CN113347200B - Information prompting method based on internet behavior big data and cloud computing AI system - Google Patents

Abstract

The embodiment of the disclosure provides an information prompting method based on internet behavior big data and a cloud computing AI system, which can generate risk path prompting information of a target risk distribution service according to a risk distribution thermal map, risk intensity information and a target evaluation value. Because the risk path evaluation value of the risk path of the derived risk event is determined according to the derived risk event and the influence characteristics of the risk event, that is, the risk path evaluation value of the risk path of the derived risk event takes into consideration the situation that the risk path evaluation value of the risk path is multidimensional (that is, the situation that the security account in the risk path configures risk path reference data); the problem that the risk path prompt information for determining the target risk distribution service is inaccurate due to the fact that risk path evaluation values of risk paths of different risk path labels are multidimensional can be solved, accuracy of the risk path prompt information of the risk scanning and troubleshooting task can be improved, and accuracy of the risk path prompt information is improved.

Description

Information prompting method based on internet behavior big data and cloud computing AI system

Technical Field

The disclosure relates to the technical field of big data, in particular to an information prompting method based on internet behavior big data and a cloud computing AI system.

Background

Big data and internet information security are the current hot trend because internet information security is challenged unprecedentedly in big data context. With the development of internet technology, the life and the network of contemporary people are more and more secret, and the internet information security space has hidden dangers, so the problems of the internet information security are presented in diversification, the means is more complex, the objects are more extensive, the consequences are serious and the like. Therefore, for internet information security protection, configuring a security risk scanning service and running the security risk scanning service in a cloud service is an essential link.

In the related art, under the security risk scanning service, the internet behavior big data suitable for security risk scanning needs to be acquired, so that the problem that the calculation performance and the calculation efficiency of a cloud end are affected due to scanning of the global big data is avoided, and how to accurately acquire the internet behavior big data suitable for security risk scanning is a technical problem which is concerned by internet information security personnel. However, under the current situation that configuration information changes exist, how to improve the accuracy of the risk path prompting information of the risk scanning and troubleshooting task and further improve the accuracy of the risk path prompting information is an important problem to be researched and solved in the current field.

Disclosure of Invention

In order to overcome at least the above disadvantages in the prior art, an object of the present disclosure is to provide an information prompting method based on internet behavior big data and a cloud computing AI system.

In a first aspect, the present disclosure provides an information prompting method based on internet behavior big data, which is applied to a cloud computing AI system, where the cloud computing AI system is in communication connection with a plurality of internet service servers, and the method includes:

the method comprises the steps of obtaining internet behavior big data of a target risk distribution service searched based on safety protection rule information which completes configuration information change, wherein the safety protection rule information is used for representing protection sniffing path information among safety protection rules, and the safety protection rules are scanning rules related to the target safety risk scanning service;

acquiring a derived risk event in derived risk distribution service associated with target risk distribution service from the Internet behavior big data according to the deep learning network which is corresponding to the target security risk scanning service and meets the network convergence condition, and acquiring a risk event influence characteristic corresponding to the derived risk event;

determining a risk distribution thermal map of the derived risk event in the derived risk distribution service according to the risk event impact characteristics;

predicting a risk path evaluation value of a risk path of the derived risk event according to the derived risk event and the risk event influence characteristics, taking the risk path evaluation value as a predictive evaluation value, and determining risk intensity information of the risk path of the derived risk event in the derived risk distribution service according to the predictive evaluation value;

and acquiring a risk path evaluation value of a risk path in the target risk distribution service as a target evaluation value, and generating risk path prompt information of the target risk distribution service according to the risk distribution thermal map, the risk intensity information and the target evaluation value.

In an embodiment of the first aspect, in an embodiment that can be implemented independently, the step of obtaining internet behavior big data of a target risk distribution service found based on security protection rule information that completes configuration information change includes: acquiring safety protection rule information for finishing configuration information change, wherein the safety protection rule information is used for representing protection sniffing path information among safety protection rules, and the safety protection rules are scanning rules related to target safety risk scanning service; generating a safety protection rule cluster based on the safety protection rule information, wherein the safety protection rule cluster is a cluster formed by a plurality of safety protection rules with protection sniffing path information in the safety protection rule information; determining scanning rule components corresponding to the safety protection rules in the safety protection rule information according to the safety protection rule clusters, and determining a first contact value between safety risk scanning nodes on the target safety risk scanning service according to a contact value between the scanning rule components corresponding to the safety protection rules in the safety protection rule information and an incidence relation between the safety protection rules and the safety risk scanning nodes on the target safety risk scanning service; and optimizing a security risk scanning node network on the target security risk scanning service based on the first contact value, and scanning the internet behavior big data based on the optimized security risk scanning node network so as to scan the internet behavior big data based on a deep learning network which corresponds to the security risk scanning service and meets a network convergence condition.

For example, in an independently implementable embodiment of the first aspect, the step of performing internet behavior big data scanning based on the optimized security risk scanning node network includes: performing cross-access-category-based security risk scanning map extraction on the optimized security risk scanning node network to obtain a plurality of security risk scanning features combined with access category information; based on any one of the multiple security risk scanning features, carrying out updating processing on candidate security risk scanning node networks with different access category information based on a blood relationship tracking feature to obtain multiple first security risk scanning node networks corresponding to the security risk scanning feature; updating the candidate security risk scanning node networks based on inheritance relationship tracking characteristics to obtain a plurality of second security risk scanning node networks corresponding to the security risk scanning node networks; respectively matching the security risk scanning node networks with the plurality of first security risk scanning node networks and the plurality of second security risk scanning node networks in a scanning mapping relationship to obtain matched target security risk scanning node networks; and taking the data scanning path relation corresponding to the target security risk scanning node network as the data scanning path relation for responding to the security risk scanning node network, and scanning the internet behavior big data based on the data scanning path relation.

For example, in an independently implementable embodiment of the first aspect, before the performing the cross-access category-based security risk scan map extraction on the optimized security risk scan node network, the method further comprises: matching a risk path database with the safety risk scanning intention in the optimized safety risk scanning node network to obtain a first matching risk path intention corresponding to the safety risk scanning intention in the optimized safety risk scanning node network; updating the security risk scanning intention in the optimized security risk scanning node network based on the first matching risk path intention to obtain the optimized security risk scanning node network; when the risk path database is matched with a second matching risk path intention corresponding to the safety risk scanning intention in the optimized safety risk scanning node network, updating the replaced safety risk scanning node network based on the second matching risk path intention to obtain a safety risk scanning node network different from the optimized safety risk scanning node network; processing a security risk scanning node network different from the optimized security risk scanning node network to obtain the security risk scanning node network for extracting the security risk scanning map;

wherein, the processing the security risk scanning node network different from the security risk scanning node network to be responded to obtain the security risk scanning node network for extracting the security risk scanning map comprises: determining a plurality of security risk scanning intents in a security risk scanning node network different from the network of security risk scanning nodes to be responded to; determining security risk scanning evaluation values corresponding to the plurality of security risk scanning intents respectively; splitting the plurality of security risk scanning intents into a plurality of scanning sensitive object sequences corresponding to the plurality of security risk scanning intents one to one; the following processing is iteratively performed: determining influence weights of continuous scanning sensitive object point combinations in the plurality of scanning sensitive object sequences based on safety risk scanning evaluation values respectively corresponding to the plurality of safety risk scanning intents; combining the continuous scanning sensitive object point combinations corresponding to the highest influence weights, and updating the scanning sensitive object sequence by taking the combined result as a new scanning sensitive object point; stopping the iterative process when the influence weight of a combination of consecutive scan sensitive object points in the updated sequence of scan sensitive objects is 1.

In a second aspect, an embodiment of the present disclosure further provides an information prompting system based on internet behavior big data, where the information prompting system based on internet behavior big data includes a cloud computing AI system and a plurality of internet service servers in communication connection with the cloud computing AI system;

the cloud computing AI system is configured to:

the method comprises the steps of obtaining internet behavior big data of a target risk distribution service searched based on safety protection rule information which completes configuration information change, wherein the safety protection rule information is used for representing protection sniffing path information among safety protection rules, and the safety protection rules are scanning rules related to the target safety risk scanning service;

acquiring a derived risk event in derived risk distribution service associated with target risk distribution service from the Internet behavior big data according to the deep learning network which is corresponding to the target security risk scanning service and meets the network convergence condition, and acquiring a risk event influence characteristic corresponding to the derived risk event;

determining a risk distribution thermal map of the derived risk event in the derived risk distribution service according to the risk event impact characteristics;

predicting a risk path evaluation value of a risk path of the derived risk event according to the derived risk event and the risk event influence characteristics, taking the risk path evaluation value as a predictive evaluation value, and determining risk intensity information of the risk path of the derived risk event in the derived risk distribution service according to the predictive evaluation value;

and acquiring a risk path evaluation value of a risk path in the target risk distribution service as a target evaluation value, and generating risk path prompt information of the target risk distribution service according to the risk distribution thermal map, the risk intensity information and the target evaluation value.

Based on any one of the above aspects, in an embodiment provided by the present disclosure, risk path prompting information of the target risk distribution service may be generated according to the risk distribution thermal map, the risk intensity information, and the target evaluation value. Because the risk path evaluation value of the risk path of the derived risk event is determined according to the derived risk event and the risk event influence characteristics, that is, the risk path evaluation value of the risk path of the derived risk event takes into consideration the case that the risk path evaluation value of the risk path is multidimensional (that is, the case that the security account in the risk path configures risk path reference data); the problem that the risk path prompt information for determining the target risk distribution service is inaccurate due to the fact that risk path evaluation values of risk paths of different risk path labels are multidimensional can be solved, accuracy of the risk path prompt information of the risk scanning and troubleshooting task can be improved, and accuracy of the risk path prompt information is improved.

Drawings

Fig. 1 is a schematic view of an application scenario of an information prompt system based on internet behavior big data according to an embodiment of the present disclosure;

fig. 2 is a schematic flowchart of an information prompting method based on internet behavior big data according to an embodiment of the present disclosure;

fig. 3 is a schematic block diagram of structural components of a cloud computing AI system for implementing the information prompting method based on internet behavior big data according to the embodiment of the present disclosure.

Detailed Description

The present disclosure is described in detail below with reference to the drawings, and the specific operation methods in the method embodiments can also be applied to the device embodiments or the system embodiments.

Fig. 1 is a schematic application scenario diagram of an information prompting system 10 based on internet behavior big data according to an embodiment of the present disclosure. The internet behavior big data-based information prompting system 10 may include a cloud-computing AI system 100 and an internet traffic server 200 communicatively connected to the cloud-computing AI system 100. The internet behavior big data based information prompting system 10 shown in fig. 1 is only one possible example, and in other possible embodiments, the internet behavior big data based information prompting system 10 may also only include at least part of the components shown in fig. 1 or may also include other components.

In an embodiment that can be implemented independently, the cloud computing AI system 100 and the internet service server 200 in the internet behavior big data based information prompting system 10 can cooperatively perform the internet behavior big data based information prompting method described in the following method embodiment, and the detailed description of the method embodiment can be referred to in the following steps of the cloud computing AI system 100 and the internet service server 200.

In order to solve the technical problem in the foregoing background, fig. 2 is a schematic flowchart of an information prompting method based on internet behavior big data according to an embodiment of the present disclosure, where the information prompting method based on internet behavior big data according to the present embodiment may be executed by the cloud computing AI system 100 shown in fig. 1, and the information prompting method based on internet behavior big data is described in detail below.

Step S110, Internet behavior big data of the target risk distribution service searched based on the safety protection rule information which completes configuration information change is obtained.

In this embodiment, the safety protection rule information is used to represent protection sniffing path information between safety protection rules, and the safety protection rules are scanning rules related to the target safety risk scanning service. The specific implementation will be described in detail later.

Step S120, acquiring a derived risk event in a derived risk distribution service associated with the target risk distribution service from the Internet behavior big data according to the deep learning network which is corresponding to the target security risk scanning service and meets the network convergence condition, and acquiring a risk event influence characteristic corresponding to the derived risk event.

In this embodiment, when the risk path prompt information of the target risk distribution service needs to be acquired, the cloud computing AI system 100 may acquire relevant distribution configuration information of the derivative risk distribution service, where the relevant distribution configuration information includes at least one of dynamic distribution prompt information and static distribution prompt information. The cloud computing AI system 100 may identify relevant distribution configuration information of the derived risk distribution service according to a deep learning network that satisfies a network convergence condition and corresponds to a target security risk scanning service, to obtain risk path information in the derived risk distribution service, where the risk path information of the derived risk distribution service includes a derived risk event in the derived risk distribution service, a risk event influence characteristic of the derived risk event, and the like; a derived risk event herein may refer to any of the risk path labels in the derived risk distribution service.

It should be noted that the deep learning network meeting the network convergence condition can be obtained by collecting internet behavior big data samples and corresponding risk path reference attributes under the target security risk scanning service and performing training, so that the deep learning network meeting the network convergence condition can obtain a plurality of derived risk events based on the internet behavior big data, and then select derived risk events in derived risk distribution services associated with the target risk distribution services from the derived risk events, so that risk event influence characteristics corresponding to the derived risk events can be obtained.

It can be understood that the specific training process of the deep learning network satisfying the network convergence condition may be implemented by referring to a conventional training mode in the prior art, which is not described in detail in the embodiments of the present disclosure.

Step S130, determining a risk distribution thermal map of the derived risk event in the derived risk distribution service according to the risk event influence characteristics.

In this embodiment, since the risk distribution thermal map of the target risk path label in the target risk distribution service is matched with the risk distribution thermal map of the derived risk event in the derived risk distribution service, and the influence characteristics (for example, the statistical number of the risk path labels) of the target risk path label in the target risk distribution service corresponding to the risk event are unknown, that is, it is difficult to obtain the risk distribution thermal map of the target risk path label in the target risk distribution service. Therefore, the cloud computing AI system 100 may determine the risk distribution thermal map of the derived risk event in the derived risk distribution service according to the risk event influence characteristics, which is beneficial to determine the risk distribution thermal map of the target risk path label in the target risk distribution service according to the risk distribution thermal map of the derived risk event in the derived risk distribution service; that is, the risk distribution thermal map of the derived risk event in the derived risk distribution service is used to reflect: a ratio between risk event impact characteristics of the derived risk events in the derived risk distribution service and a total risk strength of the risk paths in the derived risk distribution service.

Step S140, predicting a risk path evaluation value of the risk path of the derived risk event according to the derived risk event and the risk event influence characteristic, as a predictive evaluation value, and determining risk strength information of the risk path of the derived risk event in the derived risk distribution service according to the predictive evaluation value.

In this embodiment, the evaluation values described above may be used to characterize the attention of the secured account number group, with the higher the evaluation value, the higher the attention of the seemingly broad secured account number group.

In this embodiment, the cloud computing AI system 100 may predict, as a predictive evaluation value, a risk path evaluation value of a risk path of the derived risk event according to the derived risk event in the derived risk distribution service and the risk event influence characteristic; the predictive assessment value may include at least one of a risk path assessment value when the risk path of the derived risk event is not delivered, and a risk path assessment value when the risk path of the derived risk event is delivered.

In an embodiment, the implementation manners of determining the risk strength information of the risk path of the derived risk event in the derived risk distribution service according to the predictive evaluation value include the following three implementation manners.

In one implementation, when the predictive evaluation value includes a risk path evaluation value when the risk path of the derived risk event is not delivered, the cloud computing AI system 100 may use the risk path evaluation value when the risk path of the derived risk event is not delivered as the first evaluation value; and generating risk intensity sub-information of the risk path of the derived risk event when the risk path is not transmitted according to the first evaluation value, wherein the risk intensity sub-information is used as the first intensity sub-information. Namely, the first strength sub-information is used for reflecting a relative coefficient between a first evaluation value and a first total evaluation value, wherein the first total evaluation value is a total evaluation value of risk paths when the risk paths in the derivative risk distribution service are not delivered; and using the first strength sub-information as risk strength information of the risk path of the derived risk event in the derived risk distribution service.

If none of the risk paths in the derivative risk distribution service are delivered, the cloud computing AI system 100 may take the risk path evaluation value when the risk path of the derivative risk event is not delivered as a first evaluation value; and cumulatively summing the first evaluation values to obtain a total evaluation value of the risk paths when the risk paths in the derivative risk distribution service are not transmitted, wherein the total evaluation value is used as the first total evaluation value. Further, a relative coefficient between the first evaluation value and the first total evaluation value is used as risk strength sub-information of the risk path of the derived risk event when the risk path is not transmitted; taking risk strength sub-information of the risk path of the derived risk event when the risk path is not transmitted as first strength sub-information, namely that the risk strength information of the risk path of the derived risk event in the derived risk distribution service comprises the first strength sub-information; the risk strength information is used to reflect the proportion of risk path evaluation values for risk paths of the derived risk event when not delivered.

In a second implementation manner, when the predictive evaluation value includes the risk path evaluation value at the time of risk path delivery of the derivative risk event, the cloud computing AI system 100 may use the risk path evaluation value at the time of risk path delivery of the derivative risk event as the second evaluation value; and generating risk intensity sub-information of the risk path of the derived risk event during transmission as second intensity sub-information according to the second evaluation value. The second strength sub-information is used for reflecting a relative coefficient between the first secondary evaluation value and a second total evaluation value, and the second total evaluation value is a total risk path evaluation value of the risk path in the derivative risk distribution service during transmission; and using the second strength sub-information as risk strength information of the risk path of the derived risk event in the derived risk distribution service.

If the risk paths in the derivative risk distribution service are all delivered, the cloud computing AI system 100 may take the risk path evaluation value of the derivative risk event when the risk paths are delivered as a second evaluation value; and cumulatively summing the second evaluation value to obtain a total evaluation value of the risk path when the risk path in the derivative risk distribution service is transmitted, wherein the total evaluation value is used as the second total evaluation value. Further, taking a relative coefficient between the second evaluation value and the second total evaluation value as risk strength sub-information of the risk path of the derived risk event when the risk path is transmitted; taking risk intensity sub-information of the risk path of the derived risk event during transmission as second intensity sub-information, wherein the risk intensity information of the risk path of the derived risk event in the derived risk distribution service comprises the second intensity sub-information; i.e. the risk strength information is used to reflect the proportion of risk path evaluation values for the risk path of the derived risk event when not delivered.

In a third implementation manner, when the predictive evaluation value may include a risk path evaluation value when the risk path of the derived risk event is not delivered and a risk path evaluation value when the risk path of the derived risk event is delivered; the cloud computing AI system 100 may use a risk path evaluation value when the risk path of the derived risk event is not delivered as a first evaluation value; and generating risk intensity sub-information of the risk path of the derived risk event when the risk path is not transmitted according to the first evaluation value, wherein the risk intensity sub-information is used as the first intensity sub-information. Taking the risk path evaluation value when the risk path of the derived risk event is transmitted as a second evaluation value; generating risk intensity sub-information of the risk path of the derived risk event during transmission according to the second evaluation value, wherein the risk intensity sub-information is used as second intensity sub-information; further, the first strength sub-information and the second strength sub-information may be used as risk strength information of the risk path of the derived risk event in the derived risk distribution service.

If the risk path in the derived risk distribution service is transferred and is not transferred, the cloud computing AI system 100 may refer to the above steps to obtain the first strength sub-information and the second strength sub-information, and use the first strength sub-information and the second strength sub-information as the risk strength information of the risk path of the derived risk event in the derived risk distribution service; that is, the risk strength information of the risk path of the derived risk event in the derived risk distribution service is used to reflect: the proportion of risk path evaluation values of risk paths of the derived risk event when not delivered, and the proportion of risk path evaluation values of risk paths of the derived risk event when delivered.

Step S150, acquiring a risk path evaluation value of a risk path in the target risk distribution service as a target evaluation value, and generating risk path prompt information of the target risk distribution service according to the risk distribution thermal map, the risk intensity information, and the target evaluation value.

The cloud computing AI system 100 may acquire, from the traffic management device of the target risk distribution service, a risk path evaluation value of a risk path in the target risk distribution service as a target evaluation value, where the target evaluation value is a total risk path evaluation value of the risk paths in the target risk distribution service. In an embodiment, when none of the risk paths of the target risk distribution service are delivered, the target evaluation value is a risk path evaluation value of the risk path in the target risk distribution service when the risk path is not delivered. In an embodiment, when the risk paths in the target risk distribution service are all delivered, the target evaluation value is the risk path evaluation value of the risk paths in the target risk distribution service at the time of delivery. In an embodiment, when there are a risk path delivered and a risk path not delivered in the target risk distribution service, the target evaluation value is the sum of the risk path evaluation value of the risk path delivered in the target risk distribution service and the risk path evaluation value of the risk path not delivered in the target risk distribution service.

Since the risk distribution thermal map is used to reflect the proportion between the risk event impact characteristics corresponding to the derived risk events and the total risk intensity of the risk paths in the derived risk distribution service, that is, the risk distribution thermal map can be used to reflect the relationship between the risk event impact characteristics corresponding to the derived risk events and the total risk intensity of the risk paths in the derived risk distribution service. The risk strength information is used for reflecting the proportion of the risk path evaluation value of the risk path of the derived risk event to the total risk path evaluation value of the risk path in the derived risk distribution service, and the risk path evaluation value of the risk path of the derived risk event is determined according to the risk event influence characteristic corresponding to the derived risk event, so that the risk strength information can be used for reflecting the relationship among the risk event influence characteristic, the risk path evaluation value of the risk path of the derived risk event and the total risk path evaluation value of the risk path in the derived risk distribution service. The target risk distribution service is associated with the derivative risk distribution service, namely a risk distribution thermal map and risk intensity information corresponding to the target risk distribution service are respectively matched with the risk distribution thermal map and risk intensity information corresponding to the derivative risk distribution service, namely the relationship between the risk event influence characteristics corresponding to the target risk path labels and the total risk intensity of the risk paths in the target risk distribution service is matched with the relationship between the risk event influence characteristics corresponding to the derivative risk events and the total risk intensity of the risk paths in the derivative risk distribution service; the relationship among the risk event influence characteristic corresponding to the target risk path label, the risk path evaluation value of the risk path of the derived risk event and the total risk path evaluation value of the risk path in the derived risk distribution service is matched with the relationship among the risk event influence characteristic corresponding to the derived risk event, the risk path evaluation value of the risk path of the derived risk event and the total risk path evaluation value of the risk path in the derived risk distribution service.

The cloud computing AI system 100 may use a risk distribution thermal map corresponding to the derivative risk distribution service as a risk distribution thermal map corresponding to the target risk distribution service, and use risk intensity information corresponding to the derivative risk distribution service as risk intensity information corresponding to the target risk distribution service. Further, risk path prompt information of the target risk distribution service may be generated according to the risk distribution thermal map, the risk intensity information, and the target evaluation value, where the risk path prompt information of the target risk distribution service is used to reflect the risk intensity of the risk path passing through the target risk distribution service.

In this way, the corresponding information presentation may be performed based on the risk route presentation information of the target risk distribution service, for example, the information presentation corresponding to the risk routes may be performed sequentially in the order of the risk intensity of the risk route.

In the embodiment of the present disclosure, the risk distribution thermal map is used to reflect a ratio between the risk event influence characteristics corresponding to the derived risk events and the total risk intensity of the risk paths in the derived risk distribution service, that is, the risk distribution thermal map may be used to reflect a relationship between the risk event influence characteristics corresponding to the derived risk events and the total risk intensity of the risk paths in the derived risk distribution service. The risk strength information is used for reflecting the ratio between the risk path evaluation value of the risk path of the derived risk event and the risk path total evaluation value of the risk path in the derived risk distribution service, and the risk path evaluation value of the risk path of the derived risk event is determined according to the risk event influence characteristic corresponding to the derived risk event, so the risk strength information can be used for reflecting the relationship among the risk event influence characteristic, the risk path evaluation value of the risk path of the derived risk event and the risk path total evaluation value of the risk path in the derived risk distribution service. The target risk distribution service is associated with the derivative risk distribution service, namely a risk distribution thermal map and risk intensity information corresponding to the target risk distribution service are respectively matched with the risk distribution thermal map and risk intensity information corresponding to the derivative risk distribution service, namely the relationship between the risk event influence characteristics corresponding to the target risk path labels and the total risk intensity of the risk paths in the target risk distribution service is matched with the relationship between the risk event influence characteristics corresponding to the derivative risk events and the total risk intensity of the risk paths in the derivative risk distribution service; the relationship among the risk event influence characteristic corresponding to the target risk path label, the risk path evaluation value of the risk path of the derived risk event and the total risk path evaluation value of the risk path in the derived risk distribution service is matched with the relationship among the risk event influence characteristic corresponding to the derived risk event, the risk path evaluation value of the risk path of the derived risk event and the total risk path evaluation value of the risk path in the derived risk distribution service. Therefore, the risk path prompt information of the target risk distribution service can be generated according to the risk distribution thermal map, the risk intensity information and the target evaluation value. Because the risk path evaluation value of the risk path of the derived risk event is determined according to the derived risk event and the risk event influence characteristics, that is, the risk path evaluation value of the risk path of the derived risk event takes into consideration the case that the risk path evaluation value of the risk path is multidimensional (that is, the case that the security account in the risk path configures risk path reference data); the problem that the risk path prompt information for determining the target risk distribution service is inaccurate due to the fact that risk path evaluation values of risk paths of different risk path labels are multidimensional can be solved, accuracy of the risk path prompt information of the risk scanning and troubleshooting task can be improved, and accuracy of the risk path prompt information is improved.

In an embodiment that can be implemented independently, the information prompting method based on internet behavior big data may further include the following steps S101 to S103.

Step S101, acquiring a prior risk distribution thermal map of the target risk path label in a candidate risk distribution service of a candidate risk distribution service set in a past risk scanning stage.

Step S102, acquiring a prior risk distribution thermal map of the target risk path label in the target risk distribution service in the past risk scanning stage.

Step S103, using the candidate risk distribution service in the candidate risk distribution service set, which corresponds to the matching between the prior risk distribution thermal map and the prior risk distribution thermal map in the target risk distribution service, as the derived risk distribution service associated with the target risk distribution service.

In steps S101 to S103, the cloud computing AI system 100 may obtain, as a first past tag risk strength, a past tag risk strength corresponding to the target risk path tag in the candidate risk distribution services of the candidate risk distribution service set in the past risk scanning stage, and determine, according to the first past tag risk strength, a previous risk distribution thermal map of the target risk path tag in the candidate risk distribution services of the candidate risk distribution service set in the past risk scanning stage; the prior risk distribution thermal map of the target risk path label in the candidate risk distribution service is used for reflecting a relative coefficient between the risk intensity of the first past label and the total risk intensity of the risk paths in the candidate risk distribution service. Further, the past label risk strength of the target risk path label in the target risk distribution service in the past risk scanning stage can be obtained as a second past label risk strength; determining a prior risk distribution thermal map of the target risk path label in the target risk distribution service in the past risk scanning stage according to the second past label risk strength; namely, the prior risk distribution thermal map of the target risk path label in the target risk distribution service is used for reflecting the relative coefficient between the risk strength of the second past label and the total risk strength of the risk path in the target risk distribution service. And if the difference value of the relative coefficient between the first past label risk strength and the risk path total risk strength in the candidate risk distribution service and the relative coefficient between the second past label risk strength and the risk path total risk strength in the target risk distribution service is not less than the difference threshold value, determining that the prior risk distribution heat map corresponding to the candidate risk distribution service is not matched with the prior risk distribution heat map in the target risk distribution service. If the difference between the relative coefficient between the first past label risk strength and the risk path total risk strength in the candidate risk distribution service and the relative coefficient between the second past label risk strength and the risk path total risk strength in the target risk distribution service is smaller than the difference threshold, it is determined that the prior risk distribution thermal map corresponding to the candidate risk distribution service is matched with the prior risk distribution thermal map in the target risk distribution service, and the candidate risk distribution service can be used as the derived risk distribution service associated with the target risk distribution service.

In an embodiment, step S130 may include the following steps S131 and S132.

Step S131, acquiring the total risk strength of the risk path in the derived risk distribution service.

Step S132, obtaining a relative coefficient between the risk event influence characteristic and the total risk strength of the risk path in the derived risk distribution service, as a risk distribution thermal map of the derived risk event in the derived risk distribution service.

In steps S131 and S132, since the risk distribution thermal map of the target risk path label in the target risk distribution service is matched with the risk distribution thermal map of the derivative risk event in the derivative risk distribution service, meanwhile, the risk distribution thermal map corresponding to the target risk path label is difficult to directly obtain; therefore, the cloud computing AI system 100 may obtain the risk distribution thermal map of the target risk path label in the target risk distribution service by obtaining the risk distribution thermal map of the derivative risk event in the derivative risk distribution service. Specifically, the cloud computing AI system 100 may identify relevant distribution configuration information in the derivative risk distribution service, obtain a total risk intensity of a risk path in the derivative risk distribution service, obtain a relative coefficient between the influence characteristic of the risk event and the total risk intensity of the risk path in the derivative risk distribution service, and use the relative coefficient as a risk distribution thermodynamic map of the derivative risk event in the derivative risk distribution service, that is, may use the risk distribution thermodynamic map of the derivative risk event in the derivative risk distribution service as a risk distribution thermodynamic map of a target risk path label in the target risk distribution service.

In an embodiment, which can be implemented independently, step S140 can include the following steps S201-S205.

Step S201, determining a risk path evaluation value of the risk path having the derived risk event when the risk path is not delivered according to the derived risk event and the risk event influence characteristic, as a first evaluation value.

Step S202, taking a relative coefficient between the first evaluation value and the first total evaluation value as risk intensity sub-information of the risk path of the derived risk event when the risk path is not transmitted, and taking the relative coefficient as first intensity sub-information; the first total rating is a total rating of risk paths when risk paths in the derivative risk distribution service are not delivered.

Step S203, determining a risk path evaluation value of the risk path with the derived risk event during transmission according to the derived risk event and the risk event influence characteristics as a second evaluation value; the first evaluation value and the second evaluation value both belong to the predictive evaluation value.

Step S204, generating risk intensity sub-information of the risk path of the derived risk event during transmission by using a relative coefficient between the second evaluation value and the second total evaluation value as second intensity sub-information; the second total evaluation value is a risk path total evaluation value of the risk path in the derivative risk distribution service at the time of delivery.

Step S205, generating risk strength information of the risk path of the derived risk event in the derived risk distribution service according to the first strength sub-information and the second strength sub-information.

In steps S141-S145, since the risk strength information of the risk path of the target risk path tag in the target risk distribution service matches the risk strength information of the risk path of the derivative risk event in the derivative risk distribution service, the cloud computing AI system 100 may obtain the risk strength information of the risk path of the target risk path tag in the target risk distribution service by obtaining the risk strength information of the risk path of the derivative risk event in the derivative risk distribution service. Specifically, the cloud computing AI system 100 may determine, as the first evaluation value, a risk path evaluation value of the risk path having the derived risk event when the risk path is not delivered according to the derived risk event and the risk event influence characteristics; and taking a relative coefficient between the first evaluation value and the first total evaluation value as risk intensity sub-information of the risk path of the derived risk event when the risk path is not transmitted, and taking the relative coefficient as first intensity sub-information. The first evaluation value is a total risk path evaluation value of the risk paths with the derived risk events when the risk paths are not delivered, and the first evaluation value comprises a risk path evaluation value of each safety account number quoted when the risk paths of the reference type are not delivered; the condition that the risk path has multi-dimensional configuration risk path reference data is fully considered, the condition that the safety account number in the risk path is mistaken for the risk path in the derivative risk distribution service can be avoided, and the accuracy of obtaining the risk path prompt information of the risk path is improved. Similarly, the cloud computing AI system 100 may determine, according to the derived risk event and the risk event influence characteristics, a risk path evaluation value of the risk path having the derived risk event during transmission, as a second evaluation value, and generate, as second intensity sub-information, risk intensity sub-information of the risk path of the derived risk event during transmission, using a relative coefficient between the second evaluation value and a second total evaluation value; the second evaluation value is a total risk path evaluation value of the risk paths with the derived risk events when the risk paths are transferred, and the first evaluation value comprises a risk path evaluation value of each safety account quoted by the reference type risk path when the risk paths are transferred; the condition that the risk path has multi-dimensional configuration risk path reference data is fully considered, the condition that the safety account number in the risk path is mistaken for the risk path in the derivative risk distribution service can be avoided, and the accuracy of obtaining the risk path prompt information of the risk path is improved.

In an embodiment that can be implemented independently, step S201 can be implemented by the following exemplary embodiments.

(1) Determining a business access reference strength referenced by the risk path with the derived risk event when not delivered as a first business access reference strength.

(2) And acquiring the product of the first business access reference strength and the risk event influence characteristic as a risk path evaluation value of the risk path with the derived risk event when the risk path is not delivered.

(3) And taking the risk path evaluation value of the risk path with the derived risk event when the risk path is not transmitted as the first evaluation value.

Generally, security accounts quoted by risk paths of derived risk events carry terminals, and the terminals carried by the security accounts can configure risk path quote data; therefore, the cloud computing AI system 100 can determine the risk path evaluation value of the risk path with the derived risk event when not delivered according to the business access reference strength referenced by the risk path of the derived risk event. Specifically, the cloud computing AI system 100 may determine, as the first business access reference strength, the business access reference strength referred to by the risk path with the derived risk event when the risk path is not delivered, that is, the first business access reference strength may be the maximum business access reference strength to which the risk path with the derived risk event can be subscribed when the risk path is not delivered; the product of the first service access citation strength and the risk event influence characteristic is obtained as a risk path evaluation value when the risk path with the derived risk event is not delivered, and the risk path evaluation value when the risk path with the derived risk event is not delivered can be used as the first evaluation value. For example, the risk event impact characteristic of the derived risk event is 4, the service access reference strength of the risk path of the derived risk event when the risk path is not delivered is 5, and the risk path evaluation value of the risk path with the derived risk event when the risk path is not delivered is 4 × 5 — 20.

In an embodiment that can be implemented independently, step S203 can be implemented by the following exemplary embodiments.

(1) Determining a business access reference strength referenced by the risk path with the derived risk event when not delivered as a first business access reference strength.

(2) And acquiring the past transfer times of the risk path with the derived risk event, and generating a transfer influence weight according to the past transfer times.

(3) And determining the business access reference strength referred by the risk path with the derived risk event in the transmission as a second business access reference strength according to the first business access reference strength and the transmission influence weight.

(4) And acquiring the product of the second business access reference strength and the risk event influence characteristic as a risk path evaluation value of the risk path with the derived risk event during transmission.

(5) And taking the risk path evaluation value of the risk path with the derived risk event when the risk path is transmitted as the second evaluation value.

The cloud computing AI system 100 may obtain a seat risk strength of a risk path of a derived risk event, determine the seat risk strength of the risk path of the derived risk event as having a business access reference strength to which the risk path of the derived risk event is referenced when not delivered, as the first business access reference strength. Further, the past transfer times of the risk path with the derived risk event can be determined according to the past transfer record of the risk path with the derived risk event, wherein the past transfer times are relative coefficients between the reference strength of risk path transfer service access and the first service access reference strength of the derived risk event; generating a transmission influence weight according to the past transmission times, wherein the transmission influence weight and the past transmission times have a direct proportional relation, namely the larger the past transmission times, the larger the transmission influence weight; conversely, the smaller the number of past transfers, the smaller the transfer impact weight. Further, the product between the first business access reference strength and the transfer impact weight can be obtained, and the business access reference strength referred by the risk path with the derived risk event during transfer is obtained and used as the second business access reference strength; obtaining the product of the second service access reference strength and the risk event influence characteristics as a risk path evaluation value of the risk path with the derived risk event during transmission; and taking the risk path evaluation value of the risk path with the derived risk event when the risk path is transmitted as the second evaluation value.

For example, the risk event impact characteristic of the derived risk event is 4, the strength of the business access reference referred by the risk path of the derived risk event when the risk path is not transferred is 5, and the number of transfers of the risk path of the derived risk event is 0.2. The transfer impact weight may be 1+ 0.2-1.2, the strength of the business visit reference referenced by the risk path with the derived risk event at the time of transfer may be 5-1.2-6, and the risk path evaluation value of the risk path with the derived risk event at the time of transfer is 6-4-24.

In an embodiment, which can be implemented independently, step S150 can include steps S151-S152 as follows.

Step 151, generating a risk path evaluation value range of a target risk path label according to the risk distribution thermal map, the risk intensity information and the target evaluation value; the target risk path label is the same risk path label in the target risk distribution service as the derived risk event.

Step S152, determining risk path prompt information of the target risk distribution service from the risk path evaluation value range of the target risk path label.

In steps S151 to S152, the cloud computing AI system 100 may generate a risk path evaluation value range of a target risk path label according to the risk distribution thermal map, the risk intensity information, and the target evaluation value; the risk strength of the risk path of the target risk path label in the target risk distribution service belongs to the risk path evaluation value range; therefore, the risk path prompting information of the target risk distribution service can be determined from the risk path evaluation value range of the target risk path label, that is, the risk path configuration numerical value is obtained from the risk path evaluation value range of the target risk path label, and the risk path prompting information of the target risk distribution service is determined according to the risk path prompting information value. The risk path prompt information of the target risk distribution service is obtained according to the risk path prompt information of different risk path labels, and accuracy of obtaining the risk path prompt information of the risk path is improved.

In an embodiment, the risk intensity information includes a first intensity sub-information and a second intensity sub-information, and the step S151 may be implemented by the following exemplary embodiments.

(1) And acquiring a maximum relative coefficient and a minimum relative coefficient in relative coefficients between the risk event influence characteristics and the total risk strength of the risk paths in the derived risk distribution service, between the first evaluation value and the first total evaluation value, and between the second evaluation value and the second total evaluation value.

(2) And acquiring a weight evaluation value between the maximum relative coefficient and the target evaluation value as a first risk path prompting information value.

(3) And acquiring a weight evaluation value between the minimum relative coefficient and the target evaluation value as a second risk path prompting information value.

(4) And setting a range formed by the first risk path prompting information value and the second risk path prompting information value as the risk path evaluation value range of the target risk path label.

Since the risk paths to be transmitted and the risk paths not to be transmitted usually exist in the target risk distribution service, the risk path evaluation value range of the target risk path label can be predicted according to the first strength sub-information corresponding to the risk path of the derivative risk event in the derivative risk distribution service when the risk path is not transmitted and the second strength sub-information corresponding to the risk path when the risk path is transmitted. Specifically, the cloud computing AI system 100 may compare a relative coefficient between the risk event impact characteristic and the total risk strength of the risk paths in the derivative risk distribution service, a relative coefficient between the first evaluation value and the first total evaluation value, and a relative coefficient between the second evaluation value and the second total evaluation value to obtain a maximum relative coefficient and a minimum relative coefficient among the relative coefficient between the risk event impact characteristic and the total risk strength of the risk paths in the derivative risk distribution service, the relative coefficient between the first evaluation value and the first total evaluation value, and the relative coefficient between the second evaluation value and the second total evaluation value. Further, acquiring a weight evaluation value between the maximum relative coefficient and the target evaluation value as a first risk path prompt information value; and acquiring a weight evaluation value between the minimum relative coefficient and the target evaluation value as a second risk path prompting information value, and taking a range formed by the first risk path prompting information value and the second risk path prompting information value as a risk path evaluation value range of the target risk path label. By considering the risk intensity information corresponding to the risk path when the risk path is transmitted and the risk intensity information corresponding to the risk path when the risk path is not transmitted, meanwhile, the condition that the risk path has risk path reference data configured by the safety account number is considered; the accuracy of obtaining the risk path evaluation value range of the target risk path label can be improved.

In an embodiment, the risk intensity information includes a first intensity sub-information, and the step S151 includes: acquiring a relative coefficient between the risk event influence characteristic and the total risk strength of the risk path in the derived risk distribution service, and a weight evaluation value between a target evaluation value as a first risk path prompt information value; acquiring a relative coefficient between the first evaluation value and the first total evaluation value, and a weight evaluation value between the target evaluation value as a second risk path prompt information value; and setting a range formed by the first risk path prompting information value and the second risk path prompting information value as the risk path evaluation value range of the target risk path label. By considering the corresponding risk strength information of the risk path when the risk path is not transmitted, and meanwhile, considering the condition that the risk path has the risk path reference data configured by the safety account number; the accuracy of obtaining the risk path evaluation value range of the target risk path label can be improved.

In an embodiment, the risk intensity information includes a second intensity sub-information, and the step S151 includes: acquiring a relative coefficient between the risk event influence characteristic and the total risk strength of the risk path in the derived risk distribution service, and a weight evaluation value between a target evaluation value as a first risk path prompt information value; acquiring a relative coefficient between the second evaluation value and the second total evaluation value, and a weight evaluation value between the target evaluation value as a second risk path prompt information value; and setting a range formed by the first risk path prompting information value and the second risk path prompting information value as the risk path evaluation value range of the target risk path label. By considering the corresponding risk intensity information of the risk path during transmission, the condition that the risk path has risk path reference data configured by the safety account number in the risk path is considered; the accuracy of obtaining the risk path evaluation value range of the target risk path label can be improved.

In an embodiment that can be implemented independently, the target risk distribution service includes a plurality of risk path labels, the target risk path label belongs to the plurality of risk path labels, and each risk path label corresponds to a risk path prompt information range; the above step S152 may be implemented by the following exemplary embodiments.

(1) And respectively acquiring a risk path prompt information value from the risk path prompt information range corresponding to each risk path label as a target risk path prompt information value.

(2) Acquiring fusion information values among the target risk path prompt information values, and determining the risk path prompt information of the target risk distribution service according to the fusion information values among the target risk path prompt information values.

The cloud computing AI system 100 may obtain a risk path prompt information value from the risk path prompt information range corresponding to each risk path label as a target risk path prompt information value; if so, randomly acquiring a risk path prompt information value from a risk path prompt information range corresponding to each risk path label as a target risk path prompt information value; alternatively, the risk path prompting information value may be obtained from the risk path prompting information range corresponding to each risk path label according to the risk path prompting information value interval, and the obtained value is used as the target risk path prompting information value, for example, if the risk path prompting information value interval is 5, the 5 th risk path prompting information value in the risk path prompting information range corresponding to each risk path label may be used as the target risk path prompting information value. The target risk path prompt information value is used for reflecting the risk strength of a risk path corresponding to the risk path label in the target risk distribution service; therefore, the fusion information value between the target risk path prompt information values can be obtained, and the risk path prompt information of the target risk distribution service is determined according to the fusion information value between the target risk path prompt information values.

In an embodiment, in step S152 (2), the following exemplary embodiments may be implemented.

(1) And generating a first risk path prompting information threshold according to the target evaluation value.

(2) Generating a second risk path prompting information threshold according to the target evaluation value and the second evaluation value; the first risk path reminder information threshold is greater than the second risk path reminder information threshold.

(3) And if the fusion information value between the target risk path prompt information values is smaller than the first risk path prompt information threshold and not smaller than the second risk path prompt information threshold, taking the fusion information value between the target risk path prompt information values as the risk path prompt information of the target risk distribution service.

(4) If the fusion information value between the target risk path prompt information values is not smaller than the first risk path prompt information threshold or smaller than the second risk path prompt information threshold, respectively acquiring the risk path prompt information values from the risk path prompt information range corresponding to each risk path label, using the risk path prompt information values as updated target risk path prompt information values, acquiring the fusion information values between the updated target risk path prompt information values, and determining the risk path prompt information of the target risk distribution service according to the fusion information values between the updated target risk path prompt information values.

The cloud computing AI system 100 may use the target evaluation value as a first risk path prompt information threshold value, and obtain a risk path evaluation value of each derived risk event in the derived risk distribution service when the risk path is transferred, as a second evaluation value; acquiring a maximum evaluation value from the second evaluation values; the relative coefficient between the target evaluation value and the maximum evaluation value is used as the second risk path presentation information threshold. The target evaluation value comprises a risk path evaluation value of a safety account in a risk path, namely the target evaluation value is greater than the total risk strength of an actual risk path in the target risk distribution service; the relative coefficient between the target evaluation value and the maximum evaluation value may be used to reflect: and when the risk path evaluation value of the risk path of each risk path label in the target risk distribution service is the maximum evaluation value, the risk strength of the minimum risk path in the target risk distribution service. Namely, the actual risk path prompt information in the target risk distribution service is smaller than the first risk path prompt information threshold value and not smaller than the second risk path prompt information threshold value; therefore, if the fused information value between the target risk path prompt information values is smaller than the first risk path prompt information threshold and not smaller than the second risk path prompt information threshold, which indicates that the fused information value between the target risk path prompt information values is within a reasonable range, the fused information value between the target risk path prompt information values is used as the risk path prompt information of the target risk distribution service. If the fusion information value between the target risk path prompt information values is not smaller than the first risk path prompt information threshold value or smaller than the second risk path prompt information threshold value, which indicates that the fusion information value between the target risk path prompt information values exceeds a reasonable range, the risk path prompt information values are respectively obtained again from the risk path prompt information ranges corresponding to each risk path label to serve as updated target risk path prompt information values, the fusion information values between the updated target risk path prompt information values are obtained, and the risk path prompt information of the target risk distribution service is determined according to the fusion information values between the updated target risk path prompt information values.

In an embodiment that can be implemented independently, for step S110, in the process of obtaining the internet behavior big data of the target risk distribution service found based on the security protection rule information that completes the configuration information change, the internet behavior big data can be implemented by the following exemplary sub-steps, which are described in detail below.

Step S111, acquiring safety protection rule information for finishing configuration information change; the safety protection rule information is used for representing protection sniffing path information among safety protection rules, and the safety protection rules are scanning rules related to target safety risk scanning service.

In an embodiment, the scanning rule data may be network structure data characterizing connection features between scanning rules in a knowledge network format, where connection nodes in the scanning rule data correspond to the scanning rules, and the sniff path information between the connection nodes corresponds to the sniff path information between the scanning rules; for example, a "scanning rule of browsing behavior" is one scanning rule in the scanning rule data, a "scanning rule of writing behavior" is another scanning rule in the scanning rule data, and a scanning rule combination is formed between the "scanning rule of browsing behavior" and the "scanning rule of writing behavior" by configuring a protection sniffing path through a protection sniffing path a, and the "scanning rule of browsing behavior" - "the protection sniffing path a" - "the scanning rule of writing behavior".

In an embodiment that can be implemented independently, the cloud computing AI system 100 may first obtain security rule information that completes configuration information change, where the security rule information can characterize protection sniffing path information between security rules, where the security rule is a scanning rule related to a target security risk scanning service. Considering that scanning rule data constructed based on all information security data generally has large data volume, optimizing a security risk scanning node network on a target security risk scanning service based on the scanning rule data, and having large performance consumption, and the information security data contains a lot of information irrelevant to the target security risk scanning service, if the information is brought into a data processing range when the security risk scanning node network on the target security risk scanning service is updated, only unnecessary performance resources are consumed; based on this, the method provided by the embodiment of the present disclosure optimizes the security risk scanning node network on the target security risk scanning service, starting with the security protection rule information for characterizing the protection sniffing path information between the security protection rules related to the target security risk scanning service.

In an embodiment that can be implemented independently, in practical applications, the cloud computing AI system 100 can autonomously extract security protection rule information from initialized scanning rule data, where the initialized scanning rule data is scanning rule data constructed based on all information security data; the safety protection rule information may also be directly obtained from other devices, and the present disclosure does not set any limit to the implementation manner of the cloud computing AI system 100 for obtaining the safety protection rule information for completing the configuration information change.

The following describes an implementation manner of the cloud computing AI system 100 extracting the safety protection rule information from the initialized scanning rule data.

The cloud computing AI system 100 may select, from the initialized scanning rule data, a scanning rule that meets a target requirement as a security protection rule, where the target requirement includes at least one of: the type of the scanning rule is a preset type, and the calling frequency of the scanning rule exceeds the target calling frequency; and then, according to the protection sniffing path information of the selected safety protection rule in the initialized scanning rule data, determining the safety protection rule information.

In an embodiment, the initialized scan rule data may be composed of a plurality of scan rule combinations with sniff path information, each scan rule combination being composed of an initial scan rule, a scan rule relationship, and a termination scan rule. For example, assume that the initial scanning rule included in the scanning rule set is "scanning rule for browsing behavior", the scanning rule relationship is "protection sniffing path a", and the termination scanning rule is "scanning rule for writing behavior". Each scan rule in the initialized scan rule data further includes a set of associated data corresponding thereto, and in an independently implementable embodiment, each scan rule includes associated data including, but not limited to, scan rule type, scan rule name, scan rule calling frequency, and the like.

When the cloud computing AI system 100 extracts the security protection rule information from the initialized scanning rule data, the scanning rule meeting the target requirement may be selected from the initialized scanning rule data as the security protection rule. In an independently implementable embodiment, the cloud computing AI system 100 may select, from the initialized scanning rule data, a scanning rule whose scanning rule type is a preset type as a security protection rule, and take a target security risk scanning service as a privacy stealing risk scanning service as an example, the cloud computing AI system 100 may set the preset type including an abnormal access scanning type, an abnormal migration scanning type, and the like, and further select, from the initialized scanning rule data, a scanning rule whose scanning rule type is the preset type as a security protection rule; in an independently implementable embodiment, the cloud computing AI system 100 may also select, from the initialized scan rule data, a scan rule whose scan rule calling frequency exceeds the target calling frequency as a security protection rule, and still take the target security risk scanning service as the privacy stealing risk scanning service as an example, the cloud computing AI system 100 may set the target calling frequency to 600, and then select, from the initialized scan rule data, a scan rule whose scan rule calling frequency exceeds 600 as a security protection rule.

In an embodiment that can be implemented independently, in practical applications, the cloud computing AI system 100 may only screen the security protection rule based on the scanning rule type, may also only screen the security protection rule based on the scanning rule calling frequency, may also simultaneously screen the security protection rule based on the scanning rule type and the scanning rule calling frequency, or the cloud computing AI system 100 may also screen the security protection rule based on other scanning rule associated data.

After the cloud computing AI system 100 selects the security protection rule related to the target security risk scanning service from the initialized scanning rule data, the protection sniffing path information of each selected security protection rule in the initialized scanning rule data may be extracted, and then, based on each selected security protection rule and the protection sniffing path information of each security protection rule in the initialized scanning rule data, security protection rule information suitable for performing security risk scanning node network update for the target security risk scanning service is constructed.

Step S112, generating a safety protection rule cluster based on the safety protection rule information; the safety protection rule cluster is a cluster formed by a plurality of safety protection rules with protection sniffing path information in the safety protection rule information.

After the cloud computing AI system 100 obtains the safety protection rule information, a plurality of safety protection rule clusters can be generated based on the safety protection rule information. In an embodiment that can be implemented independently, the cloud computing AI system 100 may form a security rule cluster by using a series of security rules having the protection sniff path information therebetween based on the protection sniff path information between the security rules in the security rule information.

In practical applications, the cloud computing AI system 100 may generate the security rule cluster based on the security rule information by using a random walk policy.

In an embodiment that can be implemented independently, when generating a safety protection rule cluster based on safety protection rule information, the method may be implemented by at least one of the following methods:

and generating a safety protection rule cluster based on the safety protection rule with the pre-marked protection sniffing path information in the safety protection rule information through a random walk strategy.

And generating a safety protection rule cluster based on the safety protection rules belonging to the same protection intention label range in the safety protection rule information through a random walk strategy. Namely, a plurality of safety protection rules corresponding to the same hypernym in the safety protection rule information can be utilized to form a safety protection rule cluster.

In an embodiment that can be implemented independently, in practical application, when a random walk policy is used to generate a safety protection rule cluster based on safety protection rule information, other conditions for limiting protection sniffing path information between safety protection rules in the safety protection rule cluster can be set according to practical requirements.

Step S113, according to the safety protection rule cluster, determining a scanning rule component corresponding to the safety protection rule in the safety protection rule information, and according to a connection value between the scanning rule components corresponding to the safety protection rule in the safety protection rule information and an association relationship between the safety protection rule and a safety risk scanning node on the target safety risk scanning service, determining a first connection value between the safety risk scanning nodes on the target safety risk scanning service.

After the cloud computing AI system 100 generates a plurality of safety protection rule clusters based on the safety protection rule information, the scanning rule component corresponding to the safety protection rule in the safety protection rule cluster may be correspondingly determined based on each generated safety protection rule cluster, and thus, the scanning rule component corresponding to each safety protection rule in the safety protection rule information is determined in a traversal manner. Since the scanning rule component corresponding to the above-mentioned safety protection rule is determined by the cloud computing AI system 100 based on the safety protection rule cluster including the safety protection rule, the scanning rule component corresponding to the safety protection rule can reflect the association between the scanning rule component and other safety protection rules to some extent.

The following describes a specific implementation manner of determining the scanning rule component corresponding to the security protection rule.

The cloud computing AI system 100 may first perform component extraction, such as unique hot coding, of an N-bit status register on each security protection rule in the security protection rule information, so as to obtain an initialization component corresponding to each security protection rule; then, training a scanning rule description network based on the initialized component corresponding to the safety protection rule in the safety protection rule cluster, and continuously adjusting the embedded word vector (low-dimensional manifold characteristic information) of the safety protection rule in the process of training the scanning rule description network; and finally, taking the low-dimensional manifold characteristic information of the safety protection rule after the training of the scanning rule description network as the scanning rule component corresponding to the safety protection rule.

The scan rule description network is a model for predicting an output word adjacent to an input word within a preset window from the input word.

In an embodiment that can be implemented independently, in order to convert the security rules in the security rule information into a form that can be recognized by a machine, the cloud computing AI system 100 needs to extract components of an N-bit status register from the security rules in the security rule information, so as to obtain initialization components corresponding to the security rules.

Because the initialized component extracted from the component of the N-bit status register cannot reflect the value of the relationship between the security rules, and the embodiment of the present disclosure needs to obtain a feature (i.e., a scanning rule component corresponding to the security rules) capable of reflecting the relationship between the security rules, the embodiment of the present disclosure needs to initialize the low-dimensional manifold feature information corresponding to the security rules, and then continuously update the low-dimensional manifold feature information corresponding to the security rules, i.e., adjust the weights in the feature, during the process of training the scanning rule description network by using the initialized component of the security rules in the security rule cluster, and after the training of the scanning rule description network is completed, the scanning rule component capable of reflecting the relationship between the security rules can be correspondingly obtained.

For example, in the process of predicting the safety protection rule adjacent to the safety protection rule in the safety protection rule cluster in the preset window based on a certain safety protection rule through the scanning rule description network, the initialization component corresponding to the safety protection rule is firstly input into the scanning rule description network, the safety protection rule can be mapped into the corresponding low-dimensional manifold feature information through the hidden layer in the scanning rule description network, and then the probability that all the safety protection rules in the safety protection rule information are adjacent to the safety protection rule is output through the output layer in the scanning rule description network. The initialized component of the security protection rule is a feature obtained after processing of a hidden layer in the scanning rule description network, that is, a scanning rule component corresponding to the security protection rule required by the embodiment of the present disclosure.

After the cloud computing AI system 100 calculates and obtains the scanning rule components corresponding to the target vectors in the safety protection rule information, the safety protection rules in the safety protection rule information may be combined pairwise, and the connection value between the scanning rule components corresponding to each two safety protection rules is calculated. Further, the cloud computing AI system 100 may obtain an association relationship between the security protection rule and the security risk scanning nodes on the target security risk scanning service, convert a contact value between scanning rule components corresponding to the security protection rule into a contact value between the security risk scanning nodes on the target security risk scanning service, and record the contact value between the security risk scanning nodes thus determined as a first contact value between the security risk scanning nodes.

In an embodiment that can be implemented independently, the association relationship between the security protection rule and the security risk scanning node on the target security risk scanning service may be determined according to association data such as a scanning rule name of the security protection rule. The association may be determined temporarily when determining the first contact value between the security risk scanning nodes, or may be predetermined. The present disclosure does not set any limit to the determination method and determination timing of the association relationship between the security protection rule and the security risk scanning node.

In an embodiment, in practical applications, if two security rules are mapped to the same security risk scanning node, the value of the first relationship between the security risk scanning nodes may not be considered when determining the value of the first relationship between the two security risk scanning nodes. In other words, the first connection value between the security risk scanning nodes is substantially determined based on the connection values between the scanning rule components corresponding to the security protection rules respectively mapped to the different security risk scanning nodes.

A specific implementation of determining the first contact value between the security risk scanning nodes on the target security risk scanning service is described below.

The cloud computing AI system 100 may determine a first connection value grid (which may be distributed in a matrix form) according to a scanning rule component corresponding to each security protection rule in the security protection rule information, where each grid unit in the first connection value grid is used to represent a connection value between a security protection rule corresponding to a first security protection dimension (for example, a matrix row) where the grid unit is located and a security protection rule corresponding to a second security protection dimension (for example, a matrix column) where the grid unit is located. Furthermore, the cloud computing AI system 100 may convert the first contact value grid into a second contact value grid according to the association relationship between each security protection rule and each security risk scanning node on the target security risk scanning service, where each grid unit in the second contact value grid is used to represent the contact value between the security risk scanning node corresponding to the first security protection dimension where the grid unit is located and the security risk scanning node corresponding to the second security protection dimension where the grid unit is located.

In an embodiment that can be implemented independently, after the cloud computing AI system 100 determines the scanning rule component corresponding to each safety protection rule in the safety protection rule information, each safety protection rule in the safety protection rule information may be combined in pairs to obtain a plurality of safety protection rule pairs; then, calculating cosine contact value between scanning rule components corresponding to two safety protection rules respectively aiming at each safety protection rule pair, and taking the cosine contact value as the contact value corresponding to the safety protection rule pair; and then, constructing a first contact value grid for the respective corresponding contact values based on the respective safety protection rules, wherein the first contact value grid takes the respective safety protection rules as rows and takes the respective safety protection rules as second safety protection dimensions, and grid units in the first contact value grid, which are located in the x-th first safety protection dimension and the y-th second safety protection dimension, are actually cosine contact values between the scanning rule components of the safety protection rules corresponding to the x-th first safety protection dimension and the scanning rule components of the safety protection rules corresponding to the y-th second safety protection dimension.

In an embodiment that can be implemented independently, in practical applications, the cloud computing AI system 100 may construct the first connection value grid by using the cosine connection value between the scanning rule components, and may also construct the first connection value grid by using the connection value between the scanning rule components calculated based on other algorithms.

After the cloud computing AI system 100 constructs the first contact value grid, the first contact value grid may be converted into a second contact value grid for representing contact values between the security risk scanning nodes according to the association relationship between each security protection rule and each security risk scanning node on the target security risk scanning service. In an independently implemented embodiment, when converting the second contact value grid, the cloud computing AI system 100 may discard the contact value between the scanning rule components corresponding to the two security protection rules mapped to the same security risk scanning node, and does not count the contact value into the second contact value grid.

It should be noted that, in practical applications, in order to more accurately optimize a security risk scanning node network on a target security risk scanning service based on the connection value between each security risk scanning node on the target security risk scanning service, the method provided in the embodiment of the present disclosure may determine, from the dimension of scanning rule data, the connection value between each security risk scanning node on the target security risk scanning service, and may also determine, from the existing security risk scanning node network on the target security risk scanning service, the connection value between each security risk scanning node on the target security risk scanning service.

That is, the cloud computing AI system 100 may determine the second contact value between the security risk scanning nodes on the target security risk scanning service according to the security risk scanning node network of the security account on the target security risk scanning service. In an independently implementable embodiment, the cloud computing AI system 100 can obtain a network of security risk scanning nodes for some or all of the security accounts on the target security risk scanning service, then, analyzing the contact value among the security risk scanning nodes based on the acquired security risk scanning node network, for example, suppose that the security risk scanning node network of the security account a includes a security risk scanning node 1, a security risk scanning node 2, a security risk scanning node 3 and a security risk scanning node 4, the security risk scanning node network of the security account B includes a security risk scanning node 2, a security risk scanning node 3, a security risk scanning node 4 and a security risk scanning node 5, in the process of analyzing the security risk scanning node network, the cloud computing AI system 100 may consider that the security risk scanning node 1 and the security risk scanning node 5 have a certain contact value; based on the above basic idea, the cloud computing AI system 100 may determine a contact value between each security risk scanning node on the target security risk scanning service according to the existing security risk scanning node network on the target security risk scanning service, and the contact value between the security risk scanning nodes thus determined may be denoted as a second contact value between the security risk scanning nodes.

A specific implementation of determining the second contact value between security risk scanning nodes on the target security risk scanning service is described below.

The cloud computing AI system 100 may first construct an initialized security risk scanning node network according to a security risk scanning node network on a target security risk scanning service, where each grid cell in the initialized security risk scanning node network is used to represent a scanning intensity of a security account corresponding to a first security protection dimension where the grid cell is located with respect to a security risk scanning node corresponding to a second security protection dimension where the grid cell is located. Furthermore, the cloud computing AI system 100 may train sparse matrix distribution based on the initialized security risk scanning node network, and use the trained sparse matrix distribution as a third contact value grid, where each grid unit in the third contact value grid is used to represent a contact value between a label corresponding to the first security protection dimension where the grid unit is located and a security risk scanning node corresponding to the second security protection dimension where the grid unit is located.

In an embodiment that can be implemented independently, the cloud computing AI system 100 may construct an initialized security risk scanning node network V according to security risk scanning node networks of all security accounts on a target security risk scanning service, where a first security protection dimension in the initialized security risk scanning node network represents a security account user, a second security protection dimension in the initialized security risk scanning node network represents a security risk scanning node tag, and each grid unit in the initialized security risk scanning node network represents a scanning intensity of a security account corresponding to a first security protection dimension where the grid unit is located with respect to a security risk scanning node corresponding to a second security protection dimension where the grid unit is located. In other words, a grid cell of a first security protection dimension in the initialized security risk scanning node network can represent the scanning strength of a security account for each security risk scanning node on the target security risk scanning service, and a grid cell of a second security protection dimension in the initialized security risk scanning node network can represent the scanning strength of all security accounts on the target security risk scanning service for one security risk scanning node.

Step S114, based on the first contact value, optimizing a security risk scanning node network on the target security risk scanning service, performing internet behavior big data scanning based on the optimized security risk scanning node network, and performing security risk scanning on internet behavior big data based on a deep learning network that satisfies a network convergence condition and corresponds to the security risk scanning service.

After the cloud computing AI system 100 determines the first contact value between each security risk scanning node on the target security risk scanning service, the security risk scanning node network on the target security risk scanning service may be optimized based on the first contact value between the security risk scanning nodes. The idea is that security risk scanning nodes which are similar to the original security risk scanning nodes are updated in the security risk scanning node network based on the first connection value among the security risk scanning nodes.

In the case where the first contact value between the security risk scanning nodes on the target security risk scanning service represents the second contact value grid, the cloud computing AI system 100 may optimize the network of security risk scanning nodes on the target security risk scanning service by:

determining an optimized security risk scanning node network according to the second contact value grid and the initialized security risk scanning node network; the initialized security risk scanning node network is constructed according to an existing security risk scanning node network on a target security risk scanning service, and each grid unit in the initialized security risk scanning node network and the optimized security risk scanning node network is used for representing the scanning strength of a security account corresponding to a first security protection dimension where the grid unit is located to a security risk scanning node corresponding to a second security protection dimension where the grid unit is located.

If the cloud computing AI system 100 determines the second contact value between the security risk scanning nodes on the target security risk scanning service according to the security risk scanning node network on the target security risk scanning service, the cloud computing AI system 100 may optimize the security risk scanning node network on the target security risk scanning service based on the first contact value and the second contact value between the security risk scanning nodes.

In an embodiment that can be implemented independently, the cloud computing AI system 100 may fuse a first contact value and a second contact value between each security risk scanning node on the target security risk scanning service to obtain a target contact value between each security risk scanning node that matches a security risk scanning target on the target security risk scanning service and matches a relationship between scanning rules in the security protection rule information, and further, the cloud computing AI system 100 may optimize a security risk scanning node network on the target security risk scanning service according to the target contact value between each security risk scanning node.

In a case where the first contact value between each security risk scanning node on the target security risk scanning service is represented by the second contact value grid, and the second contact value between each security risk scanning node is represented by the third contact value grid, the cloud computing AI system 100 may optimize the network of security risk scanning nodes on the target security risk scanning service by:

performing weight fusion on the second contact value grid and the third contact value grid to obtain a fourth contact value grid; and further, determining an optimized security risk scanning node network according to the fourth contact value grid and the initialized security risk scanning node network.

In an embodiment that can be implemented independently, the cloud computing AI system 100 may perform weight fusion processing on the second contact value grid L and the third contact value grid W according to preset weights.

It should be noted that, in practical application, after the cloud computing AI system 100 determines the optimized security risk scanning node network by any one of the above manners, it needs to optimize the existing security risk scanning node network on the target security risk scanning service based on the optimized security risk scanning node network, and in an embodiment that can be implemented independently, the cloud computing AI system 100 may optimize the security risk scanning node network of the xth security account on the target security risk scanning service based on the grid unit of the xth first security protection dimension in the optimized security risk scanning node network. In order to enable the cloud computing AI system 100 to more conveniently optimize an existing security risk scanning node network based on the optimized security risk scanning node network, after the cloud computing AI system 100 generates the optimized security risk scanning node network, the generated optimized security risk scanning node network may be updated according to the following exemplary scheme.

In an embodiment that can be implemented independently, the cloud computing AI system 100 may determine, for the grid cells at the same network location in the optimized security risk scanning node network and the initialized security risk scanning node network, whether the grid cell at the network location in the initialized security risk scanning node network is greater than a first preset grid parameter value, and if so, may set the grid cell at the network location in the optimized security risk scanning node network to 0.

In an independently implemented embodiment, if it is determined that the security account a has an operation tendency for the security risk scanning node 1 according to initializing the security risk scanning node network and it is also determined that the security account a has an operation tendency for the security risk scanning node 1 according to optimizing the security risk scanning node network, the cloud computing AI system 100 needs to set a grid unit for characterizing the scanning strength of the security account a for the security risk scanning node 1 in the optimized security risk scanning node network to 0, so as to avoid adding an original security risk scanning node again in the security risk scanning node network when the security account security risk scanning node is optimized based on the optimized security risk scanning node network in the following process.

In general, in initializing a security risk scanning node network, if a certain grid cell is not 0, a security risk scanning node corresponding to the second security protection dimension where the grid cell is located should be in the security risk scanning node network of the security account corresponding to the first security protection dimension where the grid cell is located, in which case, the cloud computing AI system 100 needs to set the first preset grid parameter value to 0. Of course, in some cases, in initializing the security risk scanning node network, only if a certain grid unit is greater than the preset value a, the security risk scanning node corresponding to the second security protection dimension where the grid unit is located will be in the security risk scanning node network of the security account corresponding to the first security protection dimension where the grid unit is located, and in this case, the cloud computing AI system 100 needs to set the first preset grid parameter value to a. The first preset grid parameter value is not specifically limited by the present disclosure.

In another embodiment, which may be implemented independently, the cloud computing AI system 100 may determine, for each grid cell in the network of optimized security risk scanning nodes, whether the grid cell is less than or equal to a second preset grid parameter value, and if so, set the grid cell in the network of optimized security risk scanning nodes to 0.

In an embodiment that can be implemented independently, in order to ensure sparsity of the optimized security risk scanning node network, the cloud computing AI system 100 needs to set a second preset grid parameter value between 0 and 1, and for a grid unit in the optimized security risk scanning node network that is less than or equal to the second preset grid parameter value, the cloud computing AI system 100 needs to set it to 0 accordingly.

After the optimized security risk scanning node network is processed through the two implementation manners, the security risk scanning node corresponding to the second security protection dimension where the non-zero item in each first security protection dimension is located in the optimized security risk scanning node network should actually be the security risk scanning node updated for the security account corresponding to the first security protection dimension.

In an embodiment that can be implemented independently, in practical applications, in addition to performing update processing on the network of scanning nodes for optimizing security risk through the two implementation manners, the network of scanning nodes for optimizing security risk may also be performed update processing in other manners.

The method for updating the security risk scanning node network starts with scanning rule data carrying a large number of scanning rules and relations among the scanning rules, determines the contact value among the scanning rules in the scanning rule data, converts the contact value among the scanning rules into the contact value among the security risk scanning nodes according to the association relations among the scanning rules and the security risk scanning nodes, and then optimizes the security risk scanning node network based on the contact value among the security risk scanning nodes. Therefore, the safety risk scanning node network is quickly and accurately updated, and accurate safety risk scanning of internet behavior big data scanned according to the optimized safety risk scanning node network based on safety risk scanning service is facilitated.

Fig. 3 is a schematic diagram illustrating a hardware structure of the cloud computing AI system 100 for implementing the above-described internet behavior big data-based information prompting method according to the embodiment of the present disclosure, and as shown in fig. 3, the cloud computing AI system 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a transceiver 140.

In a specific implementation process, at least one processor 110 executes computer-executable instructions stored in the machine-readable storage medium 120, so that the processor 110 may execute the information prompting method based on internet behavior big data according to the above method embodiment, the processor 110, the machine-readable storage medium 120, and the transceiver 140 are connected through the bus 130, and the processor 110 may be configured to control the transceiving action of the transceiver 140, so as to perform data transceiving with the internet service server 200.

For a specific implementation process of the processor 110, reference may be made to the above-mentioned method embodiments executed by the cloud computing AI system 100, which implement principles and technical effects similar to each other, and details of this embodiment are not described herein again.

In addition, the embodiment of the disclosure also provides a readable storage medium, wherein a computer execution instruction is preset in the readable storage medium, and when a processor executes the computer execution instruction, the information prompting method based on the internet behavior big data is realized.

Finally, it should be understood that the examples in this specification are only intended to illustrate the principles of the examples in this specification. Other variations are also possible within the scope of this description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.

Claims (10)

1. An information prompting method based on internet behavior big data is applied to a cloud computing AI system, the cloud computing AI system is in communication connection with a plurality of internet service servers, and the method comprises the following steps:

the method comprises the steps of obtaining internet behavior big data of a target risk distribution service searched based on safety protection rule information which completes configuration information change, wherein the safety protection rule information is used for representing protection sniffing path information among safety protection rules, and the safety protection rules are scanning rules related to the target safety risk scanning service;

acquiring a derived risk event in derived risk distribution service associated with target risk distribution service from the Internet behavior big data according to the deep learning network which is corresponding to the target security risk scanning service and meets the network convergence condition, and acquiring a risk event influence characteristic corresponding to the derived risk event;

determining a risk distribution thermal map of the derived risk event in the derived risk distribution service according to the risk event impact characteristics;

predicting a risk path evaluation value of a risk path of the derived risk event according to the derived risk event and the risk event influence characteristics, taking the risk path evaluation value as a predictive evaluation value, and determining risk intensity information of the risk path of the derived risk event in the derived risk distribution service according to the predictive evaluation value;

and acquiring a risk path evaluation value of a risk path in the target risk distribution service as a target evaluation value, and generating risk path prompt information of the target risk distribution service according to the risk distribution thermal map, the risk intensity information and the target evaluation value.

2. The internet behavior big data-based information prompting method according to claim 1, wherein the determining the risk distribution thermal map of the derived risk event in the derived risk distribution service according to the risk event influence characteristics comprises:

acquiring the total risk strength of the risk path in the derived risk distribution service;

and acquiring a relative coefficient between the risk event influence characteristics and the total risk strength of the risk paths in the derivative risk distribution service as a risk distribution thermodynamic map of the derivative risk events in the derivative risk distribution service.

3. The internet behavior big data-based information presentation method according to claim 2, wherein the step of predicting, as a predictive evaluation value, a risk path evaluation value of the risk path of the derived risk event based on the derived risk event and the risk event influence characteristics, and determining, as the predictive evaluation value, risk strength information of the risk path of the derived risk event in the derived risk distribution service based on the predictive evaluation value includes:

predicting and determining a risk path evaluation value of a risk path with the derived risk event when the risk path is not transmitted according to the derived risk event and the risk event influence characteristics, and taking the risk path evaluation value as a first evaluation value;

taking a relative coefficient between the first evaluation value and the first total evaluation value as risk intensity sub-information of the risk path of the derived risk event when the risk path is not transmitted, and taking the relative coefficient as first intensity sub-information; the first total evaluation value is a total evaluation value of risk paths of the derived risk distribution service when the risk paths are not delivered;

predicting and determining a risk path evaluation value of a risk path with the derived risk event during transmission according to the derived risk event and the risk event influence characteristics, wherein the risk path evaluation value is used as a second evaluation value; the first evaluation value and the second evaluation value both belong to the predictive evaluation value;

generating risk intensity sub-information of the risk path of the derived risk event during delivery as second intensity sub-information according to a relative coefficient between the second evaluation value and a second total evaluation value, wherein the second total evaluation value is a total evaluation value of the risk path in the derived risk distribution service during delivery;

and generating risk strength information of the risk path of the derived risk event in the derived risk distribution service according to the first strength sub-information and the second strength sub-information.

4. The internet behavior big data-based information presentation method according to claim 3, wherein the predicting, based on the derived risk event and the risk event influence characteristic, a risk path evaluation value when a risk path having the derived risk event is determined without being delivered as the first evaluation value includes:

determining a business access reference strength referenced by the risk path with the derived risk event when the risk path is not transmitted as a first business access reference strength;

obtaining a product between the first business access reference strength and the risk event influence characteristics as a risk path evaluation value of a risk path with the derived risk event when the risk path is not transmitted;

and taking the risk path evaluation value of the risk path with the derived risk event when the risk path is not transmitted as the first evaluation value.

5. The internet behavior big data-based information presentation method according to claim 3, wherein the determining, from the derived risk event and the risk event influence characteristic, a risk path evaluation value of a risk path having the derived risk event at the time of delivery, as the second evaluation value, includes:

determining a business access reference strength referenced by the risk path with the derived risk event when the risk path is not transmitted as a first business access reference strength;

acquiring past transmission times of a risk path with the derived risk event, and generating a transmission influence weight according to the past transmission times;

determining the business access reference strength referred by the risk path with the derived risk event during transmission as a second business access reference strength according to the first business access reference strength and the transmission influence weight;

obtaining a product between the second service access citation strength and the risk event influence characteristics as a risk path evaluation value of a risk path with the derived risk event during transmission;

and taking the risk path evaluation value of the risk path with the derived risk event at the time of transmission as the second evaluation value.

6. The internet behavior big data-based information prompting method according to claim 3, wherein the generating risk path prompting information of the target risk distribution service according to the risk distribution thermal map, the risk intensity information, and the target evaluation value comprises:

generating a risk path evaluation value range of a target risk path label according to the risk distribution thermal map, the risk intensity information and the target evaluation value; the target risk path label is the same risk path label in the target risk distribution service as the derived risk event;

determining risk path prompt information of the target risk distribution service from the risk path evaluation value range of the target risk path label;

wherein, the generating a risk path evaluation value range of a target risk path label according to the risk distribution thermal map, the risk intensity information and the target evaluation value includes:

acquiring a maximum relative coefficient and a minimum relative coefficient of a relative coefficient between the risk event influence characteristic and the total risk strength of the risk paths in the derivative risk distribution service, a relative coefficient between the first evaluation value and the first total evaluation value, and a relative coefficient between the second evaluation value and the second total evaluation value;

acquiring a weight evaluation value between the maximum relative coefficient and the target evaluation value as a first risk path prompt information value;

acquiring a weight evaluation value between the minimum relative coefficient and the target evaluation value as a second risk path prompt information value;

and taking a range formed by the first risk path prompting information value and the second risk path prompting information value as a risk path evaluation value range of the target risk path label.

7. The internet behavior big data-based information prompting method according to claim 6, wherein the target risk distribution service includes a plurality of risk path labels, the target risk path labels belong to the plurality of risk path labels, and each risk path label corresponds to a risk path prompting information range;

the determining risk path prompt information of the target risk distribution service from the risk path evaluation value range of the target risk path label includes:

respectively acquiring a risk path prompt information value from a risk path prompt information range corresponding to each risk path label as a target risk path prompt information value;

acquiring fusion information values among the target risk path prompt information values, and determining risk path prompt information of the target risk distribution service according to the fusion information values among the target risk path prompt information values;

wherein the determining risk path hint information for the target risk distribution service based on the fusion information value between the target risk path hint information values comprises:

generating a first risk path prompt information threshold according to the target evaluation value;

generating a second risk path prompting information threshold according to the target evaluation value and the second evaluation value; the first risk path reminder information threshold is greater than the second risk path reminder information threshold;

if the fusion information value between the target risk path prompt information values is smaller than the first risk path prompt information threshold value and not smaller than the second risk path prompt information threshold value, taking the fusion information value between the target risk path prompt information values as the risk path prompt information of the target risk distribution service;

if the fusion information value between the target risk path prompt information values is not smaller than the first risk path prompt information threshold value or smaller than the second risk path prompt information threshold value, respectively acquiring the risk path prompt information values from the risk path prompt information range corresponding to each risk path label to serve as updated target risk path prompt information values, acquiring the fusion information values between the updated target risk path prompt information values, and determining the risk path prompt information of the target risk distribution service according to the fusion information values between the updated target risk path prompt information values.

8. The information prompting method based on internet behavior big data according to any one of claims 1 to 7, characterized in that the method further comprises:

acquiring a prior risk distribution thermal map of a target risk path label in a candidate risk distribution service of a candidate risk distribution service set in a past risk scanning stage;

acquiring a prior risk distribution thermal map of the target risk path label in the target risk distribution service in the past risk scanning stage;

and taking the candidate risk distribution service which is matched with the corresponding prior risk distribution thermal map in the candidate risk distribution service set and the prior risk distribution thermal map in the target risk distribution service as a derived risk distribution service associated with the target risk distribution service.

9. The information prompting method based on internet behavior big data as claimed in any of claims 1-7, wherein the step of obtaining internet behavior big data of target risk distribution service found based on safety protection rule information completing configuration information change comprises:

acquiring safety protection rule information for finishing configuration information change, wherein the safety protection rule information is used for representing protection sniffing path information among safety protection rules, and the safety protection rules are scanning rules related to target safety risk scanning service;

generating a safety protection rule cluster based on the safety protection rule information, wherein the safety protection rule cluster is a cluster formed by a plurality of safety protection rules with protection sniffing path information in the safety protection rule information;

determining scanning rule components corresponding to the safety protection rules in the safety protection rule information according to the safety protection rule clusters, and determining a first contact value between safety risk scanning nodes on the target safety risk scanning service according to a contact value between the scanning rule components corresponding to the safety protection rules in the safety protection rule information and an incidence relation between the safety protection rules and the safety risk scanning nodes on the target safety risk scanning service;

and optimizing a security risk scanning node network on the target security risk scanning service based on the first contact value, and scanning the internet behavior big data based on the optimized security risk scanning node network so as to scan the internet behavior big data based on a deep learning network which corresponds to the security risk scanning service and meets a network convergence condition.

10. A cloud-computing AI system, comprising a machine-readable storage medium, a processor, and a computer program stored on the machine-readable storage medium and executable on the processor, wherein the processor executes the computer program to perform the internet behavior big data-based information prompting method of any one of claims 1 to 9.

Images