CN114422225A - Cloud game big data analysis method and system based on network information security - Google Patents

Cloud game big data analysis method and system based on network information security Download PDF

Info

Publication number
CN114422225A
CN114422225A CN202210035293.1A CN202210035293A CN114422225A CN 114422225 A CN114422225 A CN 114422225A CN 202210035293 A CN202210035293 A CN 202210035293A CN 114422225 A CN114422225 A CN 114422225A
Authority
CN
China
Prior art keywords
game
distribution list
big data
description content
cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210035293.1A
Other languages
Chinese (zh)
Other versions
CN114422225B (en
Inventor
刘芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Love Tomato Technology Co ltd
Original Assignee
Baoqing Tengkang Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baoqing Tengkang Network Technology Co ltd filed Critical Baoqing Tengkang Network Technology Co ltd
Priority to CN202210035293.1A priority Critical patent/CN114422225B/en
Publication of CN114422225A publication Critical patent/CN114422225A/en
Application granted granted Critical
Publication of CN114422225B publication Critical patent/CN114422225B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F13/00Video games, i.e. games using an electronically generated display having two or more dimensions
    • A63F13/30Interconnection arrangements between game servers and game devices; Interconnection arrangements between game devices; Interconnection arrangements between game servers
    • A63F13/33Interconnection arrangements between game servers and game devices; Interconnection arrangements between game devices; Interconnection arrangements between game servers using wide area network [WAN] connections
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F13/00Video games, i.e. games using an electronically generated display having two or more dimensions
    • A63F13/70Game security or game management aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application relates to the technical field of cloud games, in particular to a cloud game big data analysis method and system based on network information security, which can more deeply and abundantly mine and identify network security risk information in cloud game big data, and further guarantee the integrity and richness of an established information security knowledge base. In addition, the information security knowledge base is a graphical knowledge map, so that the method is high in usability and suitable for network information security analysis in different game scenes, and the information security knowledge base can be derived by taking one information security knowledge base as a reference so as to improve prejudgment on unknown network security risks.

