CN114399190B - Risk behavior identification method and system for big data information security - Google Patents

Risk behavior identification method and system for big data information security Download PDF

Info

Publication number
CN114399190B
CN114399190B CN202210026614.1A CN202210026614A CN114399190B CN 114399190 B CN114399190 B CN 114399190B CN 202210026614 A CN202210026614 A CN 202210026614A CN 114399190 B CN114399190 B CN 114399190B
Authority
CN
China
Prior art keywords
security threat
big data
tag
risk behavior
risk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210026614.1A
Other languages
Chinese (zh)
Other versions
CN114399190A (en
Inventor
张春艳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Dingbang Information Technology Co ltd
Original Assignee
Shenzhen Dingbang Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Dingbang Information Technology Co ltd filed Critical Shenzhen Dingbang Information Technology Co ltd
Priority to CN202210026614.1A priority Critical patent/CN114399190B/en
Priority to CN202211080114.2A priority patent/CN115456390A/en
Publication of CN114399190A publication Critical patent/CN114399190A/en
Application granted granted Critical
Publication of CN114399190B publication Critical patent/CN114399190B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06393Score-carding, benchmarking or key performance indicator [KPI] analysis

Landscapes

  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Development Economics (AREA)
  • Educational Administration (AREA)
  • Operations Research (AREA)
  • Marketing (AREA)
  • Game Theory and Decision Science (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Alarm Systems (AREA)
  • Position Fixing By Use Of Radio Waves (AREA)

Abstract

The invention provides a risk behavior identification method and a system aiming at big data information security, which can optimize user operation behavior expectation description through a security threat tag pairing index, can enable the user operation behavior expectation description corresponding to the big risk behavior data of the same data information security threat tag to be in a state with smaller characteristic discrimination, and ensure that the user operation behavior expectation description corresponding to the big risk behavior data of the data information security threat tag with difference is in a state with larger characteristic discrimination as much as possible, thus being beneficial to ensuring the anti-interference performance of the user operation behavior expectation description, being beneficial to obtaining the integral positioning description (such as distribution condition) of the user operation behavior expectation description, and being beneficial to ensuring the positioning accuracy and reliability of the data information security threat tag.

Description

Risk behavior identification method and system for big data information security
Technical Field
The invention relates to the technical field of big data, in particular to a risk behavior identification method and system aiming at big data information safety.
Background
With the advent of the big data era, enterprise data is rapidly increased, and various data are scattered in multiple positions such as a cloud end, a mobile device, a relational database, a big database platform, a PC end and a collector end, which presents a greater challenge to data security. The diversification of big data services, data dispersion, various system types, complex application environments and the like make data possibly have risks in most stages. Therefore, a targeted big data information security technical measure needs to be provided to adopt a reasonable comprehensive management and control means to achieve safety compliance and safety protection. In order to guarantee the quality of big data information security protection, the preorder link generally needs to identify and position different risks or threats, however, the related technology is difficult to guarantee the positioning accuracy and reliability.
Disclosure of Invention
The invention provides a risk behavior identification method and system aiming at big data information safety.
The first aspect is a risk behavior identification method for big data information security, which includes: determining user operation behavior expectation descriptions of a plurality of risk behavior big data and a security threat tag pairing index not lower than one risk behavior big data binary group, wherein the risk behavior big data cover risk behavior big data used for assisting in positioning of a security threat tag and risk behavior big data to be positioned of the security threat tag, every two risk behavior big data in the risk behavior big data are used as one risk behavior big data binary group, and the security threat tag pairing index represents quantitative evaluation that the risk behavior big data binary group points to the same data information security threat tag; optimizing user operation behavior expectation descriptions of a plurality of risk behavior big data through a security threat tag pairing index; obtaining the security threat tag positioning condition of risk behavior big data to be subjected to security threat tag positioning through the optimized user operation behavior expectation description; the positioning condition of the security threat tag aims to reflect a data information security threat tag corresponding to the risk behavior big data to be subjected to security threat tag positioning.
The method comprises the steps of implementing the content, determining user operation behavior expectation descriptions of a plurality of risk behavior big data and a security threat tag matching index not lower than one risk behavior big data binary group, wherein the plurality of risk behavior big data cover the risk behavior big data used for assisting in positioning the security threat tag and the risk behavior big data to be positioned by the security threat tag, every two risk behavior big data in the plurality of risk behavior big data are used as one risk behavior big data binary group, the security threat tag matching index represents quantitative evaluation that the risk behavior big data binary group points to the same data information security threat tag, and the user operation behavior expectation descriptions are optimized through the security threat tag matching index, so that the security threat tag positioning condition of the risk behavior big data to be positioned by the optimized user operation behavior expectation descriptions is obtained, and the security threat tag positioning condition aims to reflect the data information security threat tag corresponding to the risk behavior big data to be positioned by the security threat tag.
Therefore, by optimizing the user operation behavior expectation description through the security threat tag pairing index, the user operation behavior expectation description corresponding to the risk behavior big data of the same data information security threat tag can be in a state with small feature discrimination, and the user operation behavior expectation description corresponding to the risk behavior big data of the data information security threat tag with difference can be ensured to be in a state with large feature discrimination as much as possible, so that the anti-interference performance of the user operation behavior expectation description can be favorably ensured, meanwhile, the overall positioning description (such as the distribution situation) of the user operation behavior expectation description can be favorably acquired, and the positioning accuracy and the positioning reliability of the data information security threat tag can be favorably ensured.
In one illustrative embodiment, determining a security threat tag localization case of risk behavior big data to be security threat tag localized by completing optimized user operation behavior expectation description comprises: carrying out AI-based classification and identification operation through the optimized user operation behavior expectation description to obtain a classification and identification result, wherein the classification and identification result comprises the first label position credibility that the risk behavior big data to be subjected to security threat label positioning points to at least one prior type security threat label, and the prior type security threat label is a data information security threat label corresponding to the risk behavior big data for assisting in the security threat label positioning; and obtaining the positioning condition of the security threat label based on the position credibility of the first label.
Therefore, classification identification operation based on AI is carried out through the optimized user operation behavior expectation description to obtain a classification identification result, the classification identification result comprises that the risk behavior big data to be subjected to security threat label positioning points to the first label positioning confidence coefficient of at least one prior type security threat label, so that the security threat label positioning condition is obtained based on the first label positioning confidence coefficient, further, the identification can be carried out on the premise that the optimized user operation behavior expectation description is finished through the security threat label pairing index, the risk behavior big data to be subjected to security threat label positioning points to the first label positioning confidence coefficient of at least one data information security threat label, and further, the identification accuracy can be improved.
In an exemplary embodiment, the classification recognition result further covers risk behavior big data for assisting security threat tag positioning pointing to a second tag positioning confidence of not less than one prior security threat tag; before obtaining a security threat tag location condition based on the first tag location confidence level, the method further includes: optimizing a security threat tag pairing index through a classification recognition result on the basis that the accumulated value of the classification recognition operation based on AI meets the specified requirement; and optimizing the user operation behavior expectation description of a plurality of risk behavior big data through the security threat tag pairing index again, and obtaining the security threat tag positioning condition based on the first tag positioning reliability on the basis that the accumulated value of the classification identification operation based on AI does not meet the specified requirement.
The design is that the classification recognition result is configured to also cover the situation that the risk behavior big data used for assisting in positioning the security threat tag points to the second tag positioning confidence coefficient of at least one prior type security threat tag, before the security threat tag positioning situation is obtained based on the first tag positioning confidence coefficient, the security threat tag pairing index is optimized through the classification recognition result further on the basis that the accumulated value of the AI-based classification recognition operation meets the specified requirement, the user operation behavior expectation description is optimized through the security threat tag pairing index again, and the security threat tag positioning situation is obtained based on the first tag positioning confidence coefficient on the basis that the accumulated value of the AI-based classification recognition operation does not meet the specified requirement. Therefore, on the basis that the accumulated value of the classified identification operation based on the AI meets the specified requirement, the safety threat tag pairing index is optimized by pointing the risk behavior big data to be subjected to the safety threat tag positioning to the first tag positioning confidence coefficient of at least one prior type safety threat tag and pointing the risk behavior big data used for assisting the safety threat tag positioning to the second tag positioning confidence coefficient of at least one prior type safety threat tag, so that the interference resistance of the safety threat tag differentiation degree is improved, meanwhile, the user operation behavior expectation description is optimized by constantly completing the optimized safety threat tag differentiation degree, so that the interference resistance of the user operation behavior expectation description is improved, so that the complementary relationship between the safety threat tag differentiation degree and the user operation behavior expectation description is presented, and on the basis that the accumulated value of the classified identification operation based on the AI does not meet the specified requirement, the safety tag positioning condition is obtained on the basis of the first tag positioning confidence coefficient, so that the accuracy and the reliability of the data information safety threat tag positioning can be improved.
In one illustrative embodiment, the security threat tag pairing index comprises: each risk behavior big data binary group points to the position credibility of a target label of the same data information security threat label; optimizing a security threat tag pairing index through classification recognition results, comprising: sequentially taking each risk behavior big data in the plurality of risk behavior big data as current risk behavior big data, and taking a risk behavior big data binary group containing the current risk behavior big data as a current risk behavior big data binary group; determining a global calculation result of target label positioning confidence coefficients of all current risk behavior big data binary groups of the current risk behavior big data as a global quantitative index of the current risk behavior big data; sequentially determining prior type tag positioning confidence coefficients of all current risk behavior big data binary groups pointing to the same data information security threat tag through the first tag positioning confidence coefficient and the second tag positioning confidence coefficient; and changing the target label position confidence of each current risk behavior big data binary group through the global quantization index and the prior label positioning confidence.
The security threat label pairing index is configured to include the target label position credibility of each risk behavior big data binary group pointing to the same data information security threat label, each risk behavior big data in a plurality of risk behavior big data is sequentially used as current risk behavior big data, the risk behavior big data binary group containing the current risk behavior big data is used as the current risk behavior big data binary group, so that the target label positioning confidence of all the current risk behavior big data binary groups of the current risk behavior big data is determined and is used as the global quantization index of the current risk behavior big data, the prior type label position credibility of each risk behavior big data binary group pointing to the same data information security threat label is sequentially determined through the first label positioning confidence and the second label positioning confidence, and the target label position credibility of each current risk behavior big data binary group is further changed through the global quantization index and the prior type label positioning confidence. Therefore, the matching index of the security threat labels can be optimized by pointing each current risk behavior big data binary group to the prior label fixed position credibility of the same data information security threat label, so that the global processing of the data information security threat labels corresponding to the risk behavior big data can be facilitated, and meanwhile, the accuracy of the matching index of the security threat labels can be improved.
In one illustrative embodiment, performing an AI-based classification recognition operation by performing an optimized user operation behavior expectation description to obtain a classification recognition result includes: identifying the risk behavior big data to be subjected to security threat label positioning and an identified security threat label corresponding to the risk behavior big data for assisting in positioning the security threat label by completing the optimized user operation behavior expectation description, wherein the identified security threat label points to at least one prior security threat label; for each risk behavior big data binary group, determining a security threat tag difference analysis condition and an expected description commonality index of the risk behavior big data binary group, and obtaining a first binding score between the risk behavior big data binary group and the expected description commonality index corresponding to the security threat tag difference analysis condition, wherein the security threat tag difference analysis condition reflects whether identified security threat tags corresponding to the risk behavior big data binary group are consistent or not, and the expected description commonality index reflects the differentiation degree between user operation behavior expectation descriptions of the risk behavior big data binary group; obtaining a second binding score of the risk behavior big data for assisting in positioning the security threat label, with respect to the identified security threat label and the prior security threat label, based on the identified security threat label and the prior security threat label corresponding to the risk behavior big data for assisting in positioning the security threat label; and obtaining a classification recognition result through the first binding score and the second binding score.
In this way, through the optimized user operation behavior expectation description, the risk behavior big data to be subjected to security threat label positioning and the identified security threat labels corresponding to the risk behavior big data for assisting in positioning the security threat labels are identified, the identified security threat labels point to at least one prior type security threat label, so that for each risk behavior big data binary group, the security threat label difference analysis condition and the expectation description common index of the risk behavior big data binary group are determined, a first binding score between the risk behavior big data binary group corresponding to the security threat label difference analysis condition and the expectation description common index is obtained, the security threat label difference analysis condition reflects whether the identified security threat labels corresponding to the risk behavior big data binary group are consistent, the expectation description common index reflects the difference degree between the user operation behavior expectation descriptions of the risk behavior big data binary group, the identified security threat labels and the prior type security threat labels corresponding to the risk behavior big data for assisting in positioning the security threat labels are obtained, a second binding score and a second binding score are obtained based on the identified security threat labels corresponding to the risk behavior big data for assisting in positioning the security threat labels, and the second binding score is obtained. Thus, by determining the first binding score of the big data binary group of the risk behaviors corresponding to the difference analysis condition of the security threat tags and the differentiation degree, the accuracy of the analysis of the data information security threat tags can be reflected from the level of any big data binary group of the risk behaviors on the premise of the difference analysis condition of the security threat tags which are identified and the binding score between the common description indexes, and by determining that the big data of the risk behaviors used for assisting in positioning the security threat tags correspond to the second binding score of the identified security threat tags and the prior security threat tags, the accuracy of the analysis of the data information security threat tags can be reflected from the level of the big data of the individual risk behaviors on the premise of the binding score between the identified security threat tags and the prior security threat tags, and meanwhile, by determining the classification recognition result through the two levels of the big data of the two risk behaviors and the big data of the individual risk behaviors, the accuracy of the identification result recognition of the classification can be improved.
In one illustrative embodiment, on the basis that the security threat tag difference analysis condition is that the identified security threat tags are consistent, a first set relationship is expected to exist between the description commonality index and the first binding score, on the basis that the security threat tag difference analysis condition is that the identified security threat tags are inconsistent, a second set relationship is expected to exist between the description commonality index and the first binding score, and the second binding score under the condition that the identified security threat tags are consistent with the prior security threat tags is higher than the second binding score under the condition that the identified security threat tags are inconsistent with the prior security threat tags.
The design is that, on the basis that the security threat tag difference analysis condition is consistent with the identified security threat tag, the expected description commonality index is configured to have a first set relationship with the first binding score, on the basis that the security threat tag difference analysis condition is inconsistent with the identified security threat tag, the expected description commonality index is configured to have a second set relationship with the first binding score, so that when the security threat tag difference analysis condition is consistent with the identified security threat tag, the expected description commonality index is higher, the first binding score of the comparison result with the security threat tag is higher, the expected description commonality index is more similar to the security threat tag difference analysis condition, and when the security threat tag difference analysis condition is inconsistent with the identified security threat tag, the expected description commonality index is higher, the first binding score of the security threat tag difference analysis condition is lower, that the expected description commonality index is not similar to the security tag difference analysis condition, which can facilitate obtaining quantitative data threat information between two pieces of security threat behavior big data in a subsequent classification identification process, thereby facilitating improving the obtained security threat behavior identification process that the expected common threat behavior index is consistent with the security threat behavior data of the identified security threat behavior big data, and the security threat behavior data are beneficial for improving the obtained in a subsequent classification process.
In an exemplary embodiment, identifying an identified security threat tag corresponding to the risky behavior big data by performing an optimized user operation behavior expectation description comprises: and identifying the identified security threat label corresponding to the risk behavior big data by completing the optimized user operation behavior expectation description based on a naive Bayesian classification model.
By the design, based on the naive Bayesian classification model, through the optimized user operation behavior expectation description, the risk behavior big data to be subjected to the security threat tag positioning and the identified security threat tag corresponding to the risk behavior big data for assisting in the security threat tag positioning are identified, and the identification accuracy and the work efficiency can be improved.
In an exemplary embodiment, the obtaining the classification recognition result through the first binding score and the second binding score includes: and obtaining a classification recognition result through the first binding score and the second binding score based on a directed transfer algorithm.
By the design, based on the directed transfer algorithm, the classification recognition result is obtained through the first binding score and the second binding score, and the accuracy of the classification recognition result can be effectively improved.
In one illustrative embodiment, specifying requirements includes: the accumulated value at which the AI-based classification recognition operation is performed is smaller than the set determination value.
Designed in this way, the specified requirements are configured as follows: the accumulated value of the AI-based classification identification operation is smaller than the set judgment value, so that the method can help to comprehensively acquire the security threat tag relationship between big risk behavior data by continuously and repeatedly processing the accumulated value of the set judgment value in the identification process of the data information security threat tag, and can help to ensure the positioning accuracy and reliability of the data information security threat tag.
In one illustrative embodiment, the implementation of optimizing the user operational behavior expectation description for a number of large data of risk behaviors through a security threat tag pairing index is implemented through a visual AI machine learning model.
By means of the design, the step of optimizing the user operation behavior expectation description through the security threat tag pairing index is implemented through the visual AI machine learning model, and timeliness of optimization of the user operation behavior expectation description can be improved.
In one illustrative embodiment, optimizing a user operational behavior expectation description for a number of large risk behavior data sets by a security threat tag pairing index comprises: obtaining the operation behavior expectation description of the neighbor user and the operation behavior expectation description of the non-neighbor user according to the security threat tag pairing index and the user operation behavior expectation description; and performing expectation description optimization through the neighbor user operation behavior expectation description and the non-neighbor user operation behavior expectation description to obtain the optimized user operation behavior expectation description.
By means of the design, the neighbor user operation behavior expectation description and the non-neighbor user operation behavior expectation description are obtained through the security threat tag pairing index and the user operation behavior expectation description, and meanwhile, the expectation description optimization is carried out through two layers of the neighbor user operation behavior expectation description and the non-neighbor user operation behavior expectation description, the optimized user operation behavior expectation description is obtained, and the accuracy of optimization of the user operation behavior expectation description can be improved.
In one illustrative embodiment, the method for identifying risk behaviors for big data information security further comprises: determining the original security threat tag pairing index of the risk behavior big data binary group as a first quantitative constraint on the basis that the risk behavior big data binary group points to the same data information security threat tag; determining the original security threat tag pairing index of the risk behavior big data binary group as a second quantitative constraint on the basis that the risk behavior big data binary group points to different data information security threat tags; and determining the original security threat tag pairing index of the risk behavior big data binary group as a set quantization result between a second quantization constraint and a first quantization constraint on the basis that at least one risk behavior big data binary group is the risk behavior big data to be subjected to security threat tag positioning.
According to the design, on the basis that the risk behavior big data binary group points to the same data information security threat label, the original security threat label pairing index of the risk behavior big data binary group is determined as a first quantification constraint, on the basis that the risk behavior big data binary group points to different data information security threat labels, the original security threat label pairing index of the risk behavior big data binary group is determined as a second quantification constraint, and on the basis that at least one risk behavior big data binary group is risk behavior big data to be subjected to security threat label positioning, the original security threat label pairing index of the risk behavior big data binary group is determined as a set quantification result between the second quantification constraint and the first quantification constraint, so that the consistent quantification evaluation of the data information security threat labels of the risk behavior big data binary group can be reflected through the first quantification constraint, the second quantification constraint and the set quantification result, the subsequent operation can be facilitated, and the flexibility and the accuracy of the security threat label pairing index can be further guaranteed.
A second aspect is a risk-behavior recognition system, comprising a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; wherein the computer instructions, when executed by the processor, cause the risk behaviour recognition system to perform the method of the first aspect.
Drawings
Fig. 1 is a schematic flowchart of a risk behavior identification method for big data information security according to an embodiment of the present invention.
Fig. 2 is a block diagram of a risk behavior identification apparatus for big data information security according to an embodiment of the present invention.
Detailed Description
In the following, the terms "first", "second" and "third", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," or "third," etc., may explicitly or implicitly include one or more of that feature.
Fig. 1 is a schematic flowchart illustrating a method for identifying a risk behavior for big data information security according to an embodiment of the present invention, where the method for identifying a risk behavior for big data information security may be implemented by a risk behavior identification system, and the risk behavior identification system may include a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; wherein the computer instructions, when executed by the processor, cause the risk behavior identification system to perform the aspects described in the following steps.
And 11, determining user operation behavior expectation descriptions of a plurality of risk behavior big data and a security threat tag pairing index not lower than one risk behavior big data binary group.
In the embodiment of the invention, the plurality of risk behavior big data comprise risk behavior big data to be subjected to security threat tag positioning and risk behavior big data used for assisting in the security threat tag positioning. In specific implementation, the risk behavior big data to be subjected to the security threat tag positioning is risk behavior big data which is not determined by the data information security threat tag, and the risk behavior big data used for assisting the security threat tag positioning is risk behavior big data which is determined by the data information security threat tag. Such as: the risk behavior big data for assisting in security threat tag localization may include: the data information security threat tag is risk behavior big data of an information tampering event, the data information security threat tag is risk behavior big data of an information leakage event, the risk behavior big data to be subjected to security threat tag positioning covers a potential analysis item, but the data information security threat tag is not specifically directed to the information tampering event or the information leakage event.
For example, in order to improve the quality of mining the user operation behavior expectation description, a risk behavior big data identification thread may be debugged in advance, and the risk behavior big data identification thread includes a data mining unit, which is used to mine the risk behavior big data to be subjected to security threat tag positioning and the user operation behavior expectation description of the risk behavior big data used to assist in performing the security threat tag positioning.
For example, after the risk behavior big data to be subjected to security threat tag positioning and the risk behavior big data for assisting in performing security threat tag positioning are processed by the data mining unit, a user operation behavior expectation description of a set level (e.g., x levels/x dimensions) can be obtained. In particular implementation, the user operation behavior expectation description can be represented by a characteristic diagram.
In the embodiment of the invention, every two risk behavior big data in the plurality of risk behavior big data are used as a risk behavior big data binary group (which can be understood as a risk behavior big data pair). Such as: the plurality of risk behavior big data comprise risk behavior big data auxiliary _ big _ data1 used for assisting in positioning the security threat tag, risk behavior big data auxiliary _ big _ data2 used for assisting in positioning the security threat tag, and risk behavior big data target _ big _ data1 to be positioned by the security threat tag, and then the risk behavior big data binary group may include: the method comprises the steps of risk behavior big data auxiliary _ big _ data1 for assisting in positioning the security threat tag, risk behavior big data target _ big _ data1 to be positioned by the security threat tag, risk behavior big data auxiliary _ big _ data2 for assisting in positioning the security threat tag, risk behavior big data target _ big _ data1 to be positioned by the security threat tag, risk behavior big data auxiliary _ big _ data1 for assisting in positioning the security threat tag, and risk behavior big data target _ big _ data1 to be positioned by the security threat tag.
For example, an exemplary security threat tag pairing index in which a big data tuple of risk behaviors points to quantitative evaluation of security threat tags in the same data information may include: and pointing the risk behavior big data binary group to the position credibility of the target label of the same data information security threat label. Such as: when the position reliability of the target label is 0.45, it can be determined that the quantitative evaluation that the big data binary group of the risk behavior points to the same data information security threat label is high; or when the position reliability of the target label is 0.05, determining that the quantitative evaluation that the big data binary group of the risk behavior points to the same data information security threat label is low; or when the position reliability of the target tag is 0.25, it can be determined that the quantitative evaluation of the big data binary group of the risk behaviors, which points to the same data information security threat tag, is the same as the quantitative evaluation of the big data binary group of the risk behaviors, which points to different data information security threat tags.
For example, when the steps in the embodiments of the present invention are initially implemented, the security threat tag pairing index pointing to the same data information security threat tag may be normalized by a big data tuple of risk behaviors. In specific implementation, on the basis that the big risk data binary group points to the same data information security threat tag, the original security threat tag pairing index of the big risk data binary group may be determined as a first quantitative constraint, for example: when the security threat tag pairing index is reflected by the target tag localization confidence, a first quantization constraint may be configured to be 1; in addition, on the basis that the big risk data binary group points to different data information security threat tags, the original security threat tag pairing index of the big risk data binary group is determined as a second quantitative constraint, such as: when the security threat tag pairing index is represented by the target tag localization confidence, a second quantization constraint may be configured to be 0; in addition, because the big risk behavior data to be subjected to the security threat tag positioning is the big risk behavior data to be identified, when at least one big risk behavior data in the big risk behavior data binary group is the big risk behavior data to be subjected to the security threat tag positioning, the big risk behavior data binary group is difficult to accurately position the security threat tag pairing index pointing to the same data information security threat tag, and in order to improve the anti-interference performance of the original security threat tag pairing index, the security threat tag pairing index can be determined as a set quantization result between the second quantization constraint and the first quantization constraint, such as: when the target tag localization confidence level represents the security threat tag pairing index, the set quantification result may be configured to be 0.25, or may be configured to be 0.2, 0.3, or 0.35 based on the actual situation, which is not limited herein.
For example, in combination with the above, U data information security threat tags may share big risk behavior data for assisting in positioning the security threat tags, and each data information security threat tag corresponds to X groups of big risk behavior data for assisting in positioning the security threat tags, where U is an integer not less than 1 and X is an integer not less than 1, and the embodiment of the method for identifying risk behavior for big data information security in the present invention may be used in an application environment where big risk behavior data for assisting in positioning the security threat tags are relatively important, where the application environment includes: differential positioning of big data of payment risk behaviors, differential positioning of big data of online office risk behaviors, and the like.
And 12, optimizing the user operation behavior expectation description of a plurality of risk behavior big data through the security threat label pairing index.
For example, in order to improve the efficiency of optimizing the expected description of the user operation behavior, a risk behavior big data identification thread may be debugged, and the risk behavior big data identification thread further includes a visual AI machine learning model (LSTM), and the actual debugging process may refer to relevant steps in the debugging method embodiment of the risk behavior big data identification thread disclosed in the present invention, which are not described herein too much.
For example, in order to improve the accuracy of the description of the operation behavior expectation of the user, the description of the operation behavior expectation of the neighbor user and the description of the operation behavior expectation of the non-neighbor user may be obtained through a security threat tag pairing index and the description of the operation behavior expectation of the user, where the description of the operation behavior expectation of the neighbor user is obtained by classifying the description of the operation behavior expectation of the user into the description of the operation behavior expectation of the neighbor user through the security threat tag pairing index, and the description of the operation behavior expectation of the non-neighbor user is obtained by classifying the description of the operation behavior expectation of the user into the description of the operation behavior expectation of the non-neighbor user through the security threat tag pairing index. After the neighbor user operation behavior expectation description and the non-neighbor user operation behavior expectation description are obtained, the expectation description optimization can be carried out through the neighbor user operation behavior expectation description and the non-neighbor user operation behavior expectation description, and the optimized user operation behavior expectation description is obtained. In specific implementation, the neighbor user operation behavior expectation description and the non-neighbor user operation behavior expectation description may be combined to obtain a combined user operation behavior expectation description, and the combined user operation behavior expectation description is adjusted by a correlation algorithm (nonlinear conversion) to obtain an optimized user operation behavior expectation description.
And step 13, obtaining the security threat tag positioning condition of the risk behavior big data to be subjected to security threat tag positioning by completing the optimized user operation behavior expectation description.
In the embodiment of the application, the positioning condition of the security threat tag may be intended to reflect a data information security threat tag corresponding to risk behavior big data to be subjected to security threat tag positioning.
For example, after obtaining the optimized user operation behavior expectation description, an AI-based classification recognition operation may be performed on the optimized user operation behavior expectation description to obtain a classification recognition result, and the classification recognition result includes that the risk behavior big data to be subjected to security threat tag positioning points to a first tag location confidence (which may be understood as a probability) of at least one prior type security threat tag, so that a security threat tag positioning situation may be obtained based on the first tag location confidence. In specific implementation, the prior security threat tag (reference category) may be understood as a data information security threat tag corresponding to risk behavior big data for assisting in locating the security threat tag. Such as: the plurality of risk behavior big data comprise risk behavior big data auxiliarybig _ data1 for assisting in positioning the security threat tag, risk behavior big data auxiliarybig _ data2 for assisting in positioning the security threat tag, and risk behavior big data target _ big _ data1 to be positioned on the security threat tag, the data information security threat tag corresponding to the risk behavior big data auxiliarybig _ data1 for assisting in positioning the security threat tag is an "information leakage event", the data information security threat tag corresponding to the risk behavior big data auxiliarybig _ data2 for assisting in positioning the security threat tag is an "information tampering event", and then no less than one prior security threat tag comprises: "information leak event", "information tamper event"; or the plurality of risk behavior big data comprise risk behavior big data auxiliary _ big _ data11 used for assisting in positioning the security threat tag, risk behavior big data auxiliary _ big _ data12 used for assisting in positioning the security threat tag, risk behavior big data auxiliary _ big _ data13 used for assisting in positioning the security threat tag, risk behavior big data auxiliary _ big _ data14 used for assisting in positioning the security threat tag, and risk behavior big data target _ big _ data1 to be positioned by the security threat tag, the data information security threat tag corresponding to the risk behavior big data auxiliary _ big _ data11 for assisting in positioning the security threat tag is "illegal crawling of private information", the data information security threat tag corresponding to the risk behavior big data auxiliary _ big _ data12 for assisting in positioning the security threat tag is "stealing of digital assets", the data information security threat tag corresponding to the risk behavior big data auxiliary _ big _ data13 for assisting in positioning the security threat tag is "DDOS attack", the data information security threat tag corresponding to the risk behavior big data auxiliary _ big _ data14 for assisting in positioning the security threat tag is "cybercardon attack", and if not less than one prior type security threat tag includes: the method comprises the following steps of illegal crawling of private information, stealing of digital assets, DDOS attack and network mortgage attack. Other applications may be implemented according to similar concepts, and embodiments of the invention are not described herein in greater detail.
For example, in order to improve the identification efficiency, a risk behavior big data identification thread may be debugged in advance, and the risk behavior big data identification thread includes a naive bayes classification model, and the actual debugging process may refer to the related description in the embodiment of the debugging method for a risk behavior big data identification thread of the present invention, which is not described herein more. On the basis, based on a naive Bayesian classification model, through the optimized user operation behavior expectation description, the risk behavior big data to be subjected to security threat label positioning is identified and obtained to point at the first label positioning confidence coefficient of at least one prior security threat label.
For example, the above classification recognition result including the first tag localization confidence may be directly used as the security threat tag localization condition of the risk behavior big data to be security threat tag localization. Such as: in practical application, the risk behavior big data to be subjected to security threat label positioning can be respectively directed to the first label position credibility of a real-time information leakage event, a delay information tampering event, a real-time information leakage event and a delay information leakage event to serve as the security threat label positioning condition of the risk behavior big data to be subjected to security threat label positioning; other applications may be implemented according to similar concepts, and embodiments of the invention are not described herein in greater detail.
For example, the data information security threat tag of the risk behavior big data to be subjected to security threat tag positioning may be determined based on the first tag positioning confidence that the risk behavior big data to be subjected to security threat tag positioning points to at least one prior type security threat tag, and the determined data information security threat tag may be used as the security threat tag positioning condition of the risk behavior big data to be subjected to security threat tag positioning. In specific implementation, the prior security threat tag corresponding to the highest first tag positioning confidence coefficient may be used as a data information security threat tag of risk behavior big data to be subjected to security threat tag positioning. Such as: in practical application, the first tag positioning confidence coefficients of the identified and obtained risk behavior big data to be subjected to security threat tag positioning respectively pointing to the real-time information leakage event, the delayed information tampering event, the real-time information leakage event and the delayed information leakage event are as follows: 0.05, 0.35, 0.05, then the "delayed information tampering event" can be used as the data information security threat tag of the risk behavior big data to be subjected to security threat tag positioning; other applications may be implemented according to similar concepts, and embodiments of the invention are not described herein in greater detail.
For example, if the AI-based classification and identification operations are performed according to the optimized user operation behavior expectation descriptions, the classification and identification results may be obtained, and the classification and identification results include the confidence level that the risky behavior big data to be subjected to the security threat tag positioning points to the first tag positioning confidence level of at least one prior security threat tag and the confidence level that the risky behavior big data used for assisting the security threat tag positioning points to the second tag positioning confidence level of at least one prior security threat tag, on the basis that the accumulated value of the AI-based classification and identification operations meets the specification requirement, the security threat tag pairing indexes of a plurality of risky behavior big data may be optimized according to the classification and identification results, and the above step 12 and the subsequent operations may be performed again, the user operation behavior expectation descriptions may be optimized according to the security threat tag pairing indexes, and the AI-based classification and identification operations may be performed according to the optimized user operation behavior expectation descriptions until the accumulated value of the AI-based classification and identification operations does not meet the specification requirement. By the design, on the basis that the accumulated value of AI-based classification identification operation meets the specified requirement, the pairing index of the security threat tags representing the binary group of the risk behavior big data is optimized by pointing the risk behavior big data to be subjected to security threat tag positioning to the first tag positioning confidence of at least one prior security threat tag and pointing the risk behavior big data for assisting in positioning the security threat tag to the second tag positioning confidence of at least one prior security threat tag, so that the interference resistance of the differentiation degree of the security threat tags is improved, and meanwhile, the expected description of the user operation behavior is optimized by continuously completing the optimized differentiation degree of the security threat tags, so that the interference resistance of the expected description of the user operation behavior is improved, the differentiation degree of the security threat tags and the expected description of the user operation behavior can be in a complementary relationship, and the accuracy and the confidence of the positioning of the data information security threat tags can be further improved. By way of example, specifying requirements may exemplarily encompass: the accumulated value for performing the AI-based classification recognition operation is smaller than the set determination value. The determination value is set to at least 1.
For example, on the basis that the accumulated value for performing the AI-based classification recognition operation does not meet the specified requirement, the security threat tag localization condition of the risk behavior big data to be subjected to the security threat tag localization may be obtained based on the first tag localization confidence. Exemplary reference may be made to the above records and not described herein in any greater extent. In addition, the specific process of optimizing the security threat tag pairing index through the classification recognition result can be referred to the contents described in the following embodiments, which are not described herein too much.
According to the design, the user operation behavior expectation description of a plurality of risk behavior big data and the security threat tag matching index of a risk behavior big data binary group not less than one risk behavior big data are included, the risk behavior big data used for assisting in positioning the security threat tag and the risk behavior big data to be positioned by the security threat tag are included in the plurality of risk behavior big data, every two risk behavior big data in the plurality of risk behavior big data are used as one risk behavior big data binary group, the security threat tag matching index reflects quantitative evaluation that the risk behavior big data binary group points to the same data information security threat tag, the user operation behavior expectation description is optimized through the security threat tag matching index, and therefore the security threat tag positioning condition of the risk behavior big data to be positioned by the optimized user operation behavior expectation description is obtained. Therefore, by optimizing the user operation behavior expectation description through the security threat tag pairing index, the user operation behavior expectation description corresponding to the risk behavior big data of the same data information security threat tag can be in a state with small feature discrimination, and the user operation behavior expectation description corresponding to the risk behavior big data of the data information security threat tag with differences can be ensured to be in a state with large feature discrimination as much as possible, so that the anti-interference performance of the user operation behavior expectation description can be favorably ensured, the integral positioning description of the user operation behavior expectation description can be favorably acquired, and the positioning accuracy and the positioning reliability of the data information security threat tag can be favorably ensured.
For another possible implementation example, the method for identifying risk behaviors for big data information security of the present invention may further include the following steps:
and step 21, determining user operation behavior expectation descriptions of a plurality of risk behavior big data and a security threat tag pairing index not lower than one risk behavior big data binary group.
In the embodiment of the invention, the plurality of risk behavior big data comprise risk behavior big data for assisting in positioning the security threat tag and risk behavior big data to be positioned by the security threat tag, every two risk behavior big data in the plurality of risk behavior big data are used as a risk behavior big data binary group, and the security threat tag pairing index represents quantitative evaluation that the risk behavior big data binary group points to the same data information security threat tag. For example, reference may be made to the above description without undue experimentation.
Step 22: and optimizing the user operation behavior expectation description of a plurality of risk behavior big data through the security threat tag pairing index. For example, reference may be made to the above description without undue experimentation.
And step 23, performing AI-based classification and identification operation through the optimized user operation behavior expectation description to obtain a classification and identification result.
In the embodiment of the invention, the classification and identification result comprises a first tag positioning confidence degree that the risk behavior big data to be subjected to security threat tag positioning points to at least one prior security threat tag and a second tag positioning confidence degree that the risk behavior big data used for assisting in the security threat tag positioning points to at least one prior security threat tag. The a priori security threat tag is a data information security threat tag corresponding to risk behavior big data for assisting in positioning the security threat tag, and for example, reference may be made to the contents described in the foregoing embodiments, which are not described herein too much.
In specific implementation, the risk behavior big data to be subjected to security threat label positioning and the identified security threat label corresponding to the risk behavior big data for assisting in performing security threat label positioning can be identified through the optimized user operation behavior expectation description, and the identified security threat label points to at least one prior security threat label. Taking the location of the payment data information security threat tag as an example, at least one prior security threat tag comprises: when the digital asset is stolen, the DDOS attack or the network stuck-in attack is performed, the identified security threat tag is one of the digital asset stealing, the DDOS attack or the network stuck-in attack, and other application situations can be implemented according to similar ideas, and the embodiment of the invention is not described herein too much.
After the identified security threat labels are obtained, for each risk behavior big data binary group, a security threat label difference analysis condition and an expected description common index of the risk behavior big data binary group can be determined, a first binding score between the risk behavior big data binary group and the expected description common index is obtained, the security threat label difference analysis condition reflects whether the identified security threat labels corresponding to the risk behavior big data binary group are consistent, the expected description common index reflects the degree of differentiation between user operation behavior expected descriptions of the risk behavior big data binary group, and a second binding score of the risk behavior big data for assisting in positioning the security threat labels and the identified security threat labels and the prior security threat labels is obtained based on the identified security threat labels and the prior security threat labels corresponding to the risk behavior big data for assisting in positioning the security threat labels, so that a classification identification result can be obtained through the first binding score and the second binding score.
Therefore, by determining the first binding score of the big risk behavior data binary group about the difference analysis condition and the differentiation degree of the security threat tag, the accuracy of the analysis of the data information security threat tag can be reflected from the level of any big risk behavior data binary group on the premise of the difference analysis condition of the security threat tag of the identified security threat tag and the binding score between the expected description common indexes, and by determining the second binding score of the big risk behavior data for assisting in positioning the security threat tag about the identified security threat tag and the prior security threat tag, the accuracy of the analysis of the data information security threat tag can be reflected from the level of the individual big risk behavior data on the premise of the binding score between the identified security threat tag and the prior security threat tag, and meanwhile, the classification recognition result can be obtained through the two levels of the two big risk behavior data and the individual big risk behavior data, and the accuracy of the classification recognition result recognition can be improved.
For example, in order to improve the identification accuracy, an identified security threat tag corresponding to the risk behavior big data may be identified through the optimized user operation behavior expectation description based on a naive bayesian classification model.
For example, on the basis that the security threat tag difference analysis condition is that the identified security threat tags are consistent, a first set relationship is expected to exist between the description commonality index and the first binding score, that is, the larger the description commonality index is, the larger the first binding score is, the more similar the security threat tag difference analysis condition is to the expected description commonality index, and conversely, the smaller the description commonality index is, the smaller the first binding score is, the less similar the security threat tag difference analysis condition is to the expected description commonality index; on the basis that the security threat tag difference analysis condition is that the identified security threat tags are inconsistent, a second set relationship is expected to exist between the description commonality index and the first binding score, namely the larger the description commonality index is, the smaller the first binding score is, the security threat tag difference analysis condition is not similar to the expected description commonality index, and conversely, the smaller the description commonality index is, the larger the first binding score is, the more similar the security threat tag difference analysis condition is to the expected description commonality index. Therefore, quantitative evaluation of consistency of data information security threat labels between risk behavior big data binary groups can be conveniently obtained in the subsequent identification process of the classification identification result, and the accuracy of classification identification result identification is further improved.
For example, when the identified security threat tag is consistent with the prior security threat tag, a second binding score between risk behavior big data for assisting in positioning the security threat tag is larger than a second binding score between risk behavior big data for assisting in positioning the security threat tag when the identified security threat tag is inconsistent with the prior security threat tag. Due to the design, the accuracy of the expected description of the user operation behaviors of the individual risk behavior big data can be obtained conveniently in the identification process of the subsequent classification identification result, and the improvement of the accuracy of the classification identification result identification is facilitated.
Step 24: it is determined whether the accumulated value for performing the AI-based classification recognition operation meets a predetermined requirement, and if so, step 25 is performed, and if not, step 27 is performed.
In particular implementations, specifying requirements may include: the accumulated value for performing the AI-based classification recognition operation is smaller than the set determination value. The determination value is set to at least 1.
Step 25: and optimizing the security threat tag pairing index according to the classification identification result.
In the embodiment of the present invention, the security threat tag pairing index may exemplarily cover: and each group of risk behavior big data binary group points to the position credibility of the target label of the same data information security threat label.
On the basis, each risk behavior big data in the plurality of risk behavior big data can be sequentially used as the current risk behavior big data, a risk behavior big data binary group containing the current risk behavior big data is used as the current risk behavior big data binary group, and in the 1 st round of classification and identification operation process based on AI, the prior type label positioning confidence coefficient of each group of current risk behavior big data binary group pointing to the same data information security threat label can be sequentially determined through the first label positioning confidence coefficient and the second label positioning confidence coefficient. In addition, a global calculation result of the target label positioning confidence of all current risk behavior big data duplets of the current risk behavior big data can be determined and used as a global quantitative index of the current risk behavior big data. After the prior type label positioning confidence coefficient and the global quantization index are obtained, the target label positioning confidence coefficient of each group of risk behavior big data binary group can be changed through the global quantization index and the prior type label positioning confidence coefficient respectively for each current risk behavior big data binary group. In specific implementation, the target tag position confidence level of the risk behavior big data binary group can be used as a statistical value, global processing (for example, averaging processing based on weight) is performed on the prior type tag position confidence level of the risk behavior big data binary group obtained by the previous round of classification identification operation based on AI through the statistical value, and the target tag position confidence level is optimized through the global processing result and the prior type tag position confidence level, so that the optimized target tag position confidence level is obtained in the 1 st round of classification identification operation based on AI.
Step 26, step 22 is performed again.
After the optimized security threat tag pairing index is obtained, the operations of step 22 and the following steps can be performed again, and the user operation behavior expectation description of a plurality of risk behavior big data is optimized through the optimized security threat tag pairing index.
Therefore, the operation behavior expectation description of the user and the security threat tag pairing index can be in a complementary relation, and the anti-interference performance of each user and the security threat tag pairing index is improved together, so that more comprehensive and accurate overall positioning description can be obtained after multiple rounds of repeated processing, and the positioning accuracy and reliability of the data information security threat tag can be improved.
And 27, obtaining the positioning condition of the security threat tag based on the position reliability of the first tag.
For example, on the basis that the security threat tag positioning condition includes the data information security threat tag of the risk behavior big data to be subjected to security threat tag positioning, the prior security threat tag corresponding to the maximum first tag positioning confidence coefficient may be used as the data information security threat tag of the risk behavior big data to be subjected to security threat tag positioning.
Different from the technical scheme, the classification recognition result is configured to also cover the situation that the risk behavior big data used for assisting in positioning the safety threat label points to the second label positioning confidence coefficient of at least one prior type safety threat label, before the safety threat label positioning condition is obtained based on the first label positioning confidence coefficient, the safety threat label pairing index is optimized through the classification recognition result on the basis that the accumulated value of the AI-based classification recognition operation meets the specified requirement, the user operation behavior expectation description step is optimized through the second label pairing index, and the safety threat label positioning condition is obtained based on the first label positioning confidence coefficient on the basis that the accumulated value of the AI-based classification recognition operation does not meet the specified requirement.
Therefore, on the basis that the accumulated value of the classified identification operation based on the AI meets the specified requirement, the safety threat tag pairing index is optimized by pointing the risk behavior big data to be subjected to the safety threat tag positioning to the first tag positioning confidence coefficient of at least one prior type safety threat tag and pointing the risk behavior big data used for assisting the safety threat tag positioning to the second tag positioning confidence coefficient of at least one prior type safety threat tag, so that the interference resistance of the differentiation degree of the safety threat tag is improved, and meanwhile, the user operation behavior expectation description is optimized by constantly completing the optimized differentiation degree of the safety threat tag, so that the interference resistance of the user operation behavior expectation description is improved, further, the complementary relationship between the differentiation degree of the safety threat tag and the user operation behavior expectation description is presented, and on the basis that the accumulated value of the classified identification operation based on the AI does not meet the specified requirement, the safety tag positioning condition is obtained on the basis of the first tag positioning confidence coefficient, so that the accuracy and the confidence coefficient of the data information safety threat tag positioning can be improved.
For another possible implementation example, in the embodiment of the present invention, the risk behavior big data identification may be implemented by a risk behavior big data identification thread, and the risk behavior big data identification thread includes not less than one (e.g., V) sequentially combined identification units, and each identification unit includes one first identification subunit (e.g., CNN) and one second identification subunit (e.g., resnet), so that the embodiment of the present invention may exemplarily cover the following steps.
And step 31, determining user operation behavior expectation descriptions of a plurality of risk behavior big data and a security threat tag pairing index not lower than one risk behavior big data binary group.
In the embodiment of the invention, the plurality of risk behavior big data comprise risk behavior big data for assisting in positioning the security threat tag and risk behavior big data to be positioned by the security threat tag, every two risk behavior big data in the plurality of risk behavior big data are used as a risk behavior big data binary group, and the security threat tag pairing index represents quantitative evaluation that the risk behavior big data binary group points to the same data information security threat tag. For example, reference may be made to the description of the above embodiments, which are not described herein too much.
And step 32, optimizing user operation behavior expectation descriptions of a plurality of risk behavior big data through the security threat tag pairing index based on the first identification subunit of the Vth identification unit.
And step 33, performing AI-based classification and identification operation on the second identification subunit based on the Vth identification unit according to the optimized user operation behavior expectation description to obtain a classification and identification result.
In the embodiment of the invention, the classification identification result comprises a first tag positioning confidence degree that the risk behavior big data to be subjected to security threat tag positioning points to at least one prior security threat tag and a second tag positioning confidence degree that the risk behavior big data used for assisting in performing security threat tag positioning points to at least one prior security threat tag.
And step 34, judging whether the classification identification operation based on the AI is the last identification unit of the risk behavior big data identification thread, if not, jumping to the step 35, and if so, jumping to the step 37.
In specific implementation, when the risky behavior big data identification thread includes V identification units, it may be determined whether l is lower than V, if so, it indicates that there is a step in which the identification unit does not perform the user operation behavior expectation description optimization and the classification identification result identification, the following step 35 may be continuously performed to continuously optimize the user operation behavior expectation description and identify the classification identification result through the subsequent identification unit, if not, it indicates that all the identification units of the risky behavior big data identification thread have completely performed the steps of the user operation behavior expectation description optimization and the classification identification result identification, and the following step 37 may be performed to obtain a security threat tag positioning condition based on a first tag positioning reliability in the classification identification result.
And step 35, optimizing the security threat tag pairing index through the classification recognition result, and performing self-adding processing.
Step 36, again implementing step 32 and the following operations.
And step 37, obtaining the positioning condition of the security threat label based on the position credibility of the first label. For example, reference may be made to the description of the above embodiments, which are not described herein too much.
Different from the technical scheme, under the condition that the AI-based classification identification operation is carried out and the AI-based classification identification operation is not carried out on the last identification unit, the security threat tag pairing index is optimized through the classification identification result, and the user operation behavior expectation description of a plurality of risk behavior big data is optimized through the security threat tag pairing index carried out again through the next identification unit. Therefore, the anti-interference performance of the differentiation degree of the security threat tag can be improved, and meanwhile, the expected description of the user operation behavior is optimized continuously through the optimized differentiation degree of the security threat tag, so that the anti-interference performance of the expected description of the user operation behavior is improved, the differentiation degree of the security threat tag and the expected description of the user operation behavior can be made to present a complementary relation, and the accuracy and the reliability of the positioning of the data information security threat tag can be further improved.
In some optional embodiments, after obtaining the security threat tag localization case of the risk behavior big data to be security threat tag localized, the method may further include: determining a potential risk description corresponding to the risk behavior big data to be subjected to the security threat label positioning through a data information security threat label corresponding to the risk behavior big data to be subjected to the security threat label positioning; and generating a corresponding big data protection strategy according to the potential risk description.
For example, the potential risk description may be a possible risk condition derived from a data information security threat tag corresponding to risk behavior big data to be subjected to security threat tag positioning, and based on the risk condition, a corresponding big data protection strategy can be formulated in advance through the potential risk description, so that targeted and prospective risk protection processing is realized.
In some optional embodiments, determining, by the data information security threat tag corresponding to the risk behavior big data to be subjected to security threat tag positioning, a potential risk description corresponding to the risk behavior big data to be subjected to security threat tag positioning may include the following: deriving a pending risk description set to be screened based on a data information security threat tag corresponding to the risk behavior big data to be subjected to security threat tag positioning; sequentially carrying out individual intrusion analysis and group intrusion analysis on a plurality of risk description vectors in the undetermined risk description set to obtain an individual intrusion analysis information set and a group intrusion analysis information set; performing first error correction processing on the individual intrusion analysis information set through a first specified error processing instruction to obtain a first risk description subset including individual intrusion behaviors; performing second error correction processing on the group intrusion analysis information set through a second specified error processing instruction to obtain a second risk description subset including group intrusion behaviors; performing weighting operation based on the first risk description subset and the second risk description subset to obtain a target risk description set matched with a specified behavior in the undetermined risk description set; the specified behaviors comprise at least one of individual intrusion behaviors and group intrusion behaviors; and screening the target risk description set from the undetermined risk description set to obtain potential risk description.
For example, the correlation between the target risk description set and each risk description vector in the undetermined risk description set is calculated, and the sum is processed to select the risk description vector with the highest sum as the potential risk description, so that different types of intrusion behaviors can be considered, and the accuracy and the reliability of the potential risk description are guaranteed.
Based on the same inventive concept, fig. 2 shows a block diagram of a risk behavior identification apparatus for big data information security according to an embodiment of the present invention, and the risk behavior identification apparatus for big data information security may include the following modules that implement the relevant method steps shown in fig. 1.
The index determining module 21 is configured to determine user operation behavior expectation descriptions of a plurality of risk behavior big data and a security threat tag pairing index not lower than one risk behavior big data binary.
And the data optimization module 22 is used for optimizing the user operation behavior expectation description of a plurality of risk behavior big data through the security threat tag pairing index.
And the tag positioning module 23 is configured to obtain a security threat tag positioning condition of risk behavior big data to be subjected to security threat tag positioning through the optimized user operation behavior expectation description.
The related embodiment applied to the invention can achieve the following technical effects: by optimizing the user operation behavior expectation description through the security threat tag pairing index, the user operation behavior expectation description corresponding to the risk behavior big data of the same data information security threat tag can be in a state with small feature discrimination, and the user operation behavior expectation description corresponding to the risk behavior big data of the data information security threat tag with difference can be ensured to be in a state with large feature discrimination as much as possible, so that the anti-interference performance of the user operation behavior expectation description can be favorably ensured, meanwhile, the integral positioning description (such as the distribution condition) of the user operation behavior expectation description can be favorably acquired, and the positioning accuracy and the reliability of the data information security threat tag can be favorably ensured.
The foregoing is only illustrative of the present application. Those skilled in the art can conceive of changes or substitutions based on the specific embodiments provided in the present application, and all such changes or substitutions are intended to be included within the scope of the present application.

Claims (10)

1. A risk behavior identification method for big data information security is applied to a risk behavior identification system, and the method at least comprises the following steps:
determining expected descriptions of user operation behaviors of a plurality of risk behavior big data and a security threat label pairing index not lower than one risk behavior big data binary; the plurality of risk behavior big data cover risk behavior big data used for assisting in positioning the security threat tag and risk behavior big data to be positioned by the security threat tag, every two risk behavior big data in the plurality of risk behavior big data are used as one risk behavior big data binary, and the security threat tag pairing index reflects quantitative evaluation that the risk behavior big data binary points to the same data information security threat tag;
optimizing the user operation behavior expectation description of the risk behavior big data through the security threat label pairing index; obtaining the security threat tag positioning condition of the risk behavior big data to be subjected to security threat tag positioning through the optimized user operation behavior expectation description; the positioning condition of the security threat tag aims to reflect the data information security threat tag corresponding to the risk behavior big data to be subjected to security threat tag positioning.
2. The method according to claim 1, wherein the obtaining of the security threat tag localization situation of the risk behavior big data to be security threat tag localized through the optimized user operation behavior expectation description comprises:
performing AI-based classification and identification operation through the optimized user operation behavior expectation description to obtain a classification and identification result, wherein the classification and identification result contains that the risk behavior big data to be subjected to security threat label positioning points to a first label positioning confidence coefficient of at least one prior type security threat label, and the prior type security threat label is a data information security threat label corresponding to the risk behavior big data for assisting in positioning the security threat label;
and combining the first label positioning confidence coefficient to obtain the safety threat label positioning condition.
3. The method of claim 2, wherein the classification recognition result further comprises a second tag localization confidence level that the risk behavior big data for assisting in localization of the security threat tag points to the at least one prior security threat tag;
before said obtaining said security threat tag localization situation in combination with said first tag localization confidence level, said method further comprises: optimizing the security threat tag matching index through the classification recognition result on the basis that the accumulated value of the AI-based classification recognition operation meets the specified requirement, and optimizing the user operation behavior expectation description of the risk behavior big data through the security threat tag matching index again, wherein the specified requirement comprises the following steps: an accumulated value for performing the AI-based classification recognition operation is less than a set determination value; wherein the implementation of optimizing the user operation behavior expectation description of the plurality of risk behavior big data through the security threat tag pairing index is implemented through a visual AI machine learning model;
combining the first tag positioning confidence to obtain the security threat tag positioning condition, including: and obtaining the positioning condition of the security threat tag by combining the first tag positioning confidence coefficient on the basis that the accumulated value for implementing the AI-based classification recognition operation does not meet the specified requirement.
4. The method of claim 3, wherein the security threat tag pairing index comprises: each risk behavior big data binary group points to the position credibility of a target label of the same data information security threat label; optimizing the security threat tag pairing index according to the classification recognition result, comprising:
sequentially taking each risk behavior big data in the risk behavior big data as current risk behavior big data, and taking the risk behavior big data binary group carrying the current risk behavior big data as a current risk behavior big data binary group;
determining a global calculation result of the target label positioning confidence degrees of all the current risk behavior big data binary groups of the current risk behavior big data as a global quantitative index of the current risk behavior big data;
sequentially determining prior type tag positioning confidence coefficients of the big data binary groups of the current risk behaviors pointing to the same data information security threat tag according to the first tag positioning confidence coefficient and the second tag positioning confidence coefficient;
and changing the target label positioning confidence coefficient of each current risk behavior big data binary group respectively through the global quantization index and the prior label positioning confidence coefficient.
5. The method according to claim 4, wherein performing the AI-based classification and identification operation by completing the optimized description of the behavior expectation of the user operation results in a classification and identification result, comprising:
identifying an identified security threat tag corresponding to the risk behavior big data through the optimized user operation behavior expectation description, wherein the identified security threat tag points to at least one prior type security threat tag;
for each risk behavior big data binary group, determining a security threat tag difference analysis condition and an expected description commonality index of the risk behavior big data binary group, and obtaining a first binding score between the risk behavior big data binary group and the expected description commonality index corresponding to the security threat tag difference analysis condition; the safety threat label difference analysis condition reflects whether the identified safety threat labels corresponding to the risk behavior big data binary group are consistent or not, and the expectation description commonality index reflects the differentiation degree between the user operation behavior expectation descriptions of the risk behavior big data binary group;
obtaining a second binding score between the identified security threat tag and the prior security threat tag corresponding to the risk behavior big data for assisting in positioning the security threat tag by combining the identified security threat tag and the prior security threat tag corresponding to the risk behavior big data for assisting in positioning the security threat tag;
obtaining the classification recognition result through the first binding score and the second binding score; wherein obtaining the classification recognition result according to the first binding score and the second binding score includes: and obtaining the classification recognition result through the first binding score and the second binding score based on a directed transfer algorithm.
6. The method of claim 5, wherein the expected description commonality index has a first predetermined relationship with the first binding score based on the security threat tag variance analysis being agreement with the identified security threat tag, wherein the expected description commonality index has a second predetermined relationship with the first binding score based on the security threat tag variance analysis being inconsistency with the identified security threat tag, and wherein the second binding score is higher for the identified security threat tag with the prior security threat tag than for the identified security threat tag with the prior security threat tag.
7. The method of claim 5, wherein identifying the identified security threat tag to which the risky behavior big data corresponds by completing the optimized user operational behavior expectation description comprises: and identifying the identified security threat label corresponding to the risk behavior big data through the optimized user operation behavior expectation description based on a naive Bayesian classification model.
8. The method according to claim 1, wherein optimizing the user operational behavior expectation description of the plurality of risk behavior big data through the security threat tag pairing index comprises:
obtaining a neighbor user operation behavior expectation description and a non-neighbor user operation behavior expectation description through the security threat tag pairing index and the user operation behavior expectation description;
and performing expectation description optimization through the neighbor user operation behavior expectation description and the non-neighbor user operation behavior expectation description to obtain the optimized user operation behavior expectation description.
9. The method of claim 1, further comprising:
determining an original security threat tag pairing index of the big risk behavior data binary group as a first quantitative constraint on the basis that the big risk behavior data binary group points to the same data information security threat tag;
determining the original security threat tag pairing index of the risk behavior big data binary group as a second quantitative constraint on the basis that the risk behavior big data binary group points to different data information security threat tags;
and determining the original security threat tag pairing index of the risk behavior big data binary group as a set quantization result between the second quantization constraint and the first quantization constraint on the basis that at least one risk behavior big data binary group is the risk behavior big data to be subjected to security threat tag positioning.
10. A risk-behavior recognition system, comprising: a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; wherein the computer instructions, when executed by the processor, cause the risk behavior identification system to perform the method of any of claims 1-9.
CN202210026614.1A 2022-01-11 2022-01-11 Risk behavior identification method and system for big data information security Active CN114399190B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202210026614.1A CN114399190B (en) 2022-01-11 2022-01-11 Risk behavior identification method and system for big data information security
CN202211080114.2A CN115456390A (en) 2022-01-11 2022-01-11 Information security processing method and system based on big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210026614.1A CN114399190B (en) 2022-01-11 2022-01-11 Risk behavior identification method and system for big data information security

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202211080114.2A Division CN115456390A (en) 2022-01-11 2022-01-11 Information security processing method and system based on big data

Publications (2)

Publication Number Publication Date
CN114399190A CN114399190A (en) 2022-04-26
CN114399190B true CN114399190B (en) 2022-10-04

Family

ID=81231373

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202210026614.1A Active CN114399190B (en) 2022-01-11 2022-01-11 Risk behavior identification method and system for big data information security
CN202211080114.2A Withdrawn CN115456390A (en) 2022-01-11 2022-01-11 Information security processing method and system based on big data

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202211080114.2A Withdrawn CN115456390A (en) 2022-01-11 2022-01-11 Information security processing method and system based on big data

Country Status (1)

Country Link
CN (2) CN114399190B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116433333B (en) * 2023-04-27 2024-01-30 武汉和悦数字科技有限公司 Digital commodity transaction risk prevention and control method and device based on machine learning

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10282702B2 (en) * 2010-01-04 2019-05-07 Bank Of America Corporation Dynamic employee security risk scoring
US10699139B2 (en) * 2017-03-30 2020-06-30 Hrl Laboratories, Llc System for real-time object detection and recognition using both image and size features
CN108418843B (en) * 2018-06-11 2021-06-18 中国人民解放军战略支援部队信息工程大学 Network attack target identification method and system based on attack graph
CN109829628B (en) * 2019-01-07 2024-07-02 平安科技(深圳)有限公司 Risk early warning method and device based on big data and computer equipment
CN113706177B (en) * 2021-09-02 2022-04-29 广东奥飞数据科技股份有限公司 Threat identification method based on big data security and data security server

Also Published As

Publication number Publication date
CN115456390A (en) 2022-12-09
CN114399190A (en) 2022-04-26

Similar Documents

Publication Publication Date Title
CN108718310B (en) Deep learning-based multilevel attack feature extraction and malicious behavior identification method
CN109816397B (en) Fraud discrimination method, device and storage medium
CN113706177B (en) Threat identification method based on big data security and data security server
CN112837069A (en) Block chain and big data based secure payment method and cloud platform system
CN111506710B (en) Information sending method and device based on rumor prediction model and computer equipment
CN116305168B (en) Multi-dimensional information security risk assessment method, system and storage medium
CN112115468B (en) Service information detection method based on big data and cloud computing center
CN114553658B (en) Resource sharing security processing method based on cloud computing and server
CN113468520A (en) Data intrusion detection method applied to block chain service and big data server
CN114399190B (en) Risk behavior identification method and system for big data information security
CN115174231A (en) AI-Knowledge-Base-based network fraud analysis method and server
CN113435900A (en) Transaction risk determination method and device and server
CN113722719A (en) Information generation method and artificial intelligence system for security interception big data analysis
CN114417405B (en) Privacy service data analysis method based on artificial intelligence and server
CN115065545A (en) Big data threat perception-based security protection construction method and AI (Artificial Intelligence) protection system
He et al. Tokenaware: Accurate and efficient bookkeeping recognition for token smart contracts
CN113312258B (en) Interface testing method, device, equipment and storage medium
CN114297735A (en) Data processing method and related device
CN110808947B (en) Automatic vulnerability quantitative evaluation method and system
CN115809466B (en) Security requirement generation method and device based on STRIDE model, electronic equipment and medium
CN116739605A (en) Transaction data detection method, device, equipment and storage medium
CN115168509A (en) Processing method and device of wind control data, storage medium and computer equipment
CN113469816A (en) Digital currency identification method, system and storage medium based on multigroup technology
Zhang et al. An automatic approach for scoring vulnerabilities in risk assessment
CN117291615B (en) Visual contrast analysis method and device for overcoming anti-fraud based on network payment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220518

Address after: 250000 room b318, Haiyou commercial building, No. 9, Dongguan Street, Lixia District, Jinan City, Shandong Province

Applicant after: Jinan Renchang Trading Co.,Ltd.

Address before: 124000 Internet venture building tl-419, west of Liaohe South Road and south of Industrial Street, Xinglongtai District, Panjin City, Liaoning Province

Applicant before: Liaoning Longyu Network Technology Co.,Ltd.

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220808

Address after: 655000 Room 302, unit 2, North building, No. 168, Nanning North Road, Qilin District, Qujing City, Yunnan Province

Applicant after: Zhang Chunyan

Address before: 250000 room b318, Haiyou commercial building, No. 9, Dongguan Street, Lixia District, Jinan City, Shandong Province

Applicant before: Jinan Renchang Trading Co.,Ltd.

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220919

Address after: Room 2306-03, 23rd Floor, New World Business Center, No. 6009, Yitian Road, Fuxin Community, Lianhua Street, Futian District, Shenzhen, Guangdong 518000

Applicant after: Shenzhen Dingbang Information Technology Co.,Ltd.

Address before: 655000 Room 302, unit 2, North building, No. 168, Nanning North Road, Qilin District, Qujing City, Yunnan Province

Applicant before: Zhang Chunyan

GR01 Patent grant
GR01 Patent grant