CN113297314B - Data visualization method and device and storage medium - Google Patents
Data visualization method and device and storage medium Download PDFInfo
- Publication number
- CN113297314B CN113297314B CN202110854935.6A CN202110854935A CN113297314B CN 113297314 B CN113297314 B CN 113297314B CN 202110854935 A CN202110854935 A CN 202110854935A CN 113297314 B CN113297314 B CN 113297314B
- Authority
- CN
- China
- Prior art keywords
- data
- neural network
- network model
- state machine
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/26—Visual data mining; Browsing structured data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/044—Recurrent networks, e.g. Hopfield networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
Abstract
The application discloses a data visualization method, a data visualization device and a storage medium, wherein the method comprises the following steps: and acquiring the service operation data, and generating a service state machine according to the service operation data. And performing data fusion on the service state machine and the pre-constructed neural network model to obtain a fused neural network model, so that the service state machine is visually presented in the fused neural network model. By implementing the embodiment of the application, the human brain neuron structure can be simulated, newly-added business operation content and dynamic change flow are presented from multiple visual dimensions, so that the business state machine is visually presented in the fused neural network model, a flat presentation mode is broken through, and the visualization effect of large data volume is effectively improved.
Description
Technical Field
The present application relates to the field of computer information security technologies, and in particular, to a data visualization method and apparatus, and a storage medium.
Background
At present, the mainstream visualization technology mainly comprises two-dimensional plane representation forms such as a histogram, a curve graph, a ring graph, a radar chart, a pie chart and animation, and is applied to data analysis products in various industries. However, in practice, as the amount of service data increases, the presentation effect of these visualization technologies on mass data is still relatively flat, which is easy to cause visual fatigue for users, and is not conducive to timely discovering information security risks.
Disclosure of Invention
The present application is directed to solving at least one of the problems in the prior art. Therefore, the application provides a data visualization method and device and a storage medium, which can improve the visualization effect on mass data.
A data visualization method according to an embodiment of a first aspect of the present application includes:
acquiring service operation data;
generating a service state machine according to the service operation data;
and performing data fusion on the service state machine and a pre-constructed neural network model to obtain a fused neural network model, so that the service state machine is visually presented in the fused neural network model.
According to the data visualization method, at least the following beneficial effects are achieved:
in the embodiment of the application, the business operation data is acquired, the business state machine is generated according to the business operation data, and then the business state machine and the pre-constructed neural network model are subjected to data fusion to obtain the fused neural network model, so that a human brain neuron structure can be simulated, newly-added business operation contents and dynamic change flows are presented from multiple visual dimensions, the business state machine is visually presented in the fused neural network model, a flat presentation mode is broken through, and the visualization effect of large data volume is effectively improved. In addition, the method can also accord with human brain thinking, is convenient for an administrator to quickly locate data changes and association anomalies, and improves the response speed of information safety risks.
According to some embodiments of the present application, the performing data fusion on the service state machine and a pre-constructed neural network model to obtain a fused neural network model includes:
performing data fusion on the service state machine and a plurality of existing state machines contained in a pre-constructed neural network model, so that the associated state nodes among different state machines establish a connection relation;
and adding the service state machine into the neural network model by taking each state node in the service state machine as a neuron node and taking the connection relation corresponding to each state node in the service state machine as an axon relation corresponding to each neuron node to obtain the fused neural network model.
According to some embodiments of the present application, before the data fusion of the business state machine and the pre-constructed neural network model, the method further comprises:
acquiring preset safety element information;
acquiring data according to the safety element information to obtain information safety data;
performing data fusion analysis on the information security data to construct various information security state machines;
and constructing a neural network according to various information security state machines to obtain a neural network model.
According to some embodiments of the present application, the security element information comprises a plurality of security data types and a plurality of field attributes under each security data type; the acquiring data according to the security element information to obtain information security data comprises:
constructing an ontology structure of each security data type according to each security data type and a plurality of field types under each security data type;
acquiring data based on the body structure of each safety data type to obtain an instantiation map of each safety data type;
the data fusion analysis is carried out on the information security data to construct various information security state machines, and the method comprises the following steps:
and performing data fusion analysis on the instantiation graphs of each safety data type to construct a plurality of information safety state machines.
According to some embodiments of the present application, the security element information includes an asset data type, an attack data type, a vulnerability data type, and a security mechanism type.
According to some embodiments of the application, the method further comprises:
acquiring configuration management parameters, wherein the configuration management parameters are used for managing configuration contents of a neural network;
and carrying out configuration management on the fused neural network model by combining the configuration management parameters.
According to some embodiments of the present application, the configuring and managing the merged neural network model in combination with the configuration management parameters includes:
according to the configuration management parameters, performing data analysis on the state machine contained in the fused neural network model, and determining the visual object attributes of all the components in the state machine contained in the fused neural network model;
and carrying out visualization processing on the network elements corresponding to the components in the fused neural network model by combining the visual object attributes of the components.
A data visualization apparatus according to an embodiment of the second aspect of the present application, the apparatus comprising:
the acquisition module is used for acquiring service operation data;
the generating module is used for generating a service state machine according to the service operation data;
and the fusion module is used for carrying out data fusion on the service state machine and a pre-constructed neural network model to obtain a fused neural network model, so that the service state machine is visually presented in the fused neural network model.
A data visualization device according to an embodiment of a third aspect of the present application includes:
one or more memories;
one or more processors configured to execute one or more computer programs stored in the one or more memories, and further configured to perform a method as described in embodiments of the first aspect of the present application.
A computer-readable storage medium according to an embodiment of the fourth aspect of the present application includes instructions that, when executed on a computer, cause the computer to perform the method according to the embodiment of the first aspect of the present application.
A computer program product according to an embodiment of the fifth aspect of the present application contains instructions that, when executed on a computer, cause the computer to perform the method according to an embodiment of the first aspect of the present application.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The above and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic diagram of an embodiment of a data visualization method disclosed in an embodiment of the present application;
FIG. 2 is a schematic diagram illustrating a partial visualization of a neural network model according to an embodiment of the present application;
FIG. 3 is a schematic flow chart diagram illustrating another data visualization method disclosed in an embodiment of the present application;
FIG. 4 is a diagram illustrating a software architecture applied in an embodiment of the present application;
fig. 5 is a schematic structural diagram of a data visualization apparatus disclosed in an embodiment of the present application;
fig. 6 is a schematic structural diagram of another data visualization apparatus disclosed in an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
In the description of the present application, the meaning of a plurality is one or more, the meaning of a plurality is two or more, and larger, smaller, larger, etc. are understood as excluding the present number, and larger, smaller, inner, etc. are understood as including the present number. If the first and second are described for the purpose of distinguishing technical features, they are not to be understood as indicating or implying relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence of the technical features indicated.
The embodiment of the application discloses a data visualization method and device and a storage medium, which can improve the visualization effect of mass data. The method is applicable to a terminal with a computing processing function, where the terminal may include a mobile phone, a tablet computer, a notebook computer, a Personal Computer (PC), a mobile internet device, a server, and the like, and the embodiment of the present application is not limited. The following detailed description is made with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a schematic diagram illustrating an embodiment of a data visualization method disclosed in the embodiments of the present application.
101. And acquiring service operation data.
In this embodiment, the service operation data may be data recorded when the service operation is executed in the operating system, and is used to describe specific content and process of the service operation, so the data may include operation user information, operation time, operation terminal, network protocol, specific operation event, arrival target, acquisition resource, and the like, which is not limited specifically. For example, if the service operation type is a website access operation, the service operation data may include a user model, a network type, a user local address, an access path track, an access time, and the like.
Specifically, in some implementation manners, by setting the service operation type to be captured, event monitoring and capturing can be performed on the set service operation type by using a data point-burying technology (such as an interceptor plug-in), so that service operation data in a specified format is obtained, and real-time collection of the service operation data is realized. The service operation type and the format of the service operation data can be set manually, and the method is suitable for diversified service scene requirements.
102. And generating a service state machine according to the service operation data.
In the embodiment of the application, the service state machine is used for modeling the service operation data, so that the state sequence and the process change experienced in the corresponding service operation period are effectively fed back. Specifically, for step 102, the service operation data may be analyzed to obtain a state table, where the state table may include three information types, that is, state information, event information for triggering switching from one state information to another state information, and attribute information for describing the state information. Based on the method, the service state machine can be constructed by taking the state information as the state nodes, taking the event information as the connection relation among different state nodes and taking the attribute information as the attribute value of each state node.
For example, for a business operation of clicking a folder on a display interface by a user, the opened folder a and the subordinate folder B of the opened folder a are different state information, a double-click operation (or double-click time) on the folder a is event information for triggering switching of the state information, and the attribute information may include a storage location, an occupied space, a creation time, and the like of each folder.
103. And performing data fusion on the service state machine and the pre-constructed neural network model to obtain a fused neural network model, so that the service state machine is visually presented in the fused neural network model.
In the embodiment of the application, the neural network model is a model constructed based on a neuron structure of a biological nervous system, and is used for simulating a human brain neuron network to perform information processing. The neural network model may adopt an artificial neural network such as a pulse neural network, a convolutional neural network, or a cyclic neural network, which is not particularly limited. When the impulse neural network is used, the impulse neural network may be specifically classified into a feedforward impulse neural network, a recursive impulse neural network, or a hybrid impulse neural network. The pulse neural network can fully utilize the information of the space-time hierarchy, thereby better simulating the human brain neurons to record the dynamic changes of the network.
Referring to fig. 2, fig. 2 is a schematic partial view of a neural network model according to an embodiment of the present application. As shown in fig. 2, the neural network model includes a large number of neuron nodes 20, axonal relations 21 between the neuron nodes 20 are used to describe connection relations between the neuron nodes 20, and dendrites 22 of the neuron nodes 20 can also be used to describe attribute information of the neuron nodes 20. Therefore, when newly-added business operation data are obtained, a three-dimensional model is designed and manufactured for a specific business without investing manpower, and a business state machine generated based on the business operation data is fused into the neural network model, so that rich business data contents can be displayed based on a neuron structure, the data relation and the operation process are clear and easy to read, and the visualization dynamic property of the business state machine is realized.
In some alternative implementations, the neural network model may include neural network modeling results for a variety of state machines. Therefore, step 103 may specifically be: and performing data fusion on the service state machine and a plurality of existing state machines contained in a pre-constructed neural network model, so that the connection relation is established between the associated state nodes of different state machines. And then, taking each state node in the service state machine as a neuron node, taking a connection relation corresponding to each state node in the service state machine as an axon relation corresponding to each neuron node, and adding the service state machine into the neural network model to obtain the fused neural network model. Optionally, when the service state machine is added to the neural network model, the dendrite information corresponding to each neuron node may be generated according to the attribute value of each state node in the service state machine, so as to further increase the amount of relevant data that can be recorded in the neuron node.
The data fusion method for the multiple state machines may specifically adopt a cluster fusion algorithm, a merging algorithm, a decision-level fusion algorithm, or other machine learning algorithms, which is not specifically limited.
Therefore, the conversion from the business state machine to the neuron structure is completed, the business state machine can be conveniently fused into the neural network model, each step process, motion trail, association relation, association elements, space-time range and the like from the fine particles to the business state machine can be achieved, and the state nodes having data association relation with the business state machine are found out from various existing state machines through the data fusion technology, so that the data association relation between the business state machine and the existing state machines in the neural network model is established, redundant repeated data is reduced, and the associated data analysis of the business state machine is facilitated.
Therefore, by implementing the method embodiment, the human brain neuron structure can be simulated, newly-added business operation content and dynamic change flow are presented from multiple visual dimensions, and the business state machine is visually presented in the fused neural network model, so that a flat presentation mode is broken through, and the visualization effect of large data volume is effectively improved. In addition, the method can also accord with human brain thinking, is convenient for an administrator to quickly locate data changes and association anomalies, and improves the response speed of information safety risks.
Referring to fig. 3, fig. 3 is a schematic flow chart of another data visualization method disclosed in the embodiment of the present application.
301. And acquiring preset safety element information.
In the embodiment of the present application, the security element information may be manually set and used to define a security element for situation-aware network information security. In particular, the security element information may include defined security data types, and the security data types may include at least an asset data type, an attack data type, a vulnerability data type, and a security mechanism type, which are not limited thereto. Further, the security element information may further include a plurality of field attributes under different security data types, which are shown in table 1 and are not limited thereto.
Table 1 security element information definition table
| Secure data type | Field attributes |
| Asset data types | Hardware information: CPU, memory, disk, etc.; software information: operating system, network service, network process, software component Class, name, version, manufacturer, etc.; file information: file name, file path, etc.; and, user profile information and the like |
| Attack data type | Occurrence time, attack source IP address, attack source port, protocol, target IP address, target port, etc |
| Vulnerability data types | CVE number, vulnerability name, influence file path, etc |
| Type of security mechanism | Encryption mechanisms, security authentication mechanisms, access control policies, and the like |
302. And acquiring data according to the safety element information to obtain information safety data.
303. And carrying out data fusion analysis on the information security data to construct various information security state machines.
As an optional implementation manner, when the security element information includes a plurality of security data types and a plurality of field attributes under each security data type, step 302 may specifically be:
the first step is as follows: and constructing an ontology structure of each security data type according to each security data type and a plurality of field types under each security data type. The ontology structure is a semantic data model structure and is used for describing data types, field attributes and mutual relations of the data types and the field attributes. In some implementation manners, all the constructed body structures can be added into the body library, so that flexible addition and calling of each body structure in the body library are realized. Taking the security element information definition table shown in table 1 as an example, four different types of ontology structures can be constructed according to four security data types, namely an asset data type, an attack data type, a vulnerability data type and a security mechanism type. Furthermore, the ontology structure of each security data type may further define corresponding field attribute nodes according to field attributes having a hierarchical relationship under the security data type.
The second step is that: and acquiring data based on the body structure of each safety data type to obtain an instantiation map of each safety data type. For example, if a field attribute node "file information" exists in the ontology structure of the asset data type, in an instantiation mode, file information collection can be performed on the computer C disk, so as to instantiate the field attribute node "file information", and form a knowledge graph, that is, "C disk-M directory files-all subfiles under each directory file". Similarly, if the ontology structure includes a plurality of field attribute nodes, each field attribute node can be instantiated through data collection, and finally a powerful instantiation graph is formed.
Correspondingly, step 303 may specifically be: and performing data fusion analysis on the instantiation graphs of each safety data type to construct a plurality of information safety state machines. Specifically, for each security data type, each node in the instantiation graph after data fusion can be used as a state node of the information security state machine, and the connection edge in the instantiation graph is used as a connection relation corresponding to each state node in the information security state machine to construct the information security state machine. Illustratively, an asset state machine, an attack state machine and a vulnerability state machine can be respectively constructed for instantiation maps corresponding to the asset data type, the attack data type, the vulnerability data type and the security mechanism type.
Therefore, a generalized body structure is constructed through the security data types to be collected, the field attributes and the mutual relations of the field attributes, a well-structured taxonomy hierarchy is formed, data collection is carried out based on the body structure, and then the collected data are subjected to data extraction, data fusion, data reasoning and other steps, so that instantiation maps of different security data types can be constructed, intelligent mining and correlation analysis of the collected data can be realized, and the data preparation requirements for constructing a state machine are met.
304. And constructing a neural network according to various information security state machines to obtain a neural network model.
In this embodiment, specifically, first, data fusion is performed on multiple information security state machines to establish a connection relationship between state nodes associated with different information security state machines. For example, in the vulnerability state machine, the subordinate state node P2 of the state node P1 records file information of the vulnerability, and if another state node P3 of the asset state machine records the same file information, the connection relationship between the state node P1 and the state node P3 can be established. And then, aiming at each information safety state machine, taking each state node in the information safety state machine as a neuron node, taking a connection relation corresponding to each state node in the information safety state machine as an axon relation corresponding to each neuron node, and taking the attribute value of each state node in the information safety state machine as dendrite information corresponding to each neuron node to generate a neural network model.
Therefore, by implementing the steps 301 to 304, the whole-network information safety data can be collected and analyzed, and a neural network model is constructed, so that massive information safety data can be presented by a multi-dimensional neural network structure, and the large data integration management is facilitated.
As an optional implementation manner, after the neural network model is constructed, dynamic data of any security data type can be acquired, and then the dynamic data and the information security state machine of the corresponding security data type in the neural network model are subjected to data fusion to update the information security state machine, so that the neural network model is updated, efficient and accurate network security situation awareness can be realized, and dynamic changes of security element information can be presented in a linkage manner. For example, when new hacking data is collected, the hacking state machine included in the neural network model can be updated by using the hacking data; when newly added network anomaly data is collected, the asset state machine can be updated with the network anomaly data.
305. And acquiring service operation data.
306. And generating a service state machine according to the service operation data.
307. And performing data fusion on the service state machine and the pre-constructed neural network model to obtain a fused neural network model, so that the service state machine is visually presented in the fused neural network model.
In the embodiment of the present application, step 305 to step 307 may refer to the description of step 101 to step 103 in the method embodiment shown in fig. 1, and are not described herein again.
308. And acquiring configuration management parameters, wherein the configuration management parameters are used for managing the configuration content of the neural network.
In this embodiment of the application, the configuration management parameters may include a threshold management parameter, an icon configuration parameter, a node management parameter, and the like, which are not specifically limited. The threshold management parameter can be used for setting a data threshold for changing the configuration of the neural network, the icon configuration parameter is used for managing an icon library and icon configuration adopted by the neural network, and the node management parameter is used for managing the configuration of the neuron nodes of the neural network.
309. And carrying out configuration management on the fused neural network model by combining configuration management parameters.
As an optional implementation manner, step 309 may specifically be: according to the configuration management parameters, performing data analysis on the state machine contained in the fused neural network model, and determining the visual object attributes of all the components in the state machine contained in the fused neural network model; and carrying out visualization processing on the corresponding network elements in the fused neural network model of the components by combining the visual object attributes of the components. The component elements of the state machine may include state nodes, attribute values of the state nodes, and connection relationships between the state nodes, the network elements in the neural network model may include neuron nodes, dendrites of the neuron nodes, and axonal relationships between the neuron nodes, and the visual object attribute may include icon types (such as spheres, prisms, cubes, or the like), sizes, colors, or the like, which are not specifically limited.
Specifically, in an implementation manner, when the configuration management parameters include a threshold management parameter and an icon management parameter, for a state machine included in the fused neural network model, threshold analysis may be performed on the specified state node, and the visualized object attribute of the specified state node is determined according to a result of the threshold analysis. Wherein the designated state node may be a node which is previously set to transform the icon based on the data driving.
For example, assuming that the designated status node is a node for recording the CPU utilization of the device, the threshold management parameters set for the status node include 70% and 85%, and among the icon management parameters, a green icon, a yellow icon, and a red icon are respectively configured for the status nodes of normal, alarm, and serious status. After threshold analysis is carried out on the state node, if the utilization rate of the CPU of the equipment recorded by the state node is less than or equal to 70%, the state node is normal, and a green icon is determined to be adopted for the corresponding neuron node; if the CPU utilization rate of the equipment recorded by the state nodes is between 70% and 85%, the state nodes give an alarm and determine that yellow icons are adopted for corresponding neuron nodes; and if the CPU utilization rate of the equipment recorded by the state node is between 70% and 85%, the state node gives an alarm and determines to adopt a red icon for the corresponding neuron node.
In other optional embodiments, based on the icon management parameter, different icon configurations may be adopted for the corresponding network elements according to the data types corresponding to the different state machines, the data acquisition time of the state nodes, or the data importance levels of the state nodes. In one implementation, in the fused neural network model, the asset state machine, the attack state machine, the vulnerability state machine, and the security state machine are distinguished from each other by using different icon types for network elements corresponding to the service state machine. In another implementation manner, the earlier the data acquisition time of the state node is, the smaller the icon configured for the corresponding neuron node is, and on the contrary, the larger the icon configured for the corresponding neuron node is, which is convenient for more intuitively capturing the latest data. In another implementation, the number of connection relationships corresponding to the state nodes is proportional to the data importance level of the state nodes, and when the data importance level of the state nodes is higher, the icons configured for the corresponding neuron nodes are larger, so that important data can be conveniently located.
It can be understood that the above-mentioned specific implementation of performing configuration management on the merged neural network model in combination with the configuration management parameters is also applicable to the neural network model constructed in step 304, and is not described in detail again.
Therefore, by implementing the steps 308 and 309, a real-time communication mechanism of the human brain neuron can be simulated, and the state machine data and the configuration management parameters are combined, so that the management of configuration content of the neural network is realized based on data driving, the visualization effect of the neural network is more diversified, and the method is suitable for more network management requirements.
In summary, please refer to fig. 4, fig. 4 is a schematic diagram of a software architecture applied in the embodiment of the present application. The whole process of data acquisition, fusion, modeling and processing analysis is realized by the software architecture as shown in fig. 4. The acquisition module acquires information security data. The state machine management module can adopt a big data artificial intelligence analysis engine to perform data fusion on the acquired information security data to generate various state machines. The visualization module can utilize a pulse neural network learning algorithm and a three-dimensional modeling technology to build a neural network for various state machines in the state machine management module, so as to generate a visualized neural network model. And the configuration management module can execute the visual configuration management of the neural network model in the visual module by reading the data of each state machine in the state machine management module.
Therefore, by implementing the method embodiment, the human brain neuron structure can be simulated, newly-added business operation content and dynamic change flow are presented from multiple visual dimensions, and the business state machine is visually presented in the fused neural network model, so that a flat presentation mode is broken through, and the visualization effect of large data volume is effectively improved. In addition, the method can also accord with human mind, so that an administrator can conveniently and quickly locate data changes and association anomalies, and the response speed to information safety risks is improved; in addition, the method can realize the configuration content management of the neural network based on data driving, so that the visualization effect of the neural network is more diversified, and the method is suitable for more network management requirements.
The data visualization method in the embodiment of the present application is described above, and the data visualization device in the embodiment of the present application is described below.
Referring to fig. 5, fig. 5 is a schematic structural diagram of a data visualization apparatus disclosed in the embodiment of the present application, including:
an obtaining module 501, configured to obtain service operation data;
a generating module 502, configured to generate a service state machine according to the service operation data;
and the fusion module 503 is configured to perform data fusion on the service state machine and the pre-constructed neural network model to obtain a fused neural network model, so that the service state machine is visually represented in the fused neural network model.
In this embodiment of the present application, as an optional implementation manner, the fusion module 503 is specifically configured to perform data fusion on a service state machine and a plurality of existing state machines included in a pre-constructed neural network model, so that a connection relationship is established between state nodes associated with different state machines; and adding the service state machine into the neural network model by taking each state node in the service state machine as a neuron node and taking the connection relation corresponding to each state node in the service state machine as an axon relation corresponding to each neuron node to obtain the fused neural network model.
In the embodiment of the present application, as an optional implementation manner, the apparatus may further include an acquisition module and a construction module, where: the obtaining module 501 is further configured to obtain preset security element information before the fusion module 503 performs data fusion on the service state machine and the pre-constructed neural network model. And the acquisition module is used for acquiring data according to the safety element information to obtain information safety data. The construction module is used for carrying out data fusion analysis on the information security data and constructing various information security state machines; and constructing a neural network according to various information security state machines to obtain a neural network model.
Further, as an optional implementation manner, the security element information includes a plurality of security data types and a plurality of field attributes in each security data type. The acquisition module is specifically used for constructing a body structure of each safety data type according to each safety data type and a plurality of field types under each safety data type; and acquiring data based on the body structure of each safety data type to obtain an instantiation map of each safety data type. And the construction module is also used for carrying out data fusion analysis on the instantiation map of each safety data type to construct a plurality of information safety state machines.
Further, as an optional implementation manner, the security element information includes an asset data type, an attack data type, a vulnerability data type, and a security mechanism type.
In the embodiment of the present application, as an optional implementation manner, the apparatus further includes a management module. The obtaining module 501 is further configured to obtain a configuration management parameter, where the configuration management parameter is used to manage configuration content of the neural network. And the management module is used for configuring and managing the fused neural network model by combining the configuration management parameters.
Further, as an optional implementation manner, the management module is specifically configured to perform data analysis on the state machine included in the fused neural network model according to the configuration management parameters, and determine the visual object attribute of each component element in the state machine included in the fused neural network model; and carrying out visualization processing on the corresponding network elements in the fused neural network model of the components by combining the visual object attributes of the components.
It should be noted that, for the specific implementation process of the present embodiment, reference may be made to the specific implementation process described in the above method embodiment, and a description thereof is omitted here.
Referring to fig. 6, fig. 6 is a schematic structural diagram of another data visualization apparatus disclosed in the embodiment of the present application, including:
one or more memories 601;
one or more processors 602 for executing one or more computer programs stored in the one or more memories 601 to perform the methods described in the embodiments above.
It should be noted that, for the specific implementation process of the present embodiment, reference may be made to the specific implementation process described in the above method embodiment, and a description thereof is omitted here.
Embodiments of the present application provide a computer-readable storage medium having stored thereon computer instructions, which when executed, cause a computer to execute the data visualization method described in the above method embodiments.
The embodiments of the present application also disclose a computer program product, wherein, when the computer program product runs on a computer, the computer is caused to execute part or all of the steps of the method as in the above method embodiments.
It will be understood by those of ordinary skill in the art that all or part of the steps in the methods of the above embodiments may be performed by associated hardware instructed by a program, and the program may be stored in a computer-readable storage medium, where the storage medium includes read-only memory (ROM), Random Access Memory (RAM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), one-time programmable read-only memory (OTPROM), electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM), or other memory, magnetic disk, magnetic tape, or magnetic tape, Or any other medium which can be used to carry or store data and which can be read by a computer.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
While embodiments of the present application have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the application, the scope of which is defined by the claims and their equivalents.
Claims (8)
1. A method for data visualization, the method comprising:
acquiring service operation data;
generating a service state machine according to the service operation data;
performing data fusion on the service state machine and a plurality of existing state machines contained in a pre-constructed neural network model, so that the associated state nodes among different state machines establish a connection relation;
adding the service state machine into the neural network model by taking each state node in the service state machine as a neuron node and taking a connection relation corresponding to each state node in the service state machine as an axon relation corresponding to each neuron node to obtain a fused neural network model, so that the service state machine is visually presented in the fused neural network model;
before the data fusion is performed between the service state machine and a plurality of existing state machines included in a pre-constructed neural network model, the method further includes:
acquiring preset safety element information;
acquiring data according to the safety element information to obtain information safety data;
performing data fusion analysis on the information security data to construct various information security state machines;
and constructing a neural network according to various information security state machines to obtain a neural network model.
2. The method of claim 1, wherein the security element information comprises a plurality of security data types and a plurality of field attributes for each security data type; the acquiring data according to the security element information to obtain information security data comprises:
constructing an ontology structure of each security data type according to each security data type and a plurality of field types under each security data type;
acquiring data based on the body structure of each safety data type to obtain an instantiation map of each safety data type;
the data fusion analysis is carried out on the information security data to construct various information security state machines, and the method comprises the following steps:
and performing data fusion analysis on the instantiation graphs of each safety data type to construct a plurality of information safety state machines.
3. The method of claim 1, wherein the security element information comprises an asset data type, an attack data type, a vulnerability data type, and a security mechanism type.
4. The method according to any one of claims 1 to 3, further comprising:
acquiring configuration management parameters, wherein the configuration management parameters are used for managing configuration contents of a neural network;
and carrying out configuration management on the fused neural network model by combining the configuration management parameters.
5. The method of claim 4, wherein the configuring and managing the merged neural network model in combination with the configuration management parameters comprises:
according to the configuration management parameters, performing data analysis on the state machine contained in the fused neural network model, and determining the visual object attributes of all the components in the state machine contained in the fused neural network model;
and carrying out visualization processing on the network elements corresponding to the components in the fused neural network model by combining the visual object attributes of the components.
6. A data visualization device, the device comprising:
the acquisition module is used for acquiring service operation data;
the generating module is used for generating a service state machine according to the service operation data;
the fusion module is used for carrying out data fusion on the service state machine and various existing state machines contained in a pre-constructed neural network model so as to establish a connection relation between associated state nodes among different state machines; adding the service state machine into the neural network model by taking each state node in the service state machine as a neuron node and taking a connection relation corresponding to each state node in the service state machine as an axon relation corresponding to each neuron node to obtain a fused neural network model, so that the service state machine is visually presented in the fused neural network model;
the acquisition module is further configured to acquire preset security element information before the fusion module performs data fusion on the service state machine and a plurality of existing state machines included in a pre-constructed neural network model;
the acquisition module is used for acquiring data according to the safety element information to obtain information safety data;
and the construction module is used for carrying out data fusion analysis on the information security data, constructing various information security state machines, and carrying out neural network construction according to the various information security state machines to obtain a neural network model.
7. A data visualization device, the device comprising:
one or more memories;
one or more processors to execute one or more computer programs stored in the one or more memories and to perform the method of any of claims 1 to 5.
8. A computer-readable storage medium comprising instructions which, when executed on a computer, cause the computer to perform the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110854935.6A CN113297314B (en) | 2021-07-28 | 2021-07-28 | Data visualization method and device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110854935.6A CN113297314B (en) | 2021-07-28 | 2021-07-28 | Data visualization method and device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113297314A CN113297314A (en) | 2021-08-24 |
| CN113297314B true CN113297314B (en) | 2021-11-02 |
Family
ID=77331233
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110854935.6A Active CN113297314B (en) | 2021-07-28 | 2021-07-28 | Data visualization method and device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113297314B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110837602A (en) * | 2019-11-05 | 2020-02-25 | 重庆邮电大学 | User recommendation method based on representation learning and multi-mode convolutional neural network |
| CN112738015A (en) * | 2020-10-28 | 2021-04-30 | 北京工业大学 | Multi-step attack detection method based on interpretable convolutional neural network CNN and graph detection |
| CN112802575A (en) * | 2021-04-10 | 2021-05-14 | 浙江大学 | Medication decision support method, device, equipment and medium based on graphic state machine |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080208372A1 (en) * | 2003-11-10 | 2008-08-28 | Pannese Patrick D | Scheduling with neural networks and state machines |
| US8996430B2 (en) * | 2012-01-27 | 2015-03-31 | International Business Machines Corporation | Hierarchical scalable neuromorphic synaptronic system for synaptic and structural plasticity |
| CN103685280B (en) * | 2013-12-18 | 2017-04-26 | 华为技术有限公司 | Message matching method, state machine compiling method and equipment |
| CN104866981A (en) * | 2015-06-12 | 2015-08-26 | 武汉理工大学 | Modeling method based on business process management of extended finite state machine |
| CN107330608B (en) * | 2017-06-27 | 2021-04-23 | 宁波创元信息科技有限公司 | Production scheduling method based on neuron network technology |
| CN111966076B (en) * | 2020-08-11 | 2023-06-09 | 广东工业大学 | Fault positioning method based on finite state machine and graph neural network |
| CN112270406B (en) * | 2020-11-11 | 2023-05-23 | 浙江大学 | Nerve information visualization method of brain-like computer operating system |
| CN112468464B (en) * | 2020-11-16 | 2022-10-28 | 深圳市永达电子信息股份有限公司 | State machine integrity verification system and method based on service chain |
-
2021
- 2021-07-28 CN CN202110854935.6A patent/CN113297314B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110837602A (en) * | 2019-11-05 | 2020-02-25 | 重庆邮电大学 | User recommendation method based on representation learning and multi-mode convolutional neural network |
| CN112738015A (en) * | 2020-10-28 | 2021-04-30 | 北京工业大学 | Multi-step attack detection method based on interpretable convolutional neural network CNN and graph detection |
| CN112802575A (en) * | 2021-04-10 | 2021-05-14 | 浙江大学 | Medication decision support method, device, equipment and medium based on graphic state machine |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113297314A (en) | 2021-08-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210218649A1 (en) | Network Security Monitoring and Correlation System and Method of Using Same | |
| US11811805B1 (en) | Detecting fraud by correlating user behavior biometrics with other data sources | |
| US20180367561A1 (en) | Threat disposition analysis and modeling using supervised machine learning | |
| US20170277582A1 (en) | Identification of distinguishable anomalies extracted from real time data streams | |
| CN109587125B (en) | Network security big data analysis method, system and related device | |
| CN112468347B (en) | Security management method and device for cloud platform, electronic equipment and storage medium | |
| US20200169476A1 (en) | System and method for generating a network diagram | |
| Kalegele et al. | Four decades of data mining in network and systems management | |
| Zhao et al. | MVSec: multi-perspective and deductive visual analytics on heterogeneous network security data | |
| Shi et al. | Visual analytics of anomalous user behaviors: A survey | |
| US11315010B2 (en) | Neural networks for detecting fraud based on user behavior biometrics | |
| Guo | Research on anomaly detection in massive multimedia data transmission network based on improved PSO algorithm | |
| CN109743286A (en) | A kind of IP type mark method and apparatus based on figure convolutional neural networks | |
| Chu et al. | Big data and its V’s with IoT to develop sustainability | |
| CN113297314B (en) | Data visualization method and device and storage medium | |
| Wagner et al. | Visual analytics: Foundations and experiences in malware analysis | |
| Kasemsri | A survey, taxonomy, and analysis of network security visualization techniques | |
| Yan et al. | Visual analysis of collective anomalies using faceted high-order correlation graphs | |
| Legg | Human-machine decision support systems for insider threat detection | |
| Kabanda | A Bayesian Network Model for a Zimbabwean Cybersecurity System | |
| Sangher et al. | A systematic review–intrusion detection algorithms optimisation for network forensic analysis and investigation | |
| Kyriakopoulos et al. | FlowStats: An ontology based network management tool | |
| Gyamfi et al. | A Model-agnostic XAI Approach for Developing Low-cost IoT Intrusion Detection Dataset | |
| Inibhunu et al. | Adapting level of detail in user interfaces for Cybersecurity operations | |
| Landauer et al. | Visualizing Syscalls using Self-organizing Maps for System Intrusion Detection. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |