CN114884740B - AI-based intrusion protection response data processing method and server - Google Patents
AI-based intrusion protection response data processing method and server Download PDFInfo
- Publication number
- CN114884740B CN114884740B CN202210572501.1A CN202210572501A CN114884740B CN 114884740 B CN114884740 B CN 114884740B CN 202210572501 A CN202210572501 A CN 202210572501A CN 114884740 B CN114884740 B CN 114884740B
- Authority
- CN
- China
- Prior art keywords
- response
- matched
- session response
- behavior
- session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides an AI-based intrusion protection response data processing method and a server, which can flexibly analyze and predict conversation response operations of all interaction participants, flexibly utilize the conversation response operations obtained by analysis to carry out operation interaction conditions among all interaction participants, and utilize the conversation response operations obtained by analysis and intrusion protection monitoring records for the conversation response operations of operation interaction to determine a data risk detection report of an intrusion protection process.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to an AI-based intrusion protection response data processing method and a server.
Background
A conventional Intrusion Prevention System (IPS) is a computer network security facility, and is a supplement to anti-virus software (anti Programs) and a firewall (Packet Filter). The intrusion prevention system can monitor computer security items such as network data transmission behaviors of the network or the network equipment, and can timely interrupt, adjust or isolate abnormal or harmful network data transmission behaviors. With the continuous development of the internet, intrusion attack protection interaction in a cloud session service scene is more and more frequent and complex, detection records aiming at the intrusion attack protection interaction are important for improving the intrusion protection quality, but the detection records are difficult to be effectively determined by related technologies.
Disclosure of Invention
The invention provides an AI-based intrusion protection response data processing method and a server, and adopts the following technical scheme to achieve the technical purpose.
The first aspect is an AI-based intrusion prevention response data processing method, applied to an AI server, the method at least comprising:
responding to the fact that an intrusion protection process is in an activated state, determining to-be-matched session response operation of a response behavior execution end of each behavior analysis period in a set number of behavior analysis periods by combining a multi-terminal service interaction scene, analyzing to obtain to-be-executed session response operation of the response behavior execution end of the current behavior response period by combining the to-be-matched session response operation, interacting by combining the to-be-executed session response operation, and determining the current multi-terminal service interaction scene;
on the basis that a target execution end does not exist in the current multi-end service interaction scene, analyzing and obtaining to-be-executed session response operation of a response behavior execution end in a next round of behavior response period in combination with the current multi-end service interaction scene, interacting in combination with to-be-executed session response operation of the response behavior execution end in the next round of behavior response period, and determining the next round of multi-end service interaction scene until each to-be-matched session response operation and each to-be-executed session response operation intrusion protection monitoring record are determined on the basis that the target execution end exists in the determined multi-end service interaction scene;
and determining a data risk detection report of the intrusion protection process by combining the intrusion protection monitoring record.
In some possible technical solutions, the determining a data risk detection report of the intrusion prevention process by combining the intrusion prevention monitoring record includes:
determining a priority comparison result and a first request response description between intrusion protection monitoring records of the session response operations to be matched by using the priority comparison result and the request response description between the session response operations to be matched;
determining a second request response description between the intrusion prevention monitoring record of the session response operation to be matched and the intrusion prevention monitoring record of the session response operation to be executed by utilizing the request response description between the session response operation to be matched and the session response operation to be executed;
and determining a data risk detection report of the intrusion protection process by combining the intrusion protection monitoring record, the priority comparison result, the first request response description and the second request response description.
In some possible implementations, the set number is U, and U is a positive integer; the responding intrusion protection process is in an activated state, session response operations to be matched of the response behavior execution end of each behavior analysis period in a set number of behavior analysis periods are determined by combining a multi-terminal service interaction scene, and the session response operations to be executed of the response behavior execution end of the current behavior response period are obtained by analyzing by combining the session response operations to be matched, and the method comprises the following steps:
determining a basic multi-terminal service interaction scene by combining the appointed scene configuration information;
determining V to-be-matched session response operations of a response behavior execution end of the a-th round behavior analysis period by combining the basic multi-end service interaction scene, and determining corresponding V behavior analysis scenes by utilizing the V to-be-matched session response operations; a is an integer of 1 to U; v is an integer not less than 1;
determining V session response operations to be matched of the response behavior execution end of the corresponding a +1 th round of behavior analysis period by using each behavior analysis scene of the a-th round of behavior analysis period until V session response operations to be matched of the response behavior execution end of the corresponding U-th round of behavior analysis period are determined by using each behavior analysis scene of the U-1 th round of behavior analysis period, and extracting the session response operations to be executed from the V session response operations to be matched of the response behavior execution end of the a-th round of behavior analysis period by combining the session response operations to be matched obtained by the U-th round of behavior analysis period to serve as the session response operations to be executed of the response behavior execution end in the current behavior response period; on the basis that the interactive participation end at least comprises a first participation end and a second participation end, the response behavior execution end of the a-th round behavior analysis period is the first participation end, and the response behavior execution end of the a + 1-th round behavior analysis period is the second participation end.
In some possible technical solutions, the determining, in combination with the basic multi-terminal service interaction scenario, V to-be-matched session response operations of a response behavior execution end in an a-th round of behavior analysis period, and determining, by using the V to-be-matched session response operations, corresponding V behavior analysis scenarios, includes:
determining each session response operation of the response behavior execution end of the a-th round behavior analysis period by combining the basic multi-end service interaction scene, and determining a response quality label of each session response operation;
taking the former V session response operations with the maximum response quality labels as V session response operations to be matched at the response behavior execution end of the a-th behavior analysis period;
and determining a behavior analysis scene corresponding to each session response operation to be matched by combining the basic multi-terminal service interaction scene and each session response operation to be matched in the V session response operations to be matched to obtain the V behavior analysis scenes.
In some possible technical solutions, the determining a response quality label of each session response operation includes:
respectively determining a passive defense coefficient and an active processing coefficient of each session response operation by combining the basic multi-terminal service interaction scene and a set interaction variable of each data knowledge;
and determining the response quality label of each session response operation by combining the passive defense coefficient and the active processing coefficient of each session response operation.
In some possible technical schemes, each session response operation to be matched corresponds to one response quality label; the determining, in combination with the basic multi-terminal service interaction scenario and each to-be-matched session response operation in the V to-be-matched session response operations, a behavior analysis scenario corresponding to each to-be-matched session response operation includes:
selecting a session response operation answer1 to be matched with the largest response quality label from the V session response operations to be matched by using the response quality labels, and determining a 1 st behavior analysis scene by combining the basic multi-terminal service interaction scene and the session response operation answer1 to be matched;
selecting a session response operation answer2 to be matched with the largest answer quality label from the session response operations to be matched except the session response operation answer1 to be matched in the V session response operations to be matched by utilizing the answer quality labels, and determining a 2 nd behavior analysis scene by combining the basic multi-terminal service interaction scene and the session response operation answer2 to be matched until determining a V th behavior analysis scene by combining the basic multi-terminal service interaction scene and the V th session response operation to be matched.
In some possible technical solutions, the determining, by using each behavior analysis scenario of the a-th-round behavior analysis period, V session response operations to be matched at the response behavior execution end of the corresponding a + 1-th-round behavior analysis period includes:
determining each session response operation of the response behavior execution end of the corresponding a +1 th round behavior analysis period by combining any behavior analysis scene of the a th round behavior analysis period, and determining a response quality label of each session response operation;
and taking the former V session response operations with the maximum response quality labels as the V session response operations to be matched of the a +1 th behavior analysis period corresponding to any behavior analysis scene.
In some possible technical schemes, each session response operation to be matched corresponds to one response quality label; the extracting of the session response operation to be executed from the V session response operations to be matched at the response behavior execution end of the a-th round behavior analysis period in combination with the session response operation to be matched obtained by the U-round behavior analysis period includes:
obtaining a response capability index of each session response operation to be matched at a response behavior execution end of the a-th round behavior analysis period by using a response quality label of the session response operation to be matched, which is described by a request response, in the a-th round behavior analysis period to the U-th round behavior analysis period;
and extracting the session response operation to be executed from the V session response operations to be matched at the response behavior execution end in the a-th round behavior analysis period by using the response capability index.
In some possible technical solutions, each session response operation to be matched at the response behavior execution end of the a-th round of behavior analysis period corresponds to P response capability indexes; the obtaining of the response capability index of each session response operation to be matched at the response behavior execution end of the a-th round behavior analysis period by using the response quality tag of the session response operation to be matched, which is described by the request response, from the a-th round behavior analysis period to the U-th round behavior analysis period includes:
weighting the response quality labels of the session response operations to be matched, which are described by the request response, in the a-th to U-th round behavior analysis periods to obtain P response capability indexes of each session response operation to be matched at the response behavior execution end of the a-th round behavior analysis period; wherein P = V ^ (V + 1).
In some possible technical solutions, the determining a data risk detection report of the intrusion prevention process by combining the intrusion prevention monitoring record includes: determining corresponding auditory sense output information, atlas interactive behavior information and interactive behavior thermodynamic information by using each intrusion protection monitoring record; and determining the comprehensive monitoring record of the intrusion protection process by utilizing the auditory sense output information, the mapping interactive behavior information and the interactive behavior thermal information.
A second aspect is an AI server comprising a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; wherein the computer instructions, when executed by the processor, cause the AI server to perform the method of the first aspect.
A third aspect is a computer-readable storage medium having stored thereon a computer program which, when executed, performs the method of the first aspect.
According to one embodiment of the invention, in response to that an intrusion protection process is in an activated state, a multi-terminal service interaction scene is utilized to analyze a session response operation, a session response operation to be matched of a response behavior execution end in each round of behavior analysis period is obtained, a session response operation to be executed in the session response operation to be matched is obtained, adaptive intrusion protection interaction is carried out by utilizing the session response operation to be executed until all session response operations to be matched and each session response operation to be executed, which are obtained by analysis, are utilized to obtain intrusion protection monitoring records of each session response operation on the basis that a target execution end exists in a related intrusion protection process, and then, a data risk detection report of the intrusion protection process is determined by utilizing the intrusion protection monitoring records of each session response operation.
Therefore, the session response operations of all the interaction participants can be flexibly analyzed and predicted, the operation interaction conditions among all the interaction participants are flexibly carried out by using the session response operations obtained through analysis, and the data risk detection report of the intrusion protection process is determined by using the session response operations obtained through analysis and the intrusion protection monitoring record used for the session response operations of the operation interaction.
Drawings
Fig. 1 is a flowchart illustrating an AI-based intrusion prevention response data processing method according to an embodiment of the present invention.
Fig. 2 is a block diagram of an AI-based intrusion prevention response data processing apparatus according to an embodiment of the present invention.
Detailed Description
In the following, the terms "first", "second" and "third", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," or "third," etc., may explicitly or implicitly include one or more of that feature.
Fig. 1 is a flowchart illustrating an AI-based intrusion prevention response data processing method according to an embodiment of the present invention, where the AI-based intrusion prevention response data processing method may be implemented by an AI server, and the AI server may include a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; wherein the computer instructions, when executed by the processor, cause the AI server to perform the aspects described in the following steps.
Step 11: and in response to the fact that the intrusion protection process is in an activated state, determining to-be-matched session response operation of a response behavior execution end of each behavior analysis period in a set number of behavior analysis periods by combining with a multi-terminal service interaction scene, analyzing to obtain to-be-executed session response operation of the response behavior execution end of the current behavior response period by combining with to-be-matched session response operation, interacting by combining with to-be-executed session response operation, and determining the current multi-terminal service interaction scene.
For some possible examples, the multi-end service interaction scenario may be a multi-end service interaction scenario of a blockchain payment service, a multi-end service interaction scenario of a digital office service, a multi-end service interaction scenario of a digital space service, and the like.
For some possible examples, the AI server may determine a set number of behavior analysis periods by using a multi-terminal service interaction scenario, and for each round of behavior analysis periods, the AI server may determine, as a response behavior execution end in the behavior analysis period, a session response operation of a response behavior execution end in the behavior analysis period, to determine a to-be-matched session response operation of the response behavior execution end in each round of behavior analysis periods in the set number of behavior analysis periods, and analyze, by using the obtained to-be-matched session response operation, session response operation analysis information of the response behavior execution end in the current behavior response period, thereby performing intrusion protection interaction by using the obtained to-be-matched session response operation, and obtaining a current multi-terminal service interaction scenario determined after the intrusion protection interaction.
In the embodiment of the present invention, the current behavior response period may be any one behavior response period in the intrusion protection process, for example, the current behavior response period may be a first behavior response period and a second behavior response period.
Regarding some examples, when the multi-end service interaction scenario is a multi-end service interaction scenario of a digital office service, the multi-ends having interaction are an information protection end and an information intrusion end, and the current behavior response period is a first behavior response period, the AI server can use the information intrusion end as a response behavior execution end in the first behavior response period, determine a session response operation to be matched for a first session response operation of the information intrusion end by using the basic multi-end service interaction scenario, use the information protection end as a response behavior execution end, use the session response operation to be matched for the first session response operation of the information intrusion end, and then use the session response operation to be matched for the first session response operation of the information protection end by using the information intrusion end as a response behavior execution end again, determining a session response operation to be matched of a second session response operation of the information intrusion end, further, using the information protection end as a response behavior execution end, and using the session response operation to be matched of the second session response operation of the information intrusion end to determine the session response operation to be matched of the second session response operation of the information protection end, thereby obtaining the session response operation to be matched of the response behavior execution end in each behavior analysis period in the four-wheel behavior analysis period, and using the obtained session response operation to be matched of the response behavior execution end in the four-wheel behavior analysis period to analyze and obtain the session response operation to be executed of the information intrusion end in the first behavior response period, and then using the session response operation to be executed as a multi-terminal session response operation of the information intrusion end in the first behavior response period, and determining an interactive scene after intrusion prevention interaction.
Step 12: and on the basis that the target execution end does not exist in the current multi-end service interaction scene, analyzing and obtaining the to-be-executed session response operation of the response behavior execution end in the next round of behavior response period by combining the current multi-end service interaction scene, interacting by combining the to-be-executed session response operation of the response behavior execution end in the next round of behavior response period, and determining the next round of multi-end service interaction scene until each session response operation to be matched and the intrusion protection monitoring record of each to-be-executed session response operation are determined on the basis that the target execution end exists in the determined multi-end service interaction scene.
For some possible examples, after obtaining the current multi-end service interaction scenario, the AI server may analyze whether one end completely suppresses the other end (for example, the other end cannot respond) in the current multi-end service interaction scenario, and on the basis that it is analyzed that a target execution end does not exist in the current multi-end service interaction scenario, may utilize the current multi-end service interaction scenario to determine again a session response operation to be matched for the response behavior execution end of each behavior analysis cycle in the set number of behavior analysis cycles, and analyze the session response operation to be executed for the response behavior execution end of the subsequent behavior response cycle in combination with the session response operation to be matched, so as to perform intrusion protection interaction using the obtained subsequent session response operation to obtain a multi-end service interaction scenario determined after intrusion protection interaction, for example, obtain a subsequent multi-end service interaction scenario of the current multi-end service interaction scenario, and then analyze again whether one end completely suppresses the other end in the obtained subsequent multi-end service interaction scenario, and obtain again a response operation to be matched for the response operation by the subsequent multi-end analysis cycle in combination with the obtained by the obtained after interaction scenario, thereby obtaining a response operation to be matched for the subsequent multi-end to perform interaction scenario, and obtain a response operation to be matched after one interaction session response operation by the obtained by analyzing one time to be analyzed and one time after interaction scenario, and obtaining a multi-end service interaction scene determined after the intrusion protection interaction, for example, obtaining a multi-end service interaction scene of a next round of the multi-end service interaction scene, analyzing whether one end of the obtained multi-end service interaction scene of the next round completely suppresses the other end, and repeating the steps until the intrusion protection process is terminated on the basis that a target execution end exists in the determined multi-end service interaction scene.
For some possible examples, for each to-be-matched or to-be-executed session response operation, the AI server may determine, by using each session response operation and the set session response operation interpretation, an intrusion prevention monitoring record of each to-be-matched or to-be-executed session response operation, for example, on the basis that one to-be-executed session response operation is to migrate the data knowledge "knowledge1" of the folder file _ a of the session scene to the folder file _ B of the session scene, the determined intrusion prevention monitoring record may include information "knowledge1 migration based on the folder file _ a and the folder file _ B" for interpreting the to-be-executed session response operation.
For some possible examples, the intrusion prevention monitoring record of each session response operation to be matched or the session response operation to be executed further includes information for explaining an analysis process when the session response operation to be matched or the session response operation to be executed is obtained.
Step 13: and determining a data risk detection report of the intrusion protection process by combining the intrusion protection monitoring record.
For some possible examples, the AI server may determine the data risk detection report of the characteristic field pattern by using the determined intrusion prevention monitoring record of each session response operation to be matched and the determined intrusion prevention monitoring record of the session response operation to be performed.
For some possible examples, the AI server may also determine corresponding auditory sensory output information using the determined intrusion protection monitoring record for each session response operation to be matched and the intrusion protection monitoring record for the session response operation to be performed, and then immediately determine a data risk detection report for the auditory sensory output mode using the determined auditory sensory output information, or determine a data risk detection report for the feature field mode + the auditory sensory output mode using the determined auditory sensory output information and the corresponding intrusion protection monitoring record.
In the embodiment of the present invention, the AI server may determine the auditory sense output information of each intrusion protection monitoring record by using a set policy, for example, thinking such as robot simulation.
For some possible examples, the AI server may immediately sort each determined intrusion prevention monitoring record, or may immediately sort the auditory sensory output information, so that a data risk detection report in the characteristic field mode or a data risk detection report in the auditory sensory output mode may be obtained.
For some possible examples, the AI server may sequentially store the session response operation to be matched and the session response operation to be executed in the cloud service system according to a time sequence on the basis of obtaining the session response operation to be matched in one behavior analysis cycle and obtaining the session response operation to be executed in one behavior response cycle, so that the intrusion protection monitoring records of the session response operation or the auditory sensory output information corresponding to the intrusion protection monitoring records may be sorted subsequently by using the marking time of the session response operation cached in the cloud service system, thereby obtaining the data risk detection report.
For some possible examples, the data risk detection report records a to-be-matched session response operation of a response behavior execution end in each behavior analysis period in an intrusion protection process, a process of analyzing to-be-executed session response operation in each behavior response period from the to-be-matched session response operation, a multi-terminal service interaction scene obtained after executing the to-be-executed session response operation, and an intrusion protection result in the multi-terminal service interaction scene.
For some possible examples, the data risk detection report records how to determine a process of a to-be-matched session response operation of a response behavior execution end in each behavior analysis period by using a multi-terminal service interaction scene in an intrusion protection process, how to analyze the to-be-matched session response operation in each behavior response period from the to-be-matched session response operation, the multi-terminal service interaction scene obtained after the to-be-executed session response operation is executed, and an intrusion protection result in the multi-terminal service interaction scene.
In the embodiment of the invention, the AI server can respond to that the intrusion protection process is in an activated state, analyze the session response operation by the multi-end participant end with interaction and perform intrusion protection interaction by using the session response operation obtained by analysis until the AI server judges that the single-end suppression state exists, then determine the intrusion protection monitoring record of each session response operation by using the session response operation obtained by analysis and the session response operation during the intrusion protection interaction, and finally determine the data risk detection report in the intrusion protection process by using the intrusion protection monitoring record. Therefore, the session response operations of all the interactive participants can be flexibly analyzed and predicted, the operation interaction conditions among all the interactive participants can be flexibly carried out by using the session response operations obtained through analysis, the data risk detection report of the intrusion protection process can be determined by using the session response operations obtained through analysis and the intrusion protection monitoring record used for the session response operations of the operation interaction, and compared with the data risk detection report of the intrusion protection process created manually, the timeliness, the accuracy and the flexibility of the data risk detection report generation can be guaranteed to a certain extent.
For some possible examples, the responding to the intrusion protection process in step 11 is in an activated state, a to-be-matched session response operation of the response behavior execution end of each behavior analysis cycle in a set number of behavior analysis cycles is determined in combination with a multi-end service interaction scenario, and the to-be-matched session response operation of the response behavior execution end of the current behavior response cycle is obtained through analysis in combination with the to-be-matched session response operation, which may be implemented through steps 111 to 113.
Step 111: and determining a basic multi-terminal service interaction scene by combining the specified scene configuration information.
For some possible examples, the specified scene configuration information can be flexibly set and can be set by using actual conditions; the specified scene configuration information can be a certain category of session scene mode and the folder position of each data knowledge in the basic multi-terminal service interaction scene in the session scene. The AI server can determine a basic multi-terminal service interaction scene to be subjected to intrusion prevention interaction by using the specified scene configuration information.
For some possible examples, the basic multi-end service interaction scenario may be an interaction scenario in which multi-end service interaction is not performed yet, or the basic multi-end service interaction scenario may also be an interaction scenario in which multi-end service interaction is completed.
Step 112: and determining V to-be-matched session response operations of the response behavior execution end of the a-th round behavior analysis period by combining the basic multi-end service interaction scene, and determining corresponding V behavior analysis scenes by utilizing the V to-be-matched session response operations. Wherein a is an integer of 1 to U; v is an integer not less than 1; the set number is U, and U is a positive integer.
For some possible examples, the AI server may determine V session response operations to be matched at the response behavior execution end in the 1 st round of the behavior analysis period by using the determined basic multi-end service interaction scenario, and obtain a corresponding behavior analysis scenario by using each session response operation to be matched in the V session response operations to be matched, thereby obtaining V behavior analysis scenarios corresponding to the V session response operations to be matched one by one. For example, when the multi-end service interaction scene is a multi-end service interaction scene of a digital office service, the interacting multi-ends are an information protection end and an information intrusion end, and the current behavior response period is a first behavior response period, the AI server can use the information intrusion end as a response behavior execution end in the first behavior response period, determine V to-be-matched session response operations of the first session response operations of the information intrusion end by using the basic interaction scene, and determine V behavior analysis scenes by using the V to-be-matched session response operations.
In the embodiment of the present invention, the value of U may be set in combination with the actual situation, for example, U may be 2, or may also be 4, etc.; and the value of V may also be set in combination with the actual situation, for example, V may be 2, may also be 5, and the like.
Step 113: and utilizing each behavior analysis scene of the a-th round behavior analysis period, determining V session response operations to be matched of the response behavior execution end of the corresponding a + 1-th round behavior analysis period until each behavior analysis scene of the U-1-th round behavior analysis period is utilized, and extracting the session response operations to be executed from the V session response operations to be matched of the response behavior execution end of the a-th round behavior analysis period on the basis of determining the V session response operations to be matched of the response behavior execution end of the corresponding U-th round behavior analysis period in combination with the session response operations to be matched obtained by the U-th round behavior analysis period to serve as the session response operations to be executed of the response behavior execution end in the current behavior response period.
Further, on the basis that the interaction participation end at least comprises a first participation end and a second participation end, the response behavior execution end of the a-th round behavior analysis period is the first participation end, and the response behavior execution end of the a + 1-th round behavior analysis period is the second participation end.
For some possible examples, the interactive participation end may include not less than two ends, and the response behavior execution end in the a-th round behavior analysis period is a first participation end, the response behavior execution end in the a + 1-th round behavior analysis period is a second participation end, the response behavior execution end in the a + 2-th round behavior analysis period is a third participation end, and so on. And repeating the steps until all response behavior execution ends are processed. To be seen in some examples, on the basis that the interaction participating end is a first participating end and a second participating end, the response behavior executing end in the a-th round behavior parsing period is the first participating end, and the response behavior executing end in the a + 1-th round behavior parsing period is the second participating end. For example, on the basis that the interaction participation end is an information intrusion end and an information protection end, there are four rounds of behavior analysis periods, and the response behavior execution end of the 1 st round of behavior analysis period is an information intrusion end, the response behavior execution end of the 2 nd round of behavior analysis period is an information protection end, the response behavior execution end of the 3 rd round of behavior analysis period is an information intrusion end, and the response behavior execution end of the fourth round of behavior analysis period is an information protection end.
For some possible examples, the AI server may determine, by using each behavior analysis scenario of the a-th round of behavior analysis period, V session response operations to be matched at the response behavior execution end of the a + 1-th round of behavior analysis period, and obtain one behavior analysis scenario, for example, obtain each behavior analysis scenario of the a + 1-th round of behavior analysis period, by using each behavior analysis scenario of the a + 1-th round of behavior analysis period, then determine, by using each behavior analysis scenario of the a + 1-th round of behavior analysis period, V session response operations to be matched at the response behavior execution end of the a + 2-th round of behavior analysis period, and obtain one behavior analysis scenario, for example, obtain each behavior analysis scenario of the a + 2-th round of behavior analysis period, by using each session response operation to be matched at each V session response operation to be matched at the response behavior execution end of the a + 2-th round of behavior analysis period, and so on, until each behavior analysis scenario of the U-1-th round of behavior analysis period is used, the V session response scenarios to be matched at the response execution end of the U-1-th round of behavior analysis period are determined. In view of this, the AI server may extract the session response operation to be executed from the V session response operations to be matched at the response behavior execution end in the a-th round of behavior analysis period, in combination with all the session response operations to be matched obtained in the U-round of behavior analysis period, and use the extracted session response operation as the session response operation to be executed at the response behavior execution end in the current behavior response period, so as to perform intrusion protection interaction in the current behavior response period.
For some possible examples, on the basis that U is 4, the AI server may determine, by using each behavior analysis scenario of the 1 st round of behavior analysis period, V session response operations to be matched of the reply behavior execution end of the 2 nd round of behavior analysis period, and obtain, by using each session response operation to be matched of V session response operations of the reply behavior execution end of the 2 nd round of behavior analysis period, one behavior analysis scenario, for example, each behavior analysis scenario of the 2 nd round of behavior analysis period is obtained, then, by using each behavior analysis scenario of the 2 nd round of behavior analysis period, V session response operations to be matched of the reply behavior execution end of the 3 rd round of behavior analysis period are determined, and, by using each session response operation to be matched of V session response operations of the reply behavior execution end of the 3 rd round of behavior analysis period, one behavior analysis scenario, for example, each behavior analysis scenario of the reply behavior execution end of the 3 rd round of behavior analysis period is obtained, and all the session response operations to be matched of the reply behavior execution end in the 3 rd round of behavior analysis period are extracted as the session response operations of the session response operations to be matched of the reply behavior execution end, and all the session response operations of the reply behavior analysis period are extracted from the current session response operations of the session response operations to be matched of the reply behavior analysis end of the 1 st round of the behavior analysis period.
To be seen by some examples, in a multi-end service interaction scenario in which the multi-end service interaction scenario is a multi-end service interaction scenario of a digital office service, the multi-ends with interaction are an information protection end and an information intrusion end, U is 4,V of 2, and a current behavior response period is a first behavior response period, the AI server can use the information intrusion end as a response behavior execution end in the first behavior response period, determine 2 session response operations to be matched for a first session response operation of the information intrusion end by using the basic multi-end service interaction scenario, and respectively correspond to 2 behavior analysis scenarios for determining the first session response operation of the information intrusion end by using the 2 session response operations to be matched; then, the information protection end is used as a response behavior execution end, 2 behavior analysis scenes of the first session response operation of the information intrusion end are utilized, 2 session response operations to be matched of the first session response operation of the information protection end are determined, and 2 behavior analysis scenes of the first session response operation of the information protection end are respectively and correspondingly determined by utilizing the 2 session response operations to be matched; then, the information intrusion end is used as a response behavior execution end again to determine 2 to-be-matched session response operations of the second session response operation of the information intrusion end by using 2 behavior analysis scenes of the first session response operation of the information protection end, and further, the information protection end is used as a response behavior execution end to determine 2 to-be-matched session response operations of the second session response operation of the information protection end by using 2 behavior analysis scenes of the second session response operation of the information intrusion end, and the 2 to-be-matched session response operations respectively correspond to the 2 behavior analysis scenes of the second session response operation of the information protection end. Therefore, session response operations to be matched of the two interactive behaviors of the information intrusion end and the information protection end are obtained, so that the session response operations to be executed of the information intrusion end in the first behavior response period can be analyzed by using the obtained session response operations to be matched of the two interactive behaviors of the information intrusion end and the information protection end, then the session response operations to be executed are used as multi-terminal session response operations of the information intrusion end in the first behavior response period, and an interactive scene after intrusion protection interaction is determined.
For some possible examples, the above step 112 may be implemented by steps 21-23.
Step 21: and determining each session response operation of the response behavior execution end in the a-th round of behavior analysis period by combining a basic multi-end service interaction scene, and determining a response quality label of each session response operation.
Step 22: and taking the former V session response operations with the maximum response quality labels as the V session response operations to be matched of the response behavior execution end of the a-th round behavior analysis period.
For some possible examples, the AI server may determine, after determining the basic multi-terminal service interaction scenario, a reply behavior execution end in a current behavior response period by using the set reply behavior execution end configuration variable, and use the reply behavior execution end in the current behavior response period as a reply behavior execution end in an a-th round behavior parsing period, determine each executable session response operation of the reply behavior execution end in the a-th round behavior parsing period by analyzing data knowledge of the reply behavior execution end in the basic multi-terminal service interaction scenario and analyzing data knowledge of a participant end in an opposite relationship with the reply behavior execution end in the a-th round behavior parsing period, and determine a reply quality tag (a reply capability tag or a reply matching tag) of each session response operation. For example, on the basis that the current behavior response period is the first behavior response period and the AI server sets the information intrusion end as the response behavior execution end of the first behavior response period by using the set response behavior execution end variable, the AI server may use the information intrusion end as the response behavior execution end in the 1 st round of behavior analysis period, determine each session response operation executable by the information intrusion end in the 1 st round of behavior analysis period by analyzing data knowledge of the information intrusion end and data knowledge of the information protection end in an association with the information intrusion end in the basic multi-end service interaction scene, and determine a response quality tag of each session response operation, and then may select, from the determined executable session response operations, the first V session response operations with the largest response quality tags as the V session response operations to be matched at the response behavior execution end in the a-th round of behavior analysis period by using the response quality tags.
For some possible examples, the AI server may determine, by using a basic multi-terminal service interaction scenario, each session response operation of the response behavior execution end in the a-th round of behavior analysis period, determine a response quality tag of each session response operation, and determine corresponding information by using the first V session response operations with the largest response quality tags as a process of the V to-be-matched session response operations of the response behavior execution end in the a-th round of behavior analysis period, so as to obtain information for explaining an analysis process when obtaining each to-be-matched session response operation in the a-th round of behavior analysis period.
For some possible examples, for each session response operation of the response behavior execution end in the a-th round of behavior analysis period, the AI server may jointly analyze the response quality tag of the session response operation by using the proactive coping evaluation of the session response operation and the self vulnerability evaluation of the session response operation.
To be seen in some examples, for each session response operation of the response behavior execution end in the a-th round of behavior analysis period, the AI server may determine a passive defense coefficient and an active processing coefficient of each session response operation respectively in combination with a basic multi-end service interaction scenario and a set interaction variable of each data knowledge; and determining the response quality label of each session response operation by combining the passive defense coefficient and the active processing coefficient of each session response operation.
In the embodiment of the invention, each data knowledge in the interactive scene has a set priority index, and the priority indexes corresponding to different types of data knowledge are different; for example, on the basis that the interactive scene is a digital office business interactive scene, different types of data knowledge such as "knowledge1", "knowledge2", "knowledge3", and "knowledge4" all correspond to set priority indexes, for example, the priority index of "knowledge2" is priority index 1, the priority index of "knowledge1" is priority index 6, and the priority index of "knowledge5" is priority index 8.
For some possible examples, for each session response operation of the response behavior execution end in the a-th round of behavior analysis period, the AI server may determine an active processing coefficient of the session response operation by using a current interaction scenario and a set interaction variable of data knowledge corresponding to the session response operation, and a set interaction variable of data knowledge of the opposite end that can be handled by the data knowledge corresponding to the session response operation in the current interaction scenario; for example, in an interactive scene corresponding to the a-th round of behavior analysis period, when a session response operation at the response behavior execution end is "perform knowledge1 migration based on folder file _ a and folder file _ B", and the session response operation suppresses one "knowledge2" at the opposite end, the active processing coefficient of the session response operation "perform knowledge1 migration based on folder file _ a and folder file _ B" may be determined by using the set interaction variable of data knowledge "knowledge1" and the set interaction variable of data knowledge "knowledge2" through the set first determination value.
For some possible examples, for each session response operation of the response behavior execution end in the a-th round of behavior analysis period, the AI server may determine a passive defense coefficient of the session response operation by using a set interaction variable of data knowledge corresponding to the session response operation and a set interaction variable of data knowledge of the response behavior execution end capable of limiting the data knowledge in the a + 1-th round of behavior analysis period; for example, a session response operation at the response behavior execution end of the a-th round of behavior analysis period is "perform knowledge1 migration based on folder file _ a and folder file _ B", and on the basis of the data knowledge "knowledge1" corresponding to the session response operation "that" perform knowledge1 migration based on folder file _ a and folder file _ B "may be limited by the" knowledge5 "at the response behavior execution end of the a + 1-th round of behavior analysis period, the passive defense coefficient of the session response operation" perform knowledge1 migration based on folder file _ a and folder file _ B "may be determined by presetting the second determination value by using the set interaction variable of the data knowledge" knowledge1 "and the set interaction variable of the data knowledge" knowledge5 ".
For some possible examples, for each session response operation at the response behavior execution end of the a-th round of behavior analysis period, the AI server may determine a global statistical value (which may be understood as a comprehensive value) of the session response operation by using a statistical value between the active processing coefficient and the passive defense coefficient and a set third determination value on the basis of determining the active processing coefficient and the passive defense coefficient of the session response operation, and obtain a normalized value corresponding to the global statistical value by normalizing the global statistical value, and use the normalized value as a response quality label of the session response operation. To see some examples, the AI server may normalize the global statistics based on the interval of [0,1] through a normalization operation. In the embodiment of the invention, through standardization operation, the global statistic value of each session response operation can be unified, which is beneficial to extracting the session response operation to be executed by using the obtained response quality label.
In the embodiment of the invention, the preset first judgment value, the preset second judgment value and the preset third judgment value can be set by combining with the actual situation.
Step 23: and determining a behavior analysis scene corresponding to each session response operation to be matched by combining the basic multi-terminal service interaction scene and each session response operation to be matched in the V session response operations to be matched to obtain V behavior analysis scenes.
For some possible examples, for each session response operation to be matched in the V session response operations to be matched, the AI server may respectively execute each session response operation to be matched in the basic multi-terminal service interaction scenario, so as to obtain one behavior analysis scenario corresponding to each session response operation to be matched. For example, on the basis that a to-be-matched session response operation of the current response behavior execution end is "perform knowledge2 migration based on the folder file _ C and the folder file _ D", the to-be-matched session response operation is executed in the basic multi-end service interaction scene, so as to obtain a behavior analysis scene (subsequent behavior inference scene).
For some possible examples, step 23 above may be implemented by steps 231 and 232.
Step 231: selecting a session response operation answer1 to be matched with the largest response quality label from the V session response operations to be matched by using the response quality labels, and determining a 1 st behavior analysis scene by combining a basic multi-terminal service interaction scene and the session response operation answer1 to be matched; each session response operation to be matched corresponds to one response quality label.
Step 232: selecting a session response operation answer2 to be matched with the largest answer quality label from the session response operations to be matched except the session response operation answer1 to be matched in the V session response operations to be matched by utilizing the answer quality label, and determining a 2 nd behavior analysis scene by combining a basic multi-terminal service interaction scene and the session response operation answer2 to be matched until determining a V th behavior analysis scene by combining the basic multi-terminal service interaction scene and the V th session response operation to be matched.
For some possible examples, in the process of determining V behavior analysis scenes by using a basic multi-terminal service interaction scene and V session response operations to be matched, an AI server may select one session response operation to be matched with the largest response quality label from the V session response operations to be matched, and execute the session response operation to be matched obtained by screening in the basic multi-terminal service interaction scene, thereby obtaining a 1 st behavior analysis scene; and then, selecting one to-be-matched session response operation with the largest response quality label from the remaining V-1 to-be-matched session response operations again, and executing the screened to-be-matched session response operation in the basic multi-terminal service interaction scene to obtain a 2 nd behavior analysis scene, repeating the steps until 1 to-be-matched session response operation is remained, and executing the remaining to-be-matched session response operation in the basic multi-terminal service interaction scene to obtain a V th behavior analysis scene.
For some possible examples, the above step 113 may be implemented by steps 31 to 33, and in step 113, in combination with the to-be-matched session response operation obtained in the U-turn behavior analysis period, the to-be-executed session response operation is extracted from the V to-be-matched session response operations at the reply behavior execution end in the a-th turn behavior analysis period, and is implemented by steps 32 and 33 as the to-be-executed session response operation at the reply behavior execution end in the current behavior response period.
Step 31: and determining V session response operations to be matched of the response behavior execution end of the corresponding a +1 th round behavior analysis period by using each behavior analysis scene of the a-th round behavior analysis period until V session response operations to be matched of the response behavior execution end of the corresponding U-th round behavior analysis period are determined by using each behavior analysis scene of the U-1 th round behavior analysis period.
Further, on the basis that the interaction participation end at least comprises a first participation end and a second participation end, the response behavior execution end of the a-th round behavior analysis period is the first participation end, and the response behavior execution end of the a + 1-th round behavior analysis period is the second participation end.
Step 32: obtaining the response capability index of each session response operation to be matched at the response behavior execution end of the first round of behavior analysis period by using the response quality label of the session response operation to be matched, which is described by the request response, from the first round of behavior analysis period to the U round of behavior analysis period; each session response operation to be matched corresponds to one response quality label.
Step 33: and extracting the session response operation to be executed from the V session response operations to be matched at the response behavior execution end in the a-th round behavior analysis period by using the response capability index, wherein the session response operation to be executed is taken as the session response operation to be executed at the response behavior execution end in the current behavior response period.
In the embodiment of the present invention, a request response description exists between a local session response operation to be matched in an a-th round of behavior analysis period and a local session response operation to be matched in an a + 1-th round of behavior analysis period, and each session response operation to be matched corresponds to one response quality tag, an AI server may obtain, on the basis of obtaining the session response operation to be matched in the U-th round of behavior analysis period, a response quality tag of the session response operation to be matched, which has the request response description, in the U-th round of behavior analysis period, to obtain a response capability index of each session response operation to be matched at a response behavior execution end in the a-th round of behavior analysis period, and extract, from V session response operations to be matched at the response behavior execution end in the a-th round of behavior analysis period, a session response operation to be matched, which has the smallest response capability index, as the session response operation to be executed at the response behavior execution end in the current round of behavior analysis period.
To be seen in some examples, on the basis that U is 4, V is 2, multiple interactive ends are an information intrusion end and an information protection end, and a response behavior execution end in a 1 st round of behavior analysis period and a response behavior execution end in a current behavior response period are information intrusion ends, 2 session response operations to be matched 1 and 12 of a first session response operation of the information intrusion end are determined in the 1 st round of behavior analysis period; in the 2 nd round of behavior analysis cycle, the information protection end is a response behavior execution end, 2 session response operations to be matched 1 and response operations to be matched 2 of the first session response operation of the information protection end corresponding to the session response operation to be matched 1 are determined, and 2 session response operations to be matched 3 and response operations to be matched 4 of the first session response operation of the information protection end corresponding to the session response operation to be matched 12 are determined; in the 3 rd round of behavior analysis cycle, the information intrusion end is a response behavior execution end, and 2 session response operations to be matched 11 and 12 of the second session response operation of the information intrusion end corresponding to the session response operation to be matched 1 are determined, 2 session response operations to be matched 13 and 14 of the second session response operation of the information intrusion end corresponding to the session response operation to be matched 2 are determined, 2 session response operations to be matched 15 and 16 of the second session response operation of the information intrusion end corresponding to the session response operation to be matched 13 are determined, and 2 session response operations to be matched 17 and 18 of the second session response operation of the information intrusion end corresponding to the session response operation to be matched 4 are determined; further, in the fourth behavior analysis cycle, the information protection end is an answer behavior execution end, and 2 session response to be matched operations response11 and response to be matched 12 of the second session response operation of the information protection end corresponding to the session response to be matched operation11 are determined, 2 session response to be matched operations response13 and response to be matched 14 of the second session response operation of the information protection end corresponding to the session response to be matched operation12 are determined, 2 session response to be matched operations response15 and response to be matched 16 of the second session response operation of the information protection end corresponding to the session response to be matched operation13 are determined, 2 session response to be matched operations response17 and response to be matched 18 of the second session response operation of the information protection end corresponding to the session response to be matched operation14 are determined, the session response to be matched operation response19 and the session response to be matched operation response20, which determine the second session response operation of the information guard end corresponding to the session response to be matched operation15, the session response to be matched operation response to be matched 21 and the session response to be matched operation response22, which determine the second session response operation of the information guard end corresponding to the session response to be matched operation16, the session response to be matched operation response23 and the session response to be matched operation response24, which determine the second session response operation of the information guard end corresponding to the session response to be matched operation17, and the session response to be matched operation response25 and the session response to be matched operation response26, which determine the second session response operation of the information guard end corresponding to the session response to be matched operation18, thereby obtaining all conversation response operations to be matched in the four-wheel behavior analysis period; in combination with this, there are request response descriptions among the session response operation to be matched 1, the session response operation to be matched 11, and the session response operation to be matched 11, there are request response descriptions among the session response operation to be matched 1, the session response operation to be matched 11, and the session response operation to be matched 12, and there are request response descriptions among the session response operation to be matched 1, the session response operation to be matched 12, and the session response operation to be matched 13. Based on this, the AI server may obtain, in combination with the response quality tag of the session response operation to be matched, which is described by the request response, the response capability index of the session response operation to be matched 1 in the 1 st behavior parsing scene, and obtain the response capability index of the session response operation to be matched 2.
For some possible examples, the AI server may obtain a response capability index of each session response operation to be matched at a response behavior execution end of the a-th round behavior analysis period by using a response quality tag for requesting response description for the session response operation to be matched in the a-th round behavior analysis period to the U-th round behavior analysis period, extract a process of the session response operation to be executed from V session response operations to be matched at the response behavior execution end of the a-th round behavior analysis period by using the response capability index, and determine corresponding information. In this way, information for explaining the analysis progress when the session response operation to be performed for the current behavior response period is obtained.
For some possible examples, the above step 32 may be implemented by step 321.
Step 321: weighting response quality labels of session response operations to be matched, which are described by request responses, in the period from the a-th-round behavior analysis period to the U-th-round behavior analysis period to obtain P response capability indexes of each session response operation to be matched at a response behavior execution end of the a-th-round behavior analysis period; each session response operation to be matched of the response behavior execution end in the a-th round of behavior analysis period corresponds to P response capability indexes, and P = V ^ (V + 1).
To be seen in some examples, on the basis that V is 2, 8 response capability indexes of the session response operation1 to be matched and 8 response capability indexes of the session response operation2 to be matched at the response behavior executing end of the 1 st round of behavior parsing cycle may be obtained, where, the 1 st response capability index of the session response operation to be matched 1 is the statistical value of the response quality labels of the session response operation to be matched 1, the session response operation to be matched 11 and the session response operation to be matched 11, the 2 nd response capability index is the statistical value of the response quality labels of the session response operation to be matched 1, the session response operation to be matched 11 and the session response operation to be matched 12, the 3 rd response capability index is the statistical value of the response quality labels of the session response operation to be matched 1, the session response operation to be matched 12 and the session response operation to be matched 13, the 4 th response capability index is the session response operation to be matched 1, the session response operation to be matched 1 the statistical values of the response quality labels of the session response operation to be matched 1, the session response operation to be matched 12 and the session response operation to be matched 14, the 5 th response capability index is the statistical value of the response quality labels of the session response operation to be matched 1, the session response operation to be matched 2, the session response operation to be matched 13 and the session response operation to be matched 15, the 6 th response capability index is the statistical value of the response quality labels of the session response operation to be matched 1, the session response operation to be matched 2, the session response operation to be matched 13 and the session response operation to be matched 16, and the 7 th response capability index is the statistical value of the response quality labels of the session response operation to be matched 1, the session response operation to be matched 2, the statistical values of the response quality labels of the session response operation to be matched 14 and the session response operation to be matched 17, and the 8 th response capability index is the statistical values of the response quality labels of the session response operation to be matched 1, the session response operation to be matched 2, the session response operation to be matched 14 and the session response operation to be matched 18; accordingly, the method can be used for solving the problems that, the 1 st response capability index of the session response operation to be matched operation2 is the statistical value of the response quality labels of the session response operation to be matched operation2, the session response operation to be matched response3, the session response operation to be matched operation15 and the session response operation to be matched 19, the 2 nd response capability index is the statistical value of the response quality labels of the session response operation to be matched operation2, the session response operation to be matched response3, the session response operation to be matched operation15 and the session response operation to be matched response20, the 3 rd response capability index is the statistical value of the response quality labels of the session response operation to be matched operation2, the session response operation to be matched response3, the session response operation to be matched operation16 and the session response operation to be matched response21, the 4 th response capability index is the statistical value of the session response operation to be matched operation2, the session response operation to be matched response operation 3 the statistical values of the response quality labels of the session response operation to be matched 16 and the session response operation to be matched 22, the 5 th response capability index is the statistical value of the response quality labels of the session response operation to be matched 2, the session response operation to be matched 4, the session response operation to be matched 17 and the session response operation to be matched 23, the 6 th response capability index is the statistical value of the response quality labels of the session response operation to be matched 2, the session response operation to be matched 4, the session response operation to be matched 17 and the session response operation to be matched 24, the 7 th response capability index is the statistical value of the response quality labels of the session response operation to be matched 2, the session response operation to be matched 4, the session response operation to be matched 18 and the session response operation to be matched 25, and the 8 th response capability index is a statistical value of the response quality labels of the session response operation2 to be matched, the session response operation response4 to be matched, the session response operation18 to be matched and the session response operation response26 to be matched; then, the AI server may select a minimum one of the 16 response capability indexes, and take a session response operation to be matched to which the minimum response capability index belongs as a session response operation to be executed; for example, on the basis that the session response operation to be matched to which the minimum response capability index belongs is the session response operation to be matched 2, the session response operation to be matched 2 may be used as the session response operation to be executed of the information intrusion end in the current behavior response period.
For some possible examples, the step 13 may be implemented by the following steps, which may specifically include: determining a priority comparison result and a first request response description between intrusion protection monitoring records of the session response operations to be matched by using the priority comparison result and the request response description between the session response operations to be matched; determining a second request response description between the intrusion prevention monitoring record of the session response operation to be matched and the intrusion prevention monitoring record of the session response operation to be executed by utilizing the request response description between the session response operation to be matched and the session response operation to be executed; and determining a data risk detection report of the intrusion protection process by combining the intrusion protection monitoring record, the priority comparison result, the first request response description and the second request response description.
In the embodiment of the present invention, as can be obtained from the above description, there is a request-response description between the local session response operations to be matched in every two adjacent behavior parsing scenarios (for example, the session response operation to be matched 1 corresponds to the session response operation to be matched 1, the session response operation to be matched 1 corresponds to the session response operation to be matched 2, and the like), and there is also a priority comparison result between the session response operations to be matched in the set number of behavior parsing scenarios (for example, the session response operation to be matched 1 precedes the session response operation to be matched 1, the session response operation to be matched 1 precedes the session response operation to be matched 2, and the like), and there is also a request-response description between the session response operations to be matched and the session response operations to be executed (for example, on the basis that the session response operation to be executed is the session response operation to be matched 1, all the session response operations to be matched correspond to the session response operation to be executed, session1, or all the session response operations to be matched correspond to the session response operation to be executed, session2 on the basis that the session response operations to be executed are session 2), so that the AI server can obtain a priority comparison result and a first request response description between intrusion prevention monitoring records of the session response operations to be matched by using a priority comparison result and a request response description existing between the session response operations to be matched, obtain a second request response description between the intrusion prevention monitoring records of the session response operations to be matched and the intrusion prevention monitoring records of the session response operations to be executed by using a request response description between the session response operations to be matched and the session response operations to be executed, and then use the first request response description, and the priority comparison result and the second request response description determine a data risk detection report of the intrusion protection process.
For some possible examples, the AI server may immediately arrange intrusion prevention monitoring records of related session response operations to be matched by using the first request response description, and immediately arrange the related session response operations to be matched and the intrusion prevention monitoring records of the session response operations to be executed by using the second request response description, so as to obtain a data risk detection report of the intrusion prevention process in the characteristic field mode.
For some possible examples, the AI server may determine auditory sensory output information of each monitoring record first, then immediately sort among intrusion protection monitoring records of related session response operations to be matched by using the first request reply description and the priority comparison result, immediately sort among the auditory sensory output information of the related session response operations to be matched by using the first request reply description and the priority comparison result, simultaneously immediately sort among the related session response operations to be matched and the intrusion protection monitoring records of the session response operations to be executed by using the second request reply description, and immediately sort among the related session response operations to be matched and the auditory sensory output information of the session response operations to be executed by using the second request reply description; therefore, the intrusion protection monitoring record and the comprehensive monitoring record of the intrusion protection process are respectively obtained, then the intrusion protection monitoring record and the comprehensive monitoring record can be paired, the paired intrusion protection monitoring record and the comprehensive monitoring record are combined, and the data risk detection report of the intrusion protection process in the characteristic field mode and the auditory sense output mode is obtained.
For some possible examples, the step 13 may be further implemented by the following steps, which may specifically include: determining corresponding auditory sense output information, atlas interactive behavior information and interactive behavior thermodynamic information by using each intrusion protection monitoring record; and determining comprehensive monitoring records of the intrusion protection process by using auditory sensory output information, atlas interactive behavior information and interactive behavior thermodynamic information.
For some possible examples, the mapped interactive behavior information may be dynamic interactive behavior information, for example, a dynamic interactive behavior that the session response operation "performs knowledge1 migration based on the folder file _ a and the folder file _ B" corresponds to data knowledge "knowledge1" migrating from the base folder file _ a to the target folder file _ B; the interactive behavior thermal information may be a behavior heat characteristic.
For some possible examples, the AI server may determine, on the basis of determining each multi-terminal service interaction scenario, a dynamic behavior record of the multi-terminal service interaction scenario by using a template of the interaction scenario and a folder position of each data knowledge in the interaction scenario, and on the basis of determining a session response operation to be matched or a session response operation to be executed by using the multi-terminal service interaction scenario, may determine, on the premise of determining the dynamic behavior record of the multi-terminal service interaction scenario, a dynamic behavior record (such as a dynamic interaction behavior) when the session response operation to be matched or the session response operation to be executed is executed, and at the same time, match a corresponding behavior heat characteristic for the session response operation by using an execution coefficient of the session response operation to be matched or the session response operation to be executed; and then, fusing the dynamic behavior record of the multi-terminal service interaction scene, the dynamic interaction behavior of the session response operation to be matched or the session response operation to be executed, and the behavior heat characteristics of the session response operation to be matched or the session response operation to be executed, so as to obtain local dynamic behavior data of the session response operation to be matched or the session response operation to be executed, and sorting all the obtained dynamic behavior data according to a priority comparison result and a request response description between the session response operation to be matched, and a request response description between the session response operation to be executed and the session response operation to be matched, so as to obtain a visual detection report of the intrusion protection process. Further, the AI server can determine intrusion protection monitoring records of each session response operation on the basis of determining the session response operation to be matched or the session response operation to be executed by using each multi-terminal service interaction scene, determine corresponding auditory sensory output information by using the intrusion protection monitoring records, and arrange all the obtained auditory sensory output information according to a priority comparison result and request response description between the session response operations to be matched and the request response description between the session response operations to be executed and the session response operations to be matched to obtain an auditory sensory output information risk detection report of an intrusion protection process; then, the visual detection report and the auditory sense output information risk detection report are paired to obtain a comprehensive monitoring record of the intrusion protection process.
For some possible examples, when an intrusion protection thread or manually utilizes a determined data risk detection report to perform intrusion protection interaction, a current multi-terminal service interaction scene can be simultaneously output on an output window, a process of analyzing each session response operation to be matched of a current response behavior execution end by utilizing the current multi-terminal service interaction scene is simultaneously broadcasted, a dynamic behavior for implementing each session response operation to be matched of the current response behavior execution end and a behavior analysis scene obtained after implementing the session response operation to be matched of the current response behavior execution end are output through the output window in the process, and after a set number of cycles of behavior analysis cycles are broadcasted by adopting the risk detection idea, broadcasting the session response operation to be matched of the current response behavior execution end analyzed by the set number of turns of behavior analysis periods again, extracting the process of the session response operation to be executed of the current multi-end service interaction scene of the current response behavior execution end, outputting the dynamic behavior of implementing the session response operation to be matched of the current response behavior execution end on the current multi-end service interaction scene through an output window after broadcasting the session response operation to be executed of the current multi-end service interaction scene of the current response behavior execution end, and executing the derived current multi-end service interaction scene obtained after executing the session response operation to be executed; and then, broadcasting and analyzing the process of whether a target execution end exists in the derived current multi-end service interaction scene again, and on the basis that the target execution end does not exist, broadcasting and summarizing the intrusion protection process by taking the derived response behavior execution end as the current response behavior execution end and using the derived current multi-end service interaction scene again until the target execution end exists in the newly broadcasted multi-end service interaction scene, and terminating the broadcasting and summarizing.
An exemplary description of the AI-based intrusion prevention response data processing method of the present invention follows. Further, the interactive participation end comprises: the system comprises an information intrusion end and an information protection end, and each response operation of the information intrusion end and the information protection end is analyzed during intrusion protection interaction.
Step 401: a base interaction scenario is created. In the embodiment of the invention, the basic interactive scene can be set by using the specified scene configuration information.
Step 402: and setting a current behavior executing party as an information intrusion end, and setting a current behavior responding party as an information protection end. In the embodiment of the invention, the current behavior executing party and the current behavior responding party can be set by using the preset response behavior executing end variable.
Step 403: the current behavior executor is determined to execute a first round of each executable session response operation. In the embodiment of the invention, each executable session response operation of the information intrusion end can be determined by utilizing the basic interaction scene.
Step 404: and determining the passive defense coefficient of each executable session response operation in the first round of the current behavior executing party. In the embodiment of the invention, the passive defense coefficient of each executable session response operation of the information intrusion end can be respectively determined by combining the basic interaction scene and the set interaction variable of each data knowledge of the first round of the information intrusion end.
Step 405: and performing a first round of executable session response operation on the current behavior executing party by using the executing coefficient for sorting. In the embodiment of the invention, the active processing coefficient of each executable session response operation of the first round of the information intrusion end can be respectively determined by using the basic interaction scene and the set interaction variable of each data knowledge of the information intrusion end, and all the executable session response operations of the first round of the information intrusion end are sorted by using the active processing coefficient.
Step 406: and performing a first round of executable session response operation on the current behavior executing party, and sorting by utilizing a passive defense coefficient. In this embodiment of the present invention, all executable session response operations of the information intrusion end may be sorted by using the passive defense coefficient of each executable session response operation of the first round of each information intrusion end determined in step 404.
Step 407: and performing first-round executable session response operation on the current behavior executing party to perform combined passive defense coefficient and execution coefficient arrangement. In the embodiment of the invention, the active processing coefficients of all executable session response operations of the information intrusion end can be arranged, and the passive defense coefficients of all executable session response operations of the information intrusion end can be arranged, so that all executable session response operations of the information intrusion end can be jointly arranged; in actual implementation, the response quality label of each executable session response operation of the information intrusion end can be determined by using the passive defense coefficient and the active processing coefficient of each executable session response operation of the information intrusion end, and then, the response quality label is utilized for sorting.
Step 408: and acquiring a first round of top5 conversation response operation of the current behavior executing party.
Step 409: and acquiring the session response operation with the maximum sorting sequence in the first round of top5 session response operations of the current behavior executing party, and storing the session response operation in the cloud service system.
Step 410: and determining an interactive scene after the execution of the conversation response operation with the largest sorting sequence in the first round of the current behavior executing party.
Step 411: and determining the session response operation with the maximum sorting sequence in the first round of ranking top5 session response operations of the current behavior corresponding to the opposite side by using the determined interactive scene and adopting the same principle as the steps 403 to 409, and storing the session response operation in the cloud service system.
In the embodiment of the invention, when the current behavior executing party is the information intrusion end, the current behavior responding party is the information protection end; and when the current behavior executing party is the information protection end, the current behavior responding party is the information intrusion end.
Step 412: determining an interactive scene of the current behavior after the current behavior is operated by the largest conversation response of the first round of the sorting sequence of the opposite side;
step 413: determining a session response operation with the largest sorting sequence again from the rest session response operations of the top5 session response operations of the first round of the current behavior corresponding to the other party, and storing the session response operation with the largest sorting sequence in the cloud service system; and then, returning to implement the steps 412 and 413 again until the current behavior is determined to correspond to the finishing 5-th session response operation in the first round of finishing top5 session response operations.
Step 414: determining a conversation response operation with the largest sorting sequence again from the rest conversation response operations of the top5 conversation response operations of the first round of the current behavior executing party, and storing the conversation response operation in the cloud service system; then, the process returns to the step 410 to the step 413 again until the current behavior executing party is determined to execute the 5 th conversation response operation in the first round of sequencing top5 conversation response operations.
Step 415: and determining the response capability index (response error) of each session response operation in the first round of the finishing top5 session response operation of the information intrusion end by using the response quality label of the first round of the finishing top5 session response operation of the information intrusion end and the response quality label of the first round of the finishing top5 session response operation of the information protection end.
Step 416: and selecting one session response operation with the minimum response capability index as a to-be-executed session response operation of the information intrusion end from the first round of top5 session response operations of the information intrusion end.
Step 417: and carrying out intrusion protection interaction on the basis of the basic interaction scene by adopting the to-be-executed session response operation of the information intrusion end, and determining a new interaction scene after the to-be-executed session response operation.
Step 418: judging whether one end of the new interaction scene completely suppresses the other end of the new interaction scene; if yes, go to step 419-423; if not, setting the current behavior executing party as an information protection end, setting the current behavior responding party as an information intrusion end, and returning to implement the steps 403-418 again.
Step 419: and outputting all recorded session response operations of the information protection end and the information intrusion end and related data of each session response operation from the cloud service system.
Step 420: and determining the obtained session response operation record corresponding to each session response operation from the set reference record corresponding to the session response operation, and determining the derived session response operation intrusion prevention monitoring record of each data identification execution mode.
Step 421: adopting a set mode, operating intrusion protection monitoring records by using the determined session response of each data knowledge execution mode, and determining corresponding auditory sense output information;
step 422: and matching the determined session response operation intrusion prevention monitoring records of each data identification execution mode with the corresponding auditory sense output information.
Step 423: and sorting all matched data knowledge execution modes, and determining a data risk detection report corresponding to the basic interactive scene.
In some possible embodiments, after determining the data risk detection report of the intrusion prevention process in combination with the intrusion prevention monitoring record, the method may further include: identifying an intrusion protection label of a target execution end corresponding to the data risk detection report; under the condition that the intrusion protection tag is a tag of an information intrusion end, updating a current information protection strategy; and maintaining the current information protection strategy under the condition that the intrusion protection label is the label of the information protection end. In this way, targeted information protection processing can be performed based on the data risk detection report.
In some possible embodiments, when the intrusion prevention tag is a tag of an information intrusion end, updating the current information prevention policy may include the following: determining an attack intention relationship network of the information intrusion end; acquiring a stage attack intention vector and a scene attack intention vector in an attack intention relationship network; connecting the stage attack intention vector and the scene attack intention vector in the attack intention relationship network based on the intention vector correlation degree between the stage attack intention vector and the scene attack intention vector in the attack intention relationship network to obtain an intention vector connection result; determining a scene attack intention vector with abnormal connection as a scene attack intention vector to be matched, and determining an intrusion threat element matched with the scene attack intention vector to be matched according to an intention vector common value between the scene attack intention vector in the intention vector connection result and the scene attack intention vector to be matched; connecting the intrusion threat elements matched with the scene attack intention vectors to be matched to obtain threat element connection results; determining a strategy vulnerability in the attack intention relationship network and an intrusion threat element corresponding to the strategy vulnerability according to the threat element connection result and the intention vector connection result; and updating the current information protection strategy based on the strategy loophole and the intrusion threat elements corresponding to the strategy loophole.
For example, the library performs binary pairing based on the policy vulnerability and the intrusion threat elements corresponding to the policy vulnerability, and then updates the response processing rule of the current information protection policy according to the pairing result, thereby realizing real-time updating and upgrading of information protection.
Based on the same inventive concept, fig. 2 illustrates a block diagram of an AI-based intrusion prevention response data processing apparatus according to an embodiment of the present invention, and the AI-based intrusion prevention response data processing apparatus may include a session operation interaction module 21, a monitoring record determination module 22, and an intrusion prevention detection module 23, which implement the relevant method steps illustrated in fig. 1.
A session operation interaction module 21, configured to: and in response to the fact that the intrusion protection process is in an activated state, determining to-be-matched session response operation of a response behavior execution end of each set number of behavior analysis periods in combination with a multi-terminal service interaction scene, analyzing to obtain to-be-executed session response operation of the response behavior execution end of the current behavior response period in combination with to-be-matched session response operation, interacting in combination with to-be-executed session response operation, and determining the current multi-terminal service interaction scene.
A monitoring record determination module 22 for: and on the basis that the target execution end does not exist in the current multi-end service interaction scene, analyzing and obtaining the to-be-executed session response operation of the response behavior execution end in the next round of behavior response period by combining the current multi-end service interaction scene, interacting by combining the to-be-executed session response operation of the response behavior execution end in the next round of behavior response period, and determining the next round of multi-end service interaction scene until each session response operation to be matched and the intrusion protection monitoring record of each to-be-executed session response operation are determined on the basis that the target execution end exists in the determined multi-end service interaction scene.
An intrusion prevention detection module 23 configured to: and determining a data risk detection report of the intrusion protection process by combining the intrusion protection monitoring record.
The related embodiment applied to the invention can achieve the following technical effects: responding to that the intrusion protection process is in an activated state, performing session response operation analysis by using a multi-terminal service interaction scene, obtaining session response operations to be matched of response behavior execution ends in each cycle of behavior analysis period, obtaining session response operations to be executed in the session response operations to be matched, performing adaptive intrusion protection interaction by using the session response operations to be executed until all session response operations to be matched and each session response operation to be executed are obtained by using analysis on the basis that a target execution end exists in the related intrusion protection process, and then determining a data risk detection report of the intrusion protection process by using the intrusion protection monitoring records of each session response operation. Therefore, the session response operations of all the interaction participants can be flexibly analyzed and predicted, the operation interaction conditions among all the interaction participants are flexibly carried out by using the session response operations obtained through analysis, and the data risk detection report of the intrusion protection process is determined by using the session response operations obtained through analysis and the intrusion protection monitoring record used for the session response operations of the operation interaction.
The foregoing is only illustrative of the present invention. Those skilled in the art can conceive of changes or substitutions based on the specific embodiments provided by the present invention, and all such changes or substitutions are intended to be included within the scope of the present invention.
Claims (9)
1. An AI-based intrusion protection response data processing method is applied to an AI server, and the method at least comprises the following steps:
responding to the fact that an intrusion protection process is in an activated state, determining to-be-matched session response operation of a response behavior execution end of each behavior analysis period in a set number of behavior analysis periods by combining a multi-terminal service interaction scene, analyzing to obtain to-be-executed session response operation of the response behavior execution end of the current behavior response period by combining the to-be-matched session response operation, interacting by combining the to-be-executed session response operation, and determining the current multi-terminal service interaction scene;
on the basis that a target execution end does not exist in the current multi-end service interaction scene, analyzing and obtaining to-be-executed session response operation of a response behavior execution end in a next round of behavior response period in combination with the current multi-end service interaction scene, interacting in combination with to-be-executed session response operation of the response behavior execution end in the next round of behavior response period, and determining the next round of multi-end service interaction scene until each to-be-matched session response operation and each to-be-executed session response operation intrusion protection monitoring record are determined on the basis that the target execution end exists in the determined multi-end service interaction scene;
determining a data risk detection report of the intrusion protection process by combining the intrusion protection monitoring record;
wherein, the determining the data risk detection report of the intrusion protection process by combining the intrusion protection monitoring record comprises: determining a priority comparison result and a first request response description between intrusion protection monitoring records of the session response operations to be matched by using the priority comparison result and the request response description between the session response operations to be matched; determining a second request response description between the intrusion prevention monitoring record of the session response operation to be matched and the intrusion prevention monitoring record of the session response operation to be executed by utilizing the request response description between the session response operation to be matched and the session response operation to be executed; and determining a data risk detection report of the intrusion protection process by combining the intrusion protection monitoring record, the priority comparison result, the first request response description and the second request response description.
2. The method of claim 1, wherein the set number is U, and U is a positive integer; the responding intrusion protection process is in an activated state, session response operations to be matched of the response behavior execution end of each behavior analysis period in a set number of behavior analysis periods are determined by combining a multi-terminal service interaction scene, and the session response operations to be executed of the response behavior execution end of the current behavior response period are obtained by analyzing by combining the session response operations to be matched, and the method comprises the following steps:
determining a basic multi-terminal service interaction scene by combining the appointed scene configuration information;
determining V to-be-matched session response operations of a response behavior execution end of the a-th round behavior analysis period by combining the basic multi-end service interaction scene, and determining corresponding V behavior analysis scenes by utilizing the V to-be-matched session response operations; a is an integer of 1 to U; v is an integer not less than 1;
determining V session response operations to be matched of the response behavior execution end of the corresponding a +1 th round of behavior analysis period by using each behavior analysis scene of the a-th round of behavior analysis period until V session response operations to be matched of the response behavior execution end of the corresponding U-th round of behavior analysis period are determined by using each behavior analysis scene of the U-1 th round of behavior analysis period, and extracting the session response operations to be executed from the V session response operations to be matched of the response behavior execution end of the a-th round of behavior analysis period by combining the session response operations to be matched obtained by the U-th round of behavior analysis period to serve as the session response operations to be executed of the response behavior execution end in the current behavior response period; on the basis that the interactive participation end at least comprises a first participation end and a second participation end, the response behavior execution end of the a-th round behavior analysis period is the first participation end, and the response behavior execution end of the a + 1-th round behavior analysis period is the second participation end.
3. The method of claim 2, wherein the determining, in combination with the basic multi-end service interaction scenario, V to-be-matched session response operations of a response behavior execution end of an a-th round of behavior analysis period, and determining, by using the V to-be-matched session response operations, corresponding V behavior analysis scenarios, includes:
determining each session response operation of the response behavior execution end of the a-th round behavior analysis period by combining the basic multi-end service interaction scene, and determining a response quality label of each session response operation;
taking the former V session response operations with the maximum response quality labels as V session response operations to be matched at the response behavior execution end of the a-th behavior analysis period;
and determining a behavior analysis scene corresponding to each session response operation to be matched by combining the basic multi-terminal service interaction scene and each session response operation to be matched in the V session response operations to be matched to obtain the V behavior analysis scenes.
4. The method of claim 3, wherein said determining an answer quality label for said each session response operation comprises:
respectively determining a passive defense coefficient and an active processing coefficient of each session response operation by combining the basic multi-terminal service interaction scene and a set interaction variable of each data knowledge;
determining a response quality label of each session response operation by combining the passive defense coefficient and the active processing coefficient of each session response operation;
each session response operation to be matched corresponds to one response quality label; the determining, in combination with the basic multi-terminal service interaction scenario and each to-be-matched session response operation in the V to-be-matched session response operations, a behavior analysis scenario corresponding to each to-be-matched session response operation includes:
selecting a session response operation answer1 to be matched with the largest response quality label from the V session response operations to be matched by using the response quality labels, and determining a 1 st behavior analysis scene by combining the basic multi-terminal service interaction scene and the session response operation answer1 to be matched;
selecting a session response operation answer2 to be matched with the largest answer quality label from the session response operations to be matched except the session response operation answer1 to be matched in the V session response operations to be matched by utilizing the answer quality labels, and determining a 2 nd behavior analysis scene by combining the basic multi-terminal service interaction scene and the session response operation answer2 to be matched until determining a V th behavior analysis scene by combining the basic multi-terminal service interaction scene and the V th session response operation to be matched.
5. The method as claimed in claim 2, wherein the determining, by using each behavior analysis scenario of the a-th behavior analysis cycle, V session response operations to be matched at the response behavior execution end of the corresponding a + 1-th behavior analysis cycle includes:
determining each session response operation of the response behavior execution end of the corresponding a +1 th round behavior analysis period by combining any behavior analysis scene of the a th round behavior analysis period, and determining a response quality label of each session response operation;
and taking the former V session response operations with the maximum response quality labels as the V session response operations to be matched of the a +1 th behavior analysis period corresponding to any behavior analysis scene.
6. The method of claim 2, wherein each session response operation to be matched corresponds to a response quality label; the extracting of the session response operation to be executed from the V session response operations to be matched at the response behavior execution end of the a-th round behavior analysis period in combination with the session response operation to be matched obtained by the U-round behavior analysis period includes:
obtaining a response capability index of each session response operation to be matched at a response behavior execution end of the a-th round behavior analysis period by using a response quality label of the session response operation to be matched, which is described by a request response, in the a-th round behavior analysis period to the U-th round behavior analysis period;
and extracting the session response operation to be executed from the V session response operations to be matched at the response behavior execution end in the a-th round behavior analysis period by using the response capability index.
7. The method according to claim 6, wherein each session response operation to be matched at the reply behavior execution end of the a-th round behavior analysis period corresponds to P reply capability indexes; the obtaining of the response capability index of each session response operation to be matched at the response behavior execution end of the a-th round behavior analysis period by using the response quality tag of the session response operation to be matched, which is described by the request response, from the a-th round behavior analysis period to the U-th round behavior analysis period includes:
weighting the response quality labels of the session response operations to be matched, which are described by the request response, in the a-th to U-th round behavior analysis periods to obtain P response capability indexes of each session response operation to be matched at the response behavior execution end of the a-th round behavior analysis period; wherein P = V ^ (V + 1).
8. The method of claim 1, wherein said determining a data risk detection report for said intrusion prevention process in conjunction with said intrusion prevention monitoring records comprises:
determining corresponding auditory sense output information, atlas interactive behavior information and interactive behavior thermodynamic information by using each intrusion protection monitoring record;
and determining the comprehensive monitoring record of the intrusion protection process by utilizing the auditory sense output information, the mapping interactive behavior information and the interactive behavior thermal information.
9. An AI server, comprising: a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; wherein the computer instructions, when executed by the processor, cause the AI server to perform the method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210572501.1A CN114884740B (en) | 2022-05-25 | 2022-05-25 | AI-based intrusion protection response data processing method and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210572501.1A CN114884740B (en) | 2022-05-25 | 2022-05-25 | AI-based intrusion protection response data processing method and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114884740A CN114884740A (en) | 2022-08-09 |
| CN114884740B true CN114884740B (en) | 2023-01-20 |
Family
ID=82678554
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210572501.1A Active CN114884740B (en) | 2022-05-25 | 2022-05-25 | AI-based intrusion protection response data processing method and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114884740B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3816957A1 (en) * | 2019-11-04 | 2021-05-05 | Securex | Security and monitoring system and method for operating same |
| CN113641993A (en) * | 2021-09-02 | 2021-11-12 | 于静 | Data security processing method based on cloud computing and data security server |
| CN114218565A (en) * | 2021-11-23 | 2022-03-22 | 赵运岐 | Intrusion protection data processing method based on big data and big data server |
-
2022
- 2022-05-25 CN CN202210572501.1A patent/CN114884740B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3816957A1 (en) * | 2019-11-04 | 2021-05-05 | Securex | Security and monitoring system and method for operating same |
| CN113641993A (en) * | 2021-09-02 | 2021-11-12 | 于静 | Data security processing method based on cloud computing and data security server |
| CN114218565A (en) * | 2021-11-23 | 2022-03-22 | 赵运岐 | Intrusion protection data processing method based on big data and big data server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114884740A (en) | 2022-08-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109951500B (en) | Network attack detection method and device | |
| CN108881265B (en) | Network attack detection method and system based on artificial intelligence | |
| CN108683687B (en) | Network attack identification method and system | |
| CN108881263B (en) | Network attack result detection method and system | |
| CN108471429B (en) | Network attack warning method and system | |
| CN110351280B (en) | Method, system, equipment and readable storage medium for extracting threat information | |
| US8079083B1 (en) | Method and system for recording network traffic and predicting potential security events | |
| US9154516B1 (en) | Detecting risky network communications based on evaluation using normal and abnormal behavior profiles | |
| CN107465648B (en) | Abnormal equipment identification method and device | |
| CN110417778B (en) | Access request processing method and device | |
| CN109194684B (en) | Method and device for simulating denial of service attack and computing equipment | |
| CN113486334A (en) | Network attack prediction method and device, electronic equipment and storage medium | |
| US11847216B2 (en) | Analysis device, analysis method and computer-readable recording medium | |
| CN108234426B (en) | APT attack warning method and APT attack warning device | |
| CN112217777A (en) | Attack backtracking method and equipment | |
| CN114244564A (en) | Attack defense method, device, equipment and readable storage medium | |
| US20220131884A1 (en) | Non-transitory computer-readable recording medium, information processing method, and information processing device | |
| CN117454376A (en) | Industrial Internet data security detection response and tracing method and device | |
| Sukhwani et al. | A survey of anomaly detection techniques and hidden markov model | |
| CN114884740B (en) | AI-based intrusion protection response data processing method and server | |
| CN115001849B (en) | Vulnerability restoration method and vulnerability restoration system aiming at big data security vulnerability mining | |
| CN116170225A (en) | System testing method, device, equipment and storage medium based on network target range | |
| CN116015800A (en) | Scanner identification method and device, electronic equipment and storage medium | |
| US10362062B1 (en) | System and method for evaluating security entities in a computing environment | |
| Cadalzo et al. | Canopy: A Learning-based Approach for Automatic Low-and-Slow DDoS Mitigation. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20221115 Address after: No. 108, Liukou Road, Yangliuqing Town, Xiqing District, Tianjin, 300000 Applicant after: Zhang Guizhi Address before: 300000 No. 501, Fengqiao Road, Zhongbei Avenue, Zhongbei Town, Xiqing District, Tianjin Applicant before: Tianjin Yili Technology Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230106 Address after: No. 102, Unit 1, Building 1, No. 35, Jiuru Village, Wuhou District, Chengdu, Sichuan, 610041 Applicant after: Sichuan Houjiayuan Technology Co.,Ltd. Address before: No. 108, Liukou Road, Yangliuqing Town, Xiqing District, Tianjin, 300000 Applicant before: Zhang Guizhi |
|
| TA01 | Transfer of patent application right |