CN113901464A

CN113901464A - Artificial intelligence safety architecture system and method based on service arrangement and related equipment

Info

Publication number: CN113901464A
Application number: CN202111033422.5A
Authority: CN
Inventors: 裘晓峰; 张孟鑫; 周书亚
Original assignee: Beijing University of Posts and Telecommunications
Current assignee: Beijing University of Posts and Telecommunications
Priority date: 2021-09-03
Filing date: 2021-09-03
Publication date: 2022-01-07

Abstract

The system acquires application data through an acquisition module, the arrangement module selects a corresponding defense algorithm from a resource pool based on specific attributes of the application data to generate a defense service chain, a judgment module detects the application data through the defense service chain so as to judge whether the current application data is attack data, and finally a judgment result is output through an output module. Therefore, a system defense framework is established, dynamic scheduling of safety protection services according to application data characteristics is achieved, detection and defense performance bottlenecks can be broken through, real-time attack resistance detection on single data granularity can be provided, and the defense mechanism and the application services are integrated, so that the defense mechanism is seamlessly embedded into a safety framework in the existing cloud and NFV (network function virtualization) network, and safety protection of cloud deployment and multi-service multi-application is supported.

Description

Artificial intelligence safety architecture system and method based on service arrangement and related equipment

Technical Field

The present disclosure relates to the field of computer security technologies, and in particular, to a system and a method for artificial intelligence security architecture based on service orchestration, and a related device.

Background

The artificial intelligence application is deep into various fields such as automatic driving, industrial internet and the like, mature models and algorithms are packaged and are called by developers, deep learning models are provided by cloud providers through open interfaces to help the developers to develop the application more efficiently, and even deep learning applications with higher fine granularity and stronger performance are provided for the developers through new cloud service architectures such as function computing and Serverless.

However, the application of artificial intelligence is severely threatened by various forms of counterattack, such as data poisoning, backdoor implantation, decision escape, and the like. A great deal of research is carried out on both attacking and defending parties, and new attacking methods and defending methods are continuously discovered, but the existing technology cannot provide good safety protection capability.

Disclosure of Invention

In view of the above, the present disclosure is directed to an artificial intelligence security architecture system, method and related device based on service orchestration.

Based on the above object, the present disclosure provides an artificial intelligence security architecture system based on service orchestration, comprising:

the acquisition module is used for acquiring application data and determining the data type of the application data;

the arrangement module is used for determining a corresponding defense algorithm set according to the data type and generating at least two stages of defense service chains based on the defense algorithm set, wherein the defense service chains consist of a first-stage feature transformation detection algorithm and at least one stage of defense algorithms in the defense algorithm set;

the judging module is used for detecting whether the application data is attack data or not based on the defense service chain and generating a detection result;

and the output module is used for outputting the detection result and processing the application data according to the detection result.

In some embodiments, the set of defense algorithms specifically includes:

and generating the defense algorithm set corresponding to each scope by an analytic hierarchy process according to the application data and the attribute information of the application program corresponding to the application data, the scope of each defense algorithm and the mutual mobility difference matrix among the defense algorithms, wherein the scope corresponds to the data type.

In some embodiments, when the obtaining module is configured to determine the data type of the application data, the obtaining module further includes:

determining the application type of the current application program to be protected, and judging whether the data type corresponds to the application type;

and responding to the data type corresponding to the application type, and continuously executing the defense algorithm determined according to the data type.

In some embodiments, after the determining module is configured to detect whether the application data is attack data based on the defense service chain, the method further includes:

responding to the application data being the attack data, storing the attack data in a sample database;

and carrying out robustness training on the defense algorithm through the attack data in the sample database.

In some embodiments, when the output module is configured to process the application data according to the detection result, the output module further includes:

responding to the detection result as an attack data detection result;

forcibly stopping the data processing of the application data by the application program corresponding to the application data, and performing data cleaning on the application program,

or

Terminating transmission of the application data to the application program.

Based on the same conception, the present disclosure also provides an artificial intelligence security architecture method based on service arrangement, which includes:

acquiring application data and determining the data type of the application data;

determining a corresponding defense algorithm set according to the data type, and generating at least two stages of defense service chains based on the defense algorithm set, wherein the defense service chains consist of a first-stage feature transformation detection algorithm and at least one defense algorithm in the defense algorithm set;

detecting whether the application data is attack data or not based on the defense service chain, and generating a detection result;

and outputting the detection result, and processing the application data according to the detection result.

In some embodiments, the set of defense algorithms specifically includes:

and generating the defense algorithm set corresponding to each scope by an analytic hierarchy process according to the application data and the attribute information of the application corresponding to the application data, the scope of each defense algorithm and the mobility difference matrix among the defense algorithms, wherein the scope corresponds to the data type.

In some embodiments, wherein the determining the data type of the application data comprises:

Based on the same concept, the present disclosure also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method as described in any one of the above when executing the program.

Based on the same concept, the present disclosure also provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to implement the method of any one of the above.

As can be seen from the foregoing, according to the artificial intelligence security architecture system based on service orchestration, the system acquires application data through the acquisition module, the orchestration module selects a corresponding defense algorithm from the resource pool based on specific attributes of the application data to generate a defense service chain, the determination module detects the application data through the defense service chain, so as to determine whether the current application data is attack data, and finally, a determination result is output through the output module. Therefore, a system defense framework is established, dynamic scheduling of safety protection services according to application data characteristics is achieved, detection and defense performance bottlenecks can be broken through, real-time attack resistance detection on single data granularity can be provided, and the defense mechanism and the application services are integrated, so that the defense mechanism is seamlessly embedded into a safety framework in the existing cloud and NFV (network function virtualization) network, and safety protection of cloud deployment and multi-service multi-application is supported.

Drawings

In order to more clearly illustrate the embodiments of the present disclosure or technical solutions in related arts, the drawings used in the description of the embodiments or related arts will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a schematic structural diagram of an artificial intelligence security architecture system based on service orchestration according to an embodiment of the present disclosure;

fig. 2 is a schematic structural diagram of a specific detection framework of an artificial intelligence security architecture system based on service orchestration according to an embodiment of the present disclosure;

fig. 3 is a schematic workflow diagram of a specific defense service chain of an artificial intelligence security architecture system based on service orchestration according to an embodiment of the present disclosure;

FIG. 4 is a flowchart illustrating a method for an artificial intelligence security architecture based on service orchestration according to an embodiment of the disclosure;

fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure.

Detailed Description

To make the objects, technical solutions and advantages of the present specification more apparent, the present specification is further described in detail below with reference to the accompanying drawings in combination with specific embodiments.

It is to be noted that technical terms or scientific terms used in the embodiments of the present disclosure should have a general meaning as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the disclosure is not intended to indicate any order, quantity, or importance, but rather to distinguish one element from another. The word "comprising" or "comprises", and the like, means that a element, article, or method step that precedes the word, and includes the element, article, or method step that follows the word, and equivalents thereof, does not exclude other elements, articles, or method steps. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.

As described in the background section, defense against attacks is a proposed strategy for these attacks, and specific defense methods may include robust training, input transformation, model integration, and so on. However, most of the current defense algorithms only aim at a single type of specific counter attack, the defense effect of the current defense algorithms is influenced by the model structure and the attack algorithm type, and the generalization is poor. An effective countermeasure to this problem is to use the integration idea to trade time and space costs for better defense and generalization performance. However, existing research shows that although static integrated defense can be combined with a plurality of efficient defense strategies, the fixed defense mode still shows vulnerability in the face of countless and complex defense attacks; while the dynamic random integration compensates for the defense effect, a new problem is introduced: the randomly distributed defense service cannot select an optimal strategy in real time according to specific situations, and meanwhile, isomorphic phenomena exist in a randomly selected defense mechanism, so that the framework is easily influenced by attack mobility.

In addition, a technology capable of providing full-life-cycle (training phase and application phase) defense for artificial intelligent application is still lacked at present, a defense party is passive, a new defense is often broken by a later attack method quickly, and the existing defense method cannot cope with the newly researched attack method.

The countersample problem is likely to be a security threat associated with the deep neural network, and a defense strategy needs to be considered from the overall security architecture level outside the algorithm. The development of artificial intelligence has made it a general computing resource, such as network and system security, which needs to research how to reinforce on one hand and establish an independent security protection system to ensure its security on the other hand.

The current defense mechanisms are tightly coupled with models and applications, most of the defense mechanisms are based on the training process of a defense object model, and the defense method based on input transformation is closely associated with the applications, so that the current defense method can be singly customized for one defense object and is greatly limited in practical engineering application. For example: 1) in actual engineering, due to reasons such as data change and the like, retraining or incremental learning of the model is often required, and a defense mechanism which is required to be trained simultaneously with a defense object model greatly increases operation and maintenance cost; 2) the existing mechanism cannot be deployed at a cloud end to serve multi-tenant and multi-application, but only can be trained and deployed by tenants, so that high requirements are provided for the operation and maintenance capacity of users, and many users do not have the safety operation and maintenance capacity of an artificial intelligent application system after project construction is completed, so that the safety protection capacity is in synchronous and nominal form step by step after the online operation.

Although the framework of statically integrating various defense mechanisms can alleviate the problems, the static integration enables a defense party to be in the disadvantage of a completely passive attack and defense game, and a model deployment attacking party can guess the specific defense combination of the model through a large batch of attacks, so that the attack mode is modified in a targeted manner. Related studies have also demonstrated the vulnerability of statically integrated defenses.

The random dynamic integration defense adopts a randomization measure, so that an attacker is prevented from easily exploring a specific defense mechanism, and the introduction of randomization causes other problems: 1) for a certain antagonistic sample, theoretically, an optimal transformation method always exists to achieve the best defense effect. The random transformation not only influences the decision performance of the model on normal samples, but also cannot achieve the optimal defense effect. 2) When various input transformation methods are integrated for defense, the random selection of input transformation cannot guarantee the dispersion among the transformation methods, and particularly when the defense methods are isomorphic, the integrated defense only increases the cost but cannot effectively improve the performance; in the current integrated defense, the migration is lack of research, the integrated defense mechanism cannot ensure low migration, so that the attack migrates among different defenses, the possibility of migration of the confrontation sample after each transformation still exists, the integration performance is reduced, and the model is more vulnerable to the migration attack.

Although the integrated defense has better defense performance, no matter static integrated defense or random dynamic integrated defense, high cost and high resource consumption are caused by integrating and applying a large number of defense mechanisms, the current defense mechanisms are required to be tightly coupled with a business model, and particularly along with the development of edge computing, when an artificial intelligence technology is applied to edge equipment with limited capability and wide distribution, the tightly coupled integrated defense is difficult to be practically applied.

In combination with the above practical situation, the embodiment of the present disclosure provides an artificial intelligence security architecture system based on service orchestration, the system acquires application data through an acquisition module, the orchestration module selects a corresponding defense algorithm from a resource pool based on specific attributes of the application data to generate a defense service chain, a determination module detects the application data through the defense service chain to determine whether the current application data is attack data, and a final determination result is output through an output module, thereby establishing a system defense framework to implement dynamic scheduling of security protection services according to characteristics of the application data, which not only breaks through detection and defense performance bottlenecks, but also provides real-time detection of attack resistance at a single data granularity, and integrates a defense mechanism with the application service to enable the defense mechanism to be seamlessly embedded into security architectures in existing cloud and NFV (network function virtualization) networks, and safety protection of cloud deployment and multi-service multi-application is supported.

The service-based data is an extension based on the type of the application data, that is, the application data and the service applied by the data. Thereafter, the architecture refers to an abstract description of the overall structure and components of the system.

Referring to fig. 1, a schematic structural diagram of a disclosed artificial intelligence security architecture system based on service orchestration specifically includes:

the obtaining module 110 is configured to obtain application data and determine a data type of the application data.

The module is used for determining the type of the current application data so as to facilitate the determination of the corresponding defense algorithm set in the subsequent steps. The application data is data to be input to an application program that needs to be protected at present, and may itself be various data, text data, image data, audio data, and the like. Thus, the data type of the application data needs to be determined to distinguish which data it is. Optionally, since the current application data needs to be input into a specific application program, it may be determined in advance whether the current application data type matches the data type required by the application program, for example, a graphics processing application program, and the corresponding data type or data format is generally bmp, jpg, png, tif, gif, pcx, tga, exif, fpx, svg, psd, cdr, pcd, dxf, ufo, eps, ai, raw, WMF, webp, avif, or the like. If the data type of the current application data does not accord with the type required by the application program, the application data can be directly removed, and the like.

The arranging module 120 is configured to determine a corresponding defense algorithm set according to the data type, and generate at least two levels of defense service chains based on the defense algorithm set, where the defense service chains are composed of a first-level feature transformation detection algorithm and at least one level of defense algorithms in the defense algorithm set.

The module is used for selecting a defense algorithm set corresponding to the data type, extracting at least one defense algorithm from the defense algorithm set and combining the defense algorithm set with a characteristic transformation detection algorithm to form a defense service chain, detecting application data through the defense service chain, and rapidly determining a defense algorithm capable of detecting the application data in various algorithms, so that the safety problem aiming at the data is converted from the establishment of a corresponding detection algorithm to the establishment of an independent safety defense service framework or system, an optimal defense service chain is dynamically arranged in a defense resource pool, and the safety defense of the full life cycle is provided for an application program. The defense algorithm set is an algorithm set which integrates various defense detection algorithms aiming at certain data, and different defense algorithm sets exist aiming at different data types. An algorithm in a defense algorithm set, comprising: existing algorithms in the traditional security service include defense algorithms such as user behavior analysis, application recognition and network traffic analysis, and targeted deep learning model sample detection and defense algorithms such as migration robust anti-attack defense algorithms. And then, the characteristic transformation detection algorithm is a space-time arrangement algorithm. In a specific application scenario, after data enters a system, the data is firstly detected by a first type of space-time arrangement algorithm and then detected by a second type of robustness model algorithm. In a specific application scenario, by way of example, the picture application program and the picture application data (which may be audio data or text data, etc.), the protection object is a hundred-degree Api (hundred-degree smart cloud), claigai, and other application programs, wherein the first type is a space-time arrangement algorithm, the first type is a median filter in space-time transformation, and the first type is a heterogeneous defense algorithm such as picture size random transformation, picture color precision reduction, picture random rotation transformation, and mathematical statistics algorithm, and the like, the first type of algorithm plays a role in filtering out most normal samples, leaving a mixture of a small part of malicious samples and normal samples, and the mixture samples enter the second type of algorithm for special detection. The second type is a robust model, such as a deep learning model sample detection and defense algorithm, for example, a migration robust anti-attack defense algorithm, or a detection model specially trained for malicious samples, which can achieve a very high detection rate for the malicious samples. And finally, the defense service chain is an algorithm chain for detecting the application data, and the application data are sequentially detected according to each level of detection algorithm provided by the defense service chain.

The corresponding relationship between the defense algorithm set and the data type may be fixed, for example, a comparison table is set, or may be generated by training in advance, or may be generated in situ after the application data is acquired and training calculation is performed in all current defense algorithm pools. In a specific application scenario, the corresponding relation between the defense algorithm set trained in advance and the data type can improve the efficiency, save the processing space and reduce the calculation dimensionality of real-time calculation. Generally, in an off-line or idle state, introducing prior knowledge of each attack algorithm and defense service, adopting an Analytic Hierarchy Process (AHP), deciding an optimal alternative algorithm subset in each action domain according to three factors of input sample data and attributes of corresponding application programs, action domains of the defense algorithms and difference matrixes measuring mutual mobility between different defense algorithms, and constructing the defense algorithm subsets aiming at different data and application types. The scope is a scope domain of each defense algorithm acting object, and each defense algorithm necessarily has an application scope, and at least one object (or data type) with the best detection efficiency or effect exists in the application scope.

The determining module 130 is configured to detect whether the application data is attack data based on the defense service chain, and generate a detection result.

The module is used for detecting whether the application data is attack data or not by utilizing the defense service chain so as to detect whether the application data can be normally used or not and achieve the purpose of data detection. According to the defense service chain generated by the arranging module 120, the application data is detected step by step, as long as a first-level algorithm gives a malicious data judgment result with a certain confidence coefficient, the whole defense service chain can be stopped, the conclusion that the application data is attack data is given, and a detection result is generated according to the conclusion that the application data is attack data, and the detection result can also comprise other related information such as a data type corresponding to the application data. When the algorithms in all defense service chains perform detection completely and give a judgment result that the data is normal data, and or partial or all judgment results that malicious data exceeding a threshold confidence degree are not given, the application data is considered as normal data, so that a detection result is generated.

And the output module 140 is configured to output the detection result, and process the application data according to the detection result.

The module is used for outputting a detection result and processing the application data according to the detection result so as to complete the whole process of safety detection. The processing of the application data may be deleting the application data, performing data cleaning on an application program that partially executes the application data, encapsulating the application data and placing the encapsulated application data into an attack data sample base, and letting the application program process the application data, and the like.

The test result is then output, which can be used to store, display, use or rework the test result. According to different application scenarios and implementation requirements, the specific output mode of the detection result can be flexibly selected.

For example, for an application scenario in which the system of the present embodiment is executed on a single device, the detection result may be directly output in a display manner on a display section (a display, a projector, etc.) of the current device, so that an operator of the current device can directly see the content of the detection result from the display section.

For another example, for an application scenario executed by the system of this embodiment on a system composed of multiple devices, the detection result may be sent to other preset devices serving as receivers in the system, that is, the synchronization terminal, through any data communication manner (e.g., wired connection, NFC, bluetooth, wifi, cellular mobile network, etc.), so that the synchronization terminal may perform subsequent processing on the detection result. Optionally, the synchronization terminal may be a preset server, and the server is generally arranged at a cloud end and used as a data processing and storage center, which can store and distribute the detection result; the receiver of the distribution is a terminal device, and the holder or operator of the terminal device may be an application program operator, a worker responsible for acquiring and transmitting application data, a company or an individual who needs to use the application program, and the like.

For another example, for an application scenario executed by the system of this embodiment on a system composed of multiple devices, the detection result may be directly sent to a preset terminal device through any data communication manner, and the terminal device may be one or more of the foregoing paragraphs.

As can be seen from the above, in the artificial intelligence security architecture system based on service orchestration provided by the present disclosure, the acquisition module acquires application data, the orchestration module selects a corresponding defense algorithm from the resource pool based on specific attributes of the application data to generate a defense service chain, the determination module detects the application data through the defense service chain, so as to determine whether the current application data is attack data, and finally, a determination result is output through the output module. Therefore, a system defense framework is established, dynamic scheduling of safety protection services according to application data characteristics is achieved, detection and defense performance bottlenecks can be broken through, real-time attack resistance detection on single data granularity can be provided, and the defense mechanism and the application services are integrated, so that the defense mechanism is seamlessly embedded into a safety framework in the existing cloud and NFV (network function virtualization) network, and safety protection of cloud deployment and multi-service multi-application is supported.

It is noted that the above describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

In a specific application scenario, the calculation dimension of real-time calculation is reduced while the processing space is saved for improving the efficiency. The defense algorithm set specifically comprises the following steps: and generating the defense algorithm set corresponding to each scope by an analytic hierarchy process according to the application data and the attribute information of the application program corresponding to the application data, the scope of each defense algorithm and the mutual mobility difference matrix among the defense algorithms, wherein the scope corresponds to the data type.

The attribute information is various related attributes of the application data, for example, the data type is a picture, the data size is within 10M, and the like, and related attribute information of the application program. Then, the scope is the scope domain of the object acted by each defense algorithm, and each defense algorithm necessarily has an application scope, and at least one object (or data type) with the best detection efficiency or effect exists in the application scope. And then, the mutual mobility difference matrix is a matrix representing the mutual mobility difference between each defense algorithm, the mutual mobility is derived from the mobility of the anti-attack, the mobility of the anti-attack means that the anti-sample generated aiming at a certain model can mislead other models with different structures, and when the algorithm defends the anti-attack, one attack only aims at one designed algorithm and has no effect on other algorithms in the framework. Thus, the difference matrix of the mutual mobility is a mathematical expression of the algorithms designed for different counterattacks. Similarly, if the current defense algorithm can defend the current attack data, the value of the position corresponding to the difference matrix is 1, and if the defense cannot be achieved, the value is 0, and the like.

In a specific application scene, in order to discriminate application data with non-adaptive application data attributes in advance, processing resources are saved, and detection efficiency is improved. The obtaining module 110 is configured to, when determining the data type of the application data, include: determining the application type of the current application program to be protected, and judging whether the data type corresponds to the application type; and responding to the data type corresponding to the application type, and continuously executing the defense algorithm determined according to the data type.

That is, when the obtaining module 110 obtains the application data, it first determines whether the type of the application data is in accordance with the data type that can be processed by the application program to be input, and excludes the data that is not in accordance in advance, and at this time, a corresponding detection result may also be generated, for example, the application data is not adapted.

In a specific application scenario, in order to optimize the defense algorithm logic in real time or the priority degree of each defense algorithm in each defense algorithm set. The determining module 130 is configured to, after detecting whether the application data is attack data based on the defense service chain, further include: responding to the application data being the attack data, storing the attack data in a sample database; and carrying out robustness training on the defense algorithm through the attack data in the sample database.

That is, after determining that one application data is attack data, the determining module 130 may store the application data in the sample database, and may perform robustness training on the defense algorithm by using the attack data or other attack data in the sample database during idle or offline to enhance robustness of the entire detection scheme, that is, when detecting consistent or similar attack data later by using the related defense algorithm, the detection may be performed more quickly and efficiently to determine a result.

In a specific application scenario, when the detection system of the present disclosure obtains application data, corresponding application programs may be parallel or serial. That is, the detection system and the guard object application may be deployed in parallel or serially. In the former, application data is simultaneously input into a detection system architecture and a protection object, but only when the detection system architecture gives judgment of legal data, a protected application program outputs a result, when the detection system architecture gives judgment of illegal data, the data processing of the application program on the application data is forcibly stopped, and then data cleaning can be performed; when serial deployment is carried out, service data is firstly subjected to detection system architecture, only legal data can be further sent to a protected application program, and when judgment of illegal data is given, transmission of the application data is directly interrupted. That is, when the output module 140 is configured to process the application data according to the detection result, the method further includes: responding to the detection result as an attack data detection result; and forcibly stopping the data processing of the application data by the application program corresponding to the application data, and performing data cleaning on the application program, or terminating the transmission of the application data to the application program.

In a specific application scenario, a detection framework as shown in fig. 2 may be constructed, where the protection object may be an artificial intelligence application in a cloud, and a core component of the detection framework is shown in a dashed box:

1) a pool of defense resources, where various defense services are collected, including deep learning anti-attack defense algorithms (low mobility defense set in the graph), information processing based detection algorithms, and traditional security related services available for orchestration, such as behavior detection type algorithms, application recognition algorithms.

The defense resource pool is used for storing a low-mobility (namely migration robust) algorithm and other detection and defense algorithms to form a defense resource pool which can be arranged. Meanwhile, according to the detected attack data, the algorithm of the data-driven arrangement engine is solved, namely, according to the data and the application attribute, the off-line training is carried out based on the sample library to ensure the optimal detection of the attack data, so that the optimal algorithm combination and the optimal model defense effect for the current attack data are ensured.

By introducing the defense resource pool into the detection framework, the construction of the defense resource pool and the core mechanism of the defense resource pool are specifically researched, and based on the construction, the storage detection and defense algorithms are divided according to different subsets, so that the defense resource pool can be dynamically and reasonably scheduled according to the attributes of the application data, and the optimal defense effect is achieved.

2) The orchestration engine (i.e., the orchestration module) is how to select a detection algorithm from the detection resource pool according to the data and application attributes to construct an optimal detection service chain.

The orchestration engine is used for selecting a group of services from the defense resource pool, generating a combination mode of the services, and finally obtaining a service chain with a specific sequence. In the arranging method, the service chain can be arranged according to a certain static strategy, and compared with the statically defined service arranging method, the data-driven arranging method can give out a dynamic service arranging result according to each step state of data analysis, so that the optimal service chain for the current data is ensured, and the optimal dynamic defense of single data granularity is realized.

By introducing the data-driven arrangement engine into the detection framework, a plurality of attack detection and defense algorithms with different principles can be dynamically arranged according to the data in the user service request and the artificial intelligence application types of the protection objects, so that the optimal defense mechanism combination for each data sample is achieved, and the performance bottleneck of the integrated defense mechanism is broken through.

The orchestrated objects of the orchestration engine are algorithms that can be selected in the defense resource pool, including: 1) the existing algorithm in the traditional security service can also be applied to the architecture provided by the project, such as user behavior analysis, application identification, network flow analysis and the like; 2) a deep learning model sample detection and defense algorithm, such as a migration robust anti-attack defense algorithm researched by the project, can be continuously added to cope with the change of data space-time characteristics and the development of new services.

3) The judger (i.e. the judging module) judges whether the input data is normal data or malicious data according to the final output result of the service chain, if possible, further provides a malicious sample type (attack type), and further provides an execution defense mechanism (e.g. cleaning malicious samples).

4) And collecting the malicious samples and judgment conclusions thereof in a sample library for training a defense algorithm in a defense resource pool.

The sample library is used for storing the detected attack data, and finally a storage unit suitable for the integrated defense mechanism based on service arrangement is obtained. In the storage method, the result obtained by following the defense service chain generated by the strategy dynamic arrangement algorithm, namely the input data is detected and processed by a plurality of defense algorithms until the judger gives a judgment or cleaning result with certain confidence coefficient, and the result is stored according to the characteristics obtained by the algorithm judger.

By introducing the sample library into the detection framework, the training data can be used for off-line training of each algorithm in the defense resource pool, and the optimal detection performance and defense performance of attack detection and defense models of different principles driving arrangement engine arrangement are ensured based on the training data, so that the accuracy and reliability of the whole defense mechanism are ensured.

Then, the detection framework gives approximate solutions by using the attribute analysis of the attack sample, the prior knowledge of the attack and the defense, and the service parameters (such as the migration robustness measurement) of the defense service, and comprises the following steps: firstly, utilizing an analytic hierarchy process to make an offline decision to arrange a defense subset of an algorithm scope, and reducing the calculation dimensionality of an arrangement algorithm; and then, constructing a neural network model to solve dynamic programming on the defense subset, and obtaining programming engine parameters through pre-training, so that the real-time solution of the programming engine with single data granularity can be achieved during online programming. Specifically, firstly, the method is carried out off-line, the prior knowledge of each attack algorithm and each defense service is introduced, an Analytic Hierarchy Process (AHP) is adopted, an optimal alternative algorithm subset in each arrangement action domain is decided according to three factors of the attribute of input data and application, the action domain space of an anti-defense algorithm and a difference matrix for measuring the mutual mobility between different anti-defense algorithms, the defense algorithm subsets aiming at different data and application types are constructed, the action domain space of an arrangement engine is reduced, and the calculation dimensionality of the on-line arrangement engine is reduced. Then, as shown in fig. 3, a workflow diagram of a specific defense service chain is performed on line, and when a data arrives, a defense algorithm subset to be arranged is selected according to a data type (picture, video, text, program binary data, etc.), and then an integrated defense service chain is dynamically arranged by an offline-trained selector. Taking a secondary service chain as an example, the first stage is to select a defense method from the optimal alternative defense algorithm subset, one defense method can be randomly selected from the existing feature transformation class detection defense algorithms, the second stage defense mechanism can set a plurality of defense algorithms in the optimal alternative defense algorithm subset which can be arranged, and finally the output of the engine solution is arranged.

Therefore, safety problems related to data are dealt with by an independent safety defense service, a defense service for artificial intelligence and deep learning application is provided in a detection framework, an integrated defense framework based on service arrangement is constructed mainly by utilizing service dynamic arrangement capacity of a network and a cloud center, an optimal defense service chain is dynamically arranged from a defense resource pool according to data and application attributes of a defense object, and safety defense of the whole life cycle is provided for artificial intelligence application.

Based on the same concept, the present disclosure also provides an artificial intelligence security architecture method based on service orchestration, corresponding to the artificial intelligence security architecture system based on service orchestration of any of the above embodiments.

Referring to fig. 4, the detection method includes:

step 401, acquiring application data, and determining a data type of the application data;

step 402, determining a corresponding defense algorithm set according to the data type, and generating at least two stages of defense service chains based on the defense algorithm set, wherein the defense service chains are composed of a first-stage feature transformation detection algorithm and at least one stage of defense algorithms in the defense algorithm set;

step 403, detecting whether the application data is attack data or not based on the defense service chain, and generating a detection result;

and 404, outputting the detection result, and processing the application data according to the detection result.

The method of the foregoing embodiment is applied to the corresponding system in the foregoing embodiment, and the description of the specific content included in each step and the corresponding beneficial effects have been already related to the embodiment of the foregoing system, so that details are not described again in this embodiment.

As an optional embodiment, the set of defense algorithms specifically includes:

As an optional embodiment, the determining the data type of the application data includes:

As an optional embodiment, after detecting whether the application data is attack data based on the defense service chain, the method further includes:

As an optional embodiment, the processing the application data according to the detection result includes:

responding to the detection result as an attack data detection result;

or

Terminating transmission of the application data to the application program.

Based on the same concept, corresponding to any embodiment of the method, the present disclosure further provides an electronic device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor executes the computer program to implement the artificial intelligence security architecture method based on service orchestration according to any embodiment.

Fig. 5 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the electronic device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.

The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.

The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.

The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.

The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).

Bus 1050 includes a path that transfers information between various components of the device, such as processor 1010, memory 1020, input/output interface 1030, and communication interface 1040.

It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.

The electronic device of the foregoing embodiment is used to implement the corresponding artificial intelligence security architecture method based on service orchestration in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.

Based on the same concept, the present disclosure also provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the artificial intelligence security architecture method based on service orchestration according to any of the above embodiments, corresponding to any of the above embodiment methods.

Computer-readable media of the present embodiments, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.

The computer instructions stored in the storage medium of the foregoing embodiment are used to enable the computer to execute the artificial intelligence security architecture method based on service orchestration according to any of the foregoing embodiments, and have the beneficial effects of corresponding method embodiments, which are not described herein again.

Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the present disclosure, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present disclosure as described above, which are not provided in detail for the sake of brevity.

In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown in the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the disclosure. Furthermore, devices may be shown in block diagram form in order to avoid obscuring embodiments of the present disclosure, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the present disclosure are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that the embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.

While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.

The disclosed embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalents, improvements, and the like that may be made within the spirit and principles of the embodiments of the disclosure are intended to be included within the scope of the disclosure.

Claims

1. An artificial intelligence security architecture system based on service orchestration, comprising:

2. The system according to claim 1, wherein the set of defense algorithms is specifically:

3. The system of claim 1, wherein the obtaining module, when determining the data type of the application data, further comprises:

4. The system of claim 1, wherein the determining module, after detecting whether the application data is attack data based on the defense service chain, further comprises:

5. The system of claim 1, wherein the output module, when processing the application data according to the detection result, further comprises:

responding to the detection result as an attack data detection result;

or

Terminating transmission of the application data to the application program.

6. An artificial intelligence security architecture method based on service orchestration, comprising:

7. The method according to claim 6, wherein the set of defense algorithms is specifically:

8. The method of claim 6, wherein the determining the data type of the application data comprises:

9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 6 to 8 when executing the program.

10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to implement the method of any one of claims 6 to 8.