CN114254130A - Relation extraction method of network security emergency response knowledge graph - Google Patents
Relation extraction method of network security emergency response knowledge graph Download PDFInfo
- Publication number
- CN114254130A CN114254130A CN202210184821.XA CN202210184821A CN114254130A CN 114254130 A CN114254130 A CN 114254130A CN 202210184821 A CN202210184821 A CN 202210184821A CN 114254130 A CN114254130 A CN 114254130A
- Authority
- CN
- China
- Prior art keywords
- vector
- network security
- extracting
- convolution
- emergency response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/36—Creation of semantic tools, e.g. ontology or thesauri
- G06F16/367—Ontology
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/30—Semantic analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computational Linguistics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Data Mining & Analysis (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Computing Systems (AREA)
- Molecular Biology (AREA)
- Evolutionary Computation (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Biophysics (AREA)
- Animal Behavior & Ethology (AREA)
- Databases & Information Systems (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Machine Translation (AREA)
Abstract
The invention discloses a relation extraction method of a network security emergency response knowledge graph, which comprises the following steps: giving a network security response knowledge text; vectorizing the knowledge text data, extracting vocabularies in the network security response knowledge text, and mapping the vocabularies to a K-dimensional vocabulary vector; extracting the position vector corresponding to the vocabulary vector and combining the current word entityAnd entitiesThe relative distance between them is converted into vector representation; extracting semantic features of sentences by adopting a residual segmented convolutional neural network JRpcnn to form feature vectors,taking the vocabulary vectors and the position vectors corresponding to the vocabulary vectors as input residual error segmented convolution neural network JRpcnn; the method has the characteristics of effectively reducing the influence of noise data on remote supervision and more accurately extracting the entity relation from the network security emergency response text.
Description
Technical Field
The invention relates to the field of network security emergency response, in particular to a relation extraction method of a network security emergency response knowledge graph.
Background
Network security emergency response refers to the computer dealing with a possible threat and what to do after the threat has occurred, based on its internally stored relevant security knowledge. The traditional network security passive defense method is difficult to rapidly deal with increasingly complex threats, people continuously innovate in the field of network security, and therefore the standard provided by the capability and efficiency of emergency command for dealing with unusual situations is higher. Therefore, people propose to use the knowledge graph to process the network security problem, the knowledge graph is a new idea for analyzing and processing data in the network security analysis, and the network security emergency response knowledge graph is generated due to operation. The network security emergency response knowledge graph is a data-driven, linear, very computationally powerful tool. Personnel working in network security can intuitively know the relationship between network security entities and entities through a network security emergency response knowledge-graph, such as exploitation relationship between malicious software and vulnerabilities, affiliation relationship between attackers and organizations, and relationship between software and vulnerabilities, thereby better dealing with network security problems. After extracting the entities from the network security emergency response text base, the obtained entities are very dispersed entities, and the relation between the entities needs to be known in order to obtain further information. Relationship extraction is a very important task for constructing a network security emergency response knowledge graph from unstructured data.
The Relationship Extraction (RE) is part of Natural Language Processing (NLP) and this part is very important. There are many relationship extraction methods such as bootstrapping, unsupervised relationship discovery and supervised classification. Most existing Relationship Extraction (RE) methods require a large amount of labeled relationship-specific training data, which is very time-consuming and laborious. The remote supervision strategy is an effective and effective method for automatically marking the training data. However, the assumption in the remote supervision approach is too strong, often leading to tag error problems. Therefore, in the framework of remote supervised learning, some recent efforts attempt to use deep neural networks for relationship prediction. Therefore, it is urgently needed to provide a relationship extraction method of a network security emergency response knowledge graph to solve the above problems.
Disclosure of Invention
Therefore, a relation extraction method of the network security emergency response knowledge graph is needed to be provided, influence of noise data on remote supervision is reduced, and a firm foundation is laid for subsequently establishing the network security emergency response knowledge graph.
In order to achieve the above object, the inventor provides a relationship extraction method of a network security emergency response knowledge-graph, comprising the following steps:
s1: giving a network security response knowledge text;
s2: vectorizing the knowledge text data, namely extracting words in the network security response knowledge text, and mapping the words to a K-dimensional word vector;
s3: extracting the position vector corresponding to the vocabulary vector by adopting a position vector mapping method, namely extracting the current word entityAnd entitiesRelative distance between them, converted into vector representation by embedding;
s4: extracting semantic features of sentences by adopting a residual segmented convolutional neural network JRpcnn to form feature vectors, namely using the vocabulary vectors obtained in the steps S2 and S3 and the position vectors corresponding to the vocabulary vectors as the input of the residual segmented convolutional neural network JRpcnn;
s5: the feature vectors derived in step S4 are further processed using the multiple instance attention mechanism MIT and entity relationships are obtained.
As a preferred embodiment of the present invention, step S2: vectorizing the knowledge text data, namely extracting vocabularies in the network security response knowledge text, and mapping the vocabularies to a K-dimensional vocabulary vector, comprises the following steps:
s201: inputting an original network security emergency response knowledge text, and converting each input word mark into a vector by searching a pre-trained word embedding;
s202: for a given sentenceThe method comprises the steps that n words are formed, each word is mapped to a low-dimensional real value vector space by using a word2vec model, One-Hot codes of the words are input by the word2vec, and then the output is obtained through a hidden layer of a neural network;
s203: then, the sentence is executed with word vector processing, finally, the vector representation of each word in the sentence is obtained, and a word vector query matrix is formedEach input training sequence queries the matrix by a word vectorMapping to obtain corresponding vocabulary vector。
As a preferred embodiment of the present invention, step S3: the method for extracting the position vector corresponding to the vocabulary vector by adopting the position vector mapping representation method, namely converting the relative distance between the current word entity and the entity into vector representation by embedding comprises the following steps:
s301: defined as from the current word to the entity by pfAnd entitiesRandomly initializing two position-embedding matricesAndconverting the relative distance into a vocabulary vector by searching the position embedding matrix;
s302: in sentence position vectorization, if the dimension of the vocabulary vector isThe position vector dimension isThen the sentence vector dimension isThe combination of the vocabulary vector and the position vector forms a sentence vectorThe sentence vector Q is then fed back to the convolution portion.
As a preferred embodiment of the present invention, step S4: extracting semantic features of sentences by adopting a residual segmented convolutional neural network JRpcnn to form feature vectors, namely using the vocabulary vectors obtained in the steps S2 and S3 and the position vectors corresponding to the vocabulary vectors as the input of the residual segmented convolutional neural network JRpcnn, and comprising the following steps:
s401: extracting semantic information of a network security emergency response knowledge text by adopting a residual error segmented convolutional neural network JRpcnn, wherein two convolutional layers form a residual error block, and an activation function Relu is adopted for nonlinear mapping after each convolutional layer;
s402: convolution is an operation between a convolution kernel W and an input vector q sequence, where the convolution kernel W is a weight matrix and the convolution kernel W is used as a convolution filter, and the convolution operation can be expressed as:
wherein i and j representN is the number of convolution kernels, s is the dimensionality of the sentence vector, w is the dimensionality of the convolution kernels,to representToThe connection of (2).
The result of one convolution yields a matrix:
as a preferred embodiment of the present invention, the method further comprises the steps of:
s403: the dimensionality of all convolution kernels in the residual error segmentation convolution neural network is w, and boundary filling operation is adopted, and the convolution kernels of two layers of convolution areThe result obtained after the first layer convolution of the residual block is known as step S401The result obtained after the second layer convolution isWherein,Is an offset vector, the output vector of the residual convolutional block is C = f (x) + x, where f (x) is the output result of the second convolutional layer, x is the input of the first convolutional layer;
s404: after the convolutional layer obtains semantic features, further extracting the most representative local features through a pooling layer, and adopting a segmented maximum pooling process, wherein the formula is as follows:
for the output of each pooled layer convolution kernel, we can obtain a 3-dimensional vectorAnd then concatenates all convolution kernel segmented pooling layer outputs intoAnd then the nonlinear function output is as follows:
As a preferred embodiment of the present invention, step S5: further processing the feature vectors obtained in step S4 using the multiple instance attention mechanism MIT, and obtaining entity relationships comprises the steps of:
s501: vector for an instance setThe example set vector describes a corresponding network security emergency response entity pairWhereinRepresents the output of the neural network;
s502: computing instance vectorsAnd the correlation degree r, and calculating an example set vector S, wherein the calculation formula of the example set vector S is as follows:
the computation of the instance set vector S depends on each instance in the set;
whereinIs an input instance vectorFor measuring the correlation of the correspondence r,the calculation formula of (a) is as follows:
is a basic query function, which represents the matching degree between the output vector g and the prediction relation r;
s503: after calculating the value of the instance set vector S, the likelihood of the predicted relationship is calculated, p represents the likelihood of the predicted relationship, and the calculation formula of p is as follows:
wherein S describes a corresponding network security emergency response entity pair,is a previously defined relationship vector, b represents an offset vector,two entity pairs representing corresponding relationships,the calculation formula of (a) is as follows:
compared with the prior art, the method has the advantages that the influence of noise data on remote supervision can be reduced, the depth semantic features of sentences can be better extracted by using the depth residual errors, so that entity relations can be more accurately extracted from the network security emergency response texts, and a firm foundation is laid for the subsequent establishment of the network security emergency response knowledge graph.
Drawings
Fig. 1 is a frame diagram of a relationship extraction method of a network security emergency response knowledge-graph according to an embodiment.
Fig. 2 is a schematic diagram of a position code according to an embodiment.
FIG. 3 is a schematic diagram of a Word2vec model according to an embodiment.
FIG. 4 is a schematic diagram of a Skip-Gram model according to an embodiment.
Figure 5 is a graph of the trend of AUC results under cnn, pcnn and JRpcnn neural network models, in accordance with embodiments.
FIG. 6 is a graph of the trend of AUC results under the AVE, ONE and MIT mechanisms according to the embodiments.
Detailed Description
To explain technical contents, structural features, and objects and effects of the technical solutions in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
Referring to fig. 1 to 6 together, the knowledge graph is a new idea of analyzing and processing data in the network security emergency response, and in order to better associate the network security emergency response data to construct the knowledge graph, the embodiment provides a relationship extraction method for the knowledge graph of the network security emergency response. The method can accurately and quickly extract the relation between the entities in the network security emergency response text and can help to establish the network security emergency response knowledge graph more quickly, and the method can be used for each network company to establish the network security emergency response knowledge graph base.
As shown in fig. 1, the main structure of the method is as follows:
the input to the network is the original network security emergency response text. When using neural networks, we typically convert word tokens into low-dimensional vectors. In this embodiment, each input word token is converted to a vector by looking up the pre-trained word embedding. Furthermore, we use location features to designate each entity pair and represent these location features with a location vector.
For a given sentenceConsisting of n words, each word is mapped to a low-dimensional real-valued vector space, wo, using the word2vec (word vector generative model) modelThe general structure of the rd2vec model is shown in fig. 3, and word2vec inputs One-Hot coding (One-Hot coding) of the word and then outputs the word through a hidden layer of a neural network. The word2vec model is trained in a Skip-Gram (context word prediction algorithm based on the central word) manner, the general flow of which is shown in fig. 4, a word in a text is given, and then the word is used to predict the adjacent words above and below the word through a neural network.
Then, the sentence is executed with word vector processing, finally, the vector representation of each word in the sentence is obtained, and a word vector query moment is formed. Each input training sequence can query the matrix through the word vectorMapping to obtain corresponding real value vector。
In the task of extracting the relationship of the network security emergency response knowledge graph, the emphasis is placed on finding the relationship between entity pairs. Generally, the relation between entities is more emphasized by comparing words near the entities, and therefore, the position of each word in the sentence in two entities is also important in relation extraction. Pf is defined herein as the distance from the current word toAndcombinations of relative distances of (a). Random initialization of two-position embedded matrixAnd. Then theThe relative distance is converted to a real-valued vector by finding the position-embedding matrix. For example, the vectorization representation of "Jack find chrome has xs vss vulnerability (Jack finds Google browser has xss hole)" as shown in FIG. 2, where "chrome" and "xss" in the sentence correspond to the entities respectivelyAnd entities. Then, the distance from "Jack" to "chrome" is 2, and the distance from "vulnerability" to "xss" is-1.
In sentence position vectorization, if the word vector dimensionThe position vector dimension isThen the sentence vector dimension is:
the word vector and the position vector are combined to form a sentence vectorThe sentence vector Q is then fed back to the convolution portion.
In the relationship extraction in the network security emergency response knowledge graph establishing process, all local features are required to be utilized, and the prediction is carried out in a global scope. When using neural networks, the convolution method is the best way to combine all these features.
The embodiment designs a residual segmented neural network block for extracting semantic information of a network security emergency response knowledge sentence, wherein two convolutional layers form a residual block, and an activation function Relu is used for nonlinear mapping after each convolutional layer.
Convolution is an operation between a convolution kernel W, which is a weight matrix, and a sequence of input vectors q, with the convolution kernel W as a filter for convolution, and in the example shown in fig. 1, we assume that the size of the convolution kernel is set to W (W = 3). This embodiment defines Q as a sequenceWhereinIn general terms, the amount of the solvent to be used,refer toToThe connection of (2).
Convolution is to perform dot product on convolution kernel W and sequence q to obtain another sequence:
The value range of the index j is 1 to s + w-1, and in order to capture the capability of different features, multiple convolution kernels are generally required to be used in the convolution, and under the assumption that n convolution kernels are used, the convolution operation can be expressed as:
wherein i and j representN is a weight momentThe number of arrays, s is the dimension of the sentence vector, and w is the dimension of the convolution kernel.
The result of one convolution is a matrix
The sizes of all convolution kernels in the residual error segmentation convolution network are w, and in order to ensure that the size of a newly generated feature matrix is the same as that of an original feature matrix, boundary filling operation is adopted. The convolution kernel of the two-layer convolution is. The result obtained after the first layer convolution of the residual block is:
the result obtained after the second layer of convolution is:
wherein,Is the offset vector, the output vector of the residual convolutional block is C = f (x) + x, where f (x) is the output result of the second convolutional layer and x is the input of the first convolutional layer.
After the convolutional layer obtains semantic features, the most representative local features are further extracted through the pooling layer, and in order to obtain feature information of different sentence structures, a segmented maximum pool process is adopted. The output of each convolution kernel, as shown in FIG. 1Divided into 3 parts by two entitiesThe output dimension is a 3-dimensional vector:
the maximum pooling of segments is to take the maximum value of each part:
for the output of each pooled layer convolution kernel, we can obtain a 3-dimensional vector,and then concatenates all convolution kernel segmented pooling layer outputs intoThen, the output of the nonlinear function is:
In the method for extracting the relation of the network security emergency response knowledge map of the embodiment, the attention of the sentence level is established on a plurality of examples, and a vector is set for one example setThe example set describes a corresponding network security emergency response entity pairWhereinRepresenting the output of the neural network.
Example vectors are then computed hereinAnd the degree of association r. In order to reduce the influence of meaningless data and fully utilize semantic information contained in each instance in a set, a calculation formula of an instance set vector S is provided:(ii) a The calculation of the instance set vector S will depend on each instance in the set.
WhereinIs an input instance vectorIs used to measure the correlation of the correspondence r.The calculation formula of (a) is as follows:
is a basic query function that represents the degree of match between the output vector g and the prediction relation r.
After the value of S is calculated, the likelihood of the predicted relationship can be calculated, p represents the likelihood of the predicted relationship, and the calculation formula of p is as follows:
wherein S describes a corresponding network security emergency response entity pair,is a previously defined relationship vector, b represents an offset vector,two entity pairs representing corresponding relationships,the formula of (c) is as follows:
in the embodiment of the present invention, the network framework shown in fig. 1 needs to be trained in advance, and the specific details of the training phase are as follows:
the dataset used in this training is the Comprehensive, Multi-Source Cyber-Security Events dataset. The data set is obtained from various websites and various vulnerability databases on the network, wherein the data set comprises network text data such as network security and vulnerability information.
All network models in this embodiment are trained on Comprehensive, Multi-Source Cyber-Security Events (Comprehensive Multi-Source Cyber-Security) datasets.
To train the network model, the objective function is defined herein with cross-entropy loss.
The set of dimensions of the word vector input to the network is {50, 60.., 300}, and the set of dimensions of the position vector input is {1, 2.., 10 }.
Where the input window of the convolutional network is 3 in size and the hidden layer is 230 in size.
During the network model training process, Adam (Adam) optimizer is used for optimization training to set momentum by default, and the set momentum by default=0.9,= 0.999. The network model was first iteratively trained 60 times at a learning rate of 0.01, then iteratively trained 60 times at a learning rate of 0.001, and then learned 60 times at a learning rate of 0.0001. The set of batch sizes processed in one iteration is 40,160,640,1280. To prevent model overfitting, a dropout (random discard algorithm) method is employed herein, where the dropout rate is 0.5.
In order to verify the performance of the method, based on the above embodiment, this embodiment tests the model on Comprehensive, Multi-Source Cyber-Security Events data sets in combination with the online emergency response processing method. The model was evaluated using the commonly used precision-recall curve (P-r), AUC values and mean precision (P & n).
The experimental comparison of the model is mainly carried out in two aspects in the embodiment. On the one hand, cnn (convolutional neural network) algorithms with different performances are adopted, including traditional cnn (convolutional neural network), pcnn (segmented convolutional neural network) and JRpcnn (residual segmented convolutional neural network); the second aspect is based on how cnn/pcnn/JRpcnn uses the attention mechanism to boost the functionality of the model. Three different attention mechanisms were used for testing, namely AVE (average attention mechanism), ONE (single instance attention mechanism) and MIT (multiple instance attention mechanism). The test is carried out on different networks by using three attention mechanisms in a test stage, and then the test result is observed.
As can be seen from fig. 5, the value of AUC using JRpcnn is the largest using the same attention mechanism.
The relation extraction accuracy of the JRpcnn-MIT on the network safety emergency response data set is the highest, reaches 34.6 percent and is better than results obtained by other models, and the AUC value of the JRpcnn-MIT also reaches the highest 12.8 percent and is better than results obtained by other models.
The experimental result shows that compared with other model methods of network security data sets, the method provided by the embodiment has better result, namely the accuracy of the extraction relationship is higher, and the deep semantic information of the sentence can be better extracted. The introduction of the multi-instance attention mechanism method can effectively reduce redundant data in remote supervised learning. And then, based on a specific network security scene, a JRpcnn-MIT is applied to construct a network security emergency response knowledge graph, so that the capability of network security emergency response can be further enhanced.
It should be noted that, although the above embodiments have been described herein, the invention is not limited thereto. Therefore, based on the innovative concepts of the present invention, the technical solutions of the present invention can be directly or indirectly applied to other related technical fields by making changes and modifications to the embodiments described herein, or by using equivalent structures or equivalent processes performed in the content of the present specification and the attached drawings, which are included in the scope of the present invention.
Claims (6)
1. The method for extracting the relation of the network security emergency response knowledge graph is characterized by comprising the following steps of:
s1: giving a network security response knowledge text;
s2: vectorizing the knowledge text data, namely extracting words in the network security response knowledge text, and mapping the words to a K-dimensional word vector;
s3: extracting the position vector corresponding to the vocabulary vector by adopting a position vector mapping method, namely extracting the current word entityAnd entitiesRelative distance between them, converted into vector representation by embedding;
s4: extracting semantic features of sentences by adopting a residual segmented convolutional neural network JRpcnn to form feature vectors, namely using the vocabulary vectors obtained in the steps S2 and S3 and the position vectors corresponding to the vocabulary vectors as the input of the residual segmented convolutional neural network JRpcnn;
s5: the feature vectors derived in step S4 are further processed using the multiple instance attention mechanism MIT and entity relationships are obtained.
2. The method for extracting the relationship of the network security emergency response knowledge-graph according to claim 1, wherein the step S2: vectorizing the knowledge text data, namely extracting vocabularies in the network security response knowledge text, and mapping the vocabularies to a K-dimensional vocabulary vector, comprises the following steps:
s201: inputting an original network security emergency response knowledge text, and converting each input word mark into a vector by searching a pre-trained word embedding;
s202: for a given sentenceThe method comprises the steps that n words are formed, each word is mapped to a low-dimensional real value vector space by using a word2vec model, One-Hot codes of the words are input by the word2vec, and then the output is obtained through a hidden layer of a neural network;
3. The method for extracting the relationship of the network security emergency response knowledge-graph according to claim 2, wherein the step S3: the method for extracting the position vector corresponding to the vocabulary vector by adopting the position vector mapping representation method, namely converting the relative distance between the current word entity and the entity into vector representation by embedding comprises the following steps:
s301: defined as from the current word to the entity by pfAnd entitiesRandomly initializing two position-embedding matricesAndconverting the relative distance into a vocabulary vector by searching the position embedding matrix;
s302: in sentence position vectorization, if the dimension of the vocabulary vector isThe position vector dimension isThen the sentence vector dimension isThe combination of the vocabulary vector and the position vector forms a sentence vectorThe sentence vector Q is then fed back to the convolution portion.
4. The method for extracting the relationship of the network security emergency response knowledge-graph according to claim 3, wherein the step S4: extracting semantic features of sentences by adopting a residual segmented convolutional neural network JRpcnn to form feature vectors, namely using the vocabulary vectors obtained in the steps S2 and S3 and the position vectors corresponding to the vocabulary vectors as the input of the residual segmented convolutional neural network JRpcnn, and comprising the following steps:
s401: extracting semantic information of a network security emergency response knowledge text by adopting a residual error segmented convolutional neural network JRpcnn, wherein two convolutional layers form a residual error block, and an activation function Relu is adopted for nonlinear mapping after each convolutional layer;
s402: convolution is an operation between a convolution kernel W and an input vector q sequence, where the convolution kernel W is a weight matrix and the convolution kernel W is used as a convolution filter, and the convolution operation can be expressed as:
wherein i and j representN is the number of convolution kernels, s is the dimensionality of the sentence vector, w is the dimensionality of the convolution kernels,to representToThe connection of (1);
the result of one convolution yields a matrix:
5. the method for extracting the relationship of the network security emergency response knowledge-graph according to claim 4, further comprising the steps of:
s403: the dimensionality of all convolution kernels in the residual error segmentation convolution neural network is w, and boundary filling operation is adopted, and the convolution kernels of two layers of convolution areThe result obtained after the first layer convolution of the residual block is known as step S401The result obtained after the second layer convolution isWherein,Is an offset vector, the output vector of the residual convolutional block is C = f (x) + x, where f (x) is the output result of the second convolutional layer, x is the input of the first convolutional layer;
s404: after the convolutional layer obtains semantic features, further extracting the most representative local features through a pooling layer, and adopting a segmented maximum pooling process, wherein the formula is as follows:
for the output of each pooled layer convolution kernel, we can obtain a 3-dimensional vectorAnd then concatenates all convolution kernel segmented pooling layer outputs intoAnd then the nonlinear function output is as follows:
6. The relationship extraction method of the network security emergency response knowledge-graph of claim 5, wherein: step S5: further processing the feature vectors obtained in step S4 using the multiple instance attention mechanism MIT, and obtaining entity relationships comprises the steps of:
s501: vector for an instance setThe example set vector describes a corresponding network security emergency response entity pairWhereinRepresents the output of the neural network;
s502: computing instance vectorsAnd the correlation degree r, and calculating an example set vector S, wherein the calculation formula of the example set vector S is as follows:
the computation of the instance set vector S depends on each instance in the set;
whereinIs an input instance vectorFor measuring the correlation of the correspondence r,the calculation formula of (a) is as follows:
is a basic query function, which represents the matching degree between the output vector g and the prediction relation r;
s503: after calculating the value of the instance set vector S, the likelihood of the predicted relationship is calculated, representing the likelihood of the predicted relationship, and p is calculated as follows:
wherein S describes a corresponding network security emergency response entity pair,is a previously defined relationship vector, b represents an offset vector,two entity pairs representing corresponding relationships,the calculation formula of (a) is as follows:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210184821.XA CN114254130A (en) | 2022-02-28 | 2022-02-28 | Relation extraction method of network security emergency response knowledge graph |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210184821.XA CN114254130A (en) | 2022-02-28 | 2022-02-28 | Relation extraction method of network security emergency response knowledge graph |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114254130A true CN114254130A (en) | 2022-03-29 |
Family
ID=80800004
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210184821.XA Pending CN114254130A (en) | 2022-02-28 | 2022-02-28 | Relation extraction method of network security emergency response knowledge graph |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114254130A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115622806A (en) * | 2022-12-06 | 2023-01-17 | 南京众智维信息科技有限公司 | Network intrusion detection method based on BERT-CGAN |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110619121A (en) * | 2019-09-18 | 2019-12-27 | 江南大学 | Entity relation extraction method based on improved depth residual error network and attention mechanism |
CN111241303A (en) * | 2020-01-16 | 2020-06-05 | 东方红卫星移动通信有限公司 | Remote supervision relation extraction method for large-scale unstructured text data |
CN112989048A (en) * | 2021-03-29 | 2021-06-18 | 华南理工大学 | Network security domain relation extraction method based on dense connection convolution |
-
2022
- 2022-02-28 CN CN202210184821.XA patent/CN114254130A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110619121A (en) * | 2019-09-18 | 2019-12-27 | 江南大学 | Entity relation extraction method based on improved depth residual error network and attention mechanism |
CN111241303A (en) * | 2020-01-16 | 2020-06-05 | 东方红卫星移动通信有限公司 | Remote supervision relation extraction method for large-scale unstructured text data |
CN112989048A (en) * | 2021-03-29 | 2021-06-18 | 华南理工大学 | Network security domain relation extraction method based on dense connection convolution |
Non-Patent Citations (1)
Title |
---|
王晓霞等: "基于注意力与图卷积网络的关系抽取模型", 《计算机应用》, vol. 41, no. 2, 31 December 2021 (2021-12-31), pages 352 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115622806A (en) * | 2022-12-06 | 2023-01-17 | 南京众智维信息科技有限公司 | Network intrusion detection method based on BERT-CGAN |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Gao et al. | Topology-aware graph pooling networks | |
Nguyen et al. | Relation extraction: Perspective from convolutional neural networks | |
US20230031738A1 (en) | Taxpayer industry classification method based on label-noise learning | |
CN101894130B (en) | Sparse dimension reduction-based spectral hash indexing method | |
CN109948149B (en) | Text classification method and device | |
CN110929080B (en) | Optical remote sensing image retrieval method based on attention and generation countermeasure network | |
CN110619034A (en) | Text keyword generation method based on Transformer model | |
CN113806746B (en) | Malicious code detection method based on improved CNN (CNN) network | |
US9141877B2 (en) | Method for context aware text recognition | |
CN111931935B (en) | Network security knowledge extraction method and device based on One-shot learning | |
CN111241303A (en) | Remote supervision relation extraction method for large-scale unstructured text data | |
CN113315789B (en) | Web attack detection method and system based on multi-level combined network | |
CN109190521B (en) | Construction method and application of face recognition model based on knowledge purification | |
JP6738769B2 (en) | Sentence pair classification device, sentence pair classification learning device, method, and program | |
CN113742733B (en) | Method and device for extracting trigger words of reading and understanding vulnerability event and identifying vulnerability type | |
CN110602120B (en) | Network-oriented intrusion data detection method | |
CN114297079B (en) | XSS fuzzy test case generation method based on time convolution network | |
CN114237621A (en) | Semantic code searching method based on fine-grained common attention mechanism | |
CN114429132A (en) | Named entity identification method and device based on mixed lattice self-attention network | |
CN116527357A (en) | Web attack detection method based on gate control converter | |
US11562133B2 (en) | System and method for detecting incorrect triple | |
CN116432184A (en) | Malicious software detection method based on semantic analysis and bidirectional coding characterization | |
CN114254130A (en) | Relation extraction method of network security emergency response knowledge graph | |
Wang et al. | File fragment type identification with convolutional neural networks | |
CN113076744A (en) | Cultural relic knowledge relation extraction method based on convolutional neural network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220329 |
|
RJ01 | Rejection of invention patent application after publication |