, the objective type risks are quality risks, technical risks, control risks and safety risks, risk content analysis is sequentially conducted on the quality risks, the technical risks, the personnel risks, the control risks and the safety risks, risk content analysis results are obtained, and the risk list is built based on the risk content analysis results.
And sequentially accessing each node in a preset risk list by the target historical risk record, wherein the specific access operation is to check the value of the node, find out the data matched with the node and take the data as target historical risk content, wherein the target historical operation data and the target historical risk content have one-to-many correspondence, namely each group of historical operation data corresponds to one or more target historical risk content. Dividing the target historical operation data into a training set and a verification set according to the ratio of 8:2, generally dividing the sample into two independent parts in the machine learning field, wherein the training set is used for estimating a model, the verification set is used for determining parameters of network structure or control model complexity, an intelligent early warning model is constructed through the corresponding relation between the target historical operation data and target historical risk content in the training set, and the final intelligent early warning model is obtained through verification of the verification set.
Further, step S230 of the present application further includes:
step S231: constructing a risk category set based on big data, wherein the risk category set comprises subjective category risks and objective category risks;
step S232: the subjective risk is personnel risk, and the objective risk is quality risk, technical risk, control risk and safety risk;
step S233: sequentially carrying out risk content analysis on the quality risk, the technical risk, the personnel risk, the control risk and the safety risk to obtain a risk content analysis result;
step S234: and constructing the preset risk list based on the risk content analysis result.
Specifically, risk types are obtained through big data, and classified according to subjectivity and objectivity, so that subjective type risks and objective type risks are obtained, and the subjective type risks and the objective type risks are used as risk category sets. The subjective risk is a risk generated by people, and the objective risk is a risk which does not depend on consciousness of people, namely, the risk of the system, including quality risk, technical risk, control risk and safety risk. The quality risk is evaluated according to the functionality and the stability, the technical risk is evaluated according to the hardware condition, the software condition and the adaptability, the personnel risk is evaluated according to the flow and the communication, the control risk is evaluated according to the super budget and the system upgrading maintenance, the safety risk is evaluated according to the network and the tools, and the evaluation results are synthesized to obtain the risk content analysis result.
Analyzing the quality risk, and constructing a quality risk content set according to an analysis result, wherein a first mapping relation exists between the quality risk content set and the quality risk, the quality risk content set comprises a functional risk and a stability risk, a second mapping relation, a third mapping relation, a fourth mapping relation and a fifth mapping relation are obtained in the same way, and the preset risk list is constructed based on the first mapping relation, the second mapping relation, the third mapping relation, the fourth mapping relation and the fifth mapping relation.
Further, step S234 of the present application further includes:
step S2341: analyzing the quality risk, and constructing a quality risk content set according to an analysis result, wherein the quality risk content set and the quality risk have a first mapping relation, and the quality risk content set comprises functional risks and stability risks;
step S2342: analyzing the technical risk, and constructing a technical risk content set according to an analysis result, wherein the technical risk content set and the technical risk have a second mapping relation, and the technical risk content set comprises hardware condition risks, software condition risks and adaptability risks;
step S2343: analyzing the personnel risks, and constructing a personnel risk content set according to an analysis result, wherein a third mapping relation exists between the personnel risk content set and the personnel risks, and the technical risk content set comprises personnel flow risks and communication risks;
step S2344: analyzing the control risk, and constructing a control risk content set according to an analysis result, wherein the control risk content set and the control risk have a fourth mapping relation, and the control risk content set comprises super budget risks and system upgrading maintenance risks;
step S2345: analyzing the security risk, and constructing a security risk content set according to an analysis result, wherein a fifth mapping relation exists between the security risk content set and the security risk, and the security risk content set comprises network risks and tool risks;
step S2346: and constructing the preset risk list based on the first mapping relation, the second mapping relation, the third mapping relation, the fourth mapping relation and the fifth mapping relation.
Specifically, a rectangular coordinate system is established, the functionality and the stability of the quality risk are input into the rectangular coordinate system by taking the functionality as a horizontal axis and the stability as a vertical axis as a quality risk assessment model, the vector OP (x, y) of the quality risk in the coordinate system is obtained, and the vector OP (x, y) is obtained through calculation
The quality risk index is taken as a quality risk analysis result, wherein x is a functional risk in quality risks, y is a stability risk in quality risks, and the quality risk index is taken as a quality risk content set, wherein the quality risks and the quality risk content set have a one-to-many mapping relationship, namely one quality risk corresponds to a plurality of quality risk contents. And obtaining a second mapping relation, a third mapping relation, a fourth mapping relation and a fifth mapping relation according to the same mode, and constructing the preset risk list based on the first mapping relation, the second mapping relation, the third mapping relation, the fourth mapping relation and the fifth mapping relation.
Further, step S200 of the present application further includes:
step S200-1: constructing a risk content set based on the preset risk list;
step S200-2: wherein the risk content set includes the functional risk, the stability risk, the hardware condition risk, the software condition risk, the adaptability risk, the personnel flow risk, the communication risk, the super budget risk, the system upgrade maintenance risk, the network risk, the tool risk;
step S200-3: sequentially taking each risk in the risk content set as a target overhead event;
step S200-4: analyzing and obtaining a target accident factor of the target overhead event;
step S200-5: analyzing the target overhead event and the target accident factor, and drawing a target accident tree according to an analysis result;
step S200-6: calculating and determining a target minimum cut set according to the target accident tree;
step S200-7: and forming a target minimum cut set based on the target minimum cut set of each risk in the risk content set, and storing the target minimum cut set to the intelligent early warning model.
The obtained functional risks, stability risks, hardware condition risks, software condition risks, adaptability risks, personnel flow risks, communication risks, super budget risks, system upgrading maintenance risks, network risks and tool risks are summarized to construct a risk content set, so that a target accident tree is constructed, and each risk in the risk content set is sequentially used as a target overhead event. The fault tree analysis method is a method commonly used in system safety and reliability analysis research, and the core of the method is to quantitatively calculate the fault probability and the reliability parameter of the occurrence of an event on the top of a fault tree and provide quantitative analysis data for improving and evaluating the safety and the reliability of the system. Several common methods for calculating the occurrence probability of the overhead event in the fault tree are summarized, and the applicable range of the calculation methods is provided according to the analysis, so that a theoretical basis is provided for selecting a proper calculation method in the quantitative analysis of the safety and the reliability of the system, and the accuracy of the fault tree analysis method in the practical application process is further enhanced.
A cutset is also called a cutset, and is a set that causes a top event to occur, that is, a set of basic events in an incident tree that can cause a top event to occur, where the set of basic events is called a cutset, and the minimal set of basic events that causes a top event to occur is called a minimal cutset. And forming a target minimum cut set based on the target minimum cut set of each risk in the risk content set, and storing the target minimum cut set into the intelligent early warning model.
Further, step S400 of the present application includes:
step S410: constructing a first data processing layer based on a gray correlation algorithm principle;
step S420: constructing a second data processing layer based on a coefficient of variation method weighting principle;
step S430: combining the first data processing layer and the second data processing layer to obtain a hierarchical preprocessing model;
step S440: the hierarchical preprocessing model is used for preprocessing the target operation data.
Specifically, the gray correlation degree analysis method is to consider factor values of a research object and influence factors as points on a line, compare the points with curves drawn by factor values of the object to be identified and the influence factors, compare the closeness between the points and the curves, respectively quantify the points, calculate the association degree of the closeness between the research object and each influence factor of the object to be identified, judge the influence degree of the object to be identified on the research object by comparing the association degree, namely, reduce the dimension of the data according to the correlation, so as to construct a first data processing layer; the coefficient of variation, also known as the "standard deviation", is another statistic that measures the degree of variation of each observed value in the data. When comparing the degree of variation of two or more data, if the unit of measure is the same as the average, the standard deviation can be directly used for comparison. If the units and the average numbers are different, the variation degree cannot be compared by adopting the standard deviation, and the comparison is carried out by adopting the ratio or the relative value of the standard deviation and the average number, namely, the dimension of the data is reduced according to the importance, so that the second data processing layer is constructed.
Further, step S400 of the present application further includes:
step S450: processing the target operation data through the first data processing layer in the hierarchical preprocessing model to obtain a first data processing result;
step S460: analyzing the first data processing result, screening to obtain first operation data, and processing the first operation data through the second data processing layer to obtain a second data processing result;
step S470: analyzing the second data processing result, screening to obtain second operation data, and taking the second operation data as the target operation data preprocessing result.
Specifically, the first data processing layer processes the target operation data, namely processes the target operation data based on the gray correlation algorithm principle, and a mean formula is used as follows:
wherein x (k) is the data of the target operational data sequence,
the mean value of the data is calculated by dividing the data of the target operation data sequence by the mean value through a formula, and the sequence mean value with large order of magnitude is larger, so that the data can be normalized to be near the order of magnitude of 1 after being removed. And taking the obtained result as a first data processing result. Screening the first data processing result meeting the correlation threshold according to the preset correlation threshold of the system to obtain a second data processing result, screening the second data processing result meeting the importance threshold according to the preset importance threshold of the system, taking the screening result as second operation data, and taking the second operation data as the target operation data preprocessing result.
Example two
Based on the same inventive concept as the intelligent risk early warning management method of an information system in the foregoing embodiment, as shown in fig. 3, the present application provides an intelligent risk early warning management system of an information system, where the system includes:
the system comprises a preset information system acquisition module 10, wherein the preset information system acquisition module 10 is used for acquiring a preset information system and collecting historical operation data of the preset information system;
the intelligent early warning model construction module 20 is used for obtaining an intelligent early warning model through training according to the historical operation data, wherein the intelligent early warning model is stored in the data analysis module;
the real-time operation data acquisition module 30 is used for acquiring real-time operation data of the preset information system through the operation monitoring module to obtain target operation data;
an operation data preprocessing module 40, where the operation data preprocessing module 40 is configured to preprocess the target operation data to obtain a target operation data preprocessing result;
the model output information acquisition module 50 is configured to take the target operation data preprocessing result as input information of the intelligent early warning model to obtain output information;
the real-time risk information acquisition module 60, wherein the real-time risk information acquisition module 60 is used for analyzing the output information and obtaining real-time risk information according to an analysis result;
the real-time risk information early warning module 70, the real-time risk information early warning module 70 is used for early warning the real-time risk information through the risk early warning module.
Further, the system further comprises:
the historical risk record acquisition module is used for extracting historical risk records in the historical operation data and forming a historical risk record set;
the target historical risk record acquisition module is used for extracting target historical risk records in the historical risk record set;
the preset risk list acquisition module is used for acquiring a preset risk list, and traversing the target historical risk record in the preset risk list to acquire target historical risk content;
the target historical operation data acquisition module is used for extracting target historical operation data in the target historical risk record, wherein the target historical operation data has a corresponding relation with the target historical risk content;
the training data set building module is used for building a training data set based on the target historical operation data, the target historical risk content and the corresponding relation thereof;
and the intelligent early warning model training module is used for training the intelligent early warning model by the training data set.
Further, the system further comprises:
the risk category set construction module is used for constructing a risk category set based on big data, wherein the risk category set comprises subjective category risks and objective category risks;
the risk category module is used for the subjective category risk to be the personnel risk, and the objective category risk to be the quality risk, the technical risk, the control risk and the safety risk;
the risk content analysis module is used for sequentially carrying out risk content analysis on the quality risk, the technical risk, the personnel risk, the control risk and the safety risk to obtain a risk content analysis result;
and the preset risk list construction module is used for constructing the preset risk list based on the risk content analysis result.
Further, the system further comprises:
the quality risk analysis module is used for analyzing the quality risk and constructing a quality risk content set according to an analysis result, wherein the quality risk content set and the quality risk have a first mapping relation, and the quality risk content set comprises functional risks and stability risks;
the technical risk analysis module is used for analyzing the technical risk and constructing a technical risk content set according to an analysis result, wherein the technical risk content set and the technical risk have a second mapping relation, and the technical risk content set comprises hardware condition risks, software condition risks and adaptability risks;
the personnel risk analysis module is used for analyzing the personnel risks and constructing a personnel risk content set according to an analysis result, wherein a third mapping relation exists between the personnel risk content set and the personnel risks, and the technical risk content set comprises personnel flow risks and communication risks;
the control risk analysis module is used for analyzing the control risk and constructing a control risk content set according to an analysis result, wherein a fourth mapping relation exists between the control risk content set and the control risk, and the control risk content set comprises super budget risk and system upgrading maintenance risk;
the security risk analysis module is used for analyzing the security risk and constructing a security risk content set according to an analysis result, wherein a fifth mapping relation exists between the security risk content set and the security risk, and the security risk content set comprises network risks and tool risks;
the preset risk list obtaining module is configured to construct the preset risk list based on the first mapping relationship, the second mapping relationship, the third mapping relationship, the fourth mapping relationship, and the fifth mapping relationship.
Further, the system further comprises:
the risk content set building module is used for building a risk content set based on the preset risk list;
a risk content set module configured to include the functional risk, the stability risk, the hardware condition risk, the software condition risk, the adaptability risk, the personnel flow risk, the communication risk, the super budget risk, the system upgrade maintenance risk, the network risk, the tool risk;
the target overhead event acquisition module is used for sequentially taking all risks in the risk content set as target overhead events;
the target accident factor acquisition module is used for analyzing and obtaining a target accident factor of the target overhead event;
analyzing the target overhead event and the target accident factor, and drawing a target accident tree according to an analysis result;
the target minimum cut set acquisition module is used for calculating and determining a target minimum cut set according to the target accident tree;
and the target minimum cut set acquisition module is used for forming a target minimum cut set based on the target minimum cut sets of all risks in the risk content set, and storing the target minimum cut set into the intelligent early warning model.
Further, the system further comprises:
the first data processing layer construction module is used for constructing a first data processing layer based on the gray correlation algorithm principle;
the second data processing layer construction module is used for constructing a second data processing layer based on the coefficient of variation law weighting principle;
the combination module is used for combining the first data processing layer and the second data processing layer to obtain a hierarchical preprocessing model;
and the hierarchical preprocessing model module is used for preprocessing the target operation data by the hierarchical preprocessing model.
Further, the system further comprises:
the first data processing result acquisition module is used for processing the target operation data through the first data processing layer in the hierarchical preprocessing model to obtain a first data processing result;
the second data processing result acquisition module is used for analyzing the first data processing result, screening to obtain first operation data, and processing the first operation data through the second data processing layer to obtain a second data processing result;
and the target operation data preprocessing result acquisition module is used for analyzing the second data processing result, screening to obtain second operation data, and taking the second operation data as the target operation data preprocessing result.
Through the foregoing detailed description of an information system intelligent risk early warning management method, those skilled in the art can clearly know an information system intelligent risk early warning management method and an information system intelligent risk early warning management system in this embodiment, and for the device disclosed in the embodiment, the description is relatively simple because it corresponds to the method disclosed in the embodiment, and relevant places refer to the method part for description.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. The intelligent risk early warning management method for the information system is characterized by being applied to an intelligent risk early warning management system for the information system, the intelligent risk early warning management system for the information system comprises an operation monitoring module, a data analysis module and a risk early warning module, and the intelligent risk early warning management method for the information system comprises the following steps:
acquiring a preset information system and collecting historical operation data of the preset information system;
training according to the historical operation data to obtain an intelligent early warning model, wherein the intelligent early warning model is stored in the data analysis module;
the operation monitoring module is used for collecting real-time operation data of the preset information system to obtain target operation data;
preprocessing the target operation data to obtain a target operation data preprocessing result;
taking the target operation data preprocessing result as input information of the intelligent early warning model to obtain output information;
analyzing the output information, and obtaining real-time risk information according to an analysis result;
and carrying out early warning on the real-time risk information through the risk early warning module.
2. The intelligent risk early warning management method of the information system according to claim 1, wherein the intelligent early warning model is obtained by training according to the historical operation data, and the intelligent risk early warning management method is characterized by comprising the following steps:
extracting historical risk records in the historical operation data, and forming a historical risk record set;
extracting a target historical risk record in the historical risk record set;
obtaining a preset risk list, and traversing the target historical risk record in the preset risk list to obtain target historical risk content;
extracting target historical operation data in the target historical risk record, wherein the target historical operation data has a corresponding relation with the target historical risk content;
constructing a training data set based on the target historical operating data, the target historical risk content and the corresponding relation thereof;
the training data set is used for training the intelligent early warning model.
3. The method for intelligent risk early warning management of an information system according to claim 2, wherein the obtaining a preset risk list includes:
constructing a risk category set based on big data, wherein the risk category set comprises subjective category risks and objective category risks;
the subjective risk is personnel risk, and the objective risk is quality risk, technical risk, control risk and safety risk;
sequentially carrying out risk content analysis on the quality risk, the technical risk, the personnel risk, the control risk and the safety risk to obtain a risk content analysis result;
and constructing the preset risk list based on the risk content analysis result.
4. The intelligent risk early warning management method of an information system according to claim 3, wherein the construction of the preset risk list based on the risk content analysis result includes:
analyzing the quality risk, and constructing a quality risk content set according to an analysis result, wherein the quality risk content set and the quality risk have a first mapping relation, and the quality risk content set comprises functional risks and stability risks;
analyzing the technical risk, and constructing a technical risk content set according to an analysis result, wherein the technical risk content set and the technical risk have a second mapping relation, and the technical risk content set comprises hardware condition risks, software condition risks and adaptability risks;
analyzing the personnel risks, and constructing a personnel risk content set according to an analysis result, wherein a third mapping relation exists between the personnel risk content set and the personnel risks, and the technical risk content set comprises personnel flow risks and communication risks;
analyzing the control risk, and constructing a control risk content set according to an analysis result, wherein the control risk content set and the control risk have a fourth mapping relation, and the control risk content set comprises super budget risks and system upgrading maintenance risks;
analyzing the security risk, and constructing a security risk content set according to an analysis result, wherein a fifth mapping relation exists between the security risk content set and the security risk, and the security risk content set comprises network risks and tool risks;
and constructing the preset risk list based on the first mapping relation, the second mapping relation, the third mapping relation, the fourth mapping relation and the fifth mapping relation.
5. The intelligent risk early warning management method of an information system according to claim 4, further comprising:
constructing a risk content set based on the preset risk list;
wherein the risk content set includes the functional risk, the stability risk, the hardware condition risk, the software condition risk, the adaptability risk, the personnel flow risk, the communication risk, the super budget risk, the system upgrade maintenance risk, the network risk, the tool risk;
sequentially taking each risk in the risk content set as a target overhead event;
analyzing and obtaining a target accident factor of the target overhead event;
analyzing the target overhead event and the target accident factor, and drawing a target accident tree according to an analysis result;
calculating and determining a target minimum cut set according to the target accident tree;
and forming a target minimum cut set based on the target minimum cut set of each risk in the risk content set, and storing the target minimum cut set to the intelligent early warning model.
6. The intelligent risk early warning management method of an information system according to claim 1, further comprising, before the preprocessing the target operation data to obtain a target operation data preprocessing result:
constructing a first data processing layer based on a gray correlation algorithm principle;
constructing a second data processing layer based on a coefficient of variation method weighting principle;
combining the first data processing layer and the second data processing layer to obtain a hierarchical preprocessing model;
the hierarchical preprocessing model is used for preprocessing the target operation data.
7. The method for intelligent risk early warning management of an information system according to claim 6, further comprising:
processing the target operation data through the first data processing layer in the hierarchical preprocessing model to obtain a first data processing result;
analyzing the first data processing result, screening to obtain first operation data, and processing the first operation data through the second data processing layer to obtain a second data processing result;
analyzing the second data processing result, screening to obtain second operation data, and taking the second operation data as the target operation data preprocessing result.
8. An intelligent risk early warning management system of an information system, which is characterized in that the intelligent risk early warning management system of the information system comprises:
the system comprises a preset information system acquisition module, a control module and a control module, wherein the preset information system acquisition module is used for acquiring a preset information system and acquiring historical operation data of the preset information system;
the intelligent early warning model building module is used for obtaining an intelligent early warning model through training according to the historical operation data, wherein the intelligent early warning model is stored in the data analysis module;
the real-time operation data acquisition module is used for acquiring real-time operation data of the preset information system through the operation monitoring module to obtain target operation data;
the operation data preprocessing module is used for preprocessing the target operation data to obtain a target operation data preprocessing result;
the model output information acquisition module is used for taking the target operation data preprocessing result as input information of the intelligent early warning model to obtain output information;
the real-time risk information acquisition module is used for analyzing the output information and obtaining real-time risk information according to an analysis result;
the real-time risk information early warning module is used for early warning the real-time risk information through the risk early warning module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211492145.9A CN116108445A (en) | 2022-11-25 | 2022-11-25 | Intelligent risk early warning management method and system for information system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211492145.9A CN116108445A (en) | 2022-11-25 | 2022-11-25 | Intelligent risk early warning management method and system for information system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116108445A true CN116108445A (en) | 2023-05-12 |
Family
ID=86264650
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211492145.9A Pending CN116108445A (en) | 2022-11-25 | 2022-11-25 | Intelligent risk early warning management method and system for information system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116108445A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117150580A (en) * | 2023-08-15 | 2023-12-01 | 速度科技股份有限公司 | Data storage hardware safety protection system of intelligent database |
| CN117439223A (en) * | 2023-10-27 | 2024-01-23 | 南通沃太新能源有限公司 | Safety control method and system of energy storage system |
-
2022
- 2022-11-25 CN CN202211492145.9A patent/CN116108445A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117150580A (en) * | 2023-08-15 | 2023-12-01 | 速度科技股份有限公司 | Data storage hardware safety protection system of intelligent database |
| CN117150580B (en) * | 2023-08-15 | 2024-04-02 | 速度科技股份有限公司 | Data storage hardware safety protection system of intelligent database |
| CN117439223A (en) * | 2023-10-27 | 2024-01-23 | 南通沃太新能源有限公司 | Safety control method and system of energy storage system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110263846B (en) | Fault diagnosis method based on fault data deep mining and learning | |
| CN116108445A (en) | Intelligent risk early warning management method and system for information system | |
| WO2023142424A1 (en) | Power financial service risk control method and system based on gru-lstm neural network | |
| CN110895526A (en) | Method for correcting data abnormity in atmosphere monitoring system | |
| CN110636066B (en) | Network security threat situation assessment method based on unsupervised generative reasoning | |
| CN105681298A (en) | Data security abnormity monitoring method and system in public information platform | |
| CN112685459A (en) | Attack source feature identification method based on K-means clustering algorithm | |
| CN115186883A (en) | Industrial equipment health state monitoring system and method based on Bian Yun collaborative computing | |
| CN109784668B (en) | Sample feature dimension reduction processing method for detecting abnormal behaviors of power monitoring system | |
| CN112990656A (en) | Health evaluation system and health evaluation method for IT equipment monitoring data | |
| CN117035419B (en) | Intelligent management system and method for enterprise project implementation | |
| CN108154256A (en) | The determining method and device of forecasting risk value, storage medium | |
| CN108763966B (en) | Tail gas detection cheating supervision system and method | |
| CN117193222A (en) | Intelligent quality control system based on industrial Internet of things and big data and control method thereof | |
| CN110175696B (en) | Fishing port ship entry and exit dynamic prediction method and system based on multiple regression | |
| CN113612625A (en) | Network fault positioning method and device | |
| WO2024027487A1 (en) | Health degree evaluation method and apparatus based on intelligent operations and maintenance scene | |
| CN109871711B (en) | Ocean big data sharing and distributing risk control model and method | |
| CN115296933B (en) | Industrial production data risk level assessment method and system | |
| Liu et al. | Early warning control model and simulation study of engineering safety risk based on a convolutional neural network | |
| CN115766096A (en) | Network security protection system based on big data | |
| CN111882135B (en) | Internet of things equipment intrusion detection method and related device | |
| CN115001781A (en) | Terminal network state safety monitoring method | |
| Avramenko et al. | Combined neural network model for diagnosing computer incidents | |
| CN117391458B (en) | Safety production risk detection and early warning method and system based on data analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |