CN114422225B - Cloud game big data analysis method and system based on network information security - Google Patents

Cloud game big data analysis method and system based on network information security Download PDF

Info

Publication number
CN114422225B
CN114422225B CN202210035293.1A CN202210035293A CN114422225B CN 114422225 B CN114422225 B CN 114422225B CN 202210035293 A CN202210035293 A CN 202210035293A CN 114422225 B CN114422225 B CN 114422225B
Authority
CN
China
Prior art keywords
game
distribution list
big data
cloud
transmission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210035293.1A
Other languages
Chinese (zh)
Other versions
CN114422225A (en
Inventor
刘芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Love Tomato Technology Co ltd
Original Assignee
Shenzhen Love Tomato Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Love Tomato Technology Co ltd filed Critical Shenzhen Love Tomato Technology Co ltd
Priority to CN202210035293.1A priority Critical patent/CN114422225B/en
Publication of CN114422225A publication Critical patent/CN114422225A/en
Application granted granted Critical
Publication of CN114422225B publication Critical patent/CN114422225B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F13/00Video games, i.e. games using an electronically generated display having two or more dimensions
    • A63F13/30Interconnection arrangements between game servers and game devices; Interconnection arrangements between game devices; Interconnection arrangements between game servers
    • A63F13/33Interconnection arrangements between game servers and game devices; Interconnection arrangements between game devices; Interconnection arrangements between game servers using wide area network [WAN] connections
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F13/00Video games, i.e. games using an electronically generated display having two or more dimensions
    • A63F13/70Game security or game management aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The application relates to the technical field of cloud games, in particular to a cloud game big data analysis method and system based on network information security, which can more deeply and abundantly mine and identify network security risk information in the cloud game big data, thereby guaranteeing the integrity and richness of an established information security knowledge base. In addition, the information security knowledge base is a graphical knowledge map, so that the information security knowledge base has high usability and can be suitable for network information security analysis under different game scenes, and the knowledge base can be derived by taking one information security knowledge base as a reference so as to improve the pre-judgment of unknown network security risks.

Description

Cloud game big data analysis method and system based on network information security
Technical Field
The embodiment of the application relates to the technical field of cloud games, in particular to a cloud game big data analysis method and system based on network information security.
Background
Network information security refers to protecting software, hardware and information resources in a network system from accidental or malicious damage, tampering and leakage, and ensuring normal operation of the network system and uninterrupted network service. From the perspective of users, the network information security is mainly to ensure confidentiality, integrity and non-repudiation of personal data or enterprise information in the network, prevent information leakage and destruction, and prevent unauthorized access of information resources. The network manager understands that the main task of network information security is to ensure that legal users use network resources normally, avoid security threats such as viruses, refused services, remote control, unauthorized access and the like, discover security holes in time, and prevent attack behaviors and the like.
With the continuous optimization of the network, the application fields are also increasing, for example: network pay, online education, network games (cloud games), etc. A cloud game will be described as an example. The cloud game is a cloud computing product, and is different in that the cloud game is the easiest and rapid landing practical application under the cloud product, and most of the cloud game is established at a PC end, so that rapid picture transmission can be realized by utilizing a wired optical fiber. With the continuous development of cloud games, the network security problem in the cloud game process cannot be ignored. The inventor has long studied and found that in order to realize the network security problem treatment of the cloud game with high quality, a complete and rich analysis basis is necessary, but the related technology is difficult to meet the requirement.
Disclosure of Invention
In view of this, the embodiment of the application provides a cloud game big data analysis method and a system based on network information security.
The embodiment of the application provides a cloud game big data analysis method based on network information security, which comprises the following steps:
determining game interaction warning item expression of cloud game big data by utilizing game interaction warning item identification processing; determining first transfer descriptive contents and second transfer descriptive contents between first game interaction warning matters and second game interaction warning matters in the cloud game big data by using transfer descriptive identification processing; wherein the local content set of the first delivery description encompasses the second delivery description;
Establishing the information security knowledge base through the game interaction warning items pointed by the game interaction warning item expression, the first constraint condition pointed by the first transmission descriptive content and the second constraint condition pointed by the second transmission descriptive content; wherein one or more of the game interaction alert items having delivery description content matches the game interaction alert item to which the game interaction alert item expression is directed.
For an independently designable technical solution, the game interaction warning item identification process for determining the game interaction warning item expression of the cloud game big data includes:
determining an initial game interaction warning item expression of the cloud game big data;
adjusting the initial game interaction warning item expression into an array game interaction warning item expression;
and determining the array-type game interaction warning item expression as the game interaction warning item expression of the cloud game big data.
For an independently designable solution, the determining, by using a delivery description identification process, a first delivery description and a second delivery description between a first game interaction alert and a second game interaction alert in the cloud gaming big data includes:
Determining initial delivery descriptive content of the cloud gaming big data;
determining a first delivery description content distribution list and a second delivery description content distribution list according to the initial delivery description content;
obtaining the first transmission descriptive content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression and the first transmission descriptive content distribution list of the cloud game big data;
and obtaining the second transmission descriptive contents between the first game interaction warning matters and the second game interaction warning matters in the cloud game big data according to the game interaction warning matters expression of the cloud game big data and the second transmission descriptive content distribution list.
For an independently programmable solution, the method further comprises: updating the second delivery description content distribution list or updating the first delivery description content distribution list and the second delivery description content distribution list according to the first delivery description content distribution list and the second delivery description content distribution list;
Based on updating the second transmission description content distribution list, the obtaining the second transmission description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression of the cloud game big data and the second transmission description content distribution list comprises the following steps: obtaining the second transmission descriptive content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the array game interaction warning item expression and a third transmission descriptive content distribution list obtained after the second transmission descriptive content distribution list is updated;
based on updating the first delivery description content distribution list, the obtaining the first delivery description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression of the cloud game big data and the first delivery description content distribution list includes: and obtaining the first transmission descriptive contents between the first game interaction warning matters and the second game interaction warning matters in the cloud game big data according to the game interaction warning matters expression of the cloud game big data and a fourth transmission descriptive content distribution list obtained after the first transmission descriptive content distribution list is updated.
For an independently designable solution, the updating the second delivery description distribution list according to the first delivery description distribution list and the second delivery description distribution list includes:
starting a moving average operation, a scalar simplification operation and a ReLU algorithm loading operation for the first transmission description content distribution list one by one, determining a first distribution list, and starting a moving average operation, a scalar simplification operation and a ReLU algorithm loading operation for the second transmission description content distribution list one by one, determining a second distribution list;
determining a first association degree distribution list at a description content state level of transmitting the description content and determining a second association degree distribution list at an example level of transmitting the description content according to the first distribution list and the second distribution list;
loading the first distribution list and the first association degree distribution list into a first AI artificial intelligence model, and determining a first model processing result of the first AI artificial intelligence model;
loading the first model processing result and the second association degree distribution list to a second AI artificial intelligent model, and determining a second model processing result of the second AI artificial intelligent model;
And after the second model processing result and the second transmission descriptive content distribution list are fused, obtaining a third transmission descriptive content distribution list updated by the second transmission descriptive content distribution list.
For an independently designable solution, after determining the first delivery description and the second delivery description between the first game interaction alert and the second game interaction alert in the cloud gaming big data, the method further includes:
in a target constraint record library, the first constraint pointed to by the first delivery description and the second constraint pointed to by the second delivery description are determined.
For an independently programmable solution, the method further comprises:
determining a second constraint condition record library pointed by a plurality of second delivery descriptions;
obtaining potential characteristics pointed to by constraint conditions in the second constraint condition record library according to the second constraint condition record library;
according to the quantitative difference between every two potential features, multidimensional feature analysis is carried out on constraint conditions in the second constraint condition record library, and a first constraint condition record library pointed by a plurality of first transmission descriptive contents and mapping conditions between the constraint conditions in the first constraint condition record library and the constraint conditions in the second constraint condition record library are determined;
And determining the first constraint condition record library, the second constraint condition record library and the mapping condition as the target constraint condition record library.
For an independently designable solution, the obtaining, according to the second constraint record repository, potential features pointed to by constraints in the second constraint record repository includes:
loading the second constraint condition record library into a constraint condition mining model to obtain potential characteristics which are generated by the constraint condition mining model and pointed to by the constraint conditions in the second constraint condition record library;
the constraint condition mining model is obtained by determining constraint conditions in an example constraint condition record base pointed by a plurality of second transmission descriptive contents as raw material information and optimizing by taking example potential characteristics pointed by preset constraint conditions in the example constraint condition record base as references.
For an independently designable technical scheme, the cloud game big data comprise cloud game big data which aim to express the network environment security condition of a cloud game client in the game interaction process, and the information security knowledge base aims to characterize the transmission description content among real-time game interaction warning matters included in the cloud game big data.
The embodiment of the application also provides a cloud game big data analysis system, which comprises a processor, a network module and a memory; the processor and the memory communicate through the network module, and the processor reads the computer program from the memory and executes it to perform the method described above.
Compared with the prior art, the cloud game big data analysis method and the cloud game big data analysis system based on network information security have the following technical effects: the cloud game big data can be subjected to game interaction warning item identification processing, game interaction warning item expression of the cloud game big data is determined, the cloud game big data is subjected to transfer description identification processing, and first transfer description content and second transfer description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data are determined. Wherein the local content set of the first delivery description comprises the second delivery description. Further, the information security knowledge base is established based on game interaction warning items pointed by game interaction warning item expression, first constraint conditions pointed by the first transmission descriptive contents and second constraint conditions pointed by the second transmission descriptive contents; wherein one or more of the game interaction alert items having delivery description content matches the game interaction alert item to which the game interaction alert item expression is directed.
In the embodiment of the application, the established information security knowledge base can describe the first transmission description content and the second transmission description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data in parallel, wherein the local content set of the first transmission description content covers the second transmission description content, so that the information security knowledge base comprises network security risk information of more angles of the cloud game big data, namely, the transmission description content obtained through determination of a plurality of different dimensions, and therefore, the network security risk information in the cloud game big data can be more deeply and abundantly mined and identified, and the integrity and the richness of the established information security knowledge base are further ensured. In addition, the information security knowledge base is a graphical knowledge map, so that the information security knowledge base has high usability and can be suitable for network information security analysis under different game scenes, and the knowledge base can be derived by taking one information security knowledge base as a reference so as to improve the pre-judgment of unknown network security risks.
Drawings
Fig. 1 is a flowchart of a cloud game big data analysis method based on network information security according to an embodiment of the present application.
Detailed Description
The cloud gaming big data analysis system 10 in the embodiment of the present application may be a server with data storage, transmission and processing functions, where the cloud gaming big data analysis system 10 includes: memory 11, processor 12, network module 13 and cloud game big data analysis device 20 based on network information security.
The embodiment of the application also provides a computer storage medium, wherein the computer storage medium stores a computer program, and the computer program realizes the method when running.
Fig. 1 shows a flowchart of a cloud game big data analysis method based on network information security according to an embodiment of the present application. The method steps defined by the flow related to the method, which are applied to the cloud game big data analysis system 10 and can be implemented by the processor 12, include the following steps 201-203.
step201, using the game interactive alert item recognition process, determines the game interactive alert item expression of the cloud game big data.
In this embodiment of the present application, the game interaction alert item identification process may be understood as a game interaction alert item expression for acquiring each game interaction alert item covered in the cloud game big data, the game interaction alert item may be understood as an abnormal game item covered in the cloud game big data, where the abnormal game item may be a player abnormal behavior item, an abnormal game function item, or any other abnormal game item, and the game interaction alert item expression (item feature, for example, may be recorded in the form of a feature vector or a feature map) may be understood as a heat, a scene state, a corresponding kind, or the like of the game interaction alert item in the cloud game big data.
step202, using a delivery description identification process, determines a first delivery description and a second delivery description between a first game interactive alert item and a second game interactive alert item in the cloud gaming big data.
In the embodiment of the application, the delivery description identification process (which can be understood as relationship detection) aims at determining the delivery description content of different layers between two game interaction warning matters in cloud game big data. The two game interaction warning matters can be understood as a first game interaction warning matter and a second game interaction warning matter in cloud game big data, and the delivery description contents of different layers can comprise a first delivery description content and a second delivery description content. Wherein the local content set of the first delivery description comprises the second delivery description, further the delivery description may be understood as a relational feature. In other words, the first delivery description corresponds to an upstream content of the second delivery description, for recording a relatively wide range of delivery descriptions between the first game interaction alert item and the second game interaction alert item, and the second delivery description matches a local content set (which may be understood as a subclass) of the first delivery description, for recording a delivery description with a higher level of detail between the first game interaction alert item and the second game interaction alert item.
step203, establishing the information security knowledge base through the game interaction warning item pointed by the game interaction warning item expression, the first constraint condition pointed by the first transmission descriptive content and the second constraint condition pointed by the second transmission descriptive content.
In embodiments of the present application, one or more of the game interactive alert items having delivery descriptions matches the game interactive alert item to which the game interactive alert item expression points. For example, the game interaction warning item information_1 and the game interaction warning item information_2 have a first transmission description content and a second transmission description content, and when the game interaction warning item identification process is performed on cloud game big data, the game interaction warning item pointed to by the determined game interaction warning item expression comprises the game interaction warning item information_1 and/or the game interaction warning item information_2. The first constraint is a constraint intended to characterize the first delivery description and the second constraint is a constraint intended to characterize the second delivery description.
It will be appreciated that the last established information security repository (e.g., a knowledge graph or graph dataset for information security feature records) may reflect not only the first delivery description between the first game interactive alert item and the second game interactive alert item, but also the second delivery description after a higher level of detail between the first game interactive alert item and the second game interactive alert item.
The content recorded by the steps 201-203 is implemented, the established information security knowledge base can describe the first transmission description content and the second transmission description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data in parallel, wherein the local content set of the first transmission description content covers the second transmission description content, so that the information security knowledge base comprises network security risk information of more angles of the cloud game big data, namely, the transmission description content obtained based on different layers, and network security risk information in the cloud game big data can be more deeply and abundantly mined and identified, and the integrity and the richness of the established information security knowledge base are further ensured. In addition, the information security knowledge base is a graphical knowledge map, so that the information security knowledge base has high usability and can be suitable for network information security analysis under different game scenes, and the knowledge base can be derived by taking one information security knowledge base as a reference so as to improve the pre-judgment of unknown network security risks.
For an independently implementable solution, the game interaction alert item identification process recorded by step201 determines the game interaction alert item expression of the cloud game big data, and may include, for example, what is recorded by step2011-step 2013.
step2011, determining the initial game interaction warning item expression of the cloud game big data.
In the embodiment of the application, the restriction mark of the game interaction warning item pointed by each game interaction warning item covered in the cloud game big data can be determined according to the description content of the cloud game big data. The restriction mark of the game interaction warning item can include key description items of the game interaction warning item, such as: the game interactive alert item is a player's abnormal behavior item, the restriction flag of the game interactive alert item may include a player behavior flag, and the game interactive alert item is other abnormal game item, the restriction flag of the game interactive alert item may include global or local information of the abnormal game item. And then mining out initial game interaction warning item expressions in the cloud game big data based on the restriction marks of the game interaction warning items according to a related item expression mining algorithm.
It is to be appreciated that the cloud gaming big data description can include a subject information description, an interaction detail description, a scene status description, and the like. The theme information description is an overall description content, records the main expression content of the game interaction warning matters pointed by the cloud game big data, the interaction detail description is also an overall description content, records the multi-terminal interaction condition of the game interaction warning matters corresponding to the cloud game big data, the scene state description can be expressed in two expression modes, the first is the feature diagram description, the second is the feature array description, the feature diagram description of the cloud game big data mainly aims at the range-type content of the game interaction warning matters, and the feature array description of the cloud game big data transmits the scene state described to the cloud game big data content set. In the embodiment of the application, the cloud game big data description content of the cloud game big data can be mined by utilizing a big data mining thread (such as a neural network model) which completes tuning in advance.
Further, according to the description content of the cloud game big data, the LSTM which completes tuning in advance is utilized to extract the limiting mark of the game interaction warning items pointed by the game interaction warning items covered in the cloud game big data. Wherein, the game interaction warning items in the cloud game big data point to the restriction marks of the game interaction warning items.
It will be appreciated that after determining the restrictive flag for the game interactive alert event, the initial game interactive alert event expression may be determined by means of a related event expression mining algorithm. The related-event expression mining algorithm may be a downsampling algorithm. The initial game interaction alert item representations may include some initial item representations of game interaction alert items.
step2012, the initial game interactive alert item expression is adjusted to be an array-type game interactive alert item expression.
In the embodiment of the application, the game interaction warning item expression in the cloud game big data can be adjusted to be array game interaction warning item expression by using a constraint adjustment algorithm.
step2013, determining the array-type game interaction warning item expression as the game interaction warning item expression of the cloud game big data.
In the embodiment of the application, the obtained array-type game interaction warning item expression (such as a feature vector) is adjusted to be determined as the game interaction warning item expression of the cloud game big data.
By the design, the initial game interaction warning item expression of the cloud game big data can be determined first, and then the initial game interaction warning item expression is adjusted to be array-type game interaction warning item expression, so that the game interaction warning item expression of the cloud game big data can be obtained timely.
For an independently implementable solution, the delivery description identification process recorded by step202 determines a first delivery description and a second delivery description between a first game interactive alert and a second game interactive alert in the cloud gaming big data, which may illustratively include those recorded by step2021-step 2023.
step2021 determines the initial delivery description of the cloud gaming big data.
In the embodiment of the application, the description content of the cloud game big data can be determined first, and the restrictive sign of the game interaction warning item pointed by each game interaction warning item covered in the cloud game big data is determined based on the description content of the cloud game big data. The restrictive flag of the transfer description between the first game interaction alert item and the second game interaction alert item is obtained using a combination of restrictive flags of the game interaction alert items. Wherein the restrictive flag of the transfer description may be intended to characterize a state transfer description between the first game interaction alert item and the second game interaction alert item. And determining initial delivery description contents of the cloud game big data based on the restriction marks of the delivery description by means of a related item expression mining algorithm.
It can be appreciated that the method for determining the restriction flag of the mining and game interaction warning item of the cloud gaming big data description content is the same as the method for determining the restriction flag of the mining and game interaction warning item of the cloud gaming big data description content described in step2011, and the embodiments of the present application will not be described in detail here.
Further, after determining the restrictive flags of the game interactive alert items, the restrictive flags of the game interactive alert items need to be combined, and the restrictive flags of the transfer description may be intended to characterize whether the restrictive flags of the game interactive alert items intersect, the relative relationship between the restrictive flags of the game interactive alert items, whether the restrictive flags of the game interactive alert items include the same portion that matches the same game interactive alert item, and so on.
For example, the restriction marks of the game interaction warning items of the first game interaction warning item and the second game interaction warning item can be obtained by utilizing the combination of the restriction marks of the game interaction warning items, wherein the restriction marks of the game interaction warning items of the two game interaction warning items of the player account and the game chat function are not crossed, and the restriction marks of the game interaction warning items of the player account are indirectly matched with the restriction marks of the game interaction warning items of the game chat function.
Further, after determining the restriction flag of the transfer description, initial transfer description contents of the cloud game big data may be determined based on the restriction flag of the transfer description by means of the related item expression mining algorithm. Wherein the initial delivery description may be intended to characterize possible delivery descriptions between the first game interactive alert item and the second game interactive alert item, so that a deeper alert item relationship may be mined.
step2022 determines a first delivery description distribution list and a second delivery description distribution list based on the initial delivery description.
In the embodiment of the present application, the first delivery description content distribution list is intended to represent the first delivery description content between the first game interaction warning item and the second game interaction warning item, i.e. the first delivery description content distribution list is a content distribution list (for example, may be a feature matrix) intended to represent a clear delivery description between the game interaction warning items. The second delivery profile is intended to characterize the second delivery profile between the first game interaction alert and the second game interaction alert, i.e. the second delivery profile is a profile intended to characterize the detailed content delivery profile between the game interaction alerts.
In the embodiment of the present application, the feature extraction unit a may perform a moving average operation on the initial delivery description, determine the first delivery description distribution list, and the feature extraction unit B may perform a moving average operation (convolution processing) on the initial delivery description, determine the second delivery description distribution list. Wherein the number of feature extraction layers included in the feature extraction unit a is not greater than the number of feature extraction layers included in the feature extraction unit B.
step2023, according to the game interaction warning item expression of the cloud game big data and the first transmission description content distribution list, obtaining the first transmission description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data.
In the embodiment of the application, the game interaction warning item expression can be understood as an array-type game interaction warning item expression, and the information transmission unit is utilized to transfer between the array-type game interaction warning item expression and the first delivery description content distribution list. Further, the information transmission unit may transfer the array-type game interaction warning item expression and the first transfer description content distribution list to the information analysis unit, and test the first transfer description content between the first game interaction warning item and the second game interaction warning item by using the information analysis unit.
Further, the information analysis unit may test the transfer description according to one of the array-type game interaction warning item expressions and the first transfer description distribution list, for example, the information analysis unit may complete tuning by means of a big data mining thread that completes tuning in advance, and the big data mining thread may perform tuning by using the big data of the example cloud game carrying the identification of the first transfer description, and determine whether tuning of the big data mining thread is completed based on a preset condition. In the embodiment of the application, the array game interaction warning item expression and the first transmission descriptive content distribution list can be directly loaded to the big data mining thread for completing tuning, and the big data mining thread tests the first transmission descriptive content between the first game interaction warning item and the second game interaction warning item.
step2024, according to the game interaction warning item expression of the cloud game big data and the second transmission description content distribution list, obtaining the second transmission description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data.
In this embodiment of the present application, the content delivery may also be performed in the array game interactive alert item expression and the second delivery description content distribution list by using another information transmission unit, and then the second delivery description content between the first game interactive alert item and the second game interactive alert item may be tested by using another information analysis unit. The implementation is the same as the way to test the first delivery description, and embodiments of the present application will not be described here too much.
Therefore, the restriction marks of the game interaction warning matters can be determined according to the description content of the cloud game big data of the mined cloud game big data, the restriction marks of the transfer descriptions among the game interaction warning matters are determined by utilizing the combination of the restriction marks of the game interaction warning matters, and the first transfer description content and the second transfer description content of the first game interaction warning matters and the second game interaction warning matters in the cloud game big data are determined according to the restriction marks of the transfer descriptions.
For an independently implementable solution, the method may also illustratively include what step204 records.
step204, updating the second delivery description content distribution list or updating the first delivery description content distribution list and the second delivery description content distribution list according to the first delivery description content distribution list and the second delivery description content distribution list.
In the embodiment of the application, the integrity and the richness of the established information security knowledge base can be ensured. In addition, the information security knowledge base is a graphical knowledge map, so that the information security knowledge base is easy to use, and can be suitable for network information security analysis under different game scenes, the knowledge base can be derived by taking one information security knowledge base as a reference, the pre-judgment on the unknown network security risk is improved, the first transmission descriptive content and the second transmission descriptive content between the first game interaction warning item and the second game interaction warning item in the cloud game big data can be accurately described, and the second transmission descriptive content distribution list can be updated by utilizing the list updating unit according to the first transmission descriptive content distribution list and the second transmission descriptive content distribution list. Alternatively, the list updating unit may update the first delivery description content distribution list and the second delivery description content distribution list simultaneously in accordance with the first delivery description content distribution list and the second delivery description content distribution list.
It will be appreciated that step2024 may illustratively further comprise, based on updating the second delivery description content distribution list: and obtaining the second transmission descriptive contents between the first game interaction warning matters and the second game interaction warning matters in the cloud game big data according to the array-type game interaction warning matters expression and a third transmission descriptive distribution list obtained after the second transmission descriptive content distribution list is updated.
In this embodiment of the present application, after updating the second delivery description distribution list, a third delivery description distribution list is obtained, and at this time, the second delivery description between the first game interaction warning item and the second game interaction warning item in the cloud game big data may be determined according to the array game interaction warning item expression and the third delivery description distribution list.
It will be appreciated that, based on updating the first delivery description content distribution list, step2023 may illustratively further comprise: and obtaining the first transmission descriptive contents between the first game interaction warning matters and the second game interaction warning matters in the cloud game big data according to the game interaction warning matters expression of the cloud game big data and a fourth transmission descriptive content distribution list obtained after the first transmission descriptive content distribution list is updated.
In this embodiment of the present application, after updating the first delivery description distribution list, a fourth delivery description distribution list is obtained, and at this time, the first delivery description between the first game interaction warning item and the second game interaction warning item in the cloud game big data may be determined according to the array game interaction warning item expression and the fourth delivery description distribution list.
By the design, the second transmission descriptive content distribution list can be further updated, or the first transmission descriptive content distribution list and the second transmission descriptive content distribution list can be further updated, so that the finally obtained information security knowledge base can be more complete and rich.
For an independently implementable solution, the step204 updates the second delivery description distribution list according to the first delivery description distribution list and the second delivery description distribution list, which may include, for example, the following steps 2041-2045.
step2041, starting a moving average operation, a scalar reduction operation and a ReLU algorithm loading operation one by one for the first delivery description distribution list, determining a first distribution list, and starting a moving average operation, a scalar reduction operation and a ReLU algorithm loading operation one by one for the second delivery description distribution list, determining a second distribution list.
In the embodiment of the present application, the structure of the list updating unit may refer to the following description, where the feature extraction unit includes a moving average operation (convolution operation), a scalar simplification operation (normalization operation), a ReLU algorithm loading operation (ReLU activation function operation), and the like.
step2042, based on the first distribution list and the second distribution list, determines a first association level distribution list at a description status level of delivering the description, and determines a second association level distribution list at an example level of delivering the description.
In the embodiment of the application, the first distribution List list_a and the second distribution List list_b are weighted and then subjected to a moving average operation, so that a first association degree distribution List list_c for transmitting descriptive contents at the descriptive content state level can be obtained. The second distribution List list_b is weighted with the first distribution List list_a after the moving average operation, and the feature reduction is performed, so as to obtain a second association degree distribution List list_s of the delivery description content at the example level (which can be understood as a sample dimension).
step2043, loading the first distribution list and the first association degree distribution list into a first AI artificial intelligence model, and determining a first model processing result of the first AI artificial intelligence model.
In the embodiment of the application, a first distribution List list_a and a first association degree distribution List list_c are loaded to a first AI artificial intelligent model, the product of the first distribution List list_a and the first association degree distribution List list_c is calculated by the first AI artificial intelligent model and then fused with the first distribution List list_a, and a first model processing result result_m of the first AI artificial intelligent model is obtained after a sliding average operation.
step2044, loading the first model processing result and the second association degree distribution list into a second AI artificial intelligence model, and determining a second model processing result of the second AI artificial intelligence model.
In the embodiment of the application, the first model processing result result_M and the second association degree distribution List List_S are loaded to the second AI artificial intelligence model, and the second AI artificial intelligent model calculates the weighting of the first model processing result result_M and the second association degree distribution List List_S, then fuses the weighted result with the first model processing result result_M, and obtains a second model processing result result_M0 of the second AI artificial intelligent model after the moving average operation.
step2045, after fusing the second model processing result and the second delivery description content distribution list, obtains a third delivery description content distribution list updated by the second delivery description content distribution list.
In the embodiment of the present application, after fusing the second model processing result result_m0 with the second delivery description content distribution List list_b, an updated third delivery description content distribution List list_bout may be obtained.
In the embodiment of the present application, a process of updating the first delivery description content distribution list according to the first delivery description content distribution list and the second delivery description content distribution list is the same as a process of updating the second delivery description content distribution list, and the embodiment of the present application will not be described in detail here.
Therefore, the first transmission descriptive content distribution list and the second transmission descriptive content distribution list can be utilized to respectively determine the directed association degree distribution list (which can be understood as a correlation matrix) at the descriptive content state level and the example level of the transmission descriptive content, and then the second transmission descriptive content distribution list is updated by utilizing the two AI artificial intelligence models which are sequentially connected, so that an information security knowledge base can be quickly and efficiently established, and the integrity of the information security knowledge base can be ensured.
For an independently implementable solution, the method may also illustratively include the contents recorded by step205 after step202 is performed.
step205, in a target constraint record repository, determines the first constraint pointed to by the first delivery description and the second constraint pointed to by the second delivery description.
In the embodiment of the application, the target constraint condition record library determined in advance includes constraints pointed by various second delivery descriptions, constraints pointed by various first delivery descriptions, and mapping situations between the first delivery descriptions and the second delivery descriptions.
It will be appreciated that after determining the first and second mapping situations between the first and second game interaction warnings in the cloud gaming big data, a first constraint condition pointed to by the first mapping situation of the cloud gaming big data and a second constraint condition pointed to by the second mapping situation of the cloud gaming big data may be determined from the target constraint condition record library, so as to establish the information security knowledge base subsequently.
For an independently implementable solution, the method may also illustratively include the steps 206-210 recording.
step206, determining a second constraint record repository pointed to by a number of second delivery descriptions.
In this embodiment of the present application, the second constraint condition record library may be a preset hot constraint condition record library for establishing an information security knowledge base, where constraint conditions pointed to by a plurality of second delivery description contents are included.
step207 obtains potential features pointed to by constraints in the second constraint record base according to the second constraint record base.
In the embodiment of the application, the second constraint condition record library can be loaded to a constraint condition mining model which completes tuning in advance, and potential characteristics (implicit vectors) which are generated by the constraint condition mining model and pointed to by the constraint conditions in the second constraint condition record library are obtained. The constraint condition mining model can be determined as raw material information (can be understood as an input value) by means of the example constraint condition set pointed by various second transmission descriptive contents, and the constraint condition mining model with optimized loss is finally obtained according to the example potential characteristic identification pointed by the constraint conditions in the example constraint condition set by optimizing model variables of the constraint condition mining model, so that loss tends to be in.
step208, performing multidimensional feature analysis (clustering) on the constraint conditions in the second constraint condition record base according to the quantitative difference between every two potential features, and determining a first constraint condition record base pointed by a plurality of first transmission description contents and mapping conditions between the constraint conditions in the second constraint condition record base and the constraint conditions in the first constraint condition record base.
In the embodiment of the application, the multidimensional feature analysis can be performed on the constraint conditions in the second constraint condition record library by means of the multidimensional feature analysis thread, wherein the multidimensional feature analysis thread can be Kmeans algorithm, and the first constraint condition record library can be determined by utilizing the multidimensional feature analysis thread according to the quantitative difference between every two potential features. The first constraint condition record library comprises constraint conditions pointed by a plurality of first transmission descriptive contents. And meanwhile, the mapping situation between the constraint conditions in the first constraint condition record library and the constraint conditions in the second constraint condition record library can be determined.
step209, determining the first constraint condition record library, the second constraint condition record library and the mapping situation as the target constraint condition record library.
In the embodiment of the application, the target constraint condition record library comprises a constraint condition in a first constraint condition record library pointed by a plurality of first transmission descriptive contents, a constraint condition in a second constraint condition record library pointed by a plurality of second transmission descriptive contents, and a mapping condition between the constraint condition in the first constraint condition record library and the constraint condition in the second constraint condition record library.
In this way, the target constraint condition record library including the first constraint condition record library pointed to by the plurality of first delivery description contents, the second constraint condition record library and the mapping condition between the constraint condition in the first constraint condition record library and the constraint condition in the second constraint condition record library can be effectively determined according to the second constraint condition record library pointed to by the plurality of second delivery description contents, which is set in advance.
For an independently implementable solution, the target constraint record base can also be determined by means of other generation means.
After the first constraint condition record library is determined, the constraint conditions in the second constraint condition record library can be globally analyzed, so that the first constraint condition record libraries pointed by a plurality of first transmission descriptive contents and the mapping conditions between the constraint conditions in the first constraint condition record libraries and the constraint conditions in the second constraint condition record libraries are counted, and therefore target constraint condition record libraries with different structural relations can be generated as well, and the application range of the overall scheme is enlarged.
For an independently implementable solution, the method may illustratively further include the steps 210 recording: step210, according to the game interaction warning item expression, the first delivery description content and the second delivery description content, determining a game interaction warning item pointed by the game interaction warning item expression, a first constraint condition pointed by the first delivery description content and a second constraint condition pointed by the second delivery description content by using a standardized thread.
In the embodiment of the application, scalar simplification operation can be performed on the game interaction warning item expression of cloud game big data, the first transfer description content and the second transfer description content between the first game interaction warning item and the second game interaction warning item by using a standardized thread, such as a normalization function, and the game interaction warning item, the first constraint condition pointed by the first transfer description content and the second constraint condition pointed by the second transfer description content included in the cloud game big data are determined in a game interaction warning item set and a target constraint condition record library which are set in advance.
In the embodiment of the application, a big data mining thread is also provided, and the big data mining thread can establish an information security knowledge base by any one of the methods.
The thread configuration of the big data mining thread can be adjusted according to actual conditions, cloud game big data which needs to be subjected to cloud game big data understanding and an information security knowledge base is loaded to the big data mining thread, after the cloud game big data description content of the cloud game big data is extracted by the big data mining thread, the limiting marks of game interaction warning matters in the cloud game big data are extracted by utilizing LSTM, and the limiting marks of the game interaction warning matters are combined to obtain limiting marks for transfer description. And determining initial game interaction warning item expression and initial transmission description content of the cloud game big data based on the restriction marks of the game interaction warning items and the restriction marks of the transmission description by using a related item expression mining algorithm method.
For the initial game interaction warning item expression, the big data mining thread utilizes a constraint adjustment algorithm to adjust the initial game interaction warning item expression into an array-type game interaction warning item expression, and the array-type game interaction warning item expression can be determined to be the game interaction warning item expression pointed by the cloud game big data.
For the initial transmission descriptive content, the big data mining thread respectively utilizes a feature extraction unit A and a feature extraction unit B to obtain a first transmission descriptive content distribution list and a second transmission descriptive content distribution list, wherein the number of feature extraction layers covered by the feature extraction unit A is smaller than that covered by the feature extraction unit B.
The big data mining thread uses an information transmission unit1 to transfer between the array-type game interaction warning item expression and the first transmission descriptive content distribution list, and uses an information transmission unit2 to transfer between the array-type game interaction warning item expression and the second transmission descriptive content distribution list. And determining the first transmission descriptive content by using the information analysis unit3 according to the array-type game interaction warning item expression and the first transmission descriptive distribution list. And updating the second transmission descriptive content distribution list by using a list updating unit to obtain a third transmission descriptive content distribution list, and determining the second transmission descriptive content by using an information analyzing unit4 according to the array-type game interaction warning item expression and the third transmission descriptive content distribution list.
Further, by means of a standardized thread, based on the array-type game interaction warning item expression, the first transfer description content and the second transfer description content, determining game interaction warning items pointed by the game interaction warning item expression, first constraint conditions pointed by the first transfer description content and second constraint conditions pointed by the second transfer description content, and accordingly establishing an information security knowledge base.
It can be understood that when the big data mining thread is tuned, the sub-thread pointed by the first transmission description content and the sub-thread pointed by the second transmission description content can be respectively tuned with labels by means of different constraint condition labels, so that the accuracy and the credibility of the big data mining thread for carrying out cloud game big data analysis are improved, and a more complete, reasonable and accurate information security knowledge base can be conveniently built later.
In addition, based on the above, under some design considerations that can be independently implemented, the method may further include the following: detecting the cloud game running stream records to be processed through the information security knowledge base, determining the cloud game running stream records with game vulnerability significance processing requirements, and performing feature significance optimization on the cloud game running stream records to obtain target cloud game running stream records; mining suspected abnormal game activity features from the target cloud game running stream records; determining game vulnerability risks according to the suspected abnormal game interaction characteristics; and formulating a wind control processing strategy aiming at the game vulnerability risk.
In the embodiment of the application, the mining conditions of the suspected abnormal game activity features can be set according to actual demands, such as mining conditions focusing on user privacy stealing or mining conditions focusing on DDOS attack, based on the mining conditions, game vulnerability risks corresponding to the suspected abnormal game interaction features can be determined through a classifier or other intelligent threads, so that a wind control processing strategy is formulated pertinently, and as the features in the target cloud game running stream records are optimized, the target cloud game running stream records have stronger feature expression capability, and therefore the accuracy and the credibility of the determined game vulnerability risks can be ensured.
In addition, under some design ideas which can be implemented independently, determining the game vulnerability risk according to the suspected abnormal game interaction features can be achieved by the following embodiments: acquiring a node behavior description set aiming at the suspected abnormal game interaction characteristics, wherein the node behavior description set comprises at least two groups of node behavior descriptions; obtaining the association degree between each group of node behavior descriptions in the node behavior description set and the suspected abnormal game interaction characteristics; sequentially adjusting the node behavior descriptions of each group according to the corresponding association degree of the node behavior descriptions of each group and the session subjects of the node behavior descriptions of each group to obtain corresponding node behavior description queues; generating a target vulnerability risk category queue for the suspected abnormal game interaction features based on the node behavior description queue, wherein the target vulnerability risk category queue comprises at least two target vulnerability risk categories; and determining the game vulnerability risk based on the first n target vulnerability risk categories in the target vulnerability risk category queue. By the design, the target vulnerability risk class queue can be determined as completely as possible from the node behavior description level, so that game vulnerability risks can be accurately and reliably positioned according to the target vulnerability risk classes which are ranked in front.
In other possible embodiments, the method for determining the cloud game running streaming record with the game vulnerability saliency processing requirement and performing feature saliency optimization on the cloud game running streaming record to obtain the target cloud game running streaming record can be implemented through the following embodiments.
Step S101, determining a cloud game running stream record with the game vulnerability processing requirement, wherein the cloud game running stream record with the game vulnerability processing requirement covers a target suspected abnormal game activity.
In the embodiment of the present application, the cloud game running stream record with the game vulnerability saliency processing requirement may be a cloud game running stream record collected by a game running detection thread, or one of the cloud game running records monitored by the game running detection thread. The target suspected abnormal game activity is an abnormal game activity of a specified suspected abnormal game event in the game environment in a cloud game running stream record.
For example, the cloud game running stream records collected by the game running detection thread may be analyzed, if the cloud game running stream records cover the target suspected abnormal game activities, the cloud game running stream records are determined to be cloud game running stream records with the game vulnerability saliency processing requirements, and if the cloud game running stream records do not cover the target suspected abnormal game activities, the cloud game running stream records are not determined to be cloud game running stream records with the game vulnerability saliency processing requirements; similarly, cloud game operation records monitored by a game operation detection thread can be analyzed, if a certain set of cloud game operation stream records cover target suspected abnormal game activities, the set of cloud game operation stream records are determined to be cloud game operation stream records with game vulnerability processing requirements, and if a certain set of cloud game operation stream records do not cover target suspected abnormal game activities, the set of cloud game operation stream records are not determined to be cloud game operation stream records with game vulnerability processing requirements.
In an application scenario, when monitoring a cloud game operation record, if an abnormal game behavior operation event occurs in a certain period in the operation record in the monitoring process and no abnormal game behavior operation event occurs in a certain period, the cloud game operation streaming record content with the abnormal game behavior operation event in the operation record is subjected to saliency optimization operation as a cloud game operation streaming record with the game vulnerability saliency processing requirement, and the cloud game operation streaming record content without the abnormal game behavior operation event in the operation record is not subjected to saliency optimization operation as a cloud game operation streaming record with the game vulnerability saliency processing requirement, so that the abnormal game behavior operation event in the cloud game operation record can be guaranteed to be timely subjected to saliency optimization operation, resource waste and expenditure can be reduced when the abnormal game behavior operation event does not exist in the cloud game operation record, and meanwhile, the cloud game operation record is prevented from being subjected to error judgment.
In addition, the cloud game running stream records may be record reports or record lists formed according to time sequence, or corresponding records may be generated according to a data information stream form, which is not limited herein.
Step S102, mining global game activity features of the target suspected abnormal game activity, and determining a first feature matching condition of constraint description in a global game activity feature optimization space of the target suspected abnormal game activity.
In the embodiment of the present application, there may be multiple methods for mining global game activity features of a target suspected abnormal game activity, and in actual implementation, the cloud game running heat record corresponding to the cloud game running flow record with the game vulnerability saliency processing requirement may be determined, and the cloud game running flow record with the game vulnerability saliency processing requirement and the cloud game running heat record after being sorted may be imported into a big data wind control processing model that completes debugging in advance, so as to perform global game activity feature mining. The game running detection thread can trigger the acquisition module of the game running detection thread to determine the cloud game running heat record or determine the cloud game running heat record through the acquisition thread while determining the cloud game running stream record with the game vulnerability significance processing requirement.
It may be understood that the number of the global game activity features obtained by mining may be multiple, and each global game activity feature obtained by mining may be carrying theme information (for example, may be an identifier), for example, if the global game activity feature obtained by mining has time sequence, the theme information of each global game activity feature may be theme information reflecting the sequence. The main reasons are as follows: when mining global game activity features of the target suspected abnormal game activity, mining is performed in combination with characteristics of the target suspected abnormal game activity or mining indexes (mining requirements), in other words, whether a certain state of the target suspected abnormal game activity is mined or not, and mining several global game activity features can be specified in advance. For example, when mining the cloud game running stream records of the abnormal game behavior operation event, global game activity feature mining can be performed on the request-response link of the abnormal game behavior operation event and other obvious activity states, wherein the obvious activity states can carry theme information, and thus the global game activity features obtained through mining carry the theme information.
It is understood that a global activity feature optimization space (which may be understood as a mapping space for performing processing of features, vectors, etc.) is an exemplary optimization method for individual optimization keywords representing targeted suspected abnormal game activities. The global activity feature optimization space may be a global space (such as a multidimensional mapping space) formed by a plurality of constraint descriptions (which may be understood as feature information or description information for defining the global activity feature optimization space) and a relational unit hierarchy among the constraint descriptions, the constraint descriptions of the global activity feature optimization space may also correspond to respective significant activity states of the target suspected abnormal game activity, and the constraint descriptions may also have topic information, for example, the constraint descriptions may have chronology, and the topic information of each constraint description may be topic information reflecting a sequence. The sorting method of the constraint descriptions and the sorting method of the global game activity characteristics obtained by the mining may be consistent or inconsistent.
Illustratively, since the global game activity feature of the target suspected abnormal game activity obtained by mining corresponds to each significant activity state of the target suspected abnormal game activity, and the global game activity feature optimization space of the target suspected abnormal game activity corresponds to each significant activity state of the target suspected abnormal game activity, a situation (such as a correspondence relationship) that the global game activity feature matches a first feature of the constraint description in the global game activity feature optimization space is determined, that is, the global game activity feature and the constraint description in the same significant activity state are subjected to feature matching.
Step S103, determining the activity feature optimization condition of the global game activity feature according to the feature optimization request, the designated optimization index of the constraint description in the global activity feature optimization space and the first feature matching condition.
In the embodiment of the application, the global activity feature optimization space can also store the designated optimization index of each constraint description, so that the update data of the constraint description and the like can be simply understood when each optimization keyword is performed. In each optimization keyword, at least one constraint description needs to be updated, so that update data of each constraint description under different optimization keywords can be recorded (it can be understood that if the constraint description does not need to be updated, the update data is empty). For example, the specified optimization index can be recorded through the thought of vector processing, each constraint description creates a vector, global distribution labels of the constraint descriptions are marked in the vector, and then update data of the constraint descriptions under each optimization keyword are marked one by one. Based on the above-mentioned vector recording mode, after the first feature matching condition is determined, the distribution label information of the global game activity feature corresponding to the constraint description is changed into a spatial description label list and loaded into the vector of the constraint description, so that the quality of optimization can be ensured when the global game activity feature is optimized (feature significance processing) later.
It can be appreciated that the feature optimization request (optimization instruction) can be determined according to the actual situation of the user, for example, if the relevant requirement selects at least one optimization keyword, the feature optimization request for the at least one optimization keyword is determined; the feature optimization request may also be adaptively generated by an execution body executing the method. When the target suspected abnormal game activity is an abnormal game behavior operation event, the demand end can determine at least one feature optimization event aiming at the abnormal game behavior operation event, so as to determine a feature optimization request corresponding to the at least one feature optimization event. For another example, when the target suspected abnormal game activity is an abnormal game behavior operation event, at least one feature optimization event may be set in advance, and then after each time it is determined that a cloud game running stream record with a game vulnerability saliency processing requirement exists, a feature optimization request corresponding to the at least one feature optimization event is adaptively generated.
In the embodiment of the application, the feature significance processing process of the global game activity feature comprises a state optimization process of the global game activity feature, so that the activity feature optimization condition of the global game activity feature comprises the global game activity feature with the state optimized.
For example, when determining the activity feature optimization condition of the global game activity feature, determining an optimization keyword of the suspected abnormal game activity of the target according to the feature optimization request, determining a first optimization index corresponding to the optimization keyword in specified optimization indexes of constraint descriptions in the global activity feature optimization space, and updating the global game activity feature corresponding to at least one constraint description in the global activity feature optimization space according to the first optimization index to obtain the activity feature optimization condition of the global game activity feature.
It will be appreciated that the optimization keywords include an optimized state and an optimized category, the optimized state being intended to express a partial state of the targeted suspected abnormal game activity, such as: the class of optimizations is intended to express the expected activity feature optimization scenario for a certain request-response link in the abnormal game behavior operation event. It will be appreciated that if there is one optimization keyword in the feature optimization request, one optimization keyword is determined, and if there are a plurality of optimization keywords in the feature optimization request, a plurality of optimization keywords are determined. Further, the first optimization index includes update data of each constraint description of the global activity feature optimization space under the optimization keyword. Each constraint description may be accessed one by one, and an optimization index corresponding to an optimization keyword in the feature optimization request, in other words, update data of the constraint description under the optimization keyword, is determined from each constraint description. When each constraint description holds update data under a respective optimization keyword in a vector format, the update data may be determined in conjunction with the optimization keyword to vector correspondence state.
For example, when there is only one optimization keyword in the feature optimization request, the optimization index corresponding to the optimization keyword is directly determined. When there are a plurality of optimization keywords in the feature optimization request, an optimization index corresponding to each optimization keyword can be determined. Or, the global activity feature optimization space stores the update data corresponding to various combinations among the optimization keywords in addition to the update data of each optimization keyword, so that when a plurality of optimization keywords exist in the feature optimization request, the update data corresponding to the combinations of the plurality of optimization keywords can be directly determined.
In addition, the feature optimization request may further include optimization variables (parameters) of the respective optimization keywords while including the optimization keywords, and the optimization variables of the optimization keywords in the feature optimization request may be adjusted. The optimization variables can be the feature saliency processing degree of the optimization event, and different feature saliency processing degrees can correspond to different optimization indexes. Based on the above, before the global game activity feature corresponding to at least one constraint description in the global game activity feature optimization space is updated according to the first optimization index to obtain an activity feature optimization condition of the global game activity feature, an optimization variable of the optimization keyword is further determined according to a feature optimization request, and then the first optimization index is updated according to the optimization variable. The degree of the optimization keywords can be optimized (feature significance processing) through the optimization variables, and the flexibility of feature optimization processing can be improved.
It can be understood that the distribution labels of the global game activity features corresponding to the constraint description and the corresponding update data can be calculated to obtain the activity feature optimization condition of the global game activity features. Under one or more optimization keywords, update data of at least one constraint description is not empty, and then global game activity features corresponding to the constraint descriptions are updated after calculation. After the first feature matching condition is determined, the distribution label information of the global game activity features corresponding to the constraint description is changed into a spatial description label list and loaded into the vector of the constraint description, and the distribution labels and the update data of the global game activity features can be directly mined from the vector of each constraint description to calculate. When the determined first updating data comprises a plurality of updating data which are not empty sets, the distribution labels of the global game activity features corresponding to the constraint description can be operated by combining each updating data one by one in combination with the appointed sequence.
After the global game activity feature is updated in combination with at least one mode, the state of the global game activity feature is optimized, and the global game activity feature in the optimized state can be understood as the global game activity feature with the state being optimized in the activity feature optimization condition of the global game activity feature.
Step S104, determining a target cloud game running stream record according to the activity feature optimization condition of the global game activity feature and the cloud game running stream record with the game vulnerability significance processing requirement.
In the embodiment of the application, according to the activity feature optimization condition of the global game activity feature, the same feature significance processing is performed on the corresponding state of the cloud game running stream record with the game vulnerability significance processing requirement, in other words, the activity feature optimization condition is projected to the processing cloud game running stream record, so that the feature significance processing of the target suspected abnormal game activity in the cloud game running stream record with the game vulnerability significance processing requirement is completed. For example, when the target suspected abnormal game activity is the abnormal game behavior operation event cloud game running stream record, the significance optimizing operation on the abnormal game behavior operation event cloud game running stream record can be completed in the step.
In summary, by determining a cloud game running stream record with a game vulnerability saliency processing requirement, mining global game activity features of a target suspected abnormal game activity in the cloud game running stream record with the game vulnerability saliency processing requirement, determining a first feature matching condition of constraint description in a global activity feature optimization space of the global game activity features and the target suspected abnormal game activity, determining an activity feature optimization condition of the global game activity features according to a feature optimization request, a designated optimization index of the constraint description in the global activity feature optimization space and the first feature matching condition, and finally determining a target cloud game running stream record according to an activity feature optimization condition of the global game activity features and the cloud game running stream record with the game vulnerability saliency processing requirement.
The activity feature optimization space is global and has a specified optimization index of constraint description, and feature saliency processing of the target suspected abnormal game activity is performed on the global game activity feature according to the feature optimization request and the specified optimization index, so that the optimization process has higher precision and reliability, further, the global game activity feature is obtained by mining from a cloud game running stream record with a game vulnerability saliency processing requirement, finally, the activity feature optimization situation obtained by the global game activity feature through feature optimization (feature saliency processing) is fed back to the cloud game running stream record with the game vulnerability saliency processing requirement again, and therefore, the quality of feature saliency processing of the target suspected abnormal game activity in the target cloud game running stream record can be guaranteed, the use efficiency of the target cloud game running stream record in subsequent wind control processing analysis is improved, and the game vulnerability is obtained by positioning the target cloud game running stream record rapidly and accurately, so that efficient wind control processing is realized.
For some technical solutions that can be implemented independently, the big data wind control processing method applied to cloud game protection further includes: and determining a second feature matching condition of the constraint description in the global activity feature optimization space and the constraint description in the global basic optimization space of the target suspected abnormal game activity.
In the embodiment of the application, the global basic optimization space is a basic optimization space (such as a standard model) of a target suspected abnormal game activity, and is composed of a plurality of constraint descriptions and relation units among the constraint descriptions. For example, when the target suspected abnormal game activity is an abnormal game behavior operation event cloud game running stream record, the global basic optimization space can be a basic abnormal game behavior operation event model (which can be understood as a vector space model). If the global game activity feature mining is performed on the global basic optimization space through the content described in step S102, then all constraint descriptions of the global basic optimization space can be obtained. The global activity feature optimization space is intended to express an exemplary optimization method of at least one optimization keyword of the global basic optimization space, i.e. an optimization index for representing each state of the global basic optimization space in the at least one optimization keyword. The global activity feature optimization space is provided with a set space description tag list, wherein the distribution tags of each constraint description in the space description tag list are distribution tags in the space description tag list, and the global activity feature optimization space is also provided with a spatial distribution tag mapping list which is used for changing the distribution tags in the space description tag list into the global description tag list.
Based on this, the distribution label of the constraint description in the global activity feature optimization space and the distribution label of the constraint description in the global basic optimization space can be changed into the same description label list, for example: the distribution labels of the constraint description in the global basic optimization space are distribution labels in the global description label list, and then the distribution labels of the constraint description can be changed to the global description label list. And then determining quantitative commonality evaluation between each constraint description in the global activity characteristic optimization space and each constraint description in the global basic optimization space. And finally, determining the second feature matching condition according to the quantitative commonality evaluation between each constraint description in the global activity feature optimization space and each constraint description in the global basic optimization space, and determining whether the two constraint descriptions correspond or not according to the quantitative commonality evaluation between the two constraint descriptions and the specified quantitative difference result, wherein the relevant judgment mode can be selected according to the actual condition and is not described in detail herein.
For an independently implementable solution, based thereon, a situation in which the global game activity feature matches the first feature of the constraint description in the global activity feature optimization space may be determined in the above-described manner, and step S401 and step S402 may be exemplarily included.
Step S401, determining a situation that the global game activity feature matches with a third feature of the constraint description in the global basic optimization space according to the topic information of the global game activity feature and the topic information of the constraint description in the global basic optimization space.
In the embodiment of the application, the global basic optimization space is a basic optimization space determined based on initial suspected abnormal game activities (such as initial cloud game running stream records), design ideas of game activity features of initial abnormal game behavior operation events and target abnormal game behavior operation events in the basic optimization space are consistent, so that the constraint description in the global basic optimization space generated based on the initial cloud game running stream records is in a state of the target suspected abnormal game activities, and when the constraint description is the same as the state of the global game activity features in the target suspected abnormal game activities, the constraint description is the same as topic information of the global game activity features, and therefore the global game activity features with the same topic information and the constraint description of the global basic optimization space are determined to be constraint description binary groups with binding relations, and the third feature matching condition is obtained. For example, the sequence of the constraint description of the global basic optimization space is consistent with the sequence of the global game activity features of the target suspected abnormal game activity, and the global game activity features with the same theme information reflecting the sequence and the constraint description of the global basic optimization space can be determined to be constraint description binary groups with binding relations, so that the third feature matching condition is obtained.
Step S402, determining the first feature matching condition according to the second feature matching condition and the third feature matching condition.
In the embodiment of the application, constraint descriptions of the global activity feature optimization space and global game activity features corresponding to the same constraint descriptions of the global basic optimization space are determined to be matched with each other in a binding relationship (corresponding to each other).
In the embodiment of the application, the second feature matching condition between each constraint description of the global basic optimization space and each constraint description of the global activity feature optimization space is preset, and then after the global game activity feature of the target suspected abnormal game activity of the cloud game operation flow record with the game vulnerability saliency processing requirement is determined each time, the first feature matching condition between the global game activity feature and the constraint description of the global activity feature optimization space can be efficiently determined by applying the theme information, so that the operation is convenient, the accuracy of the first feature matching condition can be improved, the global game activity feature of the target suspected abnormal game activity of the cloud game operation flow record with the game vulnerability saliency processing requirement is avoided, and unnecessary quantitative commonality evaluation calculation processing is executed.
For some solutions that may be implemented independently, the determining, in step S104, the cloud game running stream record according to the activity feature optimization condition of the global game activity feature and the cloud game running stream record with the game vulnerability saliency processing requirement, and the determining may exemplarily include the content recorded in step S501 and step S502.
Step S501, in combination with a first visual-type feature relation network created in advance, generates a first relation unit between activity feature optimization cases of the global game activity features.
In this embodiment of the present application, the preset first visual-type feature relation network (may be understood as a topology structure) is intended to express a combination result relation of constraint descriptions in relation units (such as a nodal relation expression or a gridding relation expression between different descriptions) between constraint descriptions of a global basic optimization space, in other words, each constraint description needs to be combined with other constraint descriptions. The first visual-type feature relation network is recorded with subject information of a constraint description. Because the topic information of the global game activity features is consistent with the topic information of the constraint description of the global basic optimization space, and a third feature matching condition between the global game activity features and the constraint description of the global basic optimization space can be created in step S201, therefore, after at least one global game activity feature is updated, the topic information of each global game activity feature is still clear, and the feature matching condition of each global game activity feature and each constraint description of the global basic optimization space is still clear, and further, a combination result of different global game activity feature optimization conditions can be performed by combining the first visual feature relation network, so as to generate a first relation unit. After a first relation unit is generated among activity feature optimization conditions of all global game activity features, a target space of a target suspected abnormal game activity is formed.
Step S502, according to interest attribute information of the mapping feature of the global game activity feature on the cloud game running stream record with the game vulnerability saliency processing requirement, distribution label information of the mapping feature of the global game activity feature on the cloud game running stream record with the game vulnerability saliency processing requirement, and the first relation unit, loading the activity feature optimization condition of the target suspected abnormal game activity on the cloud game running stream record with the game vulnerability saliency processing requirement, to obtain a target cloud game running stream record.
For example, the interest attribute information of the mapping feature of the global game activity feature on the cloud game running stream record with the game vulnerability saliency processing requirement can be mined as the interest attribute information of the activity feature optimization condition of the global game activity feature; secondly, according to interest attribute information of activity feature optimization conditions of the global game activity features, the interest attribute information in the first relation unit is loaded and obtained; and finally, mapping the interest attribute information of the global game activity feature and the interest attribute information in the first relation unit to the cloud game running stream record with the game vulnerability saliency processing requirement according to the distribution label information of the mapping feature on the cloud game running stream record with the game vulnerability saliency processing requirement according to the activity feature optimization condition of the global game activity feature, so as to obtain the target cloud game running stream record. For example, if the target suspected abnormal game activity is an abnormal game behavior operation event cloud game operation streaming record, the target cloud game operation streaming record is a cloud game operation streaming record for completing the significance optimization operation of the abnormal game behavior operation event cloud game operation streaming record.
It can be understood that, compared to the cloud game running stream record with the game vulnerability processing requirement, some states of the target suspected abnormal game activities in the target cloud game running stream record are optimized, and in the application, the interest attribute labels (aiming at expressing the operation intention or the behavior tendency corresponding to the game activities) are not optimized (feature significance processing) directly on the cloud game running stream record with the game vulnerability processing requirement locally, but are optimized (feature significance processing) on the interest attribute labels on the cloud game running stream record with the game vulnerability processing requirement by optimizing the global game activity features mined in the cloud game running stream record with the game vulnerability processing requirement locally. In other words, the global game activity feature corresponds to the mapping feature on the cloud game running stream record with the game vulnerability saliency processing requirement, so that the activity feature optimization condition of the global game activity feature can aim at expressing the activity feature optimization condition of the corresponding mapping feature, namely the activity feature optimization condition of the interest attribute label of the mapping feature, and the interest attribute information of the mapping feature of the global game activity feature on the cloud game running stream record with the game vulnerability saliency processing requirement can be mined and mapped onto the mapping feature of the cloud game running stream record with the game vulnerability saliency processing requirement again.
In an embodiment of the present application, the first relationship unit includes a plurality of local relationship units having a connection relationship, and the local relationship units are composed of at least three global game activity features. When the interest attribute information in the first relation unit is loaded, the interest attribute information in each local relation unit can be loaded as the interest attribute information matched with the global game activity feature of the local relation unit. The main reasons are as follows: when global game activity features are mined from cloud game running stream records with game vulnerability saliency processing requirements, interest attribute tags can be mined under the starting and stopping conditions of interest attribute areas with the same interest attribute information, so that the interest attribute information in the interest attribute tags is the same as the interest attribute tags, and further the interest attribute information in local relation units formed by the global game activity features corresponding to the interest attribute tags is the same as the interest attribute information of the global game activity features.
For example, the cloud game running stream record with the game vulnerability processing requirement can be loaded onto the derived cloud game running stream record, for example, the cloud game running stream record with the game vulnerability processing requirement is copied onto the cloud game running stream record to be used by means of related operations, wherein the cloud game running stream record to be used is a mapping of interest attribute information for global game activity characteristics and interest attribute information in the first relation unit, in other words, the cloud game running stream record is used as a reference of the target cloud game running stream record; then, the cloud game running stream record with the game vulnerability processing requirement is used as a raw material cloud game running stream record of a loading program, the distribution label of the mapping characteristic of each global game activity characteristic on the cloud game running stream record with the game vulnerability processing requirement is used as a user behavior positioning distribution label of the raw material cloud game running stream record, so that the interest attribute information of the mapping characteristic of the global game activity characteristic on the cloud game running stream record with the game vulnerability processing requirement can be mined and used as the interest attribute information of the activity characteristic optimization condition of the global game activity characteristic; then changing a distribution tag of an activity feature optimization condition of a global game activity feature to a global description tag list through a space mapping list of the global activity feature optimization space, then changing the distribution tag of the activity feature optimization condition of the global game activity feature in the global description tag list to a pooling description tag list through a mapping list of the global description tag list to a pooling list, triggering a subsequent relevant loading operation, namely loading interest attribute information in a first relation unit according to interest attribute information of the activity feature optimization condition of the global game activity feature, and loading the activity feature optimization condition of the global game activity feature and the interest attribute information in the first relation unit on a cloud game operation stream record which is to be used and has game vulnerability significance processing requirements, thereby loading the activity feature optimization condition of the target suspected abnormal game activity on the cloud game operation stream record which has game vulnerability significance processing requirements, and obtaining a target cloud game operation stream record.
In the embodiment of the application, a first relation unit is generated between activity feature optimization conditions of all global game activity features so as to acquire a target space of a target suspected abnormal game activity; and finally, loading the target space with the interest attribute information onto the cloud game running stream record to be used to obtain the final target cloud game running stream record.
For an independently implementable solution, the processing of the cloud game running stream record described above may illustratively include what is described in step S601 and step S602.
Step S601, a global derivative mapping space matching the global game activity features is created, wherein constraint descriptions in the global derivative mapping space at least cover activity feature optimization conditions of first semantic activity features and second semantic activity features derived based on the first semantic activity features, and the first semantic activity features are global game activity features corresponding to start-stop conditions of the target suspected abnormal game activity.
In the embodiment of the application, a first semantic activity feature (which may be understood as an activity feature for performing feature differentiation) corresponding to the target suspected abnormal game activity start-stop condition in the global game activity features may be determined first.
For example, first determining a mapping feature (e.g., a projected point) of the global game activity feature in the cloud game running stream record for which there is a game vulnerability processing requirement; secondly, according to the mapping characteristics of the target suspected abnormal game activity and the global game activity characteristics in the cloud game running stream records with the game vulnerability significance processing requirements, determining the mapping characteristics under the starting and stopping conditions (which can be understood as distinguishing conditions of different target suspected abnormal game activities) of the target suspected abnormal game activity; and finally, determining global game activity features corresponding to the mapping features under the start-stop condition of the target suspected abnormal game activity as the first semantic activity features.
For example, when determining the mapping feature under the start-stop condition of the suspected abnormal game activity of the target, several game running modes may be configured under the specified game state, such as: a plurality of non-returnable game running modes are configured in advance, and then two mapping features corresponding to the start-stop condition are determined among the mapping features of the plurality of global game activity features in each game running mode.
In the embodiment of the application, the second semantic activity feature corresponding to the first semantic activity feature may be determined from the popular activity features (which may be understood as the most frequently occurring activity features) in the global game activity features and derived content (derived extension result of feature combination result) of the combination result (feature combination result) of the first semantic activity feature.
For example, the calculation may be performed according to the distribution tag information of each global game activity feature to obtain a popular activity feature among the plurality of global game activity features, in other words, a global game activity feature at the highest popularity. And then generating a game running mode based on the hot activity features and each semantic activity feature, and further determining a specified quantization difference (the quantization difference (gap) is specified in advance and can be set according to the frequency of the target suspected abnormal game activity, for example, the frequency of the target suspected abnormal game activity is X times per minute) in the game running mode, wherein the constraint description of the derived content can be understood as a second semantic activity feature corresponding to the semantic activity feature.
In the embodiment of the present application, a second relation unit may be generated between the activity feature optimization condition of the first semantic activity feature and the second semantic activity feature by combining a second visual type feature relation network created in advance, so as to obtain the globally derived mapping space.
It will be appreciated that the pre-created second visual-type feature-relationship network is intended to express the combined resulting relationship of different activity features in the relationship element between the plurality of first semantic activity features and the plurality of second semantic activity features. For example, all the first semantic activity features combine the results one by one to generate a first sub-mapping space of the globally derived mapping space; combining all the second semantic activity features one by one to generate a second sub-mapping space of the globally derived mapping space; each first semantic activity feature then combines the results with its corresponding second semantic activity feature and also combines the results with the second semantic activity feature next to the corresponding second semantic activity feature, thereby generating a second relationship element within the globally derived mapping space. The second visual-type feature relation network is recorded in the sequence of the first semantic activity feature and the second semantic activity feature, so that after the first semantic activity feature is optimized, the second relation unit can be still generated by combining the visual-type feature relation network.
Step S602, loading the global derivative mapping space on the cloud game running stream record with the game vulnerability saliency processing requirement according to the global derivative mapping space and the cloud game running stream record with the game vulnerability saliency processing requirement.
For example, vulnerability risk mapping content of mapping features of the first semantic activity feature on the cloud game running stream record with the game vulnerability saliency processing requirement can be mined firstly to serve as interest attribute information of activity feature optimization conditions of the first semantic activity feature, and interest attribute information of mapping features of the second semantic activity feature on the cloud game running stream record with the game vulnerability saliency processing requirement is mined to serve as interest attribute information of the second semantic activity feature; then, according to the interest attribute information of the activity feature optimization condition of the first semantic activity feature and the interest attribute information of the second semantic activity feature, the interest attribute information in the second relation unit is loaded and obtained; and finally, mapping interest attribute information of the activity feature optimization condition of the first semantic activity feature, interest attribute information of the second semantic activity feature and interest attribute information in the second relation unit to the cloud game running stream record with the game vulnerability saliency processing requirement according to the activity feature optimization condition of the first semantic activity feature and the distribution label information of the mapping feature of the second semantic activity feature on the cloud game running stream record with the game vulnerability saliency processing requirement. It will be appreciated that the above embodiment is the same as that in step S502, and thus the step may be performed with reference to the embodiment of step S502.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the same, but rather, various modifications and variations may be made by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.

Claims (8)

1. The cloud game big data analysis method based on network information security is characterized by comprising the following steps of:
determining game interaction warning item expression of cloud game big data by utilizing game interaction warning item identification processing; determining first transfer descriptive contents and second transfer descriptive contents between first game interaction warning matters and second game interaction warning matters in the cloud game big data by using transfer descriptive identification processing; wherein the local content set of the first delivery description encompasses the second delivery description;
establishing the information security knowledge base through the game interaction warning items pointed by the game interaction warning item expression, the first constraint condition pointed by the first transmission descriptive content and the second constraint condition pointed by the second transmission descriptive content; wherein one or more than one of the game interactive alert items having delivery descriptive content matches a game interactive alert item to which the game interactive alert item expression is directed;
The game interaction warning item identification processing is used for determining the game interaction warning item expression of the cloud game big data, and the game interaction warning item identification processing comprises the following steps: determining an initial game interaction warning item expression of the cloud game big data; adjusting the initial game interaction warning item expression into an array game interaction warning item expression; determining the array-type game interaction warning item expression as the game interaction warning item expression of the cloud game big data;
the determining, by using a delivery description identification process, first delivery description content and second delivery description content between a first game interaction warning item and a second game interaction warning item in the cloud gaming big data includes: determining initial delivery descriptive content of the cloud gaming big data; determining a first delivery description content distribution list and a second delivery description content distribution list according to the initial delivery description content; obtaining the first transmission descriptive content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression and the first transmission descriptive content distribution list of the cloud game big data; and obtaining the second transmission descriptive contents between the first game interaction warning matters and the second game interaction warning matters in the cloud game big data according to the game interaction warning matters expression of the cloud game big data and the second transmission descriptive content distribution list.
2. The method of claim 1, wherein the method further comprises: updating the second delivery description content distribution list or updating the first delivery description content distribution list and the second delivery description content distribution list according to the first delivery description content distribution list and the second delivery description content distribution list;
based on updating the second transmission description content distribution list, the obtaining the second transmission description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression of the cloud game big data and the second transmission description content distribution list comprises the following steps: obtaining the second transmission descriptive content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the array game interaction warning item expression and a third transmission descriptive content distribution list obtained after the second transmission descriptive content distribution list is updated;
based on updating the first delivery description content distribution list, the obtaining the first delivery description content between the first game interaction warning item and the second game interaction warning item in the cloud game big data according to the game interaction warning item expression of the cloud game big data and the first delivery description content distribution list includes: and obtaining the first transmission descriptive contents between the first game interaction warning matters and the second game interaction warning matters in the cloud game big data according to the game interaction warning matters expression of the cloud game big data and a fourth transmission descriptive content distribution list obtained after the first transmission descriptive content distribution list is updated.
3. The method of claim 2, wherein updating the second delivery description distribution list in accordance with the first delivery description distribution list and the second delivery description distribution list comprises:
starting a moving average operation, a scalar simplification operation and a ReLU algorithm loading operation for the first transmission description content distribution list one by one, determining a first distribution list, and starting a moving average operation, a scalar simplification operation and a ReLU algorithm loading operation for the second transmission description content distribution list one by one, determining a second distribution list;
determining a first association degree distribution list at a description content state level of transmitting the description content and determining a second association degree distribution list at an example level of transmitting the description content according to the first distribution list and the second distribution list;
loading the first distribution list and the first association degree distribution list into a first AI artificial intelligence model, and determining a first model processing result of the first AI artificial intelligence model;
loading the first model processing result and the second association degree distribution list to a second AI artificial intelligent model, and determining a second model processing result of the second AI artificial intelligent model;
And after the second model processing result and the second transmission descriptive content distribution list are fused, obtaining a third transmission descriptive content distribution list updated by the second transmission descriptive content distribution list.
4. The method of claim 3, wherein after the determining the first delivery description and the second delivery description between the first game interactive alert and the second game interactive alert in the cloud gaming big data, the method further comprises:
in a target constraint record library, the first constraint pointed to by the first delivery description and the second constraint pointed to by the second delivery description are determined.
5. The method of claim 4, wherein the method further comprises:
determining a second constraint condition record library pointed by a plurality of second delivery descriptions;
obtaining potential characteristics pointed to by constraint conditions in the second constraint condition record library according to the second constraint condition record library;
according to the quantitative difference between every two potential features, multidimensional feature analysis is carried out on constraint conditions in the second constraint condition record library, and a first constraint condition record library pointed by a plurality of first transmission descriptive contents and mapping conditions between the constraint conditions in the first constraint condition record library and the constraint conditions in the second constraint condition record library are determined;
And determining the first constraint condition record library, the second constraint condition record library and the mapping condition as the target constraint condition record library.
6. The method of claim 5, wherein said obtaining potential features pointed to by constraints in said second repository of constraints from said second repository of constraints comprises:
loading the second constraint condition record library into a constraint condition mining model to obtain potential characteristics which are generated by the constraint condition mining model and pointed to by the constraint conditions in the second constraint condition record library;
the constraint condition mining model is obtained by determining constraint conditions in an example constraint condition record base pointed by a plurality of second transmission descriptive contents as raw material information and optimizing by taking example potential characteristics pointed by preset constraint conditions in the example constraint condition record base as references.
7. The method of any of claims 1-6, wherein the cloud gaming big data encompasses cloud gaming big data intended to express network environmental security of cloud gaming clients during game interactions, the information security knowledge base intended to characterize delivery descriptions between real-time game interaction alerts comprised by the cloud gaming big data.
8. A cloud game big data analysis system, which is characterized by comprising a processor, a network module and a memory; the processor and the memory communicate via the network module, the processor reading a computer program from the memory and running to perform the method of any of claims 1-7.
CN202210035293.1A 2022-01-13 2022-01-13 Cloud game big data analysis method and system based on network information security Active CN114422225B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210035293.1A CN114422225B (en) 2022-01-13 2022-01-13 Cloud game big data analysis method and system based on network information security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210035293.1A CN114422225B (en) 2022-01-13 2022-01-13 Cloud game big data analysis method and system based on network information security

Publications (2)

Publication Number Publication Date
CN114422225A CN114422225A (en) 2022-04-29
CN114422225B true CN114422225B (en) 2023-07-07

Family

ID=81273618

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210035293.1A Active CN114422225B (en) 2022-01-13 2022-01-13 Cloud game big data analysis method and system based on network information security

Country Status (1)

Country Link
CN (1) CN114422225B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114707768B (en) * 2022-05-25 2022-10-28 深圳飞之度科技有限公司 Big data security wind control-based information processing method and server

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10037266B2 (en) * 2016-04-01 2018-07-31 Sony Interactive Entertainment America Llc Game stream fuzz testing and automation
CN108854075B (en) * 2018-05-30 2023-04-18 腾讯科技(深圳)有限公司 Method and device for detecting abnormal behaviors of game role
CN110909630B (en) * 2019-11-06 2023-04-18 腾讯科技(深圳)有限公司 Abnormal game video detection method and device
CN113750538A (en) * 2020-06-02 2021-12-07 盛趣信息技术(上海)有限公司 Big data-based hand-game security platform construction method and system
CN113297884A (en) * 2020-07-29 2021-08-24 阿里巴巴集团控股有限公司 Abnormal behavior determination method and device and electronic equipment
CN113051555A (en) * 2020-09-07 2021-06-29 沈建锋 Service information detection method combining big data and cloud computing center
CN112036762B (en) * 2020-09-07 2021-08-31 贝壳找房(北京)科技有限公司 Behavior event recognition method and apparatus, electronic device and storage medium
CN112905619A (en) * 2020-10-10 2021-06-04 陈夏焱 Abnormal label classification method and system based on artificial intelligence and big data
CN113347042A (en) * 2021-06-25 2021-09-03 东莞市慧学慧玩教育科技有限公司 Data security protection method and server based on digitization and artificial intelligence

Also Published As

Publication number Publication date
CN114422225A (en) 2022-04-29

Similar Documents

Publication Publication Date Title
US10043006B2 (en) Event anomaly analysis and prediction
US7013395B1 (en) Method and tool for network vulnerability analysis
Singh et al. Dynamic behavior analysis of android applications for malware detection
US11159564B2 (en) Detecting zero-day attacks with unknown signatures via mining correlation in behavioral change of entities over time
CN112231570B (en) Recommendation system support attack detection method, device, equipment and storage medium
CN115422592A (en) Big data security processing method and system
CN114422225B (en) Cloud game big data analysis method and system based on network information security
Burnett Trust assessment and decision-making in dynamic multi-agent systems
US11797617B2 (en) Method and apparatus for collecting information regarding dark web
CN110572302B (en) Diskless local area network scene identification method and device and terminal
Costa et al. Mobile botnets detection based on machine learning over system calls
Puri et al. Analyzing and predicting security event anomalies: Lessons learned from a large enterprise big data streaming analytics deployment
Chkirbene et al. Data augmentation for intrusion detection and classification in cloud networks
Chen et al. Building machine learning-based threat hunting system from scratch
Castellano et al. Learning fuzzy user profiles for resource recommendation
CN116451191A (en) Information auditing method, device, electronic equipment and computer readable storage medium
Vlahavas et al. Unsupervised clustering of bitcoin transactions
Breitinger et al. DFRWS EU 10-Year Review and Future Directions in Digital Forensic Research
CN115220859A (en) Data input mode monitoring method and device, electronic equipment and storage medium
Ceruti Challenges in data management for the United States Department of Defense (DoD) command, control, communications, computers, and intelligence (C/sup 4/I) systems
CN114219427B (en) Information security processing method and storage medium for handling big data office work
CN113297314B (en) Data visualization method and device and storage medium
CN117951742A (en) Data processing method, apparatus, device, medium, and program product
Wright et al. A Diagnostics Approach for Persistent Threat Detection (ADAPT)
Konstantinos Multiple Layer Hybrid Classification for Android Malware Detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20220805

Address after: 236700 household 25, xinzhangying, donglaozhai village, Chengguan Town, Lixin County, Bozhou City, Anhui Province

Applicant after: Liu Fang

Address before: 155100 gate 108, building 19, Xinhua Mingyuan community, Baoqing Town, Baoqing County, Shuangyashan City, Heilongjiang Province

Applicant before: Baoqing tengkang Network Technology Co.,Ltd.

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20230608

Address after: 518000, 6th Floor, Hangsheng Technology Building, No. 8 Gaoxin South 6th Road, Gaoxin Community, Yuehai Street, Nanshan District, Shenzhen, Guangdong Province

Applicant after: Shenzhen Love Tomato Technology Co.,Ltd.

Address before: 236700 household 25, xinzhangying, donglaozhai village, Chengguan Town, Lixin County, Bozhou City, Anhui Province

Applicant before: Liu Fang

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant