CN114143059A - Safety protection index optimization method based on big data information safety and AI system - Google Patents

Safety protection index optimization method based on big data information safety and AI system Download PDF

Info

Publication number
CN114143059A
CN114143059A CN202111413753.1A CN202111413753A CN114143059A CN 114143059 A CN114143059 A CN 114143059A CN 202111413753 A CN202111413753 A CN 202111413753A CN 114143059 A CN114143059 A CN 114143059A
Authority
CN
China
Prior art keywords
protection
information
data
intelligence
support
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111413753.1A
Other languages
Chinese (zh)
Other versions
CN114143059B (en
Inventor
周全
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Renjia Information Technology Co ltd
Original Assignee
Weifang Anxin Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Weifang Anxin Intelligent Technology Co ltd filed Critical Weifang Anxin Intelligent Technology Co ltd
Priority to CN202111413753.1A priority Critical patent/CN114143059B/en
Publication of CN114143059A publication Critical patent/CN114143059A/en
Application granted granted Critical
Publication of CN114143059B publication Critical patent/CN114143059B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/302Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information gathering intelligence information for situation awareness or reconnaissance

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Evolutionary Computation (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the invention provides a safety protection index optimization method based on big data information safety and an AI system, by obtaining the protection co-activity data of the attack protection service system for the updated security protection firmware, performing intelligence mining on the collaborative situation information of the protection collaborative instruction sequence corresponding to the protection collaborative activity data to obtain collaborative intelligence data of the protection collaborative instruction sequence corresponding to the protection collaborative activity data, determining intelligence main body data corresponding to the protection collaborative activity data according to the collaborative intelligence data, performing key collaborative activity node marking on the protection collaborative activity data based on the intelligence main body data corresponding to the protection collaborative activity data, and optimizing the cooperative instruction configuration information of the corresponding target protection cooperative instruction sequence based on the protection cooperative activity data sequence corresponding to each labeled key cooperative activity node. Thereby improving the reliability of safety protection.

Description

Safety protection index optimization method based on big data information safety and AI system
Technical Field
The invention relates to the technical field of information security analysis, in particular to a safety protection index optimization method based on big data information security and an AI system.
Background
The internet information technology brings convenience to users and also brings threats, and the information security problem is one of the problems. Nowadays, the events of the cloud service being attacked are frequent, and how to ensure the information security of the cloud service is a problem that the operation and maintenance world pays attention to widely.
Generally, the cloud service deploys the attack protection service responding to the attack event, and then attack protection is performed on the attack event, a plurality of attack protection events can be generated in the process, and the attack protection events can reflect the threat information condition of the current cloud service, so that the threat information prediction is performed based on the attack protection events, and the subsequent optimization of the safety protection index can be facilitated. However, in the related art solutions, the cooperative event of the related protection activity is not considered, and there is a disadvantage in optimizing the reliability of the cooperative protection behavior.
Disclosure of Invention
In order to overcome at least the above disadvantages in the prior art, the present invention provides a safety protection index optimization method and AI system based on big data information security.
In a first aspect, the present invention provides a safety protection index optimization method based on big data information safety, which is applied to an AI system, wherein the AI system is in communication connection with a plurality of attack protection service systems, and the method includes:
updating safety protection firmware to the attack protection service system based on target key threat intelligence corresponding to target attack protection event data, and acquiring protection cooperative activity data of the attack protection service system aiming at the updated safety protection firmware;
performing information mining on the cooperative situation information of the protection cooperative instruction sequence corresponding to the protection cooperative activity data to obtain cooperative information data of the protection cooperative instruction sequence corresponding to the protection cooperative activity data;
determining intelligence main body data corresponding to the protection cooperative activity data according to the cooperative intelligence data;
performing key collaborative activity node marking on the protection collaborative activity data based on the intelligence main body data corresponding to the protection collaborative activity data to obtain a corresponding protection collaborative activity data sequence under each marked key collaborative activity node;
and optimizing the cooperative instruction configuration information of the corresponding target protection cooperative instruction sequence based on the corresponding protection cooperative activity data sequence under each labeled key cooperative activity node.
In a second aspect, an embodiment of the present invention further provides a big data information security-based security protection index optimization system, where the big data information security-based security protection index optimization system includes an AI system and multiple attack protection service systems in communication connection with the AI system;
the AI system is configured to:
updating safety protection firmware to the attack protection service system based on target key threat intelligence corresponding to target attack protection event data, and acquiring protection cooperative activity data of the attack protection service system aiming at the updated safety protection firmware;
performing information mining on the cooperative situation information of the protection cooperative instruction sequence corresponding to the protection cooperative activity data to obtain cooperative information data of the protection cooperative instruction sequence corresponding to the protection cooperative activity data;
determining intelligence main body data corresponding to the protection cooperative activity data according to the cooperative intelligence data;
performing key collaborative activity node marking on the protection collaborative activity data based on the intelligence main body data corresponding to the protection collaborative activity data to obtain a corresponding protection collaborative activity data sequence under each marked key collaborative activity node;
and optimizing the cooperative instruction configuration information of the corresponding target protection cooperative instruction sequence based on the corresponding protection cooperative activity data sequence under each labeled key cooperative activity node.
In any of the above aspects, by obtaining the protection cooperative activity data of the attack protection service system for the updated security protection firmware, performing intelligence mining on the collaborative situation information of the protection collaborative instruction sequence corresponding to the protection collaborative activity data to obtain collaborative intelligence data of the protection collaborative instruction sequence corresponding to the protection collaborative activity data, determining intelligence main body data corresponding to the protection collaborative activity data according to the collaborative intelligence data, performing key collaborative activity node marking on the protection collaborative activity data based on the intelligence main body data corresponding to the protection collaborative activity data, and optimizing the cooperative instruction configuration information of the corresponding target protection cooperative instruction sequence based on the protection cooperative activity data sequence corresponding to each labeled key cooperative activity node. Therefore, the cooperative events of the related protection activities can be further considered in the protection process, and the reliability of the subsequent cooperative protection can be improved after the related protection cooperative instruction sequence is optimized.
Drawings
Fig. 1 is a schematic application environment diagram of a security protection index optimization system based on big data information security according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a security protection index optimization method based on big data information security according to an embodiment of the present invention;
fig. 3 is a schematic block diagram of a structure of an AI system for implementing the safety protection index optimization method based on big data information safety according to the embodiment of the present invention.
Detailed Description
Fig. 1 is a schematic application environment diagram of a security protection index optimization system 10 based on big data information security according to an embodiment of the present invention. The big data information security-based security protection index optimization system 10 may include an AI system 100 and an attack protection service system 200 communicatively connected to the AI system 100. The big data information security-based safety protection index optimization system 10 shown in fig. 1 is only one possible example, and in other possible embodiments, the big data information security-based safety protection index optimization system 10 may also include only at least some of the components shown in fig. 1 or may also include other components.
In some designs of independent concepts, the AI system 100 and the attack protection service system 200 in the big data information security-based security protection index optimization system 10 may cooperatively perform the big data information security-based security protection index optimization method described in the following method embodiments, and the detailed description of the method embodiments may be referred to in the following steps of the AI system 100 and the attack protection service system 200.
The big data information security-based safety protection index optimization method provided in this embodiment may be executed by the AI system 100 shown in fig. 1, and will be described in detail below.
Step S110, based on the target key threat intelligence corresponding to the target attack protection event data, updating the safety protection firmware to the attack protection service system, and acquiring the protection cooperative activity data of the attack protection service system aiming at the updated safety protection firmware.
For example, after the target key threat intelligence corresponding to the target attack protection event data is determined, the security protection firmware associated with the corresponding target key threat intelligence can be matched and updated to the attack protection service system, so that the subsequent optimization updating of the security protection firmware is facilitated.
Based on this, for the updated safety protection firmware, the inventor of the present invention finds that, from some dimensions, a related protection cooperation performance test may be performed, that is, a subsequent test may be performed based on the protection cooperation activity for the updated safety protection firmware, so as to improve the reliability of the protection cooperation. For example, the protection cooperative activity may be protection engagement activity (engagement of the protection behavior B after the protection behavior a), protection prearranged activity (for example, the prearranged condition of the protection behavior a is that the protection behavior B is executed), and the like, and the protection cooperative activity may protect cooperative performance between behaviors, so that the subsequent cooperative instruction configuration information optimization may be facilitated by the attack protection service system aiming at the protection cooperative activity data of the updated security protection firmware.
Step S120, performing intelligence mining on the collaborative situation information of the protection collaborative instruction sequence corresponding to the protection collaborative activity data, and acquiring the collaborative intelligence data of the protection collaborative instruction sequence corresponding to the protection collaborative activity data.
For example, the protection collaborative activity data may be an activity data set composed of a plurality of collaborative events, and the activity data set composed of the plurality of collaborative events reflects part of the protection collaborative instruction sequence, so that the information of the collaborative situation of the protection collaborative instruction sequence may be mined.
Step S130, determining the intelligence subject data corresponding to the protection collaborative activity data according to the collaborative intelligence data.
For example, when obtaining the collaborative intelligence data, the collaborative intelligence data may be analyzed to determine intelligence subject data corresponding to the protection collaborative activity data. For example, the intelligence subject decision network may be trained in advance, for example, a model configuration may be performed on the AI network model by collecting the reference collaborative intelligence data corresponding to the protection collaborative activity data and the corresponding intelligence subject reference data, so that the corresponding intelligence subject decision network may be obtained, and the obtained intelligence subject decision network may have performance of making an intelligence subject data decision on any collaborative intelligence data. Wherein, the intelligence main body can be used for representing the intelligence target with protection substantive function of the protection cooperative activity data.
Step S140, key cooperative activity node marking is carried out on the protection cooperative activity data based on the intelligence subject data corresponding to the protection cooperative activity data, so as to obtain a protection cooperative activity data sequence corresponding to each marked key cooperative activity node.
For example, the protection cooperative activity data may be subjected to key cooperative activity node labeling, for example, the protection cooperative activity data is subjected to key cooperative activity node labeling according to a key cooperative activity node associated with an intelligence subject, and then the key cooperative activity nodes are classified to obtain a protection cooperative activity data sequence corresponding to each labeled key cooperative activity node.
And step S150, performing cooperative instruction configuration information optimization on the corresponding target protection cooperative instruction sequence based on the corresponding protection cooperative activity data sequence under each labeled key cooperative activity node.
For example, for each key cooperative activity node, a corresponding cooperative instruction configuration information optimization template may be preset, for each key cooperative activity node, a corresponding target protection cooperative instruction sequence of an associated protection cooperative activity data sequence may correspond to the key cooperative activity node, and the cooperative instruction configuration information optimization may be performed on the corresponding target protection cooperative instruction sequence according to the cooperative instruction configuration information optimization template corresponding to each key cooperative activity node, for example, the instruction strength, the instruction duration, and the like of the target protection cooperative instruction in the target protection cooperative instruction sequence may be optimized.
By the design, by acquiring the protection cooperative activity data of the attack protection service system aiming at the updated safety protection firmware, performing intelligence mining on the collaborative situation information of the protection collaborative instruction sequence corresponding to the protection collaborative activity data to obtain collaborative intelligence data of the protection collaborative instruction sequence corresponding to the protection collaborative activity data, determining intelligence main body data corresponding to the protection collaborative activity data according to the collaborative intelligence data, performing key collaborative activity node marking on the protection collaborative activity data based on the intelligence main body data corresponding to the protection collaborative activity data, and optimizing the cooperative instruction configuration information of the corresponding target protection cooperative instruction sequence based on the protection cooperative activity data sequence corresponding to each labeled key cooperative activity node. Therefore, the cooperative events of the related protection activities can be further considered in the protection process, and the reliability of the subsequent cooperative protection can be improved after the related protection cooperative instruction sequence is optimized.
In some independent design, for step S110, an embodiment of the present invention further provides a safety protection index optimization method based on big data information safety, including the following steps.
Step R101: and acquiring supporting safety protection firmware corresponding to the target key threat intelligence based on the target key threat intelligence corresponding to the target attack protection event data.
Step R102: and acquiring simulated protection event data supporting the safety protection firmware under a plurality of simulated safety protection scenes.
Step R103: and determining simulated protection linkage data of the safety protection firmware under a plurality of simulated safety protection scenes based on the simulated protection event data of the safety protection firmware under the plurality of simulated safety protection scenes.
For example, protection participation activity data of the safety protection firmware under a plurality of simulated safety protection scenes can be obtained based on the simulated protection event data of the safety protection firmware under the plurality of simulated safety protection scenes, and the simulated protection linkage data of the safety protection firmware under each simulated safety protection scene can be obtained by performing simulated protection linkage mining on the protection participation activity data.
For example, the protection participation activity data may be participation information of the attack protection service system for the supporting security protection firmware, which is obtained by the AI system according to the supporting security protection firmware.
In some designs of independent concepts, generating protection participation activity data of the support safety protection firmware in a plurality of simulated safety protection scenes based on simulated protection event data of the support safety protection firmware in the plurality of simulated safety protection scenes on the basis of simulated protection linkage data of the support safety protection firmware in each simulated safety protection scene, includes: generating first protection participation activity data, second protection participation activity data and third protection participation activity data respectively based on the simulation protection event data of the safety protection supporting firmware under a plurality of simulation safety protection scenes; the first protection participation activity data is used for representing activity associated information between simulated protection activity category data and simulated protection linkage data, the second protection participation activity data is used for representing activity associated information between the simulated protection linkage data and presumed activity item data, and the third protection participation activity data is used for representing activity associated information between the simulated protection activity category data and the presumed activity item data; and respectively analyzing the first protection participation activity data, the second protection participation activity data and the third protection participation activity data into protection participation activity data of the safety protection supporting firmware under the plurality of simulated safety protection scenes. Therefore, the protection participation activity data of the safety protection firmware under the plurality of simulated safety protection scenes can be determined according to different protection participation activity data.
Because the first protection participation activity data and the second protection participation activity data take the simulation protection linkage data into consideration, the determination of the simulation protection linkage data of the safety protection firmware in the corresponding simulation safety protection scene can be realized through the following two implementation schemes.
In a first embodiment, if the protection participation activity data is the first protection participation activity data or the second protection participation activity data, the performing simulated protection linkage mining on the protection participation activity data to obtain the simulated protection linkage data of the support safety protection firmware under the plurality of simulated safety protection scenes includes: and carrying out simulated protection linkage excavation on the protection participation activity data to obtain simulated protection linkage data which are used as the simulated protection linkage data of the safety protection supporting firmware in the corresponding simulated safety protection scene. Because the first protection participation activity data or the second protection participation activity data contain the associated information of the simulated protection linkage data, the simulated protection linkage data can be directly obtained in a simulated protection linkage excavation mode.
In a second embodiment, if the protection participation activity data is the third protection participation activity data, the performing simulated protection linkage mining on the protection participation activity data to obtain the simulated protection linkage data of the support safety protection firmware under the plurality of simulated safety protection scenes includes: carrying out simulated protection linkage excavation on the protection participation activity data to obtain the presumed activity item data in the support safety protection firmware; protection linkage matching data of the presumed activity item data in the safety protection supporting firmware is obtained and used as protection linkage matching data corresponding to the presumed activity item data; and acquiring simulated protection linkage data based on the estimated activity item data and the corresponding protection linkage matching data, wherein the simulated protection linkage data is used as the simulated protection linkage data of the safety protection supporting firmware in the corresponding simulated safety protection scene. Therefore, the credibility of the simulated protection linkage data of the safety protection firmware under the corresponding simulated safety protection scene can be ensured according to the estimated activity item data and the corresponding protection linkage matching data.
And R104, acquiring common protection linkage data among all the supporting safety protection firmware based on the simulated protection linkage data of the supporting safety protection firmware in a plurality of simulated safety protection scenes.
For example, the protection linkage common characteristic information of every two pieces of support safety protection firmware under the multiple simulated safety protection scenes can be determined based on the simulated protection linkage data of the support safety protection firmware under the multiple simulated safety protection scenes, and the common protection linkage data between every two pieces of support safety protection firmware can be obtained based on the protection linkage common characteristic information of every two pieces of support safety protection firmware under the multiple simulated safety protection scenes.
For example, the step "obtaining common protection linkage data between each two pieces of support safety protection firmware based on protection linkage common characteristic information of each two pieces of support safety protection firmware under a plurality of simulated safety protection scenes" is realized based on the following steps: inputting protection linkage common characteristic information of every two pieces of support safety protection firmware under a plurality of simulated safety protection scenes into a common decision model for model parameter convergence; confirming the common decision information among the protection linkage common characteristic information through the common decision model; acquiring protection linkage matching data of each protection linkage common characteristic information and protection linkage matching data of each common decision information; and determining to obtain the common protection linkage data among the supporting safety protection firmware based on the common characteristic information of each protection linkage and the corresponding protection linkage matching data, the common decision information and the corresponding protection linkage matching data.
For example, in some independent designs, the common decision model may be an AI model, and by pre-training the AI model, the common decision information between each protection linkage common feature information can be obtained according to the protection linkage common feature information of each two pieces of supporting safety protection firmware under multiple simulated safety protection scenarios, and the common decision information is used to characterize the degree of sharing propensity of the different common security protection firmware, e.g., by acquiring the protection linkage matching data of each protection linkage common characteristic information and the protection linkage matching data of each common decision information, the protection linkage common characteristic information, the common decision information and the protection linkage matching data corresponding to the protection linkage common characteristic information and the common decision information can be comprehensively analyzed, therefore, the common protection linkage data among all the supporting safety protection firmware is completely obtained, and the common protection linkage data can be guaranteed to take the common decision information into consideration.
For example, in some independent designs, the common decision model may be trained by a process including: the method comprises the steps that protection linkage common characteristic information and corresponding first protection linkage matching data of example common safety protection firmware under a plurality of simulated safety protection scenes are obtained, common decision information and corresponding second protection linkage matching data of each protection linkage common characteristic information are obtained, and example common protection linkage data of each example common safety protection firmware are obtained; based on protection linkage common feature information of example common safety protection firmware in a plurality of simulated safety protection scenes and corresponding first protection linkage matching data, common decision information among each protection linkage common feature information and corresponding second protection linkage matching data, performing model configuration on the common decision model to obtain a common decision model with model parameter convergence; obtaining a loss function value between common protection linkage data output by the common decision model with the converged model parameters and corresponding example common protection linkage data; and when the loss function value is not less than the objective function value, optimizing the first protection linkage matching data and the second protection linkage matching data based on the loss function value, and performing traversal training on the common decision model based on the optimized first protection linkage matching data and the optimized second protection linkage matching data until the loss function value obtained by the common decision model based on model parameter convergence is less than the objective function value.
And step R105, determining the shared safety protection firmware based on the shared protection performance dimension of each supporting safety protection firmware based on the shared protection linkage data among the supporting safety protection firmware, and updating the safety protection firmware of the attack protection service system according to the shared safety protection firmware.
For example, in some independently contemplated designs, the step of "determining a common safeguard firmware based on a common safeguard performance dimension for each support safeguard firmware based on common safeguard linkage data between each support safeguard firmware" may include: and respectively based on the common protection linkage data among the supporting safety protection firmware, taking the supporting safety protection firmware of which the common protection performance value corresponding to the common protection linkage data among the supporting safety protection firmware is greater than the first target common protection performance value and less than the second target common protection performance value as the common safety protection firmware based on the common protection performance dimension of each supporting safety protection firmware. For example, a common protective performance value may be understood as the success rate at which firmware is scheduled in common between each of the supporting security firmware.
For example, in some independent designs, after the step "determining a common safeguard firmware based on a common safeguard performance dimension for each support safeguard firmware", the method is further implemented based on the following steps: acquiring the firmware upgrading server supporting the safety protection firmware; configuring the common safety protection firmware supporting the safety protection firmware based on the common protection performance dimension into a firmware upgrading module corresponding to the firmware upgrading server; and configuring the firmware upgrading module. For example, the firmware upgrade server is configured to characterize a cloud server that obtains the shared security protection firmware, and configure the shared security protection firmware based on the shared security protection performance dimension to a firmware upgrade module corresponding to the firmware upgrade server, which may be understood as configuring the firmware upgrade module according to the shared security protection firmware based on the shared security protection performance dimension. Configuring the firmware upgrade module may be understood as configuring in an AI system. On the basis of configuring the firmware upgrade module, the AI system may further use the firmware upgrade module in an operation flow with the attack protection service system, such as: receiving a firmware upgrading instruction sent by the attack protection service system; the firmware upgrading instruction is provided with a firmware upgrading ID corresponding to the firmware upgrading server; extracting shared safety protection firmware based on shared protection performance dimensionality from a firmware upgrading module corresponding to the firmware upgrading server; and sending the firmware upgrading information related to the shared safety protection firmware based on the shared protection performance dimension to the attack protection service system. For example, the attack protection service system may send a firmware upgrade instruction to the AI system, where a firmware upgrade ID corresponding to the firmware upgrade server is used to instruct the AI system to determine the corresponding common security protection firmware. For example, the AI system may extract the common security protection firmware based on the common protection performance dimension from the firmware upgrade module corresponding to the firmware upgrade server based on the firmware upgrade ID, and since the firmware upgrade module is optimized in real time, the determined common security protection firmware based on the common protection performance dimension is also optimized in real time, thereby ensuring reliability of firmware upgrade.
For example, in some independent design concepts, a common protection decision training method based on artificial intelligence is also provided and is realized based on the following steps.
T1, a common protection decision training method based on artificial intelligence, which is applied to an AI system and comprises the following steps:
the method comprises the steps that protection linkage common characteristic information and corresponding first protection linkage matching data of example common safety protection firmware under a plurality of simulated safety protection scenes are obtained, common decision information and corresponding second protection linkage matching data of each protection linkage common characteristic information are obtained, and example common protection linkage data of each example common safety protection firmware are obtained;
based on protection linkage common feature information of example common safety protection firmware in a plurality of simulated safety protection scenes and corresponding first protection linkage matching data, common decision information among each protection linkage common feature information and corresponding second protection linkage matching data, performing model configuration on the common decision model to obtain a common decision model with model parameter convergence;
obtaining a loss function value between common protection linkage data output by the common decision model with the converged model parameters and corresponding example common protection linkage data;
and when the loss function value is not less than the objective function value, optimizing the first protection linkage matching data and the second protection linkage matching data based on the loss function value, and performing traversal training on the common decision model based on the optimized first protection linkage matching data and the optimized second protection linkage matching data until the loss function value obtained by the common decision model based on model parameter convergence is less than the objective function value.
T2. the big data information security-based safety protection index optimization method according to T1, the method further includes:
inputting protection linkage common characteristic information of every two pieces of support safety protection firmware under a plurality of simulated safety protection scenes into the common decision model;
confirming the common decision information among the protection linkage common characteristic information through the common decision model;
acquiring protection linkage matching data of each protection linkage common characteristic information and protection linkage matching data of each common decision information;
and determining to obtain the common protection linkage data among the supporting safety protection firmware based on the common characteristic information of each protection linkage and the corresponding protection linkage matching data, the common decision information and the corresponding protection linkage matching data.
T3. the big data information security-based safety protection index optimization method according to T2, the method further includes:
determining common protection firmware based on common protection performance dimensionality of each supporting safety protection firmware based on common protection linkage data among each supporting safety protection firmware;
and updating the safety protection firmware of the attack protection service system according to the common safety protection firmware.
T4. the big data information security-based safety protection index optimization method according to T3, the method further includes:
acquiring the firmware upgrading server supporting the safety protection firmware;
configuring the common safety protection firmware supporting the safety protection firmware based on the common protection performance dimension into a firmware upgrading module corresponding to the firmware upgrading server;
and configuring the firmware upgrading module.
T5. the big data information security-based safety protection index optimization method according to T4, the method further includes:
receiving a firmware upgrading instruction sent by the attack protection service system; the firmware upgrading instruction is provided with a firmware upgrading ID corresponding to the firmware upgrading server;
extracting shared safety protection firmware based on shared protection performance dimensionality from a firmware upgrading module corresponding to the firmware upgrading server;
and sending the firmware upgrading information related to the shared safety protection firmware based on the shared protection performance dimension to the attack protection service system.
In some designs of independent concepts, the target key threat intelligence corresponding to the target attack protection event data in the foregoing step S110 can be obtained through the following steps.
Step W110, collecting the data of supporting attack protection events from each attack protection service system, configuring the data of supporting attack protection events to the intelligence coding layer of the threat intelligence prediction model of default model parameters for intelligence field coding, and obtaining the distribution of supporting intelligence fields.
The supporting attack protection event data is attack protection event data with high reliability for model training, and may include multiple interception event data in an attack protection interception flow.
The threat intelligence prediction model is an AI model for predicting key threat intelligence, and the threat intelligence prediction model with default model parameters can be a threat intelligence prediction model waiting for training or a threat intelligence prediction model with training interruption.
For example, the AI system may configure the attack protection event supporting data into an intelligence coding layer, code the attack protection event supporting data using the intelligence coding layer, and distribute the coded result as a supporting intelligence field.
And step W120, carrying out information support evaluation according to the information support evaluation layer of the support information field distribution and the threat information prediction model to obtain a first information support degree associated with each first support information field in the first support information field sub-distribution, wherein the first support information field sub-distribution comprises a plurality of first support information fields, and the first support information field sub-distribution is obtained by carrying out classification treatment on the support information field distribution.
The information support degree is the confidence degree associated with the key threat information, the greater the information support degree is, the more associated the key threat information is, and the smaller the information support degree is, the less associated the key threat information is. The first intelligence support may refer to a confidence level that the first supported intelligence field is associated with critical threat intelligence.
The support intelligence field is a part of field set in intelligence field distribution, the intelligence field distribution can be divided into at least two support intelligence fields, common intelligence fields can be arranged between the support intelligence fields, and the support intelligence fields can be absent. The first support information field is a partial field set in the distribution of the support information fields, a plurality of first support information fields can be obtained by classifying the distribution of the support information fields, and the sub-distribution of the first support information fields is the distribution formed by each first support information field.
The threat intelligence prediction model can also comprise an intelligence support evaluation layer, and the intelligence support evaluation layer is used for evaluating the distribution of the support intelligence fields to obtain first support intelligence fields corresponding to the distribution of the support intelligence fields and first intelligence support degrees respectively associated with each first support intelligence field.
Step W130, obtaining the key supporting intelligence fields related to the key threat intelligence from the first supporting intelligence field sub-distribution according to the first intelligence supporting degree related to each first supporting intelligence field.
Wherein, the key supporting intelligence field is a first supporting intelligence field obtained from the first supporting intelligence field sub-distribution according to the first intelligence supporting degree.
For example, the AI system may obtain a first supported intelligence field satisfying a first intelligence support degree requirement from the first supported intelligence field sub-distribution, and determine the first supported intelligence field as being associated with the key threat intelligence, where the first intelligence support degree requirement includes a number of the first intelligence support degree that is in a numerical order before the first order interval or is greater than the first preset intelligence support degree. The numerical order of the first information support degree is the numerical order in the first information support degree set, the first information support degree set is a sequence for sequencing the first information support degree according to descending order, and the larger the first information support degree is, the more ahead the numerical order in the first information support degree set is.
In some independent designs, the AI system may perform order sorting on the first support information fields according to a descending order of the first information support degree to obtain a distribution of the first support information fields, wherein the larger the first information support degree is, the earlier the numerical order of the first support information fields corresponding to the first information support degree is in the distribution of the first support information fields. The AI system can arrange the first support information field in the first support information field distribution in order as the presumptive support information field, the AI system can calculate the same occupation ratio between the first support information field except the presumptive support information field and the presumptive support information field in the first support information field distribution, the first support information field with the same occupation ratio larger than the target and the same occupation ratio as the presumptive support information field is used as the support information field to be aggregated, a plurality of the support information fields to be aggregated and the presumptive support information field are aggregated, for example, the support information field to be aggregated with the maximum first information support degree in each support information field to be aggregated and the presumptive support information field can be aggregated to obtain the aggregated support information field, the first support information field can comprise the aggregated support information field or a plurality of the presumptive support information fields, for example, the first supported intelligence field may comprise any of a putative supported intelligence field or an aggregated supported intelligence field.
In some independent designs, the AI system may use as the reference support information field a first support information field having the same aspect ratio as the inferred support information field less than the target aspect ratio, the first support information field may further include a plurality of reference support information fields, for example, the first support information field may include all of the reference support information fields, or the first support information field may include a polarity support information field in each of the reference support information fields, the polarity support information field may refer to the reference support information field having the greatest degree of support of the first information in each of the reference support information fields, and the first support information field may further include a plurality of reference support information fields having the same aspect ratio as the polarity support information field less than the target aspect ratio. Wherein the same duty ratio is used to indicate the number of identical fields of the two supported intelligence fields, the greater the same duty ratio, the greater the number of identical fields between the two supported intelligence fields.
In some independent designs, the AI system may calculate the number of fields of the common intelligence field between the first support intelligence field and the presumptive support intelligence field, use the number of fields of the common intelligence field as the number of common fields, add the number of fields of the first support intelligence field and the number of fields of the presumptive support intelligence field to obtain the number of added fields, calculate a ratio between the number of common fields and the number of added fields, and use the ratio as the same occupation ratio.
For example, if there are 4 first supported information fields, which are INF1, INF2, INF3 and INF4, respectively, the first information support degree corresponding to INF1 is 0.8, the first information support degree corresponding to INF2 is 0.9, the first information support degree corresponding to INF3 is 0.7, and the first information support degree corresponding to INF4 is 0.5. Sorting the 4 first support intelligence fields in order of the first intelligence support degree from larger to smaller to obtain a first support intelligence field distribution [ INF2, INF1, INF3, INF4], calculating the same proportion of INF1 to INF2, the same proportion of INF3 to INF2, and the same proportion of INF4 to INF4 because the first intelligence support degree of INF2 is the largest, if the same proportion of INF4 to INF4 is 0.1, the same proportion of INF4 to INF4 is 0.7, the same proportion of INF4 to INF4 is 0.2, the same proportion of target is 0.5, because the same proportion of INF4 to INF4 is greater than the same proportion of target, then INF4 may be aggregated with INF4 to obtain an aggregate support intelligence field distribution [ INF 6372, if the aggregate proportion of INF4 is less than the same as the target proportion of INF4, or if the aggregate of INF4 is less than the same proportion of INF4, and if the aggregate of INF4 is less than the same proportion of INF4, then the aggregate of INF4, and the aggregate of INF4 may be included in the first support intelligence distribution (if the aggregate). For example, the first supported intelligence field may further include INF1 and INF3, or since the first intelligence support degree of INF1 is greater than that of INF3, or the first supported intelligence field may include one of INF1 and INF3 with the greatest first intelligence support degree, that is, the first supported intelligence field may further include INF1, and when the identity occupation ratio between INF1 and INF3 is smaller than the target identity occupation ratio, the first supported intelligence field may further include INF 3.
And step W140, performing key threat intelligence prediction according to the key support intelligence field and a threat intelligence prediction layer of the threat intelligence prediction model to obtain a key threat intelligence prediction result corresponding to the attack protection event supporting data.
The threat intelligence prediction model is a model for predicting key threat intelligence, and the key threat intelligence prediction result may include confidence that the attack protection event data belongs to each key threat intelligence. The key threat intelligence prediction result is a key threat intelligence prediction result output by the threat intelligence prediction model. There may be multiple key support intelligence fields.
For example, the AI system may configure the key support information fields into a threat information prediction model, process the key support information fields using a model parameter layer of the threat information prediction model, and obtain a key threat information prediction result corresponding to the attack protection event data.
In some independent designs, the key support information fields include at least two, the key threat information prediction result can be obtained by combining a plurality of key support information fields for prediction, for example, an AI system can aggregate all the key support information fields to obtain an aggregate support information field, the aggregate support information field is configured in a threat information prediction model, and the aggregate support information field is processed by using a model parameter layer of the threat information prediction model to obtain a key threat information prediction result corresponding to the attack protection event data. Wherein, the aggregation refers to merging according to the same type of field.
In some independent designs, the AI system can aggregate the distribution of the support information fields with one or more key support information fields, use the aggregated fields as the aggregated information field distribution, distribute the aggregated information field distribution into a threat information prediction model, and evaluate the aggregated information field distribution by using a model parameter layer of the threat information prediction model to obtain a key threat information prediction result corresponding to the data of the support attack protection event.
And step W150, carrying out model configuration on the threat intelligence prediction model according to the key threat intelligence prediction result to obtain a threat intelligence prediction model of the target model parameter.
The model configuration refers to cyclic optimization of model layer parameters. The threat intelligence prediction model of the target model parameters may be obtained after N sub-optimization.
For example, the AI system may collect attack-objective-supporting intelligence attribute information that supports attack-protection event data from each attack-protection service system, where the attack-objective-supporting intelligence attribute information is a key threat intelligence prediction result output by an objective threat intelligence prediction model, the AI system may calculate difference information between the key threat intelligence prediction result and the attack-objective-supporting intelligence attribute information, use the difference information as a prediction loss parameter, obtain a target model convergence evaluation parameter according to the prediction loss parameter, and the target model convergence evaluation parameter and the prediction loss parameter have a positive association relationship, for example, use the prediction loss parameter as a target model convergence evaluation parameter. The AI system can utilize a cross entropy loss function to calculate a key threat intelligence prediction result to obtain a target model convergence evaluation parameter.
In some independent designs, the key supporting intelligence fields include at least two, and the key threat intelligence prediction result is obtained by combining a plurality of key supporting intelligence fields for analysis and prediction. The AI system can also respectively carry out support information attribute prediction on each key support information field to obtain support information attribute prediction information associated with each key support information field, and optimize a model parameter layer of the threat information prediction model according to the key threat information prediction result and the support information attribute prediction information to obtain a threat information prediction model of the target model parameter. For example, the AI system may obtain a first model convergence evaluation parameter according to a key threat intelligence prediction result, obtain a second model convergence evaluation parameter according to support intelligence attribute prediction information, obtain a target model convergence evaluation parameter according to the first model convergence evaluation parameter and the second model convergence evaluation parameter, perform model configuration on the threat intelligence prediction model according to the target model convergence evaluation parameter, and obtain a threat intelligence prediction model of the target model parameter. Wherein, the supporting intelligence attribute prediction information can comprise a plurality of attack source intelligence attribute prediction information or attack destination intelligence attribute prediction information. The intelligence attribute may refer to a category attribute that triggers intelligence content in the attack protection time data. The attack source intelligence attribute can refer to attack source characteristic information in the attack protection event data. The attack source intelligence attribute prediction information is prediction information obtained by predicting the attack source support intelligence attribute of the key support intelligence field, and the attack destination intelligence attribute prediction information is prediction information obtained by predicting the key threat intelligence of the key support intelligence field. The second model convergence evaluation parameter may include a plurality of attack source convergence evaluation parameters or attack target convergence evaluation parameters, the attack source convergence evaluation parameters being model convergence evaluation parameters obtained based on the attack source information attribute prediction information, and the attack target convergence evaluation parameters being model convergence evaluation parameters obtained based on the attack target information attribute prediction information.
In some independent designs, the AI system may iteratively update the model parameter layers of the intelligence coding layer, the intelligence support evaluation layer, and the threat intelligence prediction model using the target model convergence evaluation parameters to obtain the threat intelligence prediction model of the target model parameters.
Based on the steps, the supporting attack protection event data is configured in the intelligence coding layer of the threat intelligence prediction model of the default model parameter to carry out intelligence field coding, so as to obtain the supporting intelligence field distribution, and obtaining key support information fields associated with the key threat information, predicting the key threat information according to the key support information fields and a threat information prediction layer of a threat information prediction model, performing model configuration on the threat information prediction model after obtaining a key threat information prediction result corresponding to the support attack protection event data, since the key supporting intelligence field is the field distribution related to the key threat intelligence, the key threat intelligence is predicted through the key supporting intelligence field, the efficiency of the key threat information prediction can be improved, and therefore the efficiency of the threat information prediction model for carrying out the key threat information prediction can be improved.
In some independent design, the key supporting intelligence fields comprise at least two, and the key threat intelligence prediction result is obtained by combining a plurality of key supporting intelligence fields for analysis and prediction; the threat intelligence prediction model for carrying out model configuration on the threat intelligence prediction model according to the key threat intelligence prediction result to obtain the target model parameters comprises the following steps: obtaining a first model convergence evaluation parameter according to a key threat information prediction result; respectively carrying out support information attribute prediction on each key support information field to obtain support information attribute prediction information associated with each key support information field; obtaining a second model convergence evaluation parameter according to each supporting information attribute prediction information; obtaining a target model convergence evaluation parameter according to the first model convergence evaluation parameter and the second model convergence evaluation parameter; and carrying out model configuration on the threat intelligence prediction model according to the convergence evaluation parameters of the target model to obtain the threat intelligence prediction model of the target model parameters.
The first model convergence evaluation parameter is calculated based on the key threat intelligence prediction result, and may be, for example, a parameter value calculated for the key threat intelligence prediction result according to a cross entropy loss function. Supporting intelligence attribute predictions may include multiple of attack source supporting intelligence attribute predictions or key threat intelligence predictions. The attack source support intelligence attribute prediction refers to the prediction of intelligence attributes when an attack source triggers, and the key threat intelligence prediction refers to the prediction of intelligence attributes of key threat intelligence. The support intelligence attribute prediction information may include a plurality of attack source intelligence attribute prediction information or attack destination intelligence attribute prediction information, the attack source intelligence attribute prediction information being prediction information obtained by performing attack source support intelligence attribute prediction on the key support intelligence field, and the attack destination intelligence attribute prediction information being prediction information obtained by performing key threat intelligence prediction on the key support intelligence field. The second model convergence evaluation parameter may include a plurality of attack source convergence evaluation parameters or attack target convergence evaluation parameters, the attack source convergence evaluation parameters being model convergence evaluation parameters obtained based on the attack source information attribute prediction information, and the attack target convergence evaluation parameters being model convergence evaluation parameters obtained based on the attack target information attribute prediction information.
For example, the AI system may calculate difference information between a key threat intelligence prediction result and attack objective supporting intelligence attribute information, use the difference information as a predicted loss parameter, obtain a first model convergence evaluation parameter according to the predicted loss parameter, where the first model convergence evaluation parameter and the predicted loss parameter have a positive association relationship, and for example, may use the predicted loss parameter as the first model convergence evaluation parameter.
In some independent design, the AI system can predict the attribute of the attack source support intelligence for the key support intelligence field, obtain the attribute prediction information of the attack source associated with the key support intelligence field, obtain the attribute prediction information of the calibrated attack source associated with the key support intelligence field, calculate the difference information between the attribute prediction information of the attack source and the attribute prediction information of the calibrated attack source intelligence, use the difference information as the attribute prediction loss of the attack source support intelligence, obtain the convergence evaluation parameter of the attack source according to the attribute prediction loss of the attack source support intelligence, and the convergence evaluation parameter of the attack source and the attribute prediction loss of the attack source support intelligence form a positive correlation relationship. When the key support intelligence fields comprise at least two, the AI system can obtain the attribute prediction loss of the attack source support intelligence related to each key support intelligence field, and the weighted loss value of the attribute prediction loss of each attack source support intelligence is used as the convergence evaluation parameter of the attack source. Wherein, the information for predicting the attribute of the targeted attack source intelligence is the predicted information which is obtained by the purpose in the information attribute prediction supported by the attack source. The calibrated attack source intelligence attribute prediction information related to different key support intelligence fields can be the same or different.
In some designs with independent concepts, the calibrated attack source intelligence attribute prediction information can be obtained by member cluster distribution of key support intelligence fields supporting attack protection event data, for example, in each training stage, a plurality of pieces of attack protection event data can be configured into a threat intelligence prediction model, an AI system can obtain key support intelligence fields respectively associated with each piece of attack protection event data to form key support intelligence field sub-distribution, member cluster distribution is carried out on the key support intelligence fields in the key support intelligence field sub-distribution to obtain a plurality of member cluster core points, and the member cluster core intelligence attribute corresponding to the member cluster core point closest to the key support intelligence field is used as the calibrated attack source intelligence attribute prediction information associated with the key support intelligence field.
In some independent designs, the calibrated attack source intelligence attribute prediction information may be obtained by performing member cluster distribution on a core associated intelligence field of a key support intelligence field supporting attack protection event data, where the core associated intelligence field is an associated intelligence field in a core field unit in the key support intelligence field, and the core field unit may include, for example, a field unit whose phase difference metric value with a member cluster core point is smaller than a phase difference metric value threshold. The member cluster core point may refer to a field unit where a key supporting intelligence field center is located. The phase difference metric value threshold may be preset, or may be obtained by calculation based on the number of fields of the key support intelligence field, for example, the number of fields of an area composed of field units in the key support intelligence field, in which the phase difference metric value between the key support intelligence field and the member cluster core point is smaller than the phase difference metric value threshold is half of the number of fields of the key support intelligence field.
In some independent designs, the AI system can respectively predict key threat intelligence fields to obtain attack purpose intelligence attribute prediction information corresponding to distribution of each key support intelligence field, respectively calculate the difference information between each attack purpose intelligence attribute prediction information and the attack purpose intelligence attribute information, use the difference information as the loss of the key threat intelligence prediction result, obtain an attack purpose convergence evaluation parameter according to the loss of each key threat intelligence prediction result, and the attack purpose convergence evaluation parameter and the key threat intelligence prediction result loss form a positive correlation relationship, for example, the weighted loss value of each key threat intelligence prediction result loss can be used as the attack purpose convergence evaluation parameter.
In some independent designs, the second model convergence evaluation parameter may include an attack source convergence evaluation parameter and an attack target convergence evaluation parameter, and the AI system may obtain the target model convergence evaluation parameter according to the first model convergence evaluation parameter, the attack source convergence evaluation parameter and the attack target convergence evaluation parameter, for example, a weighted loss value of the first model convergence evaluation parameter, the attack source convergence evaluation parameter and the attack target convergence evaluation parameter may be used as the target model convergence evaluation parameter.
In some independent design, the threat information prediction model can also comprise an initial key prediction layer, the AI system can predict key threat information according to the field distribution of the support information and the initial key prediction layer, so as to obtain an initial key threat information prediction result, and obtain a basic model convergence evaluation parameter according to the difference information between the basic key threat information prediction result and the information attribute information supporting the attack purpose. And obtaining a target model convergence evaluation parameter according to the first model convergence evaluation parameter, the second model convergence evaluation parameter and the basic model convergence evaluation parameter, and carrying out model configuration on the threat information prediction model according to the target model convergence evaluation parameter to obtain a threat information prediction model of the target model parameter. The basic model convergence evaluation parameters are used for optimizing an intelligence coding layer in the threat intelligence prediction model and a model parameter layer of a starting key prediction layer.
For example, a first model convergence evaluation parameter is obtained according to the key threat information prediction result, the support information attribute prediction is respectively carried out on each key support information field, the support information attribute prediction information which is respectively associated with each key support information field is obtained, a second model convergence evaluation parameter is obtained according to each support information attribute prediction information, a target model convergence evaluation parameter is obtained according to the first model convergence evaluation parameter and the second model convergence evaluation parameter, the key threat information prediction result is obtained by combining a plurality of key support information fields for analysis and prediction, the first model convergence evaluation parameter is a model convergence evaluation parameter which is obtained based on the common prediction information of a plurality of key support information fields, the second model convergence evaluation parameter is a model convergence evaluation parameter which is obtained based on the support information attribute prediction information which is respectively associated with each key support information field, therefore, the target model convergence evaluation parameters comprise model convergence evaluation parameters obtained in various modes, the reliability of the target model convergence evaluation parameters is improved, and the accuracy of model configuration can be improved by performing model configuration through the target model convergence evaluation parameters.
In some independent designs, the supporting intelligence attribute prediction information comprises attack source intelligence attribute prediction information; the second model convergence evaluation parameter comprises an attack source convergence evaluation parameter; the method for predicting the attribute of the support intelligence for each key support intelligence field to obtain the prediction information of the attribute of the support intelligence associated with each key support intelligence field comprises the following steps: respectively configuring the key support information fields into an attack source information attribute prediction model for prediction to obtain attack source information attribute prediction information associated with each key support information field; obtaining the second model convergence evaluation parameter according to each piece of supporting intelligence attribute prediction information comprises: performing member cluster distribution according to the plurality of key support information fields to obtain member attack source information attributes associated with each key support information field; and obtaining an attack source convergence evaluation parameter according to the difference information between the attack source intelligence attribute prediction information and the member attack source intelligence attribute.
The threat intelligence prediction model can also comprise an attack source intelligence attribute prediction model, and the attack source intelligence attribute prediction model is used for determining the confidence coefficient that the key support intelligence field belongs to the core intelligence attribute of each member cluster. The plurality of key support intelligence fields may be all of the key support intelligence fields in each training phase or may be a portion of all of the key support intelligence fields in each training phase.
For example, the AI system may obtain attack source intelligence attribute prediction information associated with the key support intelligence fields and corresponding member attack source intelligence attributes, calculate the distinguishing information between the attack source intelligence attribute prediction information and the corresponding member attack source intelligence attributes, use the loss as the attack source support intelligence attribute prediction loss associated with the key support intelligence fields, and use the weighted loss value of the attack source support intelligence attribute prediction loss associated with each key support intelligence field as the attack source convergence evaluation parameter.
In some independent design designs, the member cluster distribution is performed on a plurality of key support intelligence fields, and the obtaining of the member cluster core intelligence attributes associated with each key support intelligence field comprises: the method comprises the steps of obtaining core correlation information fields of key support information fields, carrying out member cluster distribution on the core correlation information fields correlated with the key support information fields respectively, obtaining member cluster core points correlated with member cluster core attribute of a target quantity respectively, and using the member cluster core attribute of the member cluster core point with the minimum phase difference value between the member cluster core point and the core correlation information fields in each member cluster core point as the member attack source information attribute corresponding to the core correlation information fields. The AI system can obtain the attack source intelligence attribute prediction information corresponding to the core associated intelligence field of the key support intelligence field and the corresponding member attack source intelligence attribute, calculate the difference information between the attack source intelligence attribute prediction information and the corresponding member attack source intelligence attribute, take the loss as the attack source support intelligence attribute prediction loss associated with the key support intelligence field, and take the weighted loss value of the attack source support intelligence attribute prediction loss associated with each core associated intelligence field of each key support intelligence field as the attack source convergence evaluation parameter.
For example, the key support information fields are respectively configured in an attack source information attribute prediction model for prediction to obtain attack source information attribute prediction information associated with each key support information field, member cluster distribution is carried out according to a plurality of key support information fields to obtain member attack source information attributes associated with each key support information field, and attack source convergence evaluation parameters are obtained according to the difference information between the attack source information attribute prediction information and the member attack source information attributes, so that self-supervision learning is realized, namely the member cluster core information attributes are used as the attributes associated with the key support information fields, and the training speed is improved.
In some independent design, the member cluster distribution is carried out according to a plurality of key support intelligence fields, and the acquisition of the member attack source intelligence attributes respectively associated with each key support intelligence field comprises the following steps: performing member cluster distribution on a plurality of key support information fields to obtain member cluster core points corresponding to the member clusters of the information fields; and acquiring a member cluster core emotion report attribute corresponding to the member cluster core point, and using the member cluster core emotion report attribute as a member attack source information attribute related to a key support information field in an information field member cluster.
The information field member cluster is obtained by member cluster distribution according to key support information fields, the information field member cluster can comprise a plurality of key support information fields, one information field member cluster corresponds to one attack source information attribute, and the member cluster core information attribute of the key support information fields is the attack source information attribute corresponding to the information field member cluster to which the key support information fields belong. Because the information field member cluster is obtained by member cluster distribution, each key supporting information field in the information field member cluster has larger coincidence, and the probability that the key supporting information fields in the same information field member cluster have the same attack source information attribute is larger, so that one information field member cluster can be considered to correspond to one attack source information attribute.
For example, the AI system may perform member cluster allocation on a plurality of key support information fields through a member cluster allocation algorithm to obtain a target number of member cluster core points, calculate phase difference metric values between the key support information fields and each member cluster core point, form a phase difference metric value sequence from the calculated phase difference metric values, use a member cluster core point corresponding to a minimum phase difference metric value in the phase difference metric value sequence as a member cluster core point associated with the key support information field, and use a distribution formed by each key support information field corresponding to the member cluster core point as an information field member cluster corresponding to the member cluster core point.
In some independent designs, the AI system can perform contact ratio magnitude calculation on the key support information field and the member cluster core point to obtain a contact ratio magnitude between the key support information field and the member cluster core point, and determine a phase difference magnitude between the key support information field and the member cluster core point based on the contact ratio magnitude, wherein the phase difference magnitude between the key support information field and the member cluster core point is in a negative association relationship with the contact ratio magnitude, and the larger the contact ratio magnitude, the smaller the phase difference magnitude, the smaller the contact ratio magnitude, and the larger the phase difference magnitude.
For example, member cluster distribution is performed on a plurality of key support information fields to obtain member cluster core points corresponding to each information field member cluster, member cluster core emotion report attributes corresponding to the member cluster core points are obtained, and the member cluster core emotion report attributes are used as member attack source information attributes associated with the key support information fields in the information field member clusters, so that the accuracy of the member attack source information attributes is improved.
In some independent designs, the supporting intelligence attribute prediction information comprises attack purpose intelligence attribute prediction information, and the second model convergence evaluation parameter comprises an attack purpose convergence evaluation parameter; the method for predicting the attribute of the support intelligence for each key support intelligence field to obtain the prediction information of the attribute of the support intelligence associated with each key support intelligence field comprises the following steps: respectively configuring the key support information fields into an attack target information attribute prediction model for prediction to obtain attack target information attribute prediction information associated with each key support information field; obtaining the second model convergence evaluation parameter according to each piece of supporting intelligence attribute prediction information comprises: collecting attack purpose supporting intelligence attribute information corresponding to the attack protection event supporting data from each attack protection service system; and obtaining an attack target convergence evaluation parameter according to the difference information between the attack target intelligence attribute prediction information and the attack target supporting intelligence attribute information.
The attack target intelligence attribute prediction model is used for determining the confidence degree that the key support intelligence field belongs to each key threat intelligence respectively, and the attack target intelligence attribute prediction information can comprise the confidence degree that the key support intelligence field belongs to each key threat intelligence.
For example, the AI system may configure each key support intelligence field into an attack objective intelligence attribute prediction model for prediction to obtain attack objective intelligence attribute prediction information associated with each key support intelligence field, i.e., each key support intelligence field may correspond to the attack objective intelligence attribute prediction information. And the key threat intelligence prediction result obtained by using the attribute information of the attack purpose supporting information as the purpose is the key threat intelligence prediction result corresponding to the actual key threat intelligence of the attack protection event data.
In some independent design, the AI system can obtain the attack purpose intelligence attribute prediction information related to the key support intelligence fields and the corresponding attack purpose intelligence attribute information, calculate the difference information between the attack purpose intelligence attribute prediction information and the attack purpose intelligence attribute information, take the difference information as the loss of the key threat intelligence prediction result, and take the weighted loss value of the loss of the key threat intelligence prediction result related to each key support intelligence field as the attack purpose convergence evaluation parameter. And the convergence evaluation parameter of the attack purpose and the loss of the key threat intelligence prediction result form a positive correlation relation. Of course, the AI system may also calculate the loss of each key threat intelligence prediction result by using the cross entropy loss function to obtain the convergence evaluation parameter of the attack objective.
In some independent designs, the key support information fields are respectively configured in an attack purpose information attribute prediction model for prediction to obtain attack purpose information attribute prediction information associated with each key support information field, and the attack purpose convergence evaluation parameters obtained according to the difference information between the attack purpose information attribute prediction information and the attack purpose support information attribute information comprise: and respectively configuring the core related information fields of the key supporting information fields into an attack purpose information attribute prediction model for prediction to obtain attack purpose information attribute prediction information respectively related to each core related information field, and obtaining attack purpose convergence evaluation parameters according to the difference information between the attack purpose information attribute prediction information and the attack purpose supporting information attribute information.
In some designs with independent concepts, the AI system performs weighting according to the first model convergence evaluation parameter, the attack target convergence evaluation parameter, the attack source convergence evaluation parameter and the basic model convergence evaluation parameter to obtain a target model convergence evaluation parameter.
In some independent design, the key threat intelligence prediction is carried out according to the key support intelligence field and a threat intelligence prediction layer of a threat intelligence prediction model, and the key threat intelligence prediction result corresponding to the attack protection event supporting data is obtained by the following steps: aggregating the support information field distribution and the key support information field to obtain aggregate information field distribution; and distributing the aggregated information fields to a threat information prediction layer of a threat information prediction model to predict key threat information, and obtaining a key threat information prediction result corresponding to the attack protection event data.
The AI system may aggregate the supporting intelligence field distribution with the key supporting intelligence fields, and distribute the aggregated fields as aggregated intelligence fields.
In some independent designs, aggregating the distribution of supporting intelligence fields with the distribution of critical supporting intelligence fields to obtain an aggregated intelligence field distribution comprises: the method comprises the steps of obtaining an area of a core field unit in the distribution of support information fields, using the area of the core field unit as a first core related information field, using a core related information field of a key support information field as a second core related information field, and aggregating a plurality of the first core related information field and each second core related information field to obtain the distribution of aggregated information fields. For example, the first core related intelligence field may be aggregated with a plurality of the second core related intelligence fields, and the aggregated fields may be distributed as aggregated intelligence fields.
For example, the distribution of the support information fields and the distribution of the key support information fields are aggregated to obtain the distribution of the aggregated information fields, and the distribution of the aggregated information fields is configured to the threat information prediction layer of the threat information prediction model to predict the key threat information.
In some independent designs, obtaining the key supporting intelligence fields associated with the key threat intelligence from the first supporting intelligence field sub-distribution based on the first intelligence support associated with each first supporting intelligence field comprises: determining a first support intelligence field matched with the first intelligence support degree requirement in the first support intelligence field sub-distribution as a key support intelligence field associated with key threat intelligence; the first information support requirement includes a plurality of the first information support values whose numerical order is before the first sequence interval or the first information support values are greater than the first preset information support values.
For example, the first support information field in the first support information field sub-distribution matching the first information support degree requirement is determined as the key support information field associated with the key threat information, because the first information support degree requirement comprises that the numerical sequence of the first information support degree is before the first sequence interval or the first information support degree is more than a plurality of the first preset information support degrees, the first support information field strongly associated with the key threat information can be obtained from the first support information field sub-distribution as the key support information field, thereby improving the relative reliability of the key support information field and the key threat information.
In some independent designs, embodiments of the present invention provide another safety protection index optimization method based on big data information security, which can use a threat intelligence prediction model of target model parameters in the above embodiments to predict key threat intelligence, and the method is applied to the AI system in fig. 1, and includes the following steps:
step W210, collecting target attack protection event data to be predicted.
The target attack protection event data is attack protection event data to be subjected to key threat intelligence prediction.
For example, the attack protection service system may send a key threat intelligence prediction instruction for the target attack protection event data to the AI system, and the AI system may collect target attack protection event data to be predicted in response to the key threat intelligence prediction instruction, where the key threat intelligence prediction instruction may carry a plurality of target attack protection event data or target attack protection event data identifiers. The target attack protection event data is identified as the ID of the target attack protection event data.
And step W220, carrying out intelligence field coding on the target attack protection event data to obtain target intelligence field distribution.
For example, the target intelligence field distribution is a field obtained by encoding the intelligence field of the target attack protection event data. The AI system can obtain a threat intelligence prediction model of target model parameters, configure target attack protection event data into an intelligence coding layer of the threat intelligence prediction model, and utilize the intelligence coding layer to carry out intelligence field coding on the target attack protection event data to obtain target intelligence field distribution.
W230, carrying out information support evaluation according to the target information field distribution to obtain a second information support degree related to each second support information field in the second support information field sub-distribution; the second supported information field sub-distribution comprises a plurality of second supported information fields, and the second supported information field sub-distribution is obtained by carrying out classification on the target information field distribution.
For example, the second intelligence support level is used to indicate the reliability of the second supported intelligence field in relation to the critical threat intelligence. The second support intelligence field is a part of intelligence field in the target attack protection event data.
And step W240, obtaining the target supporting intelligence fields related to the key threat intelligence from the sub-distribution of the second supporting intelligence fields according to the second intelligence supporting degree related to each second supporting intelligence field.
For example, the AI system may use a plurality of the second supported intelligence fields as the target supported intelligence fields, such as all of the second supported intelligence fields as the target supported intelligence fields, or obtain the target supported intelligence fields associated with the key threat intelligence from the second supported intelligence field sub-distribution based on the second intelligence support degree.
In some independently contemplated designs, a second supported intelligence field in the second supported intelligence field sub-distribution that matches the second intelligence support requirement is determined to be a target supported intelligence field associated with the critical threat intelligence. Wherein the second information support requirement comprises a plurality of second information support values, the numerical sequence of the second information support values is before the second sequence interval or the second information support values are larger than the second preset information support values.
And step W250, predicting key threat intelligence according to the target support intelligence field to obtain target key threat intelligence corresponding to the target attack protection event data.
For example, the AI system may aggregate a plurality of target support intelligence fields, where a plurality may mean at least two, to obtain an aggregate intelligence field distribution, configure the aggregate intelligence field distribution into a threat intelligence prediction layer of a trained threat intelligence prediction model to perform key threat intelligence prediction, to obtain a target key threat intelligence prediction result, and determine target key threat intelligence corresponding to target attack protection event data based on the target key threat intelligence prediction result.
In some designs with independent concepts, the AI system may aggregate a plurality of target support information fields in each target support information field with the target information field distribution, and distribute the aggregated fields as aggregated information fields, for example, may obtain target support information fields satisfying the second screening condition from each target support information field, aggregate each target support information field satisfying the second screening condition with the target information field distribution, and distribute the aggregated fields as aggregated information fields.
Based on the steps, collecting target attack protection event data to be predicted, carrying out information field coding on the target attack protection event data to obtain target information field distribution, carrying out information support evaluation according to the target information field distribution to obtain a second information support degree associated with each second support information field in second support information field sub-distribution, wherein the second support information field sub-distribution comprises a plurality of second support information fields, the second support information field sub-distribution is obtained by carrying out classification division on the target information field distribution, obtaining target support information fields associated with key threat information from the second support information field sub-distribution according to the second information support degree associated with each second support information field, carrying out key threat information prediction according to the target support information fields to obtain key threat information corresponding to the target attack protection event data, because the target support information field is the field distribution associated with the key threat information, the key threat information is predicted according to the target support information field, and the efficiency of predicting the key threat information is improved.
In some independent designs, the evaluating the information support according to the target information field distribution to obtain the second information support degree associated with each second support information field in the second support information field sub-distribution comprises: carrying out linear mapping according to the distribution of the target information fields to obtain the linear mapping characteristics of the information fields; acquiring an information field unit corresponding to each linear mapping value in the linear mapping characteristics of the information fields in the distribution of the target information fields; and using the related information fields corresponding to the information field units in the target information field distribution as second support information fields corresponding to the linear mapping values, and using the characteristic values as second information support degrees related to the second support information fields.
For example, the related information field corresponding to the information field unit in the target information field distribution is used as the second support information field corresponding to the linear mapping value, and the linear mapping value is used as the second information support degree related to the second support information field, so that the field distribution of a plurality of attack protection data of the target attack protection event data can be obtained.
In some independent designs, the intelligence field linear mapping feature includes a first linear mapping feature and a second linear mapping feature, and the obtaining the intelligence field linear mapping feature includes: carrying out past information attribute carrying configuration on target information field distribution to obtain first information field distribution, carrying and configuring past information attribute on the first information field distribution to obtain second information field distribution; performing linear mapping according to the distribution of the first information field to obtain a first linear mapping characteristic; and performing linear mapping according to the second information field distribution to obtain a second linear mapping characteristic.
For example, the information field distribution of the target past information attribute carrying configuration can comprise a first information field distribution and a second information field distribution, the past information attribute configuration model can comprise a first past information attribute configuration model and a second past information attribute configuration model, the AI system can configure the target information field distribution into the first past information attribute configuration model for past information attribute carrying configuration, the field distribution after past information attribute carrying configuration is used as the first information field distribution, the first information field distribution is configured into the second past information attribute configuration model, the field distribution after past information attribute carrying configuration is used as the second information field distribution, the field distribution characteristics in the first information field distribution are sequentially arranged, the sequence obtained by the order arrangement is used as the first linear mapping characteristics, and carrying out sequential order arrangement on the field distribution characteristics in the second intelligence field distribution, and taking a sequence obtained by the sequential arrangement as a second linear mapping characteristic.
In some independent designs, the information field distribution of target past information attribute carrying configuration can comprise a third information field distribution and a fourth information field distribution, the category past information attribute configuration model can comprise a first category past information attribute configuration model and a second category past information attribute configuration model, the AI system can configure the first information field distribution into the first category past information attribute configuration model for carrying and configuring the category past information attribute, the field distribution after past information attribute carrying configuration is used as a third information field distribution, the second information field distribution is configured into the second category past information attribute configuration model for carrying and configuring the category past information attribute, the field distribution after past information attribute carrying configuration is used as a fourth information field distribution, the field distribution characteristics in the third information field distribution are sequentially arranged, and taking the sequence obtained by the order arrangement as a first linear mapping characteristic, carrying out the order arrangement on the field distribution characteristic in the fourth information field distribution, and taking the sequence obtained by the order arrangement as a second linear mapping characteristic.
In some independent designs, obtaining target supporting intelligence fields associated with key threat intelligence from a second supporting intelligence field sub-distribution based on a second intelligence support associated with each second supporting intelligence field comprises: determining a second support information field matched with the second information support degree requirement in the second support information field sub-distribution as a target support information field associated with the key threat information; the second information support requirement includes a plurality of the second information support values whose numerical sequence is before the second sequence interval or the second information support values are greater than the second preset information support values.
For example, the second supporting information field in the second supporting information field sub-distribution matching with the second information supporting degree requirement is determined as the target supporting information field associated with the key threat information, because the second information supporting degree requirement comprises that the numerical sequence of the second information supporting degree is before the second sequence interval or the second information supporting degree is more than a plurality of second preset information supporting degrees, the second supporting information field strongly associated with the key threat information can be obtained from the second supporting information field sub-distribution as the target supporting information field, and the related reliability of the target supporting information field and the key threat information is improved.
Fig. 3 is a schematic diagram illustrating a hardware structure of the AI system 100 for implementing the safety protection index optimization method based on big data information security according to an embodiment of the present invention, and as shown in fig. 3, the AI system 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a communication unit 140.
In a specific implementation process, at least one processor 110 executes computer executable instructions stored in a machine-readable storage medium 120, so that the processor 110 may execute a security protection index optimization method based on big data information security according to the above method embodiment, the processor 110, the machine-readable storage medium 120, and the communication unit 140 are connected through the bus 130, and the processor 110 may be configured to control a transceiving action of the communication unit 140, so as to perform data transceiving with the attack protection service system 200.
For a specific implementation process of the processor 110, reference may be made to the above-mentioned method embodiments executed by the AI system 100, which implement principles and technical effects similar to each other, and this embodiment is not described herein again.
In addition, an embodiment of the present invention further provides a readable storage medium, where a computer-executable instruction is preset in the readable storage medium, and when a processor executes the computer-executable instruction, the method for optimizing a safety protection index based on big data information safety is implemented.
Finally, it should be understood that the examples in this specification are only intended to illustrate the principles of the examples in this specification. Other variations are also possible within the scope of this description. Accordingly, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be seen as matching the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.

Claims (10)

1. A safety protection index optimization method based on big data information safety is applied to an AI system, the AI system is in communication connection with a plurality of attack protection service systems, and the method comprises the following steps:
updating safety protection firmware to the attack protection service system based on target key threat intelligence corresponding to target attack protection event data, and acquiring protection cooperative activity data of the attack protection service system aiming at the updated safety protection firmware;
performing information mining on the cooperative situation information of the protection cooperative instruction sequence corresponding to the protection cooperative activity data to obtain cooperative information data of the protection cooperative instruction sequence corresponding to the protection cooperative activity data;
and optimizing the cooperative instruction configuration information of the corresponding target protection cooperative instruction sequence based on the cooperative intelligence data.
2. The big data information security-based safety protection index optimization method according to claim 1, wherein the step of performing cooperative instruction configuration information optimization on the corresponding target protection cooperative instruction sequence based on the cooperative intelligence data comprises:
determining intelligence main body data corresponding to the protection cooperative activity data according to the cooperative intelligence data;
performing key collaborative activity node marking on the protection collaborative activity data based on the intelligence main body data corresponding to the protection collaborative activity data to obtain a corresponding protection collaborative activity data sequence under each marked key collaborative activity node;
and optimizing the cooperative instruction configuration information of the corresponding target protection cooperative instruction sequence based on the corresponding protection cooperative activity data sequence under each labeled key cooperative activity node.
3. The big data information security-based security protection index optimization method according to claim 1, wherein the target key threat intelligence corresponding to the target attack protection event data is obtained by the following steps:
collecting data supporting attack protection events from each attack protection service system, configuring the data supporting the attack protection events to an intelligence coding layer of a threat intelligence prediction model of default model parameters for intelligence field coding, and obtaining the distribution of the field supporting intelligence;
carrying out information support evaluation according to the support information field distribution and an information support evaluation layer of the threat information prediction model to obtain a first information support degree related to each first support information field in a first support information field sub-distribution, wherein the first support information field sub-distribution comprises a plurality of first support information fields, and the first support information field sub-distribution is obtained by carrying out classification and classification on the support information field distribution;
obtaining key support intelligence fields related to key threat intelligence from the first support intelligence field sub-distribution according to the first intelligence support degree related to each first support intelligence field;
carrying out key threat intelligence prediction according to the key support intelligence field and a threat intelligence prediction layer of the threat intelligence prediction model to obtain a key threat intelligence prediction result corresponding to the attack protection event supporting data;
carrying out model configuration on the threat intelligence prediction model according to the key threat intelligence prediction result to obtain a threat intelligence prediction model of target model parameters;
collecting target attack protection event data to be predicted, and carrying out intelligence field coding on the target attack protection event data to obtain target intelligence field distribution;
carrying out information support evaluation according to the target information field distribution to obtain second information support degree related to each second support information field in the second support information field sub-distribution; the second support information field sub-distribution comprises a plurality of second support information fields, and the second support information field sub-distribution is obtained by carrying out classification division on the target information field distribution;
obtaining target support information fields related to key threat information from the sub-distribution of the second support information fields according to the second information support degree related to each second support information field;
carrying out key threat intelligence prediction according to the target support intelligence field to obtain target key threat intelligence corresponding to the target attack protection event data;
the information support evaluation is carried out according to the target information field distribution, and the second information support degree related to each second support information field in the second support information field sub-distribution is obtained by the following steps:
carrying out linear mapping according to the distribution of the target information fields to obtain the linear mapping characteristics of the information fields;
acquiring an intelligence field unit corresponding to each linear mapping value in the intelligence field linear mapping characteristics in the target intelligence field distribution;
using the related information field corresponding to the information field unit in the target information field distribution as a second support information field corresponding to the linear mapping value, and using the linear mapping value as a second information support degree related to the second support information field;
the intelligence field linear mapping characteristics comprise a first linear mapping characteristic and a second linear mapping characteristic, the linear mapping is carried out according to the target intelligence field distribution, and the obtaining of the intelligence field linear mapping characteristics comprises the following steps:
carrying out past information attribute carrying configuration on the target information field distribution to obtain a first information field distribution, and carrying and configuring the past information attribute on the first information field distribution to obtain a second information field distribution;
performing linear mapping according to the first information field distribution to obtain the first linear mapping characteristic;
performing linear mapping according to the second information field distribution to obtain a second linear mapping characteristic;
the obtaining target supporting intelligence fields associated with key threat intelligence from the second supporting intelligence field sub-distribution according to the second intelligence support degree associated with each second supporting intelligence field comprises:
determining a second support information field matched with a second information support degree requirement in the second support information field sub-distribution as a target support information field associated with the key threat information;
the second information support requirement comprises a plurality of second information support values, wherein the numerical sequence of the second information support values is before the second sequence interval or the second information support values are larger than the second preset information support values.
4. The big data information security-based security protection index optimization method according to claim 1, wherein the updating of the security protection firmware to the attack protection service system based on the target key threat intelligence corresponding to the target attack protection event data includes:
acquiring supporting safety protection firmware corresponding to the target key threat intelligence based on the target key threat intelligence corresponding to the target attack protection event data;
obtaining common protection linkage data among all the supporting safety protection firmware according to the obtained simulated protection event data of the supporting safety protection firmware under a plurality of simulated safety protection scenes;
and respectively based on the common protection linkage data among the supporting safety protection firmware, taking the supporting safety protection firmware of which the common protection performance value corresponding to the common protection linkage data among the supporting safety protection firmware is greater than the first target common protection performance value and less than the second target common protection performance value as the common safety protection firmware of each supporting safety protection firmware based on the common protection performance dimension, and updating the safety protection firmware of the attack protection service system according to the common safety protection firmware.
5. The big data information security-based safety protection index optimization method according to claim 4, wherein the step of obtaining common protection linkage data among the safety protection supporting firmware according to the obtained simulated protection event data of the safety protection supporting firmware under a plurality of simulated safety protection scenes comprises the steps of:
acquiring simulated protection event data supporting safety protection firmware under a plurality of simulated safety protection scenes;
determining simulated protection linkage data of the safety protection supporting firmware under a plurality of simulated safety protection scenes based on the simulated protection event data of the safety protection supporting firmware under the plurality of simulated safety protection scenes;
and acquiring common protection linkage data among the supporting safety protection firmware based on the simulated protection linkage data of the supporting safety protection firmware under the plurality of simulated safety protection scenes.
6. The big data information security-based safety protection index optimization method according to claim 5, wherein the determining the simulated protection linkage data of the safety protection supporting firmware under the plurality of simulated safety protection scenes based on the simulated protection event data of the safety protection supporting firmware under the plurality of simulated safety protection scenes comprises:
generating protection participation activity data of the safety protection supporting firmware under a plurality of simulated safety protection scenes based on the simulated protection event data of the safety protection supporting firmware under the plurality of simulated safety protection scenes;
performing simulated protection linkage excavation on the protection participation activity data to obtain simulated protection linkage data of the supporting safety protection firmware under the plurality of simulated safety protection scenes;
the generating protection participation activity data of the safety protection supporting firmware under a plurality of simulated safety protection scenes based on the simulated protection event data of the safety protection supporting firmware under the plurality of simulated safety protection scenes comprises:
generating first protection participation activity data, second protection participation activity data and third protection participation activity data respectively based on the simulation protection event data of the safety protection supporting firmware under a plurality of simulation safety protection scenes; the first protection participation activity data is used for representing activity associated information between simulated protection activity category data and simulated protection linkage data, the second protection participation activity data is used for representing activity associated information between the simulated protection linkage data and presumed activity item data, and the third protection participation activity data is used for representing activity associated information between the simulated protection activity category data and the presumed activity item data;
respectively analyzing the first protection participation activity data, the second protection participation activity data and the third protection participation activity data into protection participation activity data of the safety protection supporting firmware under the plurality of simulated safety protection scenes;
if the protection participation activity data is the first protection participation activity data or the second protection participation activity data, performing simulated protection linkage mining on the protection participation activity data, and obtaining simulated protection linkage data of the support safety protection firmware under the plurality of simulated safety protection scenes comprises: carrying out simulated protection linkage excavation on the protection participation activity data to obtain simulated protection linkage data serving as simulated protection linkage data of the safety protection supporting firmware in a corresponding simulated safety protection scene;
if the protection participation activity data is the third protection participation activity data, performing simulated protection linkage mining on the protection participation activity data, and acquiring simulated protection linkage data of the support safety protection firmware under the plurality of simulated safety protection scenes comprises:
carrying out simulated protection linkage excavation on the protection participation activity data to obtain the presumed activity item data in the support safety protection firmware;
protection linkage matching data of the presumed activity item data in the safety protection supporting firmware is obtained and used as protection linkage matching data corresponding to the presumed activity item data;
and acquiring simulated protection linkage data based on the estimated activity item data and the corresponding protection linkage matching data, wherein the simulated protection linkage data is used as the simulated protection linkage data of the safety protection supporting firmware in the corresponding simulated safety protection scene.
7. The safety protection index optimization method based on big data information safety according to claim 5, wherein the obtaining of the common protection linkage data among each safety protection supporting firmware based on the simulated protection linkage data of the safety protection supporting firmware under the plurality of simulated safety protection scenes comprises:
determining protection linkage common characteristic information of every two pieces of support safety protection firmware under a plurality of simulated safety protection scenes based on the simulated safety protection linkage data of the support safety protection firmware under the plurality of simulated safety protection scenes;
obtaining common protection linkage data between every two pieces of support safety protection firmware based on protection linkage common characteristic information of every two pieces of support safety protection firmware under a plurality of simulated safety protection scenes;
the obtaining of the common protection linkage data between each two pieces of support safety protection firmware based on the protection linkage common characteristic information of each two pieces of support safety protection firmware under the plurality of simulated safety protection scenes comprises:
inputting protection linkage common characteristic information of every two pieces of support safety protection firmware under a plurality of simulated safety protection scenes into a common decision model for model parameter convergence;
confirming the common decision information among the protection linkage common characteristic information through the common decision model;
acquiring protection linkage matching data of each protection linkage common characteristic information and protection linkage matching data of each common decision information;
and determining to obtain the common protection linkage data among the supporting safety protection firmware based on the common characteristic information of each protection linkage and the corresponding protection linkage matching data, the common decision information and the corresponding protection linkage matching data.
8. The big data information security-based safety protection index optimization method according to claim 7, wherein the training process of the common decision model comprises:
the method comprises the steps that protection linkage common characteristic information and corresponding first protection linkage matching data of example common safety protection firmware under a plurality of simulated safety protection scenes are obtained, common decision information and corresponding second protection linkage matching data of each protection linkage common characteristic information are obtained, and example common protection linkage data of each example common safety protection firmware are obtained;
based on protection linkage common feature information of example common safety protection firmware in a plurality of simulated safety protection scenes and corresponding first protection linkage matching data, common decision information among each protection linkage common feature information and corresponding second protection linkage matching data, performing model configuration on the common decision model to obtain a common decision model with model parameter convergence;
obtaining a loss function value between common protection linkage data output by the common decision model with the converged model parameters and corresponding example common protection linkage data;
and when the loss function value is not less than the objective function value, optimizing the first protection linkage matching data and the second protection linkage matching data based on the loss function value, and performing traversal training on the common decision model based on the optimized first protection linkage matching data and the optimized second protection linkage matching data until the loss function value obtained by the common decision model based on model parameter convergence is less than the objective function value.
9. The big data information security-based safety protection index optimization method according to any one of claims 4 to 8, wherein after determining the common safety protection firmware based on the common protection performance dimension of each supporting safety protection firmware, the method comprises:
acquiring the firmware upgrading server supporting the safety protection firmware;
configuring the common safety protection firmware supporting the safety protection firmware based on the common protection performance dimension into a firmware upgrading module corresponding to the firmware upgrading server;
configuring the firmware upgrading module;
wherein the method further comprises:
receiving a firmware upgrading instruction sent by the attack protection service system; the firmware upgrading instruction is provided with a firmware upgrading ID corresponding to the firmware upgrading server;
extracting shared safety protection firmware based on shared protection performance dimensionality from a firmware upgrading module corresponding to the firmware upgrading server;
and sending the firmware upgrading information related to the shared safety protection firmware based on the shared protection performance dimension to the attack protection service system.
10. An AI system, comprising a processor and a machine-readable storage medium having a computer program stored thereon, the computer program being loaded and executed by the processor to implement the big data information security-based safety protection index optimization method according to any one of claims 1 to 9.
CN202111413753.1A 2021-11-25 2021-11-25 Safety protection index optimization method based on big data information safety and artificial intelligence system Active CN114143059B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111413753.1A CN114143059B (en) 2021-11-25 2021-11-25 Safety protection index optimization method based on big data information safety and artificial intelligence system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111413753.1A CN114143059B (en) 2021-11-25 2021-11-25 Safety protection index optimization method based on big data information safety and artificial intelligence system

Publications (2)

Publication Number Publication Date
CN114143059A true CN114143059A (en) 2022-03-04
CN114143059B CN114143059B (en) 2022-08-02

Family

ID=80391738

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111413753.1A Active CN114143059B (en) 2021-11-25 2021-11-25 Safety protection index optimization method based on big data information safety and artificial intelligence system

Country Status (1)

Country Link
CN (1) CN114143059B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114692168A (en) * 2022-04-13 2022-07-01 哈尔滨尚展科技开发有限公司 Cloud service application program vulnerability analysis method and system based on attack big data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160205122A1 (en) * 2013-04-10 2016-07-14 Gabriel Bassett System and Method for Cyber Security Analysis and Human Behavior Prediction
US10902114B1 (en) * 2015-09-09 2021-01-26 ThreatQuotient, Inc. Automated cybersecurity threat detection with aggregation and analysis
CN113297578A (en) * 2021-06-25 2021-08-24 深圳市合美鑫精密电子有限公司 Information perception method and information security system based on big data and artificial intelligence
CN113297393A (en) * 2021-06-25 2021-08-24 深圳市合美鑫精密电子有限公司 Situation awareness and big data based information generation method and information security system
CN113312670A (en) * 2021-06-11 2021-08-27 广州瑞丰互联科技有限公司 Data display method based on safety big data and artificial intelligence and cloud computing system
CN113472754A (en) * 2021-06-16 2021-10-01 丁祥云 Security protection configuration method based on network security big data and network security system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160205122A1 (en) * 2013-04-10 2016-07-14 Gabriel Bassett System and Method for Cyber Security Analysis and Human Behavior Prediction
US10902114B1 (en) * 2015-09-09 2021-01-26 ThreatQuotient, Inc. Automated cybersecurity threat detection with aggregation and analysis
CN113312670A (en) * 2021-06-11 2021-08-27 广州瑞丰互联科技有限公司 Data display method based on safety big data and artificial intelligence and cloud computing system
CN113472754A (en) * 2021-06-16 2021-10-01 丁祥云 Security protection configuration method based on network security big data and network security system
CN113297578A (en) * 2021-06-25 2021-08-24 深圳市合美鑫精密电子有限公司 Information perception method and information security system based on big data and artificial intelligence
CN113297393A (en) * 2021-06-25 2021-08-24 深圳市合美鑫精密电子有限公司 Situation awareness and big data based information generation method and information security system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114692168A (en) * 2022-04-13 2022-07-01 哈尔滨尚展科技开发有限公司 Cloud service application program vulnerability analysis method and system based on attack big data

Also Published As

Publication number Publication date
CN114143059B (en) 2022-08-02

Similar Documents

Publication Publication Date Title
CN114143060B (en) Information security prediction method based on artificial intelligence prediction and big data security system
CN101299691B (en) Method for detecting dynamic gridding instruction based on artificial immunity
CN113704771B (en) Service vulnerability mining method based on artificial intelligence analysis and big data mining system
CN114238958A (en) Intrusion detection method and system based on traceable clustering and graph serialization
CN113360349A (en) Information optimization method based on big data and cloud service and artificial intelligence monitoring system
CN114143059B (en) Safety protection index optimization method based on big data information safety and artificial intelligence system
CN115422472A (en) User attention demand decision method based on artificial intelligence recognition and big data system
CN114647790A (en) Big data mining method and cloud AI (Artificial Intelligence) service system applied to behavior intention analysis
CN111726351A (en) Bagging-improved GRU parallel network flow abnormity detection method
CN117336011A (en) Mining behavior detection method and device, electronic equipment and storage medium
CN116737850A (en) Graph neural network model training method for APT entity relation prediction
CN113704751B (en) Vulnerability repairing method based on artificial intelligence decision and big data mining system
CN114978765B (en) Big data processing method for information attack defense and AI attack defense system
CN114201199B (en) Protection upgrading method based on big data of information security and information security system
CN113098883B (en) Block chain and big data based security protection method and block chain service system
CN116707859A (en) Feature rule extraction method and device, and network intrusion detection method and device
CN112925831A (en) Big data mining method and big data mining service system based on cloud computing service
CN114780967A (en) Mining evaluation method based on big data vulnerability mining and AI vulnerability mining system
WO2020153150A1 (en) Graph summarizing device, graph summarizing method, and program
CN114443970A (en) Artificial intelligence and big data based digital content pushing method and AI system
CN114238992A (en) Threat vulnerability mining method based on big information security data and information security system
CN113098884A (en) Network security monitoring method based on big data, cloud platform system and medium
CN109902831B (en) Service decision processing method and device
CN113098886B (en) Protection operation service configuration method based on artificial intelligence and block chain system
CN113269535B (en) Human resource management method and system based on big data analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220523

Address after: 542800 No. 1, Anshan West Road, Babu District, Hezhou City, Guangxi Zhuang Autonomous Region

Applicant after: Zhou Quan

Address before: 261000 No. 1010, Taihua business building, 360 Dongfeng East Street, Kuiwen District, Weifang City, Shandong Province

Applicant before: Weifang Anxin Intelligent Technology Co.,Ltd.

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220713

Address after: Room 101, building 1, No. 66, Zhonghui Road, Suzhou Industrial Park, Suzhou City, Jiangsu Province

Applicant after: Jiangsu Renjia Information Technology Co.,Ltd.

Address before: 542800 No. 1, Anshan West Road, Babu District, Hezhou City, Guangxi Zhuang Autonomous Region

Applicant before: Zhou Quan

GR01 Patent grant
GR01 Patent grant