Description

Cloud game big data analysis method and system based on network information security
Technical Field
The embodiment of the application relates to the technical field of cloud games, in particular to a cloud game big data analysis method and system based on network information security.
Background
The network information security refers to protecting software, hardware and information resources in a network system, avoiding accidental or malicious damage, tampering and leakage, and ensuring normal operation of the network system and uninterrupted network service. From the perspective of users, network information security mainly guarantees confidentiality, integrity and non-repudiation of personal data or enterprise information in a network, prevents leakage and damage of the information, and prevents unauthorized access of information resources. The network manager understands that the main task of network information security is to ensure that a legal user normally uses network resources, avoid security threats such as viruses, denial of service, remote control and unauthorized access, discover security vulnerabilities in time, and prevent attacks.
With the continuous optimization of networks, the application fields are also increasing, such as: network payment, online education, network gaming (cloud gaming), and the like. The cloud game will be described as an example. The cloud game is a cloud computing product, and is different from the cloud game in that the cloud game is the actual application that the cloud game is easiest to fall on the ground quickly, is mostly established at a PC (personal computer) end, and can realize quick picture transmission by utilizing wired optical fibers. With the continuous development of cloud games, the problem of network security in the cloud game process cannot be ignored. Through long-term research of the inventor, complete and rich analysis basis is necessary for realizing network security problem processing of the cloud game with high quality, but the related technology is difficult to meet the requirement.
Disclosure of Invention
In view of this, the embodiment of the present application provides a cloud game big data analysis method and system based on network information security.
The embodiment of the application provides a cloud game big data analysis method based on network information security, which comprises the following steps:
determining game interaction warning item expression of cloud game big data by utilizing game interaction warning item identification processing; determining first transfer description content and second transfer description content between a first game interaction warning item and a second game interaction warning item in the cloud game big data by using transfer description recognition processing; wherein the local content set of the first delivery description encompasses the second delivery description;
establishing the information security knowledge base through the game interaction warning item pointed by the game interaction warning item expression, the first constraint condition pointed by the first transfer description content and the second constraint condition pointed by the second transfer description content; wherein one or more than one of the game interaction warning items with the transfer description contents are matched with the game interaction warning item pointed by the game interaction warning item expression.
For an independently designable solution, the determining a game interaction alert item representation of cloud game big data by using game interaction alert item identification processing includes:
determining an initial game interaction warning item expression of the cloud game big data;
adjusting the initial game interaction alert item expression to an array-type game interaction alert item expression;
and determining the array type game interaction warning item expression as the game interaction warning item expression of the cloud game big data.
For an independently designable solution, the determining, by using a delivery description recognition process, a first delivery description and a second delivery description between a first game interaction alert item and a second game interaction alert item in the cloud game big data includes:
determining an initial delivery description of the cloud game big data;
determining a first delivery description content distribution list and a second delivery description content distribution list according to the initial delivery description content;
obtaining the first transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression and the first transfer description content distribution list of the cloud game big data;
and obtaining the second transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression and the second transfer description content distribution list of the cloud game big data.
For an independently designable solution, the method further comprises: updating the second delivery description content distribution list or updating the first delivery description content distribution list and the second delivery description content distribution list according to the first delivery description content distribution list and the second delivery description content distribution list;
on the basis of updating the second delivery description content distribution list, the obtaining the second delivery description content between the first game interaction alert item and the second game interaction alert item in the cloud game big data according to the game interaction alert item expression of the cloud game big data and the second delivery description content distribution list includes: obtaining the second transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the third transfer description distribution list obtained after the array type game interaction warning item expression and the second transfer description content distribution list are updated;
on the basis of updating the first delivery description content distribution list, the obtaining the first delivery description content between the first game interaction alert item and the second game interaction alert item in the cloud game big data according to the game interaction alert item expression of the cloud game big data and the first delivery description content distribution list includes: and obtaining the first transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression of the cloud game big data and a fourth transfer description content distribution list obtained after the first transfer description content distribution list is updated.
For an independently designable solution, the updating the second delivery description content distribution list according to the first delivery description content distribution list and the second delivery description content distribution list includes:
enabling a moving average operation, a scalar simplification operation and a ReLU algorithm loading operation one by one for the first transfer description content distribution list to determine a first distribution list, and enabling a moving average operation, a scalar simplification operation and a ReLU algorithm loading operation one by one for the second transfer description content distribution list to determine a second distribution list;
determining a first association degree distribution list at the descriptive content state level of the transfer descriptive content and a second association degree distribution list at the example level of the transfer descriptive content according to the first distribution list and the second distribution list;
loading the first distribution list and the first association degree distribution list to a first AI (artificial intelligence) model, and determining a first model processing result of the first AI model;
loading the first model processing result and the second association degree distribution list to a second AI artificial intelligence model, and determining a second model processing result of the second AI artificial intelligence model;
and after the second model processing result and the second transfer description content distribution list are fused, obtaining a third transfer description content distribution list after the second transfer description content distribution list is updated.
For an independently designable solution, after determining the first transfer description and the second transfer description between the first game interaction alert item and the second game interaction alert item in the cloud game big data, the method further includes:
determining, in a target constraint record repository, the first constraint pointed to by the first delivery description and the second constraint pointed to by the second delivery description.
For an independently designable solution, the method further comprises:
determining a second constraint condition record base pointed to by a plurality of second transfer description contents;
according to the second constraint condition record library, obtaining potential features directed to the constraint conditions in the second constraint condition record library;
performing multidimensional feature analysis on the constraint conditions in the second constraint condition record base according to the quantitative difference between every two potential features, and determining a first constraint condition record base pointed to by a plurality of first transfer description contents and mapping conditions between the constraint conditions in the first constraint condition record base and the constraint conditions in the second constraint condition record base;
and determining the first constraint condition record base, the second constraint condition record base and the mapping condition as the target constraint condition record base.
For an independently designable solution, the obtaining, according to the second constraint condition record library, potential features directed to constraint conditions in the second constraint condition record library includes:
loading the second constraint condition record base to a constraint condition mining model to obtain potential features generated by the constraint condition mining model and directed by constraint conditions in the second constraint condition record base;
the constraint condition mining model is obtained by determining constraint conditions in an example constraint condition record library pointed to by a plurality of second transfer description contents as raw material information and tuning by using example potential characteristics pointed to by constraint conditions set in advance in the example constraint condition record library as references.
For an independently designed technical scheme, the cloud game big data covers cloud game big data which aims at expressing network environment safety conditions of a cloud game client in a game interaction process, and the information safety knowledge base aims at representing transfer description contents among real-time game interaction warning items included in the cloud game big data.
The embodiment of the application also provides a cloud game big data analysis system, which comprises a processor, a network module and a memory; the processor and the memory communicate through the network module, and the processor reads the computer program from the memory and operates to perform the above-described method.
Compared with the prior art, the cloud game big data analysis method and system based on network information security provided by the embodiment of the application have the following technical effects: the cloud game big data can be subjected to game interaction warning item identification processing, game interaction warning item expression of the cloud game big data is determined, forwarding description identification processing is performed on the cloud game big data, and first transfer description content and second transfer description content between first game interaction warning item and second game interaction warning item in the cloud game big data are determined. Wherein the partial content set of the first delivery profile includes the second delivery profile. Further, establishing the information security knowledge base based on game interaction warning items pointed by the game interaction warning item expression, first constraint conditions pointed by the first transfer description content and second constraint conditions pointed by the second transfer description content; wherein one or more than one of the game interaction warning items with the transfer description contents are matched with the game interaction warning item pointed by the game interaction warning item expression.
In the embodiment of the application, the established information security knowledge base can describe first transfer description content and second transfer description content between first game interaction warning items and second game interaction warning items in cloud game big data in parallel, wherein a local content set of the first transfer description content covers the second transfer description content, so that the information security knowledge base comprises network security risk information of more angles of the cloud game big data, namely the transfer description content obtained by determining a plurality of difference dimensions, therefore, the network security risk information in the cloud game big data can be deeply and abundantly mined and identified, and the integrity and the richness of the established information security knowledge base are further ensured. In addition, the information security knowledge base is a graphical knowledge map, so that the method is high in usability and suitable for network information security analysis in different game scenes, and the information security knowledge base can be derived by taking one information security knowledge base as a reference so as to improve prejudgment on unknown network security risks.
Drawings
Fig. 1 is a flowchart of a cloud game big data analysis method based on network information security according to an embodiment of the present application.
Detailed Description
The cloud game big data analysis system 10 in the embodiment of the present application may be a server with data storage, transmission, and processing functions, and the cloud game big data analysis system 10 includes: the system comprises a memory 11, a processor 12, a network module 13 and a cloud game big data analysis device 20 based on network information security.
An embodiment of the present application further provides a computer storage medium, where a computer program is stored, and the computer program implements the method when running.
Fig. 1 shows a flowchart of a cloud game big data analysis method based on network information security according to an embodiment of the present application. The method steps defined by the flow related to the method are applied to the cloud game big data analysis system 10 and can be realized by the processor 12, and the method comprises the following recorded contents of step201-step 203.
step201, utilizing game interaction warning item identification processing to determine game interaction warning item expression of cloud game big data.
In this embodiment of the application, the game interaction warning item identification process may be understood as a game interaction warning item expression for acquiring each game interaction warning item included in the cloud game big data, and the game interaction warning item may be understood as an abnormal game item included in the cloud game big data, where the abnormal game item may be an abnormal behavior item of a player, an abnormal game function item, or any other abnormal game item, and the game interaction warning item expression (a matter characteristic, such as may be recorded in a form of a feature vector or a feature map) may be understood as a popularity, a scene state, a corresponding category, and the like of the game interaction warning item in the cloud game big data.
step202, using a delivery description recognition process, determines a first delivery description and a second delivery description between a first game interaction alert item and a second game interaction alert item in the cloud game big data.
In the embodiment of the application, the delivery description identification process (which can be understood as relationship detection) aims to determine delivery description contents at different levels between two game interaction warning items in cloud game big data. The two game interaction warning items can be understood as a first game interaction warning item and a second game interaction warning item in the cloud game big data, and the transfer description contents at different levels can comprise a first transfer description content and a second transfer description content. Wherein the partial content set of the first delivery description comprises the second delivery description, and further the delivery description may be understood as a relational feature. In other words, the first delivery profile corresponds to an upstream content of the second delivery profile for recording a relatively broad delivery profile between the first game interaction alert item and the second game interaction alert item, and the second delivery profile matches a local content set (which may be understood as a subclass) of the first delivery profile for recording a delivery profile with a higher level of detail between the first game interaction alert item and the second game interaction alert item.
step203, establishing the information security knowledge base through the game interaction warning item pointed by the game interaction warning item expression, the first constraint condition pointed by the first transfer description content and the second constraint condition pointed by the second transfer description content.
In the embodiment of the application, one or more than one game interaction warning items with transfer description contents are matched with the game interaction warning items pointed by the game interaction warning item expression. For example, the game interaction alert item matrix _1 and the game interaction alert item matrix _2 have a first transfer description content and a second transfer description content, and when the game interaction alert item identification processing is performed on the cloud game big data, the determined game interaction alert item pointed by the game interaction alert item expression includes the game interaction alert item matrix _1 and/or the game interaction alert item matrix _ 2. The first constraint is a constraint intended to characterize the first delivery profile and the second constraint is a constraint intended to characterize the second delivery profile.
It will be appreciated that the finally created information security knowledge base (e.g., a knowledge graph or graph data set used to record information security features) may reflect not only the first transfer description between the first game interaction alert event and the second game interaction alert event, but also the second transfer description after a higher level of detail between the first game interaction alert event and the second game interaction alert event.
Implementing the content recorded by step201-step203, the established information security knowledge base can describe the first transfer description content and the second transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data in parallel, wherein the local content set of the first transfer description content covers the second transfer description content, so that the information security knowledge base comprises network security risk information of more angles of the cloud game big data, namely the transfer description content obtained based on different layers, therefore, the network security risk information in the cloud game big data can be deeply and abundantly mined and identified, and the integrity and the richness of the established information security knowledge base are further ensured. In addition, the information security knowledge base is a graphical knowledge map, so that the method is high in usability and suitable for network information security analysis in different game scenes, and the information security knowledge base can be derived by taking one information security knowledge base as a reference so as to improve prejudgment on unknown network security risks.
For a separately implementable solution, the game interaction alert item representation recorded by step201, which determines cloud game big data by using the game interaction alert item recognition process, may exemplarily include the content recorded by step2011-step 2013.
step2011, determining an initial game interaction warning item expression of the cloud game big data.
In this embodiment, according to the description content of the cloud game big data, the restrictive mark of the game interaction warning item, to which each game interaction warning item included in the cloud game big data points, may be determined first. The restrictive mark of the game interaction warning item may include a key description item of the game interaction warning item, such as: the game interaction warning item is an abnormal behavior item of the player, the limiting mark of the game interaction warning item can comprise the player behavior mark, the game interaction warning item is other abnormal game items, and the limiting mark of the game interaction warning item can comprise global or local information of the abnormal game item. And then, mining an initial game interaction warning item expression in the cloud game big data based on the restrictive mark of the game interaction warning item according to a related item expression mining algorithm.
It is understood that the cloud game big data description content may include a subject information description, an interaction detail description, a scene state description, and the like. The theme information description is an overall description content, which records the main expression content of the game interaction warning item pointed by the cloud game big data, the interaction detail description is also an overall description content, which records the multi-end interaction condition of the game interaction warning item corresponding to the cloud game big data, the scene state description can be expressed by two expression modes, the first is a characteristic diagram description, the second is a characteristic array description, the characteristic diagram description of the cloud game big data mainly aims at the range type content of the game interaction warning item, and the characteristic array description of the cloud game big data is transmitted to the scene state of the cloud game big data content set. In the embodiment of the application, cloud game big data description content of the cloud game big data can be mined by using a big data mining thread (such as a neural network model) which is tuned and optimized in advance.
Furthermore, according to the description content of the cloud game big data, the LSTM which is tuned in advance is used for extracting the restrictive mark of the game interaction warning item pointed by the game interaction warning item contained in the cloud game big data. And the limiting mark of the game interaction warning item pointed by the game interaction warning item in the cloud game big data is used for limiting the game interaction warning item.
It will be appreciated that after the restrictive indicia of the game interaction alert item are determined, the initial game interaction alert item representation may be determined by way of a related item representation mining algorithm. The related item expression mining algorithm may be a down-sampling algorithm. The initial game interaction alert item representation may include some initial item representation of the game interaction alert item.
step2012, adjusting the initial game interaction alert item expression to an array-type game interaction alert item expression.
In the embodiment of the application, the game interaction warning item expression in the cloud game big data can be adjusted into the array type game interaction warning item expression by using a constraint type adjustment algorithm.
step2013, determining the array type game interaction warning item expression as the game interaction warning item expression of the cloud game big data.
In the embodiment of the present application, the array-type game interaction alert item expression (such as the feature vector) obtained by the adjustment is determined as the game interaction alert item expression of the cloud game big data.
By the design, the initial game interaction warning item expression of the cloud game big data can be determined firstly, and then the initial game interaction warning item expression is adjusted to be the array type game interaction warning item expression, so that the game interaction warning item expression of the cloud game big data can be obtained in time.
For an independently implementable solution, the step202 determines the first delivery description and the second delivery description between the first game interaction alert item and the second game interaction alert item in the cloud game big data by using the delivery description recognition process, and exemplarily may include the contents recorded by the steps 2021-2023.
step2021, determine the initial delivery description of the cloud game big data.
In this embodiment of the application, cloud game big data description content of the cloud game big data may be determined first, and the restrictive mark of the game interaction warning item, to which each game interaction warning item included in the cloud game big data points respectively, may be determined based on the cloud game big data description content. The restrictive indicia of the transitive description between the first game interaction alert item and the second game interaction alert item is obtained using a combination of restrictive indicia of the game interaction alert items. Wherein the restrictive indicia of the transfer description may be intended to characterize the state transfer description between the first game interaction alert item and the second game interaction alert item. And determining the initial transfer description content of the cloud game big data by the related item expression mining algorithm based on the restrictive mark of the transfer description.
It can be understood that the method for determining the limiting flag of the mining of the cloud game big data description content and the game interaction warning item is the same as the method for determining the limiting flag of the mining of the cloud game big data description content and the game interaction warning item described in step2011, and the embodiments of the present application are not described herein too much.
Further, after determining the restrictive marks of the game interaction alert items, the restrictive marks of the game interaction alert items need to be combined, and the restrictive marks conveying the description may be intended to represent whether the restrictive marks of the game interaction alert items intersect, a relative relationship between the restrictive marks of the game interaction alert items, whether the restrictive marks of the game interaction alert items include the same portion matching the same game interaction alert item, and the like.
For example, the restrictive marks of the game interaction warning items of the first game interaction warning item and the second game interaction warning item may be obtained by combining the restrictive marks of the game interaction warning items, that is, the restrictive marks of the transfer description between the two game interaction warning items of the player account and the game chat function are the restrictive marks of the game interaction warning items of the two game interaction warning items are not crossed, and the restrictive marks of the game interaction warning items of the player account are indirectly matched with the restrictive marks of the game interaction warning items of the game chat function.
Further, after determining the restrictive flag of the transfer description, the initial transfer description content of the cloud game big data can be determined based on the restrictive flag of the transfer description by means of the related matter expression mining algorithm. The initial transfer description content can be used for representing possible transfer description content between the first game interaction warning item and the second game interaction warning item, and by designing the method, a deeper warning item relation can be mined.
step2022, determines a first delivery description content distribution list and a second delivery description content distribution list according to the initial delivery description content.
In the embodiment of the present application, the first delivery description content distribution list is intended to represent the first delivery description content between the first game interaction alert item and the second game interaction alert item, that is, the first delivery description content distribution list is a content distribution list (which may be a feature matrix, for example) intended to represent the clear delivery description between the game interaction alert items. The second delivery description content distribution list is intended to characterize the second delivery description content between the first game interaction alert item and the second game interaction alert item, i.e. the second delivery description content distribution list is a content distribution list intended to characterize the detailed content delivery description between the game interaction alert items.
In the embodiment of the present application, the feature extraction unit a may perform a moving average operation on the initial delivery description content to determine a first delivery description content distribution list, and the feature extraction unit B may perform a moving average operation (convolution processing) on the initial delivery description content to determine a second delivery description content distribution list. The number of feature extraction layers included in the feature extraction unit A is not more than that of the feature extraction layers included in the feature extraction unit B.
step2023, obtaining the first transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression of the cloud game big data and the first transfer description content distribution list.
In the embodiment of the present application, the game interaction alert item expression may be understood as an array type game interaction alert item expression, and the information transmission unit is used to transfer between the array type game interaction alert item expression and the first delivery description content distribution list. Further, the information transmission unit may forward the array-type game interaction alert item expression and the first delivery description content distribution list to the information parsing unit, and test the first delivery description content between the first game interaction alert item and the second game interaction alert item using the information parsing unit.
Further, the information parsing unit may test the delivery description content by using one of the methods that may be based on the array-type game interaction alert item expression and the first delivery description content distribution list, for example, the information parsing unit may use a big data mining thread that is tuned in advance, and the big data mining thread may use the example cloud game big data carrying the first delivery description content identifier to perform tuning, and determine whether tuning of the big data mining thread is completed based on a preset condition. In the embodiment of the present application, the array type game interaction alert item expression and the first delivery description content distribution list may be directly loaded to the tuned big data mining thread, and the big data mining thread tests the first delivery description content between the first game interaction alert item and the second game interaction alert item.
step2024, obtaining the second transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression and the second transfer description content distribution list of the cloud game big data.
In the embodiment of the present application, another information transmission unit may also be used to forward the content in the group-type game interaction alert item expression and the second delivery description distribution list, and another information parsing unit may be used to test the second delivery description between the first game interaction alert item and the second game interaction alert item. The implementation is the same as the way the first delivery description is tested, and the embodiments of the present application are not described here too much.
Therefore, the limiting marks of the game interaction warning items can be determined according to the description contents of the mined cloud game big data of the cloud game big data, the limiting marks of the transfer description among the game interaction warning items are determined by utilizing the combination of the limiting marks of the game interaction warning items, and the first transfer description contents and the second transfer description contents of the first game interaction warning items and the second game interaction warning items in the cloud game big data are determined according to the limiting marks of the transfer description.
For a solution that can be implemented independently, the method may further include the content recorded by step 204.
step204, updating the second delivery description content distribution list according to the first delivery description content distribution list and the second delivery description content distribution list, or updating the first delivery description content distribution list and the second delivery description content distribution list.
In the embodiment of the application, in order to ensure the integrity and richness of the established information security knowledge base. In addition, because the information security knowledge base is a graphical knowledge graph, the usability is high, and the method can be suitable for network information security analysis under different game scenes, so that the knowledge base can be derived by taking one information security knowledge base as a reference so as to improve the prejudgment on unknown network security risks, the first transfer description content and the second transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data can be accurately described, and the second transfer description content distribution list can be updated by using the list updating unit according to the first transfer description content distribution list and the second transfer description content distribution list. Alternatively, the list updating unit may be further configured to update the first delivery description content distribution list and the second delivery description content distribution list at the same time according to the first delivery description content distribution list and the second delivery description content distribution list.
It is to be understood that, on the basis of updating the second delivery description content distribution list, the step2024 may further include the following content exemplarily: and obtaining the second transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the third transfer description distribution list obtained after the array type game interaction warning item expression and the second transfer description content distribution list are updated.
In the embodiment of the present application, after updating the second delivery description distribution list, a third delivery description distribution list is obtained, and at this time, the second delivery description between the first game interaction alert item and the second game interaction alert item in the cloud game big data may be determined according to the array type game interaction alert item expression and the third delivery description distribution list.
It is to be understood that, on the basis of updating the first delivery description content distribution list, the step2023 may further include the following content exemplarily: and obtaining the first transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression of the cloud game big data and a fourth transfer description content distribution list obtained after the first transfer description content distribution list is updated.
In the embodiment of the present application, after the first delivery description distribution list is updated, a fourth delivery description distribution list is obtained, and at this time, the first delivery description between the first game interaction alert item and the second game interaction alert item in the cloud game big data may be determined according to the array type game interaction alert item expression and the fourth delivery description distribution list.
By the design, the second delivery description content distribution list can be further updated, or the first delivery description content distribution list and the second delivery description content distribution list can be further updated, so that the finally obtained information security knowledge base can be more complete and richer.
For an independently implementable solution, the step204 may update the second delivery description content distribution list according to the first delivery description content distribution list and the second delivery description content distribution list, and exemplarily include the following content recorded in step2041-step 2045.
step2041, starting the moving average operation, the scalar simplification operation and the ReLU algorithm loading operation one by one on the first transmission description content distribution list, determining a first distribution list, and starting the moving average operation, the scalar simplification operation and the ReLU algorithm loading operation one by one on the second transmission description content distribution list, determining a second distribution list.
In the embodiment of the present application, the structure of the list updating unit may refer to the following description, where the feature extraction unit includes a moving average operation (convolution operation), a scalar simplification operation (normalization operation), a ReLU algorithm loading operation (ReLU activation function operation), and the like.
step2042, based on the first distribution list and the second distribution list, determines a first association degree distribution list at the level of the state of the description content of the delivery description, and determines a second association degree distribution list at the level of the example of the delivery description.
In the embodiment of the present application, the first distribution List _ a and the second distribution List _ B are weighted and then subjected to a moving average operation, so as to obtain a first association degree distribution List _ C of the delivery description at the description content state level. The second distribution List _ B is weighted with the first distribution List _ a after the moving average operation, and the characteristics are reduced, so as to obtain a second association degree distribution List _ S of the delivery description at an example level (which can be understood as a sample dimension).
step2043, loading the first distribution list and the first association degree distribution list to a first AI artificial intelligence model, and determining a first model processing result of the first AI artificial intelligence model.
In the embodiment of the present application, the first distribution List _ a and the first association degree distribution List _ C are loaded into the first AI artificial intelligence model, the first AI artificial intelligence model calculates a product of the first distribution List _ a and the first association degree distribution List _ C, and then the product is fused with the first distribution List _ a, and a first model processing result _ M of the first AI artificial intelligence model is obtained after a sliding average operation.
step2044, loading the first model processing result and the second association degree distribution list to a second AI artificial intelligence model, and determining a second model processing result of the second AI artificial intelligence model.
In the embodiment of the present application, the first model processing result _ M and the second association degree distribution List _ S are loaded to the second AI artificial intelligence model, the second AI artificial intelligence model calculates the weighting of the first model processing result _ M and the second association degree distribution List _ S, and then fuses with the first model processing result _ M, and the second model processing result _ M0 of the second AI artificial intelligence model is obtained after the sliding average operation.
step2045, fusing the second model processing result and the second delivery description content distribution list, and obtaining a third delivery description content distribution list after the second delivery description content distribution list is updated.
In the embodiment of the present application, after fusing the second model processing result _ M0 with the second delivery description content distribution List _ b, an updated third delivery description content distribution List _ bout may be obtained.
In this embodiment of the present application, a process of updating the first delivery description content distribution list according to the first delivery description content distribution list and the second delivery description content distribution list is the same as a process of updating the second delivery description content distribution list, and this embodiment of the present application is not described herein in detail.
In this way, the first transfer description content distribution list and the second transfer description content distribution list can be used to determine the pointed association degree distribution list (which can be understood as a correlation matrix) at the description content state level and the example level of the transfer description content respectively, and then the second transfer description content distribution list is updated by using two AI artificial intelligence models connected in sequence, so that the information security knowledge base can be established quickly and efficiently and the integrity of the information security knowledge base can be guaranteed.
For a solution that can be implemented independently, after step202 is executed, the method may further include the content recorded by step 205.
step205, in the target constraint condition record base, determining the first constraint condition pointed to by the first delivery description content and the second constraint condition pointed to by the second delivery description content.
In the embodiment of the present application, the predetermined target constraint condition record library includes constraint conditions pointed to by various second delivery description contents, constraint conditions pointed to by various first delivery description contents, and mapping conditions between the first delivery description contents and the second delivery description contents.
It is understood that after the first mapping situation and the second mapping situation between the first game interaction warning item and the second game interaction warning item in the cloud game big data are determined, the first constraint condition pointed to by the first mapping situation of the cloud game big data and the second constraint condition pointed to by the second mapping situation of the cloud game big data can be determined from the target constraint condition record base, so as to establish the information security knowledge base later.
For a solution that can be implemented independently, the method may also include the content recorded by step206-step 210.
step206, determine a second constraint record base pointed to by a number of second delivery descriptions.
In this embodiment of the application, the second constraint condition record base may be a hot constraint condition record base that is set in advance and used for establishing the information security knowledge base, where the hot constraint condition record base includes constraint conditions pointed to by a plurality of second delivery description contents.
step207, according to the second constraint condition record library, obtaining the potential features pointed to by the constraint conditions in the second constraint condition record library.
In the embodiment of the present application, the second constraint condition record library may be loaded to a constraint condition mining model that is tuned in advance, and a potential feature (implicit vector) pointed by a constraint condition in the second constraint condition record library generated by the constraint condition mining model is obtained. The constraint condition mining model can be determined as raw material information (which can be understood as an input value) by means of the example constraint condition set pointed by various second transfer description contents, and the loss tends to be min by optimizing the model variables of the constraint condition mining model according to the example potential feature identification pointed by the constraint conditions in the example constraint condition set, so that the optimized constraint condition mining model is finally obtained.
step208, performing multidimensional feature analysis (clustering) on the constraint conditions in the second constraint condition record base according to the quantitative difference between every two potential features, and determining a first constraint condition record base pointed to by a plurality of first transfer description contents and mapping conditions between the constraint conditions in the second constraint condition record base and the constraint conditions in the first constraint condition record base.
In the embodiment of the application, multidimensional feature analysis can be performed on the constraint conditions in the second constraint condition record library by means of a multidimensional feature analysis thread, wherein the multidimensional feature analysis thread can be an algorithm such as Kmeans, and the first constraint condition record library can be determined by the multidimensional feature analysis thread according to the quantitative difference between every two potential features. Wherein, the first constraint condition record base includes the constraint conditions pointed to by a plurality of first delivery description contents. Meanwhile, the mapping condition between the constraint condition in the first constraint condition record base and the constraint condition in the second constraint condition record base can be determined.
step209 determines the first constraint condition record base, the second constraint condition record base and the mapping condition as the target constraint condition record base.
In the embodiment of the present application, the target constraint condition record library includes a constraint condition in a first constraint condition record library pointed to by a plurality of first delivery description contents, a constraint condition in a second constraint condition record library pointed to by a plurality of second delivery description contents, and a mapping between the constraint condition in the first constraint condition record library and the constraint condition in the second constraint condition record library.
Therefore, the target constraint condition record base comprising the first constraint condition record base and the second constraint condition record base which point to the plurality of first transfer description contents and the mapping condition between the constraint condition in the first constraint condition record base and the constraint condition in the second constraint condition record base can be timely and effectively determined according to the preset second constraint condition record base which points to the plurality of second transfer description contents.
For an independently implementable technical solution, the target constraint condition record library can also be determined by means of other generation methods.
After the first constraint condition record base is determined, the constraint conditions in the second constraint condition record base can be globally analyzed, so that the mapping conditions between the first constraint condition record base pointed to by a plurality of first transfer description contents and the constraint conditions in the first constraint condition record base and the constraint conditions in the second constraint condition record base are counted, a target constraint condition record base with different architectural relationships can be generated, and the application range of the whole scheme is expanded.
For an independently implementable solution, the method may further include, for example, the content recorded by step 210: step210, determining, by using a normalization thread, a game interaction alert item pointed to by the game interaction alert item expression, a first constraint pointed to by the first delivery description content, and a second constraint pointed to by the second delivery description content according to the game interaction alert item expression, the first delivery description content, and the second delivery description content.
In the embodiment of the application, a game interaction warning item expression of cloud game big data, a first transfer description content and a second transfer description content between a first game interaction warning item and a second game interaction warning item can be subjected to scalar simplification operation by using a standardized thread, such as a normalized function, and a game interaction warning item included in the cloud game big data, a first constraint condition pointed to by the first transfer description content and a second constraint condition pointed to by the second transfer description content are determined in a preset game interaction warning item set and a target constraint condition record library.
In the embodiment of the application, a big data mining thread is further provided, and the big data mining thread can establish an information security knowledge base by means of any one of the methods.
The thread configuration of the big data mining thread can be adjusted according to actual conditions, cloud game big data which needs to be understood and an information security knowledge base is established are loaded to the big data mining thread, after the description content of the cloud game big data is extracted, the big data mining thread extracts the restrictive marks of the game interaction warning items in the cloud game big data by using the LSTM, and the restrictive marks of the transfer description are obtained by using the combination of the restrictive marks of the game interaction warning items. And determining the initial game interaction warning item expression and the initial transmission description content of the cloud game big data by utilizing a related item expression mining algorithm method based on the restrictive mark of the game interaction warning item and the restrictive mark of the transmission description.
Aiming at the initial game interaction warning item expression, the big data mining thread utilizes a constraint type adjustment algorithm to adjust the initial game interaction warning item expression into a number group type game interaction warning item expression, and the number group type game interaction warning item expression can be determined as the game interaction warning item expression pointed by the cloud game big data.
For the initial delivery description, the big data mining thread respectively uses a feature extraction unit A and a feature extraction unit B to obtain a first delivery description content distribution list and a second delivery description content distribution list, wherein the number of feature extraction layers covered by the feature extraction unit A is less than the number of feature extraction layers covered by the feature extraction unit B.
The big data mining thread makes a transition between the representation of the interactive alert item of the group game and the distribution list of the first delivery description content using the information transfer unit1, and makes a transition between the representation of the interactive alert item of the group game and the distribution list of the second delivery description content using the information transfer unit 2. The first delivery description is determined from the array-type game interaction alert item representation and the first delivery description distribution list using the information parsing unit 3. And updating the second delivery description distribution list by using a list updating unit to obtain a third delivery description distribution list, and determining the second delivery description by using an information parsing unit4 according to the interactive alert item expression of the array game and the third delivery description distribution list.
Further, the information safety knowledge base is established by utilizing a standardization thread and determining game interaction warning items pointed by the game interaction warning item expressions, first transfer description contents and second transfer description contents based on the array type game interaction warning item expressions, the first transfer description contents and the second transfer description contents.
It can be understood that when the big data mining thread is optimized, tagged optimization can be performed on the sub-thread pointed by the first transfer description content and the sub-thread pointed by the second transfer description content by means of different constraint condition tags, so that the accuracy and the reliability of cloud game big data analysis performed by the big data mining thread are improved, and a more complete, reasonable and accurate information security knowledge base can be conveniently established subsequently.
Besides, on the basis of the above contents, under some design ideas which can be independently implemented, the method can further comprise the following contents: detecting the cloud game running stream type record to be processed through the information security knowledge base, determining the cloud game running stream type record with the game vulnerability significance processing requirement, and performing characteristic significance optimization on the cloud game running stream type record to obtain a target cloud game running stream type record; mining suspected abnormal game activity features from the target cloud game running stream record; determining a game vulnerability risk according to the suspected abnormal game interaction characteristics; and formulating a wind control processing strategy aiming at the game vulnerability risk.
In the embodiment of the application, the mining condition of the suspected abnormal game activity feature can be set according to actual requirements, for example, the mining condition emphasizing privacy stealing of users or the mining condition emphasizing DDOS attack, and based on the above, the game vulnerability risk corresponding to the suspected abnormal game interaction feature can be determined through a classifier or other intelligent threads, so that a wind control processing strategy is formulated in a targeted manner.
In addition, under some design ideas which can be independently implemented, the game vulnerability risk is determined according to the suspected abnormal game interaction characteristics, and the method can be implemented by the following implementation modes: acquiring a node behavior description set aiming at the suspected abnormal game interaction characteristics, wherein the node behavior description set comprises at least two groups of node behavior descriptions; obtaining the degree of association between each group of node behavior description in the node behavior description set and the suspected abnormal game interaction feature; according to the corresponding association degree of each group of node behavior description and the conversation theme of each group of node behavior description, sequentially adjusting each group of node behavior description to obtain a corresponding node behavior description queue; generating a target vulnerability risk category queue aiming at the suspected abnormal game interaction characteristics based on the node behavior description queue, wherein the target vulnerability risk category queue comprises at least two target vulnerability risk categories; determining the game vulnerability risk based on the first n target vulnerability risk categories in the target vulnerability risk category queue. By the design, the target vulnerability risk category queue can be determined as completely as possible from the node behavior description level, so that game vulnerability risks can be accurately and reliably positioned according to the target vulnerability risk categories which are ranked in front.
In other possible embodiments, determining a cloud game running stream record with a game vulnerability saliency processing requirement and performing feature saliency optimization on the cloud game running stream record to obtain a target cloud game running stream record can be implemented through the following embodiments.
Step S101, determining a cloud game running stream type record with a game vulnerability saliency processing requirement, wherein the cloud game running stream type record with the game vulnerability saliency processing requirement covers target suspected abnormal game activities.
In this embodiment of the application, the cloud game running stream record with the requirement for processing the significance of the game bug may be a cloud game running stream record collected by a game running detection thread, or one running record log in cloud game running records monitored by a game running detection thread. The target suspected anomalous gaming activity is an anomalous gaming activity in a cloud gaming streaming record of a specified suspected anomalous gaming event in the gaming environment.
For example, a cloud game running stream record acquired by a game running detection thread may be analyzed, if the cloud game running stream record contains a target suspected abnormal game activity, the cloud game running stream record is determined to be used as the cloud game running stream record with a game leak significance processing requirement, and if the cloud game running stream record does not contain the target suspected abnormal game activity, the cloud game running stream record is not used as the cloud game running stream record with the game leak significance processing requirement; similarly, cloud game running records monitored by the game running detection thread can be analyzed, if a certain group of cloud game running stream records contain suspected target abnormal game activities, the group of cloud game running stream records are determined to be used as the cloud game running stream records with the game vulnerability saliency processing requirement, and if a certain group of cloud game running stream records do not contain suspected target abnormal game activities, the group of cloud game running stream records are not used as the cloud game running stream records with the game vulnerability saliency processing requirement.
In an application scenario, when a cloud game running record is monitored, if an abnormal game behavior operation event occurs in a certain period of the running record in the monitoring process and an abnormal game behavior operation event does not occur in a certain period of the running record, the content of the cloud game running stream record with the abnormal game behavior operation event in the running record is taken as the cloud game running stream record with the game vulnerability significance processing requirement to perform significance optimization operation, and the content of the cloud game running stream record without the abnormal game behavior operation event in the running record is inappropriate as the cloud game running stream record with the game vulnerability significance processing requirement to perform significance optimization operation, so that the abnormal game behavior operation event in the cloud game running record can be ensured to be timely and significantly optimized, and resource waste and expenditure can be reduced when the abnormal game behavior operation event does not exist in the cloud game running record, meanwhile, misjudgment on the cloud game running record is avoided.
In addition, the streaming record of the cloud game may be a record report or a record list formed according to a time sequence, or may also be a corresponding record generated in a data information stream form, which is not limited herein.
Step S102, overall game activity characteristics of the target suspected abnormal game activity are mined, and the matching situation of the overall game activity characteristics and first characteristics of constraint description in an overall activity characteristic optimization space of the target suspected abnormal game activity is determined.
In the embodiment of the application, there are various methods for mining global game activity features of a target suspected abnormal game activity, and in actual implementation, a cloud game running stream record corresponding to a cloud game running stream record with a game vulnerability significance processing requirement can be determined, and the cloud game running stream record with the game vulnerability significance processing requirement and the cloud game running stream record after the cloud game running stream record and the cloud game running stream record are collated are led into a big data wind control processing model which is debugged in advance to perform global game activity feature mining. The cloud game running stream type record with the game vulnerability saliency processing requirement is determined by the game running detection thread, and meanwhile the cloud game running stream type record can be determined by triggering the collection module of the game running detection thread, or the cloud game running heat record can be determined by the collection thread.
It can be understood that there may be a plurality of global game activity features obtained by mining, and each global game activity feature obtained by mining carries theme information (for example, may be an identifier), for example, if the global game activity features obtained by mining have a chronological order, the theme information of each global game activity feature may be theme information reflecting the chronological order. The main reasons are: when the global game activity characteristics of the target suspected abnormal game activity are mined, the mining is performed by combining the characteristics of the target suspected abnormal game activity or mining indexes (mining requirements), in other words, whether a certain state of the target suspected abnormal game activity is mined or not and a plurality of global game activity characteristics are mined can be specified in advance. For example, when mining the cloud game running stream record of the abnormal game behavior operation event, global game activity feature mining can be performed on a request-response link and other significant activity states of the abnormal game behavior operation event, and the significant activity states can carry subject information, so that the global game activity features obtained by mining carry the subject information.
It is to be understood that a global activity feature optimization space (which may be understood as a mapping space for performing feature, vector, etc. processing) is used as an exemplary optimization method for representing various optimization keywords of a target suspected abnormal game activity. The global activity feature optimization space may be a global space (for example, a multidimensional mapping space) composed of a plurality of constraint descriptions (which may be understood as feature information or description information for defining the global activity feature optimization space) and a relationship unit hierarchy between the constraint descriptions, the constraint descriptions of the global activity feature optimization space may also correspond to respective significant activity states of the target suspected abnormal game activity, and the constraint descriptions may also have subject information, for example, if the constraint descriptions have a chronological order, the subject information of each constraint description may be subject information reflecting the chronological order. The arrangement method of the plurality of restrictive descriptions may be the same as or different from the arrangement method of the global game activity features obtained by mining.
Illustratively, the global game activity features of the target suspected abnormal game activity obtained by mining are corresponding to the respective significant activity states of the target suspected abnormal game activity, and the global activity feature optimization space of the target suspected abnormal game activity is also corresponding to the respective significant activity states of the target suspected abnormal game activity, so as to determine a first feature matching condition (such as a corresponding relation) of the global game activity features and the constraint descriptions in the global activity feature optimization space, that is, to perform feature matching on the global game activity features and the constraint descriptions in the same significant activity states.
Step S103, determining the activity characteristic optimization condition of the activity characteristic of the global game according to the characteristic optimization request, the specified optimization index of the constraint description in the global activity characteristic optimization space and the first characteristic matching condition.
In the embodiment of the application, the global activity feature optimization space may further store specified optimization indexes of each constraint description, which is easy to understand, update data of the constraint description when each optimization keyword is performed, and the like. In each optimization keyword, at least one constraint description needs to be updated, so that the update data of each constraint description under different optimization keywords can be recorded (it can be understood that if the constraint description does not need to be updated, the update data is an empty set). For example, the specified optimization indexes can be recorded through a vector processing idea, each constraint description creates a vector, a global distribution label of the constraint description is marked in the vector, and then the update data of the constraint description under each optimization keyword is marked one by one. Based on the recording mode of the vector, after the first feature matching condition is determined, the distribution label information of the global game activity features corresponding to the constraint description can be changed into a description label list of the space and loaded into the vector of the constraint description, so that the optimization quality can be ensured in the subsequent optimization (feature significance processing) of the global game activity features.
It is understood that the feature optimization request (optimization instruction) may be determined according to the actual situation of the user, for example, if at least one optimization keyword is selected according to the relevant requirements, the feature optimization request for the at least one optimization keyword is determined; the feature optimization request may also be adaptively generated by an execution agent executing the method. When the target suspected abnormal game activity is an abnormal game behavior operation event, the demand side may determine at least one feature optimization event for the abnormal game behavior operation event, so as to determine a feature optimization request corresponding to the at least one feature optimization event. For another example, when the target suspected abnormal game activity is an abnormal game behavior operation event, at least one feature optimization event may be set in advance, and then after determining that the cloud game running stream record with the game vulnerability significance processing requirement exists each time, a feature optimization request corresponding to the at least one feature optimization event is generated in a self-adaptive manner.
In the embodiment of the application, the feature saliency processing process of the global game activity feature comprises a state optimization process of the global game activity feature, so that the activity feature optimization condition of the global game activity feature comprises the global game activity feature after the state is optimized.
For example, when the activity feature optimization condition of the global activity feature is determined, the optimization keyword of the target suspected abnormal game activity may be determined according to the feature optimization request, then the first optimization index corresponding to the optimization keyword in the specified optimization indexes of the constraint description in the global activity feature optimization space is determined, and finally the global activity feature corresponding to at least one constraint description in the global activity feature optimization space is updated according to the first optimization index, so as to obtain the activity feature optimization condition of the global activity feature.
It is to be understood that the optimization keyword includes an optimized state and an optimized category, the optimized state is intended to express a partial state of the target suspected abnormal game activity, such as: the optimized category aims at expressing expected activity characteristic optimization conditions in a certain request-response link in the abnormal game behavior operation event. It can be understood that if the feature optimization request has one optimization keyword, one optimization keyword is determined, and if the feature optimization request has a plurality of optimization keywords, a plurality of optimization keywords are determined. Further, the first optimization index comprises each constraint of the global activity characteristic optimization space describing the update data under the optimization keyword. Each constraint description can be accessed one by one, and the optimization index corresponding to the optimization keyword in the feature optimization request, in other words, the update data of the constraint description under the optimization keyword, can be determined from each constraint description. When each constraint description holds the update data under the respective optimization keyword in the vector format, the update data may be determined in association with the corresponding state of the optimization keyword to the vector.
For example, when there is only one optimization keyword in the feature optimization request, the optimization index corresponding to the optimization keyword is directly determined. When there are multiple optimization keywords in the feature optimization request, the optimization index corresponding to each optimization keyword can be determined. Or, the global activity feature optimization space stores the update data corresponding to various combinations among the optimization keywords in addition to the update data of each optimization keyword, so that when there are multiple optimization keywords in the feature optimization request, the update data corresponding to the combinations of the multiple optimization keywords can be directly determined.
In addition, the feature optimization request may include the optimization keywords and also include the optimization variables (parameters) of the optimization keywords, and the optimization variables of the optimization keywords in the feature optimization request may be adjusted. The optimization variable may be a feature significance processing degree of the optimization event, and different feature significance processing degrees may correspond to different optimization indexes. Based on this, before the global game activity feature corresponding to at least one constraint description in the global activity feature optimization space is updated according to the first optimization index to obtain the activity feature optimization condition of the global game activity feature, the optimization variables of the optimization keywords are further determined according to the feature optimization request, and then the first optimization index is updated according to the optimization variables. The degree of optimizing the keywords can be optimized (feature saliency processing) by optimizing the variables, and the flexibility of feature optimization processing can be improved.
It can be understood that the distribution labels of the global game activity features corresponding to the constraint description and the corresponding update data can be calculated to obtain the activity feature optimization condition of the global game activity features. Under one or more optimization keywords, at least one constraint description updating data is not an empty set, and the constraint description corresponding global game activity characteristics are updated after calculation. The method comprises the steps of recording specified optimization indexes through a vector processing thought, changing distribution label information of global game activity features corresponding to constraint description into a spatial description label list after determining a first feature matching condition, and directly mining distribution labels and update data of the global game activity features from each constraint description vector to calculate on the basis of loading the distribution label information into the constraint description vector. When the determined first update data includes a plurality of pieces of update data of a constraint description, which are not all null sets, the distribution tags of the global game activity features corresponding to the constraint description can be operated one by combining each piece of update data with a specified sequence.
After the global game activity feature is updated in combination with at least one of the above manners, the state of the global game activity feature is optimized, and the global game activity feature in the optimized state can be understood as the global game activity feature whose state is optimized in the activity feature optimization case of the global game activity feature.
And step S104, determining a target cloud game running stream type record according to the activity characteristic optimization condition of the global game activity characteristic and the cloud game running stream type record with the game vulnerability significance processing requirement.
In the embodiment of the application, according to the activity characteristic optimization condition of the global game activity characteristic, the same characteristic significance processing is performed on the corresponding state of the cloud game running stream-type record with the game leak significance processing requirement, in other words, the activity characteristic optimization condition is projected onto the processing cloud game running stream-type record, so that the characteristic significance processing on the target suspected abnormal game activity in the cloud game running stream-type record with the game leak significance processing requirement is completed. For example, when the target suspected abnormal game activity is the abnormal game behavior operation event cloud game running stream record, the significance optimization operation on the abnormal game behavior operation event cloud game running stream record may be completed in this step.
In conclusion, by determining that the cloud game with the game vulnerability significance processing requirement runs the streaming record, and mining global game activity characteristics of the target suspected abnormal game activity in the cloud game running stream type record with the game vulnerability significance processing requirement, determining the matching condition of the global game activity characteristics and the first characteristics of constraint description in the global activity characteristic optimization space of the target suspected abnormal game activity, then according to the feature optimization request, the specified optimization index of the constraint description in the global activity feature optimization space and the first feature matching condition, and finally, determining a target cloud game running stream type record according to the activity characteristic optimization condition of the global game activity characteristic and the cloud game running stream type record with the game vulnerability significance processing requirement.
Because the activity characteristic optimization space is global and has a specified optimization index of constrained description, and the characteristic significance processing of the target suspected abnormal game activity is to optimize the global game activity characteristic (characteristic significance processing) according to the characteristic optimization request and the specified optimization index, so that the optimization process has higher precision and reliability, further, the global game activity characteristic is obtained by mining from the cloud game running stream record with the game leak significance processing requirement, and finally, the activity characteristic optimization condition of the global game activity characteristic obtained by characteristic optimization (characteristic significance processing) is fed back to the cloud game running stream record with the game leak significance processing requirement again, so that the quality of the characteristic significance processing of the target suspected abnormal game activity in the target cloud game running stream record can be ensured, therefore, the use efficiency of the target cloud game running stream type record in the subsequent wind control processing analysis is improved, and the subsequent game vulnerability risk is quickly and accurately obtained through the target cloud game running stream type record positioning, so that the efficient wind control processing is realized.
For some independently implementable technical solutions, the big data wind control processing method applied to cloud game protection further includes: and determining a second feature matching condition of the constraint description in the global activity feature optimization space of the target suspected abnormal game activity and the constraint description in the global basic optimization space.
In the embodiment of the application, the global basic optimization space is a basic optimization space (such as a standard model) of the target suspected abnormal game activity and is composed of a plurality of constraint descriptions and relationship units among the constraint descriptions. For example, when the target suspected abnormal game activity is an abnormal game behavior operation event cloud game operation stream record, the global basic optimization space may be a basic abnormal game behavior operation event model (which may be understood as a vector space model). If global game activity feature mining is performed on the global basic optimization space through the content described in step S102, then all constraint descriptions of the global basic optimization space can be obtained. The global activity feature optimization space is an exemplary optimization method for expressing at least one optimization keyword of the global basic optimization space, that is, an optimization index for representing each state of the global basic optimization space in the at least one optimization keyword. The global activity feature optimization space has a set space description label list, wherein the distribution labels of each constraint description in the global activity feature optimization space are the distribution labels in the space description label list, and the global activity feature optimization space also has a distribution label mapping list of the space, and the distribution label mapping list is used for changing the distribution labels in the space description label list into the global description label list.
Based on this, the distribution label of the constraint description in the global activity feature optimization space and the distribution label of the constraint description in the global basic optimization space may be changed into the same description label list, for example: and if the distribution label of the constraint description in the global basic optimization space is the distribution label in the global description label list, the distribution label of the constraint description can be changed into the global description label list. Then, quantitative commonality evaluation between each constraint description in the global activity feature optimization space and each constraint description in the global basic optimization space is determined. And finally, determining the second feature matching condition according to the quantitative commonality evaluation between each constraint description in the global activity feature optimization space and each constraint description in the global basic optimization space, wherein whether the two constraint descriptions correspond to each other can be determined according to the quantitative commonality evaluation between the two constraint descriptions and the specified quantitative difference result, and the relevant judgment mode can be selected according to the actual condition, which is not repeated herein.
For an independently implementable solution, based on this, the determination of the matching condition of the global game activity feature and the first feature of the constrained description in the global activity feature optimization space may be combined with the above manner, and the exemplary steps may include step S401 and step S402.
Step S401, determining the matching condition of the global game activity feature and the third feature of the constraint description in the global basic optimization space according to the theme information of the global game activity feature and the theme information of the constraint description in the global basic optimization space.
In the embodiment of the application, since the global basic optimization space is a basic optimization space determined based on an initial suspected abnormal game activity (such as an initial cloud game running streaming record), and the design ideas of the game activity characteristics of an initial abnormal game behavior operation event and a target abnormal game behavior operation event in the basic optimization space are consistent, the state of the constraint description in the target suspected abnormal game activity in the global basic optimization space generated based on the initial cloud game running streaming record is the same as the state of the global game activity characteristic in the target suspected abnormal game activity, the constraint description is the same as the subject information of the global game activity characteristic, and thus the global game activity characteristic with the same subject information and the constraint description in the global basic optimization space are determined as a constraint description binary group with a binding relationship, obtaining the third feature matching case. For example, the sequence of the constrained description of the global basic optimization space is consistent with the sequence of the global game activity features of the target suspected abnormal game activity, and the global game activity features with the same theme information reflecting the sequence and the constrained description of the global basic optimization space may be determined as constrained description duplets with a binding relationship, so as to obtain the third feature matching condition.
Step S402, determining the first feature matching condition according to the second feature matching condition and the third feature matching condition.
In the embodiment of the application, the constraint description of the global activity feature optimization space and the global game activity feature corresponding to the same constraint description of the global basic optimization space are determined to be a matching condition with a binding relationship (mutual correspondence).
In the embodiment of the application, by setting a second feature matching condition between each constraint description of the global basic optimization space and each constraint description of the global active feature optimization space in advance, then after determining the global game activity characteristic of the target suspected abnormal game activity of the streaming record of the cloud game running with the game vulnerability significance processing requirement each time, the theme information can be efficiently applied to determine the first feature matching of the global game activity features with the constrained description of the global activity feature optimization space, which, as such, is convenient to operate, meanwhile, the accuracy of the first feature matching condition can be improved, the global game activity features of the target suspected abnormal game activity recorded in a streaming mode are avoided aiming at each cloud game with the game vulnerability significance processing requirement, and unnecessary quantitative common evaluation calculation processing is executed.
For some independently implementable technical solutions, the step S104 may determine a target cloud game running stream record according to the activity feature optimization condition of the global game activity feature and the cloud game running stream record with the game vulnerability saliency processing requirement, and exemplarily may include the content recorded in the step S501 and the content recorded in the step S502.
Step S501, combining a first visual type feature relationship network created in advance, and generating a first relationship unit between the activity feature optimization conditions of the global game activity features.
In the embodiment of the present application, a first visual-type feature relationship network (which may be understood as a topological structure) set in advance is intended to express a relationship unit (such as a nodularized relationship expression or a gridding relationship expression between different descriptions) between constraint descriptions of a global basic optimization space, where a combination result relationship of the constraint descriptions, in other words, each constraint description needs to be combined with which other constraint descriptions. The first visual-type feature relationship network is recorded with subject information that is described in a constrained manner. Since the theme information of the global game activity features is consistent with the theme information of the constraint description of the global basic optimization space, and a third feature matching condition between the global game activity features and the constraint description of the global basic optimization space can be created in step S201, when at least one global game activity feature is updated, the theme information of each global game activity feature is still clear, and the feature matching condition between each global game activity feature and each constraint description of the global basic optimization space is still clear, so that different global game activity feature optimization conditions can be combined with the first visual feature relationship network to generate the first relationship unit. After the first relation unit is generated among the activity characteristic optimization conditions of all the global game activity characteristics, a target space of the target suspected abnormal game activity is formed.
Step S502, loading the activity characteristic optimization condition of the target suspected abnormal game activity on the cloud game running stream record with the game vulnerability saliency processing requirement according to the interest attribute information of the mapping characteristic of the global game activity characteristic on the cloud game running stream record with the game vulnerability saliency processing requirement, the distribution label information of the mapping characteristic of the activity characteristic optimization condition of the global game activity characteristic on the cloud game running stream record with the game vulnerability saliency processing requirement and the first relation unit, and obtaining the target cloud game running stream record.
For example, the interest attribute information of the mapping feature of the global game activity feature on the cloud game running stream record with the game vulnerability saliency processing requirement may be mined first, and used as the interest attribute information of the activity feature optimization condition of the global game activity feature; secondly, according to the interest attribute information of the activity characteristic optimization condition of the global game activity characteristic, loading to obtain the interest attribute information in the first relation unit; and finally, mapping the interest attribute information of the global game activity characteristics and the interest attribute information in the first relation unit to the cloud game running stream record with the game vulnerability significance processing requirement according to the distribution label information of the mapping characteristics of the activity characteristic optimization condition of the global game activity characteristics on the cloud game running stream record with the game vulnerability significance processing requirement to obtain the target cloud game running stream record. For example, the target suspected abnormal game activity is an abnormal game behavior operation event cloud game running stream record, and the target cloud game running stream record is a cloud game running stream record for completing a significance optimization operation of the abnormal game behavior operation event cloud game running stream record.
It can be understood that compared with the cloud game running stream record with the game vulnerability saliency processing requirement, some states of the target suspected abnormal game activities in the target cloud game running stream record are optimized, and in the application, the interest attribute tags (which are intended to express the operation intentions or behavior tendencies corresponding to the game activities) are not directly optimized (feature saliency processing) on the local cloud game running stream record with the game vulnerability saliency processing requirement, but the interest attribute tags on the cloud game running stream record with the game vulnerability saliency processing requirement are optimized (feature saliency processing) by optimizing the global game activity features mined in the local cloud game running stream record with the game vulnerability saliency processing requirement. In other words, the global game activity feature corresponds to the mapping feature of the global game activity feature on the cloud game running streaming record with the game vulnerability saliency processing requirement, so that the activity feature optimization condition of the global game activity feature can be used for expressing the activity feature optimization condition of the corresponding mapping feature, namely the activity feature optimization condition of the interest attribute label of the mapping feature, and for example, the interest attribute information of the mapping feature of the global game activity feature on the cloud game running streaming record with the game vulnerability saliency processing requirement can be mined and mapped to the activity feature optimization condition of the global game activity feature on the mapping feature of the cloud game running streaming record with the game vulnerability saliency processing requirement.
In the embodiment of the application, the first relation unit comprises a plurality of local relation units with connection relations, and the local relation units are composed of at least three global game activity characteristics. When the interest attribute information in the first relationship unit is loaded, the interest attribute information in each local relationship unit may be loaded as the interest attribute information of the global game activity feature matching the local relationship unit. The main reasons are: when global game activity features are mined from cloud game running stream records with game vulnerability saliency processing requirements, interest attribute tags under starting and stopping conditions of interest attribute regions with the same interest attribute information can be mined, so that the interest attribute information in the interest attribute tags is the same as the interest attribute tags, and the interest attribute information in a local relation unit formed by the global game activity features corresponding to the interest attribute tags is also the same as the interest attribute information of the global game activity features.
For example, a cloud game running stream record with a game vulnerability saliency processing requirement may be loaded onto a derived cloud game running stream record, for example, the cloud game running stream record with the game vulnerability saliency processing requirement may be copied to a to-be-used cloud game running stream record by means of a related operation, where the to-be-used cloud game running stream record is a mapping between interest attribute information for global game activity characteristics and interest attribute information in a first relationship unit, in other words, is used as a reference of a target cloud game running stream record; then, the cloud game running stream type record with the game vulnerability saliency processing requirement is used as a raw material cloud game running stream type record of a loader, and a distribution label of mapping characteristics of each global game activity characteristic on the cloud game running stream type record with the game vulnerability saliency processing requirement is used as a user behavior positioning distribution label of the raw material cloud game running stream type record, so that interest attribute information of the mapping characteristics of the global game activity characteristic on the cloud game running stream type record with the game vulnerability saliency processing requirement can be mined and used as interest attribute information of an activity characteristic optimization condition of the global game activity characteristic; then changing the distribution label of the activity characteristic optimization condition of the global game activity characteristic to a global description label list through a space mapping list of a global activity characteristic optimization space, then changing the distribution label of the activity characteristic optimization condition of the global game activity characteristic in the global description label list to a pooling list through a mapping list of the global description label list to the pooling list, and triggering subsequent related loading operation, namely loading the interest attribute information in a first relation unit according to the interest attribute information of the activity characteristic optimization condition of the global game activity characteristic, and loading the activity characteristic optimization condition of the global game activity characteristic and the interest attribute information in the first relation unit on a cloud game running stream type record which is to be used and has a game vulnerability significance processing requirement, therefore, the activity characteristic optimization condition of the target suspected abnormal game activity is loaded on the cloud game running stream record with the game vulnerability significance processing requirement, and the target cloud game running stream record is obtained.
In the embodiment of the application, a first relation unit is generated among activity characteristic optimization conditions of all global game activity characteristics to obtain a target space of a target suspected abnormal game activity; and finally, loading the target space with the interest attribute information to a to-be-used cloud game running stream record to obtain a final target cloud game running stream record.
For an independently implementable technical solution, the processing of the streaming record of the cloud game described above may exemplarily include the contents described in step S601 and step S602.
Step S601, creating a global derived mapping space matching the global game activity features, where a constraint description in the global derived mapping space at least covers an activity feature optimization condition of a first semantic activity feature and a second semantic activity feature derived based on the first semantic activity feature, where the first semantic activity feature is the global game activity feature corresponding to a starting and stopping condition of the target suspected abnormal game activity.
In this embodiment of the present application, a first semantic activity feature (which may be understood as an activity feature for performing feature differentiation) corresponding to the target suspected abnormal game activity starting condition in the global game activity features may be determined first.
For example, mapping characteristics (such as a projection point) of the global game activity characteristics in the cloud game running stream record with the game vulnerability saliency processing requirement are determined; secondly, determining mapping characteristics under starting and stopping conditions (which can be understood as distinguishing conditions of different target suspected abnormal game activities) of the target suspected abnormal game activities according to the mapping characteristics of the target suspected abnormal game activities and the global game activity characteristics in the cloud game running stream-type records with the game vulnerability significance processing requirements; and finally, determining the global game activity characteristic corresponding to the mapping characteristic under the starting and stopping conditions of the target suspected abnormal game activity as the first semantic activity characteristic.
For example, when determining the mapping characteristics under the starting and stopping conditions of the target suspected abnormal game activity, several game running modes can be configured under the specified game state, such as: a plurality of non-returnable game running modes are configured in advance, and then two mapping characteristics corresponding to the starting and stopping conditions are determined in the mapping characteristics of the global game activity characteristics in each game running mode.
In the embodiment of the present application, a feature having a specified quantization difference from the first semantic activity feature may be determined as the second semantic activity feature corresponding to the first semantic activity feature, among the trending activity features (which may be understood as the most frequently occurring activity features) in the global game activity features and the derivative content of the combined result of the first semantic activity features (the derivative extended result of the feature combined result).
For example, the calculation may be performed according to the distribution label information of each global game activity feature to obtain a popular activity feature of the global game activity features, in other words, the global game activity feature that is most popular. Then, a game running mode is generated based on the trending activity features and each semantic activity feature, and a specified quantitative difference (the quantitative difference (gap) is specified in advance and can be set according to the frequency of the target suspected abnormal game activity, for example, the frequency of the target suspected abnormal game activity is X times per minute) is further determined in the game running mode, so that the constraint description of the derivative content can be understood as a second semantic activity feature corresponding to the semantic activity feature.
In this embodiment of the application, a second relationship unit may be generated between the activity feature optimization condition of the first semantic activity feature and the second semantic activity feature by combining a second visual type feature relationship network created in advance, so as to obtain the global derivative mapping space.
It is understood that the second visual-type feature relationship network created in advance is intended to express a combined result relationship of different activity features in a relationship unit between the plurality of first semantic activity features and the plurality of second semantic activity features. For example, all the first semantic activity features are combined one by one to generate a first sub-mapping space of the global derivative mapping space; all the second semantic activity characteristics are combined one by one to generate a second sub-mapping space of the global derivative mapping space; and then combining the result of each first semantic activity feature and the corresponding second semantic activity feature, and combining the result of each first semantic activity feature and the next second semantic activity feature of the corresponding second semantic activity feature, thereby generating a second relation unit in the global derivative mapping space. The second visual type feature relationship network is recorded according to the sequence of the first semantic activity feature and the second semantic activity feature, so that when the first semantic activity feature is optimized, the second relationship unit can still be generated by combining the visual type feature relationship network.
Step S602, loading the global derivative mapping space on the cloud game running stream record with the game vulnerability saliency processing requirement according to the global derivative mapping space and the cloud game running stream record with the game vulnerability saliency processing requirement.
For example, vulnerability risk mapping content of mapping features of the first semantic activity feature on the cloud game running stream record with the game vulnerability saliency processing requirement may be mined first as interest attribute information of an activity feature optimization condition of the first semantic activity feature, and interest attribute information of mapping features of the second semantic activity feature on the cloud game running stream record with the game vulnerability saliency processing requirement may be mined as interest attribute information of the second semantic activity feature; loading according to the interest attribute information of the activity feature optimization condition of the first semantic activity feature and the interest attribute information of the second semantic activity feature to obtain the interest attribute information in the second relation unit; and finally, according to the activity characteristic optimization condition of the first semantic activity characteristic and the distribution label information of the mapping characteristic of the second semantic activity characteristic on the cloud game running stream record with the game vulnerability significance processing requirement, mapping the interest attribute information of the activity characteristic optimization condition of the first semantic activity characteristic, the interest attribute information of the second semantic activity characteristic and the interest attribute information in the second relation unit to the cloud game running stream record with the game vulnerability significance processing requirement. It is to be understood that the above embodiment is the same as the embodiment in step S502, and thus the step may be performed with reference to the embodiment of step S502.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. A cloud game big data analysis method based on network information security is characterized by comprising the following steps:
determining game interaction warning item expression of cloud game big data by utilizing game interaction warning item identification processing; determining first transfer description content and second transfer description content between a first game interaction warning item and a second game interaction warning item in the cloud game big data by using transfer description recognition processing; wherein the local content set of the first delivery description encompasses the second delivery description;
establishing the information security knowledge base through the game interaction warning item pointed by the game interaction warning item expression, the first constraint condition pointed by the first transfer description content and the second constraint condition pointed by the second transfer description content; wherein one or more than one of the game interaction warning items with the transfer description contents are matched with the game interaction warning item pointed by the game interaction warning item expression.
2. The method of claim 1, wherein determining a game interaction alert item representation of cloud game big data using a game interaction alert item recognition process comprises:
determining an initial game interaction warning item expression of the cloud game big data;
adjusting the initial game interaction alert item expression to an array-type game interaction alert item expression;
and determining the array type game interaction warning item expression as the game interaction warning item expression of the cloud game big data.
3. The method of claim 2, wherein the determining a first delivery description and a second delivery description between a first game interaction alert item and a second game interaction alert item in the cloud game big data using a delivery description recognition process comprises:
determining an initial delivery description of the cloud game big data;
determining a first delivery description content distribution list and a second delivery description content distribution list according to the initial delivery description content;
obtaining the first transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression and the first transfer description content distribution list of the cloud game big data;
and obtaining the second transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression and the second transfer description content distribution list of the cloud game big data.
4. The method of claim 3, wherein the method further comprises: updating the second delivery description content distribution list or updating the first delivery description content distribution list and the second delivery description content distribution list according to the first delivery description content distribution list and the second delivery description content distribution list;
on the basis of updating the second delivery description content distribution list, the obtaining the second delivery description content between the first game interaction alert item and the second game interaction alert item in the cloud game big data according to the game interaction alert item expression of the cloud game big data and the second delivery description content distribution list includes: obtaining the second transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the third transfer description distribution list obtained after the array type game interaction warning item expression and the second transfer description content distribution list are updated;
on the basis of updating the first delivery description content distribution list, the obtaining the first delivery description content between the first game interaction alert item and the second game interaction alert item in the cloud game big data according to the game interaction alert item expression of the cloud game big data and the first delivery description content distribution list includes: and obtaining the first transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression of the cloud game big data and a fourth transfer description content distribution list obtained after the first transfer description content distribution list is updated.
5. The method of claim 4, wherein the updating the second delivery description content distribution list in accordance with the first delivery description content distribution list and the second delivery description content distribution list comprises:
enabling a moving average operation, a scalar simplification operation and a ReLU algorithm loading operation one by one for the first transfer description content distribution list to determine a first distribution list, and enabling a moving average operation, a scalar simplification operation and a ReLU algorithm loading operation one by one for the second transfer description content distribution list to determine a second distribution list;
determining a first association degree distribution list at the descriptive content state level of the transfer descriptive content and a second association degree distribution list at the example level of the transfer descriptive content according to the first distribution list and the second distribution list;
loading the first distribution list and the first association degree distribution list to a first AI (artificial intelligence) model, and determining a first model processing result of the first AI model;
loading the first model processing result and the second association degree distribution list to a second AI artificial intelligence model, and determining a second model processing result of the second AI artificial intelligence model;
and after the second model processing result and the second transfer description content distribution list are fused, obtaining a third transfer description content distribution list after the second transfer description content distribution list is updated.
6. The method of claim 5, wherein after determining the first and second transfer descriptions between the first and second game interaction alert items in the cloud game big data, the method further comprises:
determining, in a target constraint record repository, the first constraint pointed to by the first delivery description and the second constraint pointed to by the second delivery description.
7. The method of claim 6, wherein the method further comprises:
determining a second constraint condition record base pointed to by a plurality of second transfer description contents;
according to the second constraint condition record library, obtaining potential features directed to the constraint conditions in the second constraint condition record library;
performing multidimensional feature analysis on the constraint conditions in the second constraint condition record base according to the quantitative difference between every two potential features, and determining a first constraint condition record base pointed to by a plurality of first transfer description contents and mapping conditions between the constraint conditions in the first constraint condition record base and the constraint conditions in the second constraint condition record base;
and determining the first constraint condition record base, the second constraint condition record base and the mapping condition as the target constraint condition record base.
8. The method of claim 7, wherein said obtaining potential features that point to constraints in said second library of constraint records based on said second library of constraint records comprises:
loading the second constraint condition record base to a constraint condition mining model to obtain potential features generated by the constraint condition mining model and directed by constraint conditions in the second constraint condition record base;
the constraint condition mining model is obtained by determining constraint conditions in an example constraint condition record library pointed to by a plurality of second transfer description contents as raw material information and tuning by using example potential characteristics pointed to by constraint conditions set in advance in the example constraint condition record library as references.
9. The method of any one of claims 1-8, wherein the cloud game big data covers cloud game big data aiming at expressing network environment security conditions of a cloud game client during game interaction, and the information security knowledge base aims at representing transfer description content between real-time game interaction warning items included in the cloud game big data.
10. A cloud game big data analysis system is characterized by comprising a processor, a network module and a memory; the processor and the memory communicate through the network module, the processor reading a computer program from the memory and operating to perform the method of any of claims 1-9.
CN202210035293.1A 2022-01-13 2022-01-13 Cloud game big data analysis method and system based on network information security Active CN114422225B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210035293.1A CN114422225B (en) 2022-01-13 2022-01-13 Cloud game big data analysis method and system based on network information security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210035293.1A CN114422225B (en) 2022-01-13 2022-01-13 Cloud game big data analysis method and system based on network information security

Publications (2)

Publication Number Publication Date
CN114422225A true CN114422225A (en) 2022-04-29
CN114422225B CN114422225B (en) 2023-07-07

Family

ID=81273618

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210035293.1A Active CN114422225B (en) 2022-01-13 2022-01-13 Cloud game big data analysis method and system based on network information security

Country Status (1)

Country Link
CN (1) CN114422225B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114707768A (en) * 2022-05-25 2022-07-05 哈尔滨华宇特科技开发有限公司 Big data security wind control-based information processing method and server

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170286279A1 (en) * 2016-04-01 2017-10-05 Sony Interactive Entertainment America Llc Game Stream Fuzz Testing and Automation
CN108854075A (en) * 2018-05-30 2018-11-23 腾讯科技(深圳)有限公司 Game role anomaly detection method and device
CN110909630A (en) * 2019-11-06 2020-03-24 腾讯科技(深圳)有限公司 Abnormal game video detection method and device
CN112036762A (en) * 2020-09-07 2020-12-04 贝壳技术有限公司 Behavior event recognition method and apparatus, electronic device and storage medium
CN112221155A (en) * 2020-10-10 2021-01-15 陈夏焱 Game data identification method based on artificial intelligence and big data and game cloud center
CN113051556A (en) * 2020-09-07 2021-06-29 沈建锋 Service information detection method and system based on big data and cloud computing
CN113297884A (en) * 2020-07-29 2021-08-24 阿里巴巴集团控股有限公司 Abnormal behavior determination method and device and electronic equipment
CN113347042A (en) * 2021-06-25 2021-09-03 东莞市慧学慧玩教育科技有限公司 Data security protection method and server based on digitization and artificial intelligence
CN113750538A (en) * 2020-06-02 2021-12-07 盛趣信息技术(上海)有限公司 Big data-based hand-game security platform construction method and system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170286279A1 (en) * 2016-04-01 2017-10-05 Sony Interactive Entertainment America Llc Game Stream Fuzz Testing and Automation
CN108854075A (en) * 2018-05-30 2018-11-23 腾讯科技(深圳)有限公司 Game role anomaly detection method and device
CN110909630A (en) * 2019-11-06 2020-03-24 腾讯科技(深圳)有限公司 Abnormal game video detection method and device
CN113750538A (en) * 2020-06-02 2021-12-07 盛趣信息技术(上海)有限公司 Big data-based hand-game security platform construction method and system
CN113297884A (en) * 2020-07-29 2021-08-24 阿里巴巴集团控股有限公司 Abnormal behavior determination method and device and electronic equipment
CN112036762A (en) * 2020-09-07 2020-12-04 贝壳技术有限公司 Behavior event recognition method and apparatus, electronic device and storage medium
CN113051556A (en) * 2020-09-07 2021-06-29 沈建锋 Service information detection method and system based on big data and cloud computing
CN112221155A (en) * 2020-10-10 2021-01-15 陈夏焱 Game data identification method based on artificial intelligence and big data and game cloud center
CN113347042A (en) * 2021-06-25 2021-09-03 东莞市慧学慧玩教育科技有限公司 Data security protection method and server based on digitization and artificial intelligence

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114707768A (en) * 2022-05-25 2022-07-05 哈尔滨华宇特科技开发有限公司 Big data security wind control-based information processing method and server
CN114707768B (en) * 2022-05-25 2022-10-28 深圳飞之度科技有限公司 Big data security wind control-based information processing method and server

Also Published As

Publication number Publication date
CN114422225B (en) 2023-07-07

Similar Documents

Publication Publication Date Title
US10909241B2 (en) Event anomaly analysis and prediction
CN101751535B (en) Data loss protection through application data access classification
US20080148398A1 (en) System and Method for Definition and Automated Analysis of Computer Security Threat Models
Ren et al. Cskg4apt: A cybersecurity knowledge graph for advanced persistent threat organization attribution
Singh et al. Dynamic behavior analysis of android applications for malware detection
US11159564B2 (en) Detecting zero-day attacks with unknown signatures via mining correlation in behavioral change of entities over time
CN114139210B (en) Big data security threat processing method and system based on intelligent service
Gutiérrez‐Madroñal et al. Evolutionary mutation testing for IoT with recorded and generated events
CN114500099A (en) Big data attack processing method and server for cloud service
CN114422225B (en) Cloud game big data analysis method and system based on network information security
Chen et al. Building machine learning-based threat hunting system from scratch
Ganz et al. Detecting backdoors in collaboration graphs of software repositories
CN117478403A (en) Whole scene network security threat association analysis method and system
Puri et al. Analyzing and predicting security event anomalies: Lessons learned from a large enterprise big data streaming analytics deployment
CN115587357A (en) Threat scene analysis method and system based on big data
CN115840939A (en) Security vulnerability processing method and device, computer equipment and storage medium
CN113536381A (en) Big data analysis processing method and system based on terminal
CN114404999B (en) Big data wind control processing method and storage medium applied to cloud game protection
CN114219427B (en) Information security processing method and storage medium for handling big data office work
KR102656541B1 (en) Device, method and program that analyzes large log data using a distributed method for each log type
Sokolov Applied Machine Learning for Cybersecurity in Spam Filtering and Malware Detection
CN113660217B (en) Equipment safety management and control method and device, computer equipment and storage medium
CN111385247B (en) User behavior classification method and device, storage medium and server
CN117951742A (en) Data processing method, apparatus, device, medium, and program product
CN114157508A (en) Network attack processing method and system based on block chain payment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20220805

Address after: 236700 household 25, xinzhangying, donglaozhai village, Chengguan Town, Lixin County, Bozhou City, Anhui Province

Applicant after: Liu Fang

Address before: 155100 gate 108, building 19, Xinhua Mingyuan community, Baoqing Town, Baoqing County, Shuangyashan City, Heilongjiang Province

Applicant before: Baoqing tengkang Network Technology Co.,Ltd.

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20230608

Address after: 518000, 6th Floor, Hangsheng Technology Building, No. 8 Gaoxin South 6th Road, Gaoxin Community, Yuehai Street, Nanshan District, Shenzhen, Guangdong Province

Applicant after: Shenzhen Love Tomato Technology Co.,Ltd.

Address before: 236700 household 25, xinzhangying, donglaozhai village, Chengguan Town, Lixin County, Bozhou City, Anhui Province

Applicant before: Liu Fang

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant