CN113553147A - Task processing method and device based on AI and RPA - Google Patents
Task processing method and device based on AI and RPA Download PDFInfo
- Publication number
- CN113553147A CN113553147A CN202110680945.2A CN202110680945A CN113553147A CN 113553147 A CN113553147 A CN 113553147A CN 202110680945 A CN202110680945 A CN 202110680945A CN 113553147 A CN113553147 A CN 113553147A
- Authority
- CN
- China
- Prior art keywords
- task
- alarm
- alarm task
- processing
- grade
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 31
- 238000012545 processing Methods 0.000 claims abstract description 133
- 238000000034 method Methods 0.000 claims abstract description 84
- 230000008569 process Effects 0.000 claims abstract description 54
- 238000013473 artificial intelligence Methods 0.000 claims description 47
- 230000007123 defense Effects 0.000 claims description 23
- 230000015654 memory Effects 0.000 claims description 20
- 238000003058 natural language processing Methods 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 10
- 238000005516 engineering process Methods 0.000 claims description 9
- 230000004044 response Effects 0.000 abstract description 15
- 238000010586 diagram Methods 0.000 description 17
- 238000004801 process automation Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000003044 adaptive effect Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000005314 correlation function Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a task processing method and a task processing device based on AI and RPA, wherein the method comprises the following steps: determining the alarm task to be processed and the grade of the alarm task; when the grade is smaller than a preset grade threshold value, acquiring a processing strategy corresponding to the alarm task; and controlling the RPA robot to process the alarm task according to the processing strategy. Therefore, the RPA robot is controlled to process the alarm task according to the processing strategy, the alarm task can be automatically processed, the problem that safety response is not timely due to shortage of safety operators and insufficient skills is avoided, and the efficiency of safety operation is improved.
Description
Technical Field
The present application relates to the field of Artificial Intelligence technology, and in particular, to a task processing method and device based on AI (Artificial Intelligence) and RPA (robot Process Automation).
Background
Robot Process Automation (RPA) is a Process task that simulates human operations on a computer by specific "robot software" and executes automatically according to rules.
Artificial Intelligence (AI) is a technical science that studies and develops theories, methods, techniques and application systems for simulating, extending and expanding human Intelligence.
Safe operation is an important component of a safety guarantee system, and basic supporting work of safety control and safety management is achieved. The key to the achievement of the daily safe operation work is whether the safety management and safety management work can be carried out in place. In order to realize effective safe operation, enterprises and organizations carry out a large amount of investment, a safe operation center is established in dispute, a safe operation platform is built, some safe operation processes are gradually accumulated, and safe operation personnel carry out safe event response according to the safe operation processes.
However, at present, safety operators are in short supply and only have insufficient skills, so that the efficiency is low, the working pressure is high, the loss rate is high, and the response of safety events is not timely.
Disclosure of Invention
The present application aims to solve at least to some extent one of the technical problems in the above-mentioned technology.
Therefore, the application provides a task processing method based on artificial intelligence AI and robot process automation RPA in a first aspect.
The second aspect of the application provides a task processing device based on artificial intelligence AI and robot process automation RPA.
A third aspect of the present application provides an electronic device.
A fourth aspect of the present application is directed to a non-transitory computer readable storage medium having computer instructions stored thereon.
A fifth aspect of the present application proposes a computer program product.
The embodiment of the first aspect of the present application provides a task processing method based on artificial intelligence AI and robot flow automation RPA, including: determining an alarm task to be processed and the grade of the alarm task; when the grade is smaller than a preset grade threshold value, acquiring a processing strategy corresponding to the alarm task; and controlling the RPA robot to process the alarm task according to the processing strategy.
In an embodiment of the present application, the determining the alert task to be processed and the level of the alert task includes: determining the alarm task to be processed, and extracting the characteristic information of the alarm task based on a natural language processing technology (NLP); and determining the grade of the alarm task according to the characteristic information.
In an embodiment of the present application, the alarm task to be processed is at least one of the following tasks: generating an alarm task according to the attack operation aiming at the network; an alarm task generated according to an attack operation for a security infrastructure; and generating an alarm task according to the attack operation aiming at the cloud application.
In one embodiment of the present application, further comprising: when the grade is greater than or equal to the grade threshold value, providing the alarm task for a user to obtain a processing instruction of the user; and controlling the RPA robot to process the alarm task according to the processing instruction.
In one embodiment of the application, the alarm task is an alarm task filtered by a third-party defense library; after controlling the RPA robot to process the alarm task according to the processing instruction, the method further comprises the following steps: and updating the third party defense library according to the to-be-processed alarm task and the processing instruction.
In one embodiment of the present application, the processing policy includes at least one of the following policies: closing the IP address, closing the URL, changing the domain name and changing the hash value of the file.
In one embodiment of the present application, further comprising: and acquiring and storing intermediate processing data of the alarm task in the processing process of the alarm task.
An embodiment of a second aspect of the present application provides a task processing device based on artificial intelligence AI and robot flow automation RPA, including: the determining module is used for determining the alarm task to be processed and the grade of the alarm task; the acquisition module is used for acquiring a processing strategy corresponding to the alarm task when the grade is smaller than a preset grade threshold value; and the processing module is used for controlling the RPA robot to process the alarm task according to the processing strategy.
In an embodiment of the present application, the determining module is specifically configured to: determining the alarm task to be processed, and extracting the characteristic information of the alarm task based on a natural language processing technology (NLP); and determining the grade of the alarm task according to the characteristic information.
In an embodiment of the application, the determination module determines that the alarm task to be processed is at least one of the following tasks: generating an alarm task according to the attack operation aiming at the network; an alarm task generated according to an attack operation for a security infrastructure; and generating an alarm task according to the attack operation aiming at the cloud application.
In one embodiment of the present application, the apparatus further comprises: the providing module is used for providing the alarm task for the user to obtain a processing instruction of the user when the grade is greater than or equal to the grade threshold; and the processing module is also used for controlling the RPA robot to process the alarm task according to the processing instruction.
In one embodiment of the application, the alarm task is an alarm task filtered by a third-party defense library; the device further comprises: and the updating module is used for updating the third-party defense library according to the to-be-processed alarm task and the processing instruction.
In one embodiment of the present application, the processing policy includes at least one of the following policies: closing the IP address, closing the URL, changing the domain name and changing the hash value of the file.
An embodiment of a third aspect of the present application provides an electronic device, including at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of the first aspect.
A fourth aspect of the present application proposes a non-transitory computer-readable storage medium having stored thereon computer instructions for causing a computer to perform the method of the first aspect described above.
A fifth aspect of the present application proposes a computer program product comprising a computer program which, when executed by a processor, implements the method of the embodiment of the first aspect described above.
According to the technical scheme provided by the embodiment of the application, the alarm task to be processed and the grade of the alarm task are determined; when the grade is smaller than a preset grade threshold value, acquiring a processing strategy corresponding to the alarm task; and controlling the RPA robot to process the alarm task according to the processing strategy. Therefore, the RPA robot is controlled to process the alarm task according to the processing strategy, the alarm task can be automatically processed, the problem that safety response is not timely due to shortage of safety operators and insufficient skills is avoided, and the efficiency of safety operation is improved.
It should be understood that the description herein is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present application will become apparent from the following description.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a schematic diagram of a network security sliding scale model according to one embodiment of the present application;
FIG. 2 is a schematic diagram of an adaptive architecture according to one embodiment of the present application;
FIG. 3 is a schematic diagram of a task processing method based on AI and RPA according to one embodiment of the present application;
FIG. 4 is a schematic illustration of annotation of intermediate process data according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a task processing method based on AI and RPA according to another embodiment of the present application;
FIG. 6 is a schematic diagram of a task processing method based on AI and RPA according to another embodiment of the present application;
FIG. 7 is a schematic diagram of a task processing method based on AI and RPA according to one embodiment of the present application;
FIG. 8 is a schematic illustration of an interactive interface according to an embodiment of the present application;
FIG. 9 is a schematic diagram of a task processing method based on AI and RPA according to another embodiment of the present application;
FIG. 10 is a schematic diagram of a task processing method based on AI and RPA according to one embodiment of the present application;
FIG. 11 is a schematic diagram of an AI and RPA based task processing device according to one embodiment of the present application;
fig. 12 is a block diagram of an electronic device for implementing an AI and RPA based task processing method according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary and intended to be used for explaining the present application and should not be construed as limiting the present application.
Robot Process Automation (RPA) is a Process task that simulates human operations on a computer by specific "robot software" and executes automatically according to rules.
Artificial Intelligence (AI) is a technical science that studies and develops theories, methods, techniques and application systems for simulating, extending and expanding human Intelligence.
Safe operation is an important component of a safety guarantee system, and basic supporting work of safety control and safety management is achieved. The key to the achievement of the daily safe operation work is whether the safety management and safety management work can be carried out in place.
In order to realize effective security operation, in the related art, as shown in fig. 1, a network security sliding scale model is proposed, wherein the scale includes five categories, namely architecture security, passive defense, active defense, intelligence and attack, wherein as shown in fig. 2, the active defense and the intelligence are continuously monitored and analyzed according to an adaptive security architecture, and the continuous monitoring and analysis process of the adaptive architecture is divided into: the method comprises four main links of prevention prediction, prevention and protection, detection and monitoring, response and investigation, wherein each link needs a large amount of safety operators to participate, but the safety operators are in short supply and have insufficient skills, the working pressure is high, the loss rate is high, the repetitive labor amount is large, the efficiency is low, in addition, the information to be processed by the safety operators is too much, the personnel loss rate is often very high, and the response of safety events is not timely.
In order to solve the above problems, the present application provides a task processing method based on AI and RPA and a device thereof.
Fig. 3 is a schematic diagram of a task processing method based on AI and RPA according to an embodiment of the present application. The AI and RPA based task processing method provided by the embodiment of the present application can be applied to the AI and RPA based task processing device according to the embodiment of the present application, and the device can be configured in an electronic device. The electronic device may be a mobile terminal, for example, a mobile phone, a tablet computer, a personal digital assistant, and other hardware devices with various operating systems.
As shown in fig. 3, the method includes:
It can be understood that, in the security operation, a large number of security logs are generated, a large number of alarm tasks can be obtained from the security logs, and the alarm tasks are filtered by the third-party defense library to obtain the alarm tasks to be processed. Further, according to the characteristic information of the alarm task to be processed, the grade of the alarm task can be determined.
And 302, when the grade is smaller than a preset grade threshold value, acquiring a processing strategy corresponding to the alarm task.
In the embodiment of the disclosure, the level of the alarm task may be compared with a preset level threshold, and when the level of the alarm task is smaller than the preset level threshold, a processing policy corresponding to the alarm task may be obtained. When the grade of the alarm task is greater than or equal to the preset grade threshold value, the alarm task can be provided for a user to be processed. It should be noted that the task processing device based on the AI and the RPA sets different processing strategies in advance according to different alarm tasks. Wherein the processing policy may comprise at least one of the following policies: closing an IP Address (Internet Protocol Address), closing a URL (Uniform Resource Locator), changing a domain name, and changing a file hash value. For example, for an alarm task generated by online copying network attack operation, the corresponding processing policy may be set to close a URL and disconnect a network connection, and for an alarm task generated by attack operation stealing a user password, the corresponding processing policy may be set to close an IP, close a URL, disconnect a network connection, and prompt the user to change a password.
And 303, controlling the RPA robot to process the alarm task according to the processing strategy.
Furthermore, the RPA robot can be controlled to process the alarm task according to the processing strategy corresponding to the alarm task. For example, the alarm task generated by the online copied network attack operation can be processed by disconnecting the network, and for example, the alarm task generated by the attack operation of stealing the user password can be processed by disconnecting the network and reminding the user to change the password.
In order to make the process of the RPA robot processing the alarm task traceable, in the embodiment of the application, in the process of the RPA robot processing the alarm task, intermediate processing data of the RPA robot processing the alarm task may be obtained and stored, and in the process of storing the intermediate processing data, the intermediate processing data may be labeled. For example, as shown in fig. 4, key information such as IP, URL, domain name, file hash value, etc. may be labeled by a correlation function.
The task processing method based on AI and RPA determines the alarm task to be processed and the level of the alarm task; when the grade is smaller than a preset grade threshold value, acquiring a processing strategy corresponding to the alarm task; and controlling the RPA robot to process the alarm task according to the processing strategy. Therefore, the RPA robot is controlled to process the alarm task according to the processing strategy, the alarm task can be automatically processed, the problem that safety response is not timely due to shortage of safety operators and insufficient skills is avoided, and the efficiency of safety operation is improved.
In order to more accurately determine the level of the alarm task, as shown in fig. 5, fig. 5 is a schematic diagram of a task processing method based on AI and RPA according to another embodiment of the present application. In the embodiment of the application, the grade of the alarm task can be determined according to the characteristic information of the alarm task. The embodiment shown in fig. 5 may include the following steps:
In the embodiment of the present application, after the alarm task to be processed is determined, feature information of the alarm task may be extracted according to an NLP (Natural Language Processing) technique, for example, the performability, infectivity, destructiveness, and the like of various attacks (an attack on a network, an attack on a security infrastructure, an attack on a cloud application) in the alarm task may be extracted according to the NLP technique.
As an example, the feature information of the alert task may be matched with the feature information in the preset big data knowledge base, and the level of the alert task may be determined according to the matching result, for example, when the feature information of the alert task is completely matched with the feature information in the preset big data knowledge base, it may be determined that the level of the alert task is lower and the complexity of the corresponding alert task is not high, and when the feature information of the alert task is not completely matched with the feature information in the preset big data knowledge base, it may be determined that the level of the alert task is higher and the complexity of the alert task is higher. It should be noted that the preset big data knowledge base includes features of various alarm tasks.
And step 504, controlling the RPA robot to process the alarm task according to the processing strategy.
In conclusion, by determining the alarm task to be processed, extracting the characteristic information of the alarm task based on the natural language processing technology NLP; and determining the grade of the alarm task according to the characteristic information, so that the grade of the alarm task can be accurately determined.
In order to improve the timeliness of the response of the security event, the RPA robot may process various alarm tasks according to the processing policy, as shown in fig. 6, fig. 6 is a schematic diagram of a task processing method based on AI and RPA according to another embodiment of the present application. In the embodiment of the application, the alarm tasks to be processed may include various types of alarm tasks. The embodiment shown in fig. 6 may include the following steps:
step 601, determining the alarm task to be processed and the grade of the alarm task. Wherein, the alarm task to be processed is at least one of the following tasks: generating an alarm task according to the attack operation aiming at the network; an alarm task generated according to an attack operation for a security infrastructure; and generating an alarm task according to the attack operation aiming at the cloud application.
In the embodiment of the present disclosure, the generation manner of the alarm task in the security log is at least one of the following, the alarm task is generated according to an attack operation on a network, the alarm task is generated according to an attack operation on a security infrastructure, and the alarm task is generated according to an attack operation on a cloud application. And then, filtering the alarm tasks acquired from the safety log, and taking the filtered alarm tasks as the alarm tasks to be processed. For example, the alarm tasks may be filtered through a third-party defense library, and the alarm tasks that the third-party defense library cannot defend are used as the alarm tasks to be processed.
And step 603, controlling the RPA robot to process the alarm task according to the processing strategy.
In summary, the alarm task to be processed is at least one of the following tasks: generating an alarm task according to the attack operation aiming at the network; an alarm task generated according to an attack operation for a security infrastructure; according to the alarm task generated by the attack operation aiming at the cloud application, various alarm tasks to be processed can be obtained, the RPA robot can process the various alarm tasks according to the processing strategy, and the timeliness of the response of the security event is improved.
In order to improve the accuracy of the RPA robot in processing the task of the alarm to be processed, as shown in fig. 7, fig. 7 is a schematic diagram of a task processing method based on AI and RPA according to an embodiment of the present application. In the embodiment of the application, when the grade is greater than or equal to the grade threshold value, the alarm task is provided for the user, and the RPA robot is controlled to process the alarm task according to the processing instruction of the user. The embodiment shown in fig. 7 may include the following steps:
And step 702, when the grade is greater than or equal to the grade threshold value, providing the alarm task for the user to obtain a processing instruction of the user.
That is to say, when the alarm task is greater than or equal to the preset level threshold, the RPA robot cannot automatically process the alarm task according to the processing instruction, the alarm task can be provided to the user, and the user can analyze the alarm task and obtain the processing instruction, and send the processing instruction to the RPA robot through the interactive interface. For example, as shown in fig. 8, a user may interact with the RPA robot through a pattern of chat operations.
And step 703, controlling the RPA robot to process the alarm task according to the processing instruction.
Further, after the RPA robot receives a processing instruction of a user, the task processing device based on the AI and the RPA can control the RPA robot to process the alarm task according to the processing instruction.
In summary, when the level is greater than or equal to the level threshold, the alarm task is provided for the user to obtain a processing instruction of the user, and the RPA robot is controlled to process the alarm task according to the processing instruction, so that the accuracy of the RPA robot in processing the alarm task to be processed can be improved.
In order to improve the response timeliness of the security event, as shown in fig. 9, fig. 9 is a schematic diagram of a task processing method based on AI and RPA according to another embodiment of the present application. In the embodiment of the application, after the RPA robot is controlled to process the alarm task according to the processing instruction, the third-party defense library can be updated according to the task to be processed and the processing instruction. The embodiment shown in fig. 9 may include the following steps:
And step 902, when the grade is greater than or equal to the grade threshold value, providing the alarm task for the user to obtain a processing instruction of the user.
And step 903, controlling the RPA robot to process the alarm task according to the processing instruction.
And 904, updating the third-party defense library according to the alarm task to be processed and the processing instruction.
In the embodiment of the application, after the RPA robot is controlled to process the alarm task according to the processing instruction, the third-party defense library can be updated according to the alarm task to be processed and the processing instruction, so that the third-party defense library can filter the alarm task.
In summary, after the RPA robot is controlled to process the alarm task according to the processing instruction, the third party defense library may be updated according to the task to be processed and the processing instruction, so that the third party defense library filters the alarm task.
In order to make the present application more clear to those skilled in the art, the description will now be made by way of example.
As shown in fig. 10, the alert task is at least one of the following tasks: an alarm task that may be generated from an attack operation directed to a network or security infrastructure; the method comprises the steps of generating an alarm task aiming at the attack operation of the cloud application and generating an alarm task aiming at the attack operation of a work order system, a cooperation system and an operation and maintenance system, then filtering the generated alarm task through a third party defense library (such as a third party TIP), determining the alarm task to be processed, diagnosing the alarm task to be processed through alarms, and determining whether the alarm task needs to be responded and processed. For example, the alert tasks may be automatically triaged, after which it may be determined whether some alert tasks require response and processing, and for alert tasks for which the automatic triage cannot determine whether response and processing are required, manual triage of the alert tasks may be required to determine whether the alert tasks require response and processing. Further, for the alarm tasks needing to be responded and processed, the level of the alarm tasks is determined according to the characteristics of the alarm tasks, when the level of the alarm tasks is lower than a preset level threshold value, the RPA robot (unattended) responds and processes the alarm tasks according to the processing strategies corresponding to the alarm tasks, the RPA robot cannot automatically process the alarm tasks according to the processing instructions and can provide the alarm tasks for users, the users can analyze the alarm tasks and obtain the processing instructions, man-machine interaction is carried out through an interactive interface, the processing instructions are sent to the RPA robot, and the RPA robot is controlled to process the alarm tasks according to the processing instructions of the users. It should be noted that the RPA robot may execute the processing of the alarm task on an SOC (system on chip) or a situational awareness system, asset and vulnerability management, or zero trust management platform.
The task processing method based on AI and RPA determines the alarm task to be processed and the level of the alarm task; when the grade is smaller than a preset grade threshold value, acquiring a processing strategy corresponding to the alarm task; and controlling the RPA robot to process the alarm task according to the processing strategy. Therefore, the RPA robot is controlled to process the alarm task according to the processing strategy, the alarm task can be automatically processed, the problem that safety response is not timely due to shortage of safety operators and insufficient skills is avoided, and the efficiency of safety operation is improved.
Corresponding to the AI-and RPA-based task processing methods proposed in the above embodiments, an embodiment of the present application also proposes a task processing device based on AI and RPA, and since the AI-and RPA-based task processing device proposed in the embodiment of the present application corresponds to the AI-and RPA-based task processing methods proposed in the above embodiments, the above embodiments of the AI-and RPA-based task processing method are also applicable to the AI-and RPA-based task processing device proposed in the embodiment of the present application, and will not be described in detail in the following embodiments.
Fig. 11 is a schematic structural diagram of an AI-and-RPA-based task processing device according to an embodiment of the present application, and as shown in fig. 11, the AI-and-RPA-based task processing device 1100 includes: a determination module 1110, an acquisition module 1120, and a processing module 1130.
The determining module 1110 is configured to determine an alarm task to be processed and a level of the alarm task; an obtaining module 1120, configured to obtain a processing policy corresponding to the alarm task when the level is less than a preset level threshold; and the processing module 1130 is configured to control the RPA robot to process the alarm task according to the processing policy.
As a possible implementation manner of the embodiment of the present disclosure, the determining module is specifically configured to: determining the alarm task to be processed, and extracting the characteristic information of the alarm task based on a natural language processing technology (NLP); and determining the grade of the alarm task according to the characteristic information.
As a possible implementation manner of the embodiment of the present disclosure, the determining module 1110 determines that the alarm task to be processed is at least one of the following tasks: generating an alarm task according to the attack operation aiming at the network; an alarm task generated according to an attack operation for a security infrastructure; and generating an alarm task according to the attack operation aiming at the cloud application.
As a possible implementation manner of the embodiment of the present disclosure, the task processing device 1100 based on AI and RPA further includes: a module is provided.
The providing module is used for providing the alarm task to a user to acquire a processing instruction of the user when the grade is greater than or equal to a grade threshold value; and the processing module is also used for controlling the RPA robot to process the alarm task according to the processing instruction.
As a possible implementation manner of the embodiment of the present disclosure, the alarm task is an alarm task filtered by a third-party defense library; the AI and RPA based task processing device 1100 further includes: and updating the module.
And the updating module is used for updating the third-party defense library according to the to-be-processed alarm task and the processing instruction.
As a possible implementation of the embodiment of the present disclosure, the processing policy includes at least one of the following policies: closing the IP address, closing the URL, changing the domain name and changing the hash value of the file.
As a possible implementation manner of the embodiment of the present disclosure, the task processing device 1100 based on AI and RPA further includes: and a storage module.
The storage module is used for acquiring and storing the intermediate processing data of the alarm task in the processing process of the alarm task.
The task processing device based on the AI and the RPA determines the alarm task to be processed and the level of the alarm task; when the grade is smaller than a preset grade threshold value, acquiring a processing strategy corresponding to the alarm task; and controlling the RPA robot to process the alarm task according to the processing strategy. Therefore, the RPA robot is controlled to process the alarm task according to the processing strategy, the alarm task can be automatically processed, the problem that safety response is not timely due to shortage of safety operators and insufficient skills is avoided, and the efficiency of safety operation is improved.
There is also provided, in accordance with an embodiment of the present application, an electronic device, a readable storage medium, and a computer program product.
As shown in fig. 12, the embodiment of the present application is a block diagram of an electronic device based on an AI and RPA task processing method. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the present application that are described and/or claimed herein.
As shown in fig. 12, the electronic apparatus includes: one or more processors 1201, memory 1202, and interfaces for connecting the various components, including a high speed interface and a low speed interface. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the electronic device, including instructions stored in or on the memory to display graphical information of a GUI on an external input/output apparatus (such as a display device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each device providing portions of the necessary operations (e.g., as a server array, a group of blade servers, or a multi-processor system). Fig. 12 illustrates an example of one processor 1201.
The memory 1202, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the generation method of the semantic representation model in the embodiment of the present application (e.g., the determining module 1110, the obtaining module 1120, and the processing module 1130 shown in fig. 11). The processor 1201 executes various functional applications of the server and data processing, i.e., implements the AI and RPA based task processing method in the above-described method embodiments, by executing non-transitory software programs, instructions, and modules stored in the memory 1202.
The memory 1202 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created from use of the electronic device according to generation of the semantic representation model, and the like. Further, the memory 1202 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 1202 may optionally include a memory remotely located from the processor 1201, and these remote memories may be connected to the AI and RPA based task processing electronic device through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The electronic device based on the AI and RPA task processing method may further include: an input device 1203 and an output device 1204. The processor 1201, the memory 1202, the input device 1203, and the output device 1204 may be connected by a bus or other means, and the bus connection is exemplified in fig. 12.
The input device 1203 may receive input numeric or character information and generate key signal inputs related to user settings and function controls of the electronic device for generation of the semantic representation model, such as a touch screen, a keypad, a mouse, a track pad, a touch pad, a pointer, one or more mouse buttons, a track ball, a joystick, and like input devices. The output devices 1204 may include a display device, auxiliary lighting devices (e.g., LEDs), tactile feedback devices (e.g., vibrating motors), and the like. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, and the present invention is not limited thereto as long as the desired results of the technical solutions disclosed in the present application can be achieved.
The above-described embodiments should not be construed as limiting the scope of the present application. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (17)
1. A task processing method based on artificial intelligence AI and robot flow automation RPA is characterized by comprising the following steps:
determining an alarm task to be processed and the grade of the alarm task;
when the grade is smaller than a preset grade threshold value, acquiring a processing strategy corresponding to the alarm task;
and controlling the RPA robot to process the alarm task according to the processing strategy.
2. The method of claim 1, wherein determining the alert task to be processed and the level of the alert task comprises:
determining the alarm task to be processed, and extracting the characteristic information of the alarm task based on a natural language processing technology (NLP);
and determining the grade of the alarm task according to the characteristic information.
3. Method according to claim 1 or 2, characterized in that the alert task to be processed is at least one of the following tasks:
generating an alarm task according to the attack operation aiming at the network;
an alarm task generated according to an attack operation for a security infrastructure;
and generating an alarm task according to the attack operation aiming at the cloud application.
4. The method of claim 1, further comprising:
when the grade is greater than or equal to the grade threshold value, providing the alarm task for a user to obtain a processing instruction of the user;
and controlling the RPA robot to process the alarm task according to the processing instruction.
5. The method of claim 4, wherein the alert task is an alert task filtered by a third party defense repository;
after controlling the RPA robot to process the alarm task according to the processing instruction, the method further comprises the following steps:
and updating the third party defense library according to the to-be-processed alarm task and the processing instruction.
6. The method of claim 1, wherein the processing policy comprises at least one of:
closing the IP address, closing the URL, changing the domain name and changing the hash value of the file.
7. The method of claim 1 or 4, further comprising:
and acquiring and storing intermediate processing data of the alarm task in the processing process of the alarm task.
8. A task processing device based on artificial intelligence AI and robot flow automation RPA, characterized by comprising:
the determining module is used for determining the alarm task to be processed and the grade of the alarm task;
the acquisition module is used for acquiring a processing strategy corresponding to the alarm task when the grade is smaller than a preset grade threshold value;
and the processing module is used for controlling the RPA robot to process the alarm task according to the processing strategy.
9. The apparatus of claim 8, wherein the determining module is specifically configured to:
determining the alarm task to be processed, and extracting the characteristic information of the alarm task based on a natural language processing technology (NLP);
and determining the grade of the alarm task according to the characteristic information.
10. The apparatus of claim 8 or 9, wherein the determination module determines the alert task to be processed to be at least one of:
generating an alarm task according to the attack operation aiming at the network;
an alarm task generated according to an attack operation for a security infrastructure;
and generating an alarm task according to the attack operation aiming at the cloud application.
11. The apparatus of claim 8, further comprising:
the providing module is used for providing the alarm task for the user to obtain a processing instruction of the user when the grade is greater than or equal to the grade threshold;
and the processing module is also used for controlling the RPA robot to process the alarm task according to the processing instruction.
12. The apparatus of claim 11, wherein the alert task is an alert task filtered by a third party defense repository;
the device further comprises: and the updating module is used for updating the third-party defense library according to the to-be-processed alarm task and the processing instruction.
13. The apparatus of claim 8, wherein the processing policy comprises at least one of:
closing the IP address, closing the URL, changing the domain name and changing the hash value of the file.
14. The apparatus of claim 8 or 11, further comprising:
and the storage module is used for acquiring and storing the intermediate processing data of the alarm task in the processing process of the alarm task.
15. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
16. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-7.
17. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110680945.2A CN113553147A (en) | 2021-06-18 | 2021-06-18 | Task processing method and device based on AI and RPA |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110680945.2A CN113553147A (en) | 2021-06-18 | 2021-06-18 | Task processing method and device based on AI and RPA |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113553147A true CN113553147A (en) | 2021-10-26 |
Family
ID=78102213
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110680945.2A Pending CN113553147A (en) | 2021-06-18 | 2021-06-18 | Task processing method and device based on AI and RPA |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113553147A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115016960A (en) * | 2022-08-08 | 2022-09-06 | 杭州实在智能科技有限公司 | Configurable RPA robot full-flow information notification processing method and system |
-
2021
- 2021-06-18 CN CN202110680945.2A patent/CN113553147A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115016960A (en) * | 2022-08-08 | 2022-09-06 | 杭州实在智能科技有限公司 | Configurable RPA robot full-flow information notification processing method and system |
| CN115016960B (en) * | 2022-08-08 | 2022-11-11 | 杭州实在智能科技有限公司 | Configurable RPA robot full-flow information notification processing method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Dietz et al. | Integrating digital twin security simulations in the security operations center | |
| JP7373611B2 (en) | Log auditing methods, equipment, electronic equipment, media and computer programs | |
| Colabianchi et al. | Discussing resilience in the context of cyber physical systems | |
| CN112351031A (en) | Generation method and device of attack behavior portrait, electronic equipment and storage medium | |
| CN111831512A (en) | Method and device for checking operation and maintenance abnormity, electronic equipment and storage medium | |
| WO2018111355A1 (en) | Content-level anomaly detection for heterogeneous logs | |
| CN113395251A (en) | Machine learning safety scene detection method and device | |
| CN113553147A (en) | Task processing method and device based on AI and RPA | |
| CN109981594A (en) | Network security situational awareness method based on big data | |
| CN112732539A (en) | Data responsibility adjustment early warning method and system based on personnel organization and post information transaction | |
| CN117061368A (en) | Automatic recognition method, device, equipment and medium for bypassing fort machine behaviors | |
| CN116633663A (en) | Network threat detection system, method, equipment and storage medium | |
| CN109739724A (en) | Data monitoring method, system, electronic equipment and storage medium | |
| CN115484326A (en) | Method, system and storage medium for processing data | |
| CN111416744B (en) | Method and device for monitoring and alarming on internet | |
| Trifonov et al. | Applying the experience of artificial intelligence methods for information systems cyber protection at industrial control systems | |
| US9379897B1 (en) | Method and apparatus for providing an interactive hierarchical entitlement map | |
| CN114039742A (en) | Vulnerability management method, system, device and storage medium | |
| Naukudkar et al. | Enhancing performance of security log analysis using correlation-prediction technique | |
| CN111767585A (en) | Object identification method and device, electronic equipment and storage medium | |
| CN112822302A (en) | Data normalization method and device, electronic equipment and storage medium | |
| Manyfield-Donald et al. | The Current State of Fingerprinting in Operational Technology Environments | |
| CN115378746B (en) | Network intrusion detection rule generation method, device, equipment and storage medium | |
| Khadraoui et al. | Critical infrastructures governance exploring scada cybernetics through architectured policy semantic | |
| Khan et al. | Cyber Threat Hunting: A Cognitive Endpoint Behavior Analytic System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |