CN115168848A - Interception feedback processing method based on big data analysis interception - Google Patents
Interception feedback processing method based on big data analysis interception Download PDFInfo
- Publication number
- CN115168848A CN115168848A CN202211093209.8A CN202211093209A CN115168848A CN 115168848 A CN115168848 A CN 115168848A CN 202211093209 A CN202211093209 A CN 202211093209A CN 115168848 A CN115168848 A CN 115168848A
- Authority
- CN
- China
- Prior art keywords
- decision
- interception
- decision tree
- sub
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007405 data analysis Methods 0.000 title claims abstract description 33
- 238000003672 processing method Methods 0.000 title claims abstract description 23
- 238000003066 decision tree Methods 0.000 claims abstract description 182
- 239000013598 vector Substances 0.000 claims abstract description 50
- 238000012545 processing Methods 0.000 claims abstract description 13
- 230000004931 aggregating effect Effects 0.000 claims abstract description 9
- 238000005192 partition Methods 0.000 claims description 12
- 238000000034 method Methods 0.000 claims description 11
- 238000004422 calculation algorithm Methods 0.000 claims description 9
- 238000006243 chemical reaction Methods 0.000 claims description 9
- 238000012549 training Methods 0.000 claims description 7
- 238000002372 labelling Methods 0.000 claims description 4
- 238000013473 artificial intelligence Methods 0.000 abstract description 5
- 238000005516 engineering process Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 24
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 229940004975 interceptor Drugs 0.000 description 4
- 239000011159 matrix material Substances 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 239000000284 extract Substances 0.000 description 3
- 230000002776 aggregation Effects 0.000 description 2
- 238000004220 aggregation Methods 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000007637 random forest analysis Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention relates to an artificial intelligence technology, and discloses an interception feedback processing method based on big data analysis interception, which comprises the following steps: acquiring an interception decision basis based on an interception log of a business service system; extracting core decision semantics of an interception decision basis according to the vector interception decision basis; constructing a first sub-decision tree cluster according to the core decision semantics, and aggregating the first sub-decision tree cluster into a decision tree model; acquiring access information in real time, and performing interception scoring on the access information by using a decision tree model; intercepting the access information with the interception score larger than the score threshold value, and extracting the core information semantics of the access information with the interception score larger than the score threshold value; and constructing a second sub-decision tree cluster by utilizing the core information semantics, and performing feedback adjustment on the decision tree model by utilizing the second sub-decision tree cluster. The invention also provides an interception feedback processing device based on big data analysis, electronic equipment and a storage medium. The invention can improve the information interception accuracy.
Description
Technical Field
The invention relates to the technical field of artificial intelligence, in particular to an interception feedback processing method and device based on big data analysis interception, electronic equipment and a computer readable storage medium.
Background
With the advent of the big data era, the field related to big data is more and more extensive, but in order to ensure the security of the network environment where the big data is located and improve the reliability of the network security, illegal information in the network needs to be intercepted to ensure the network security.
Most of the existing information interception technologies are based on a firewall to intercept information, for example, access activities that need to be intercepted include attack access activities, privacy access activities, and the like. In practical application, each interception decision is not required to meet the requirements of an actual service scene, and only a fixed interception decision is considered, which may result in that information cannot be intercepted in time, so that the accuracy of information interception is low.
Disclosure of Invention
The invention provides an interception feedback processing method and device based on big data analysis interception and a computer readable storage medium, and mainly aims to solve the problem of low accuracy in information interception.
In order to achieve the above object, the interception feedback processing method based on big data analysis interception provided by the invention comprises the following steps:
s1, acquiring an interception decision basis of a business service system based on an interception log of target interception performed by the business service system;
s2, carrying out vector conversion on the interception decision basis to obtain a vector interception decision basis, and extracting core decision semantics of the interception decision basis according to the vector interception decision basis;
s3, constructing a first sub decision tree cluster according to the core decision semantics, and aggregating the first sub decision tree cluster into a decision tree model;
s4, acquiring access information of an access subject of the business service system in real time, and performing interception scoring on the access information by using the decision tree model, wherein the interception scoring on the access information by using the decision tree model comprises the following steps:
s41, inputting a pre-acquired training data set into the decision tree model to obtain a score data set;
s42, calculating a loss value of the decision tree model according to the score data set and a preset loss function, wherein the preset loss function comprises:
wherein,
in order to obtain the value of the loss,
score data in the score data set,
is the preset real score data and is the real score data,
for the number of the decision tree,
in the form of an inverse cosine function,
is a logarithmic function;
s43, when the loss value is larger than or equal to a preset loss threshold value, performing decision tree addition processing operation on the decision tree model until the loss value is smaller than the loss threshold value, and outputting the current decision tree model as an interception score model;
s44, inputting the access information into the interception scoring model to obtain the interception scoring of the access information;
s5, intercepting the access information with the interception score larger than a preset score threshold value, and extracting the core information semantics of the access information with the interception score larger than the preset score threshold value;
s6, building a second sub decision tree cluster by utilizing the core information semantics, and performing feedback adjustment on the decision tree model by utilizing the second sub decision tree cluster.
Optionally, the obtaining of the interception decision basis of the service system includes:
extracting interception parameters in the interception logs;
and generating an interception decision basis of the business service system according to the interception parameters.
Optionally, the extracting, according to the vector interception decision basis, a core decision semantic of the interception decision basis includes:
extracting a first attention weight of each decision word vector in the vector interception decision basis by using a preset Bert model;
adding the first attention weights of the same decision word vector according to the position code of each decision word vector to obtain a second attention weight;
and selecting the decision word vector with the highest second attention weight as the core decision semantic.
Optionally, the constructing a first sub-decision tree cluster according to the core decision semantics includes:
classifying and labeling the core decision semantics to obtain decision labels corresponding to the core decision semantics;
selecting the decision labels one by one as first root nodes, and splitting a first left node and a first right node on the first root nodes;
distributing the core decision semantics to the first left node and the first right node to obtain a sub-decision tree;
and collecting the sub-decision tree into the first sub-decision tree cluster.
Optionally, the aggregating the first sub-decision tree clusters into a decision tree model includes:
calculating a first information gain of a sub-decision tree root node corresponding to a decision label in the first sub-decision tree cluster by using an information gain algorithm as follows:
wherein,
for the purpose of the first information gain, the gain of the first information,
is as follows
The proportion of class decision labels is taken up,
in the form of a function of a logarithm,
a number of decision semantics samples for the core decision semantics,
is as follows
The number of decision semantic samples in the class decision label,
marking the number of corresponding attributes for the decision;
selecting a first decision label with the maximum first information gain as a second root node of the decision tree model, and splitting a first left node and a second right node on the attribute corresponding to the first decision label;
selecting second decision labels with the largest first information gain from the unselected decision labels one by one, and distributing the second decision labels to the first left node and the second right node;
and when the decision labels are all selected, obtaining the decision tree model.
Optionally, the intercepting the access information whose interception score is greater than a preset score threshold includes:
extracting access parameters of the access information;
and intercepting the access parameters by using a preset interceptor.
Optionally, performing feedback adjustment on the decision tree model by using the second sub-decision tree cluster, including:
calculating a second information gain of a second decision label in the second sub-decision tree cluster;
selecting a decision corresponding to the largest information gain in the first information gain and the second information gain as a third node of the decision tree model, and splitting an attribute node on an attribute corresponding to the third node;
determining an optimal split node for the attribute nodes using a splitting algorithm as follows:
wherein,
for the gain value of the best split node,
to partition the sum of the gradients of all samples in the collocated left sub-tree,
to partition the sum of the gradients of all samples in the collocated right sub-tree,
to partition the sum of the second derivatives of all samples in the collocated left sub-tree,
to partition the sum of the second derivatives of all samples in the collocated right sub-tree,
is a regularization constant;
distributing the maximum value of a first information gain corresponding to the first decision label and a second information gain corresponding to the second decision label to the optimal splitting node;
and when the first sub-decision tree and the second sub-decision tree have decision labels which are not selected, iterating the decision tree model until the decision labels are all selected, and finishing the feedback adjustment of the decision tree model.
According to the embodiment of the invention, the interception decision basis is obtained according to the interception log of the business service system, so that the interception basis is provided for information interception, and the target is intercepted more accurately; extracting core decision semantics in the interception decision basis, constructing a decision tree according to the core decision semantics, and facilitating scoring of access information of a service system so as to judge whether to intercept the access information according to a scoring result; when the interception score value is larger than the score threshold value, the access information is intercepted, the core information semantics of the access information is extracted, and the decision tree is fed back and adjusted according to the core information semantics, so that a more accurate decision tree model can be obtained, interception judgment on the access information can be more accurately realized, and the safety of a business service system is ensured. Therefore, the interception feedback processing method and device based on big data analysis interception, the electronic equipment and the computer readable storage medium provided by the invention can solve the problem of low accuracy in information interception.
Drawings
Fig. 1 is a schematic flowchart of an interception feedback processing method based on big data analysis and interception according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a process for extracting core decision semantics according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of constructing a first sub-decision tree cluster according to an embodiment of the present invention;
fig. 4 is a functional block diagram of an interception feedback processing apparatus based on big data analysis according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device for implementing the interception feedback processing method based on big data analysis and interception according to an embodiment of the present invention.
The implementation, functional features and advantages of the present invention will be further described with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The embodiment of the application provides an interception feedback processing method based on big data analysis and interception. The execution subject of the interception feedback processing method based on big data analysis and interception includes but is not limited to at least one of electronic devices such as a server and a terminal that can be configured to execute the method provided by the embodiment of the present application. In other words, the interception feedback processing method based on big data analysis interception may be performed by software or hardware installed in the terminal device or the server device, and the software may be a blockchain platform. The server includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like. The server may be an independent server, or may be a cloud server that provides basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a Content Delivery Network (CDN), a big data and artificial intelligence platform, and the like.
Fig. 1 is a schematic flow diagram of an interception feedback processing method based on big data analysis and interception according to an embodiment of the present invention. In this embodiment, the interception feedback processing method based on big data analysis and interception includes:
s1, acquiring an interception decision basis of a business service system based on an interception log of target interception performed by the business service system;
in one practical application scenario of the present invention, there are illegal access requests in the service system, and in order to ensure the security of the service system, the illegal access requests need to be intercepted, if the parameters of the access requests include the file name of the preset password file, which indicates that the request parameters are abnormal data, the access requests need to be intercepted, and the access requests obtained by intercepting the target are recorded in the interception log, and the access requests are directly intercepted according to the intercepted request parameters when the same situation occurs next time.
In the embodiment of the invention, the intercepting log is recorded in a system log after the access request is subjected to target interception when the service system has access abnormality so as to obtain the intercepting log.
In the embodiment of the present invention, the obtaining of the interception decision basis of the service system includes:
extracting interception parameters in the interception logs;
and generating an interception decision basis of the business service system according to the interception parameters.
In detail, the interception parameters in the interception log can be extracted by using script codes, and the interception parameters are attack parameters associated with attack events, wherein the script codes are automation code logic written by operation and maintenance personnel in advance according to vulnerability risk interception rules.
Specifically, the interception parameters in the interception log include address information of an internal service system requesting access to the service system, system function information requesting access to the service system, and the like. For example, the information requesting access to the system function implementing the business service system may be reading the deposit amount of any customer's bank deposit, etc., and requesting inquiry of the deposit record, etc.
Further, an interception decision basis of the business service system is generated according to the interception parameters, that is, when the access parameter of the access request is consistent with the interception parameter in the interception log, the access request is intercepted, if the business service system is accessed by a subsequent access request, the access parameter of the access request is matched with the interception parameter in the interception log according to the interception decision basis, and if the matching is successful, the access request is indicated as illegal access, and the access request needs to be intercepted.
Exemplarily, if a first interception parameter in the interception log is address information of a storage path containing a system security configuration file of the business service system, the first interception parameter is used as an interception decision basis; and if the second interception parameter in the interception log is a regular expression associated with the sensitive word, taking the second interception parameter as an interception decision basis, judging the access parameter of the subsequent request access according to the interception decision data, and further determining whether to intercept the access parameter according to the judgment result.
S2, carrying out vector conversion on the interception decision basis to obtain a vector interception decision basis, and extracting core decision semantics of the interception decision basis according to the vector interception decision basis;
in the embodiment of the invention, the vector interception decision basis is to carry out vectorization on the interception decision, so that the vector interception decision basis is used as the input of a Bert model and is used for extracting the core decision semantics of the interception decision basis through the Bert model.
In detail, in the embodiment of the present invention, the interception decision basis may be vector-converted by a preset vector conversion model to obtain a vector interception decision basis, where the vector conversion model is a Bert model. Position encoding (position encoding) is introduced into the Bert model to describe sequence position information, and a random initialization word vector is given to each element in the sequence so as to record the position information of the element in the sequence.
In the embodiment of the invention, the core decision semantics refer to key semantics capable of reflecting an interception decision basis, namely feature information capable of reflecting the interception decision basis.
In the embodiment of the present invention, as shown in fig. 2, the extracting a core decision semantic of the interception decision basis according to the vector interception decision basis includes:
s21, extracting a first attention weight of each decision word vector in the vector interception decision basis by using a preset Bert model;
s22, adding the first attention weights of the same decision word vector according to the position code of each decision word vector to obtain a second attention weight;
and S23, selecting the decision word vector with the highest second attention weight as a core decision semantic.
In detail, each interception decision basis is subjected to vector conversion in the Bert model, each decision word vector has an attention weight, and the attention weights of the decision word vectors are generated according to a last layer encoder in the Bert model. The Bert model has a self-Attention mechanism (self-Attention), the core logic of the Attention mechanism is from the whole Attention to the important Attention, when a scene is faced, a specific part of Attention is often observed according to needs, and the Bert model focuses on the expression of a self-Attention mechanism.
Specifically, in the document coding representation generated by coding the BERT model in different layers, the vectorization representation output by the coder in the last layer has higher-level information such as semantics and grammar and the like compared with the output of the coders in other layers, so that the word vector attention weight matrix generated by the coder in the last layer is more consistent with the semantic similarity relative to other layers. Since the self-attention mechanism in the BERT model uses a multi-head attention method, each head generates an attention weight matrix, so that the last layer of encoder generates a plurality of attention weight matrices, each attention weight matrix represents the similarity between word vectors captured by the corresponding head, and a row corresponding to the "[ CLS ]" mark captured by the head is extracted from the attention weight matrix corresponding to each head, and the row represents the attention weight of the "[ CLS ]" mark captured by the head to the word vectors at all positions in the document.
Illustratively, when the interception decision is based on address information of a storage path of a system security configuration file and address information of a user password, attention weights of the interception decision are respectively: the "system": 0.1, "file": 0.2, "store": 0.3, "path": 0.3, "address": 0.3, "info": 0.1, "user": 0.1, "password": 0.5, "address": 0.3, "info": 0.1, add the attention weights of the same decision word vector, i.e. "address": 0.6, "address": 0.2, the core decision semantics are address and password in the interception decision basis.
S3, constructing a first sub-decision tree cluster according to the core decision semantics, and aggregating the first sub-decision tree cluster into a decision tree model;
in an embodiment of the present invention, the first sub-decision tree cluster is a set of a plurality of sub-decision trees constructed according to the core decision semantics, the decision tree is a tree structure, each internal node of the decision tree represents a test on an attribute, each branch represents a test output, and each leaf node represents a category. A decision tree is a predictive model that represents a mapping between object attributes and object values.
In an embodiment of the present invention, referring to fig. 3, the constructing a first sub-decision tree cluster according to the core decision semantics includes:
s31, carrying out classification and labeling on the core decision semantics to obtain decision labels corresponding to the core decision semantics;
s32, selecting the decision labels one by one as first root nodes, and splitting a first left node and a first right node on the first root nodes;
s33, distributing the core decision semantics to the first left node and the first right node to obtain a sub-decision tree;
s34, collecting the sub-decision trees into the first sub-decision tree cluster.
In detail, the decision semantics are classified and labeled because the key of decision tree learning is to classify attributes, and generally, in the classification process, it is desirable that samples included in branch nodes of a decision tree belong to the same category as much as possible. For example, in the banking system service, if the core semantics included in the core decision semantics include an account, accounting, and the like, the core semantics are classified and labeled with an account password, an account balance, and an account code according to the account; classifying according to accounting and marking transaction records and accounting codes; and classifying according to the accrual fee, accrual interest and accrual loan amount.
Specifically, after the core decision semantics in the banking system are classified and labeled, three decision labels of an account, an accounting and an accrual are obtained, the account, the accounting and the accrual are selected one by one as root nodes, account attributes in the core decision semantics corresponding to the account are distributed to a left node and a right node of the account as the root nodes, namely account passwords, account balances and account codes are distributed to the left node and the right node of the account as the root nodes, accounting attributes in the core decision semantics corresponding to the accounting are distributed to the left node and the right node of the accounting as the root nodes, namely transaction records and accounting codes are distributed to the left node and the right node of the accounting as the root nodes; and distributing accrual attributes in the core decision semantics corresponding to accrual to the left node and the right node which are accrued as the root nodes, namely allocating accrual fees and accrual interest to the left node and the right node which are accrued as the root nodes, and collecting the three sub-decision trees together to obtain a first sub-decision tree cluster.
In the embodiment of the invention, the decision tree model is a tree decision set consisting of decisions, and the event can be predicted through the decision tree model to obtain a reasonable prediction result.
In this embodiment of the present invention, the aggregating the first sub-decision tree clusters into the decision tree model includes:
calculating a first information gain of a corresponding decision label of a root node of the sub-decision tree in the first sub-decision tree cluster by using an information gain algorithm as follows:
wherein,
in order to obtain the first information gain,
is a first
The proportion of the class decision label is taken up,
in the form of a logarithmic function of the function,
a number of decision semantics samples for the core decision semantics,
is a first
The number of decision semantic samples in the class decision label,
labeling the number of corresponding attributes for the decision;
selecting a first decision label with the maximum first information gain as a second root node of the decision tree model, and splitting a first left node and a second right node on the attribute corresponding to the first decision label;
selecting second decision labels with the largest first information gain from the unselected decision labels one by one, and distributing the second decision labels to the first left node and the second right node;
and when the decision labels are all selected, obtaining the decision tree model.
In detail, the purity of the nodes can be determined according to the information gain algorithm, namely whether the branch nodes belong to the same category, so that the generated decision tree can predict information interception more accurately. When the first information gain of the account is 0.918, the first information gain of the accounting is 0.722, and the first information gain to be accounted is 0.998, the first information gain can be selected as a root node of the decision tree model according to the first information gain, the sub-decision tree corresponding to the attribute to be accounted is taken as a main sub-decision tree, the information gain of the account is the largest in the unselected decision labels, namely, the sub-decision trees corresponding to the account are aggregated to the left node split by the attribute to be accounted, and the sub-decision trees corresponding to the accounting are aggregated to the right node split by the attribute to be accounted.
Specifically, when all the decision labels are selected, the decision tree is represented to be aggregated, and the decision tree model is obtained.
S4, acquiring access information of an access subject of the business service system in real time, and performing interception scoring on the access information by using the decision tree model;
in the embodiment of the present invention, the access subject refers to an active entity, which includes a user, a user group, a terminal, a host, or an application, and the subject may access the object, and the object is a passive entity, and access to the object is to be controlled. The access information refers to a series of access operations performed by the access subject in the service system, and the access operations performed by the access subject can be scored by using the decision tree model, so that the next operation is performed according to the scoring result.
In detail, the access information of the access subject of the business system may be acquired in real time using a Listener (Listener) in the business service system or according to an access log in the business service system.
In the embodiment of the invention, the access information is subjected to interception scoring, whether the access information needs to be intercepted or not can be judged according to the interception scoring, and when the interception scoring is larger than the scoring threshold value, the access information needs to be intercepted; and when the interception score is smaller than the score threshold, the access subject can normally access the business service system.
In an embodiment of the present invention, the performing interception scoring on the access information by using the decision tree model includes:
inputting a pre-acquired training data set into the decision tree model to obtain a score data set;
calculating a loss value of the decision tree model according to the score data set and a preset loss function, wherein the preset loss function comprises:
wherein,
in order to obtain the value of the loss,
score data in the score data set,
is the preset real score data and is the real score data,
is the number of the decision tree,
in the form of an inverse cosine function,
is a logarithmic function;
when the loss value is greater than or equal to a preset loss threshold value, performing decision tree addition processing operation on the decision tree model until the loss value is less than the loss threshold value, and outputting the current decision tree model as an interception score model;
and inputting the access information into the interception score model to obtain the interception score of the access information.
In detail, the training data set is training data based on the access information, and the prediction of the interception score of the decision tree model for the access information can be obtained by training the training data set according to the decision tree model.
Specifically, the interception score model is a random forest model, wherein the random forest model is a classifier which trains and predicts a sample by using a plurality of trees, and has high prediction capability.
And performing parameter adjustment on the interception scoring model by using a loss function, reducing the loss between a true value and a predicted value, and enabling the predicted value generated by the interception scoring model to approach to the true direction, thereby achieving the purpose of learning.
S5, intercepting the access information with the interception score larger than a preset score threshold value, and extracting the core information semantics of the access information with the interception score larger than the preset score threshold value;
in the embodiment of the invention, when the interception score is greater than the preset score threshold, the access information needs to be intercepted, that is, when the interception score is greater than the score threshold, the access information is represented to have non-safety, and if the access information is continuously accessed, a business service system may be in failure, so that the access information needs to be intercepted.
In the embodiment of the present invention, the intercepting the access information whose interception score is greater than a preset score threshold includes:
extracting access parameters of the access information;
and intercepting the access parameters by using a preset interceptor.
In detail, a computer statement (e.g., python statement, JAVA statement) that may have a parameter extraction function extracts an access parameter of the access information, where the access parameter of the access information includes a uniform locator (url), service information requested to be accessed, an access duration, and the like.
Specifically, when the interception score is greater than a preset score threshold, an access request of the access information is acquired, and an Interceptor (Interceptor) may be used to intercept the access parameter, thereby intercepting the access information. The Interceptor mainly completes analysis of request parameters, assigns page form parameters to corresponding attributes in a stack, performs function inspection, program exception debugging and the like, can analyze the access parameters, and can know that the access parameters are illegal parameters, namely, the Interceptor is utilized to terminate request access to the access parameters, so as to intercept the access parameters.
Illustratively, when the interception score of the access information is 80 points and the score threshold is 60 points, the access information needs to be intercepted if the interception score of the access information is greater than the score threshold, and if the access information is to access a database of the business service system, an access request is generated according to the access information, that is, the business service system is accessed according to the access request, but if the interception score of the access of the database is greater than the score threshold, the access of the database needs to be intercepted, that is, the access request is intercepted by using a filter, so that the business service system is in a safe state.
In the embodiment of the invention, the core information semantics refers to key semantics capable of reflecting access information, namely feature information of the access information can be reflected, the access information to be intercepted can be intercepted through the core information semantics of the access information, when the core information semantics appear, the system can obtain illegal access information, the access information cannot be accessed, and the access information needs to be intercepted.
In the embodiment of the present invention, the step of extracting the core information semantics of the access information whose interception score is greater than the preset score threshold is consistent with the step of extracting the core decision semantics of the interception decision basis in S2, and details are not repeated here.
S6, building a second sub decision tree cluster by utilizing the core information semantics, and performing feedback adjustment on the decision tree model by utilizing the second sub decision tree cluster.
In the embodiment of the present invention, the second sub-decision tree cluster is a set of a plurality of sub-decision trees constructed according to the core information semantics, the core information semantics are classified to obtain a plurality of sub-decision trees, and the plurality of sub-decision trees are collected to obtain the second sub-decision tree cluster.
In detail, the step of constructing the second sub decision tree cluster by using the core information semantics is consistent with the step of constructing the first sub decision tree cluster according to the core decision semantics in S3, and details are not repeated here.
In the embodiment of the invention, after the access information is intercepted, the intercepted access information is recorded as illegal information, and the decision tree model is further fed back and adjusted according to the core semantic information of the extracted access information, so that the decision tree model can more accurately predict the interception score of the access information, and further more accurately intercept illegal access information.
In this embodiment of the present invention, the performing feedback adjustment on the decision tree model by using the second sub-decision tree cluster includes:
calculating a second information gain of a second decision label in the second sub-decision tree cluster;
selecting a decision corresponding to the largest information gain in the first information gain and the second information gain as a third node of the decision tree model, and splitting an attribute node on an attribute corresponding to the third node;
determining an optimal split node for the attribute nodes using a splitting algorithm as follows:
wherein,
for the gain value of the best split node,
to partition the sum of the gradients of all samples in the collocated left sub-tree,
to partition the sum of the gradients of all samples in the collocated right sub-tree,
to partition the sum of the second derivatives of all samples in the collocated left sub-tree,
to partition the sum of the second derivatives of all samples in the collocated right sub-tree,
is a regularization constant;
distributing the maximum value of a first information gain corresponding to the first decision label and a second information gain corresponding to the second decision label to the optimal splitting node;
and when the first sub-decision tree and the second sub-decision tree have decision labels which are not selected, iterating the decision tree model until the decision labels are all selected, and finishing the feedback adjustment of the decision tree model.
In detail, the splitting algorithm determines the optimal splitting point according to the maximum gain value aiming at the algorithm with the maximum gain value before and after data division, sequentially calculates the gain value of each splitting point, and finally integrates the gain values of all the splitting points to obtain the splitting point with the maximum gain value.
Specifically, the core information semantics are divided according to the characteristic attributes of the core information semantics, the core information semantics are divided into 2 or more sub-information semantic sets, and the sub-information semantic sets are iterated repeatedly until the stop condition of the decision tree growth is reached, the leaf nodes are the classification result, and the leaf nodes do not divide the sub-information semantic sets any more.
Illustratively, when the sub-decision tree included in the second sub-decision tree cluster is
The sub-decision tree included in the first sub-decision cluster is
And each sub-resolution tree contains its own attribute features, e.g.
The sub-decision tree contains the attribute characteristics of the sub-decision tree and is calculated
And
selecting the maximum decision label as the root node of the decision tree model when the decision label corresponding to each sub-decision tree is selected
If the gain value of the corresponding decision label is the maximum value in all the sub-decision trees, selecting
Is the root node of the decision tree model,
in the case of containing its own attribute, then
Selecting the best splitting point from the split nodes, and dividing
The sub-decision tree with the maximum information gain is distributed to
In the split nodes, the maximum value of the gain value of the decision label corresponding to the unselected sub-decision tree is distributed to the optimal split point of the split sub-decision tree in sequence until all the sub-decision trees are selected, feedback adjustment of the decision tree is completed, the interception score of the access information can be predicted more accurately according to the adjusted decision tree model, and therefore interception of the access information is more accurate, and the business service system is in a safe environment.
According to the embodiment of the invention, the interception decision basis is obtained according to the interception log of the business service system, so that the interception basis is provided for information interception, and the target is intercepted more accurately; extracting core decision semantics in the interception decision basis, constructing a decision tree according to the core decision semantics, and thus, scoring the access information of the service system is facilitated, and whether the access information needs to be intercepted is judged according to a scoring result; when the interception score value is larger than the score threshold value, the access information is intercepted, the core information semantics of the access information is extracted, and the decision tree is fed back and adjusted according to the core information semantics, so that a more accurate decision tree model can be obtained, interception judgment of the access information can be more accurately realized, and the safety of a business service system is ensured. Therefore, the interception feedback processing method and device based on big data analysis interception, the electronic equipment and the computer readable storage medium provided by the invention can solve the problem of low accuracy in information interception.
Fig. 4 is a functional block diagram of an interception feedback processing apparatus based on big data analysis according to an embodiment of the present invention.
The interception feedback processing apparatus 100 based on big data analysis according to the present invention may be installed in an electronic device. According to the realized functions, the interception feedback processing apparatus 100 based on big data analysis may include an interception decision basis obtaining module 101, a core decision semantic extraction module 102, a decision tree model aggregation module 103, an interception score determining module 104, an access information interception module 105, and a decision tree model feedback adjusting module 106. The module of the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the interception decision basis acquisition module 101 is configured to acquire an interception decision basis of a business service system based on an interception log of a business service system for target interception;
the core decision semantic extracting module 102 is configured to perform vector conversion on the interception decision basis to obtain a vector interception decision basis, and extract a core decision semantic of the interception decision basis according to the vector interception decision basis;
the decision tree model aggregation module 103 is configured to construct a first sub-decision tree cluster according to the core decision semantics, and aggregate the first sub-decision tree cluster into a decision tree model;
the interception score determining module 104 is configured to obtain access information of an access subject of the business service system in real time, and perform interception score on the access information by using the decision tree model;
the access information interception module 105 is configured to intercept the access information with the interception score greater than a preset score threshold, and extract core information semantics of the access information with the interception score greater than the preset score threshold;
the decision tree model feedback adjustment module 106 is configured to construct a second sub-decision tree cluster by using the core information semantics, and perform feedback adjustment on the decision tree model by using the second sub-decision tree cluster.
In detail, when the modules in the intercepting feedback processing device 100 based on big data analysis according to the embodiment of the present invention are used, the same technical means as the intercepting feedback processing method based on big data analysis and interception described in fig. 1 to fig. 3 are adopted, and the same technical effects can be produced, which is not described herein again.
Fig. 5 is a schematic structural diagram of an electronic device for implementing an interception feedback processing method based on big data analysis and interception according to an embodiment of the present invention.
The electronic device 1 may include a processor 10, a memory 11, a communication bus 12 and a communication interface 13, and may further include a computer program stored in the memory 11 and executable on the processor 10, such as an interception feedback processing program based on big data analysis.
In some embodiments, the processor 10 may be composed of an integrated circuit, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same function or different functions, and includes one or more Central Processing Units (CPUs), a microprocessor, a digital Processing chip, a graphics processor, a combination of various control chips, and the like. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the whole electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device by running or executing programs or modules (for example, executing an interception feedback processing program based on big data analysis, etc.) stored in the memory 11 and calling data stored in the memory 11.
The memory 11 includes at least one type of readable storage medium including flash memory, removable hard disks, multimedia cards, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disks, optical disks, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device, for example a removable hard disk of the electronic device. The memory 11 may also be an external storage device of the electronic device in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device. The memory 11 may be used not only to store application software installed in the electronic device and various types of data, such as a code of an interception feedback processing program based on big data analysis, etc., but also to temporarily store data that has been output or will be output.
The communication bus 12 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The bus may be divided into an address bus, a data bus, a control bus, etc. The bus is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like.
The communication interface 13 is used for communication between the electronic device and other devices, and includes a network interface and a user interface. Optionally, the network interface may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), which are commonly used to establish a communication connection between the electronic device and other electronic devices. The user interface may be a Display (Display), an input unit such as a Keyboard (Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable, among other things, for displaying information processed in the electronic device and for displaying a visualized user interface.
Only electronic devices having components are shown, and those skilled in the art will appreciate that the structures shown in the figures do not constitute limitations on the electronic devices, and may include fewer or more components than shown, or some components in combination, or a different arrangement of components.
For example, although not shown, the electronic device may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so that functions such as charge management, discharge management, and power consumption management are implemented through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The big data analysis-based interception feedback processing program stored in the memory 11 of the electronic device 1 is a combination of a plurality of instructions, and when running in the processor 10, can realize:
acquiring an interception decision basis of a business service system based on an interception log of target interception performed by the business service system;
vector conversion is carried out on the interception decision basis to obtain a vector interception decision basis, and core decision semantics of the interception decision basis are extracted according to the vector interception decision basis;
constructing a first sub-decision tree cluster according to the core decision semantics, and aggregating the first sub-decision tree cluster into a decision tree model;
acquiring access information of an access subject of the business service system in real time, and performing interception scoring on the access information by using the decision tree model;
intercepting the access information with the interception score larger than a preset score threshold value, and extracting the core information semantics of the access information with the interception score larger than the preset score threshold value;
and constructing a second sub-decision tree cluster by utilizing the core information semantics, and performing feedback adjustment on the decision tree model by utilizing the second sub-decision tree cluster.
Specifically, the specific implementation method of the processor 10 for the instruction may refer to the description of the relevant steps in the embodiment corresponding to the drawing, and is not repeated here.
Further, the integrated modules/units of the electronic device 1, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. The computer readable storage medium may be volatile or non-volatile. For example, the computer-readable medium may include: any entity or device capable of carrying said computer program code, a recording medium, a usb-disk, a removable hard disk, a magnetic diskette, an optical disk, a computer Memory, a Read-Only Memory (ROM).
The present invention also provides a computer-readable storage medium, storing a computer program which, when executed by a processor of an electronic device, may implement:
acquiring an interception decision basis of a business service system based on an interception log of target interception performed by the business service system;
performing vector conversion on the interception decision basis to obtain a vector interception decision basis, and extracting core decision semantics of the interception decision basis according to the vector interception decision basis;
constructing a first sub-decision tree cluster according to the core decision semantics, and aggregating the first sub-decision tree cluster into a decision tree model;
acquiring access information of an access subject of the business service system in real time, and performing interception scoring on the access information by using the decision tree model;
intercepting the access information with the interception score larger than a preset score threshold value, and extracting the core information semantics of the access information with the interception score larger than the preset score threshold value;
and constructing a second sub-decision tree cluster by utilizing the core information semantics, and performing feedback adjustment on the decision tree model by utilizing the second sub-decision tree cluster.
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The embodiment of the application can acquire and process related data based on an artificial intelligence technology. Among them, artificial Intelligence (AI) is a theory, method, technique and application system that simulates, extends and expands human Intelligence using a digital computer or a machine controlled by a digital computer, senses the environment, acquires knowledge and uses the knowledge to obtain the best result.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only intended to illustrate the technical solutions of the present invention and not to limit the same, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions can be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.
Claims (7)
1. An interception feedback processing method based on big data analysis interception is characterized by comprising the following steps:
s1, acquiring an interception decision basis of a business service system based on an interception log of target interception performed by the business service system;
s2, carrying out vector conversion on the interception decision basis to obtain a vector interception decision basis, and extracting core decision semantics of the interception decision basis according to the vector interception decision basis;
s3, constructing a first sub-decision tree cluster according to the core decision semantics, and aggregating the first sub-decision tree cluster into a decision tree model;
s4, acquiring access information of an access subject of the business service system in real time, and performing interception scoring on the access information by using the decision tree model, wherein the interception scoring on the access information by using the decision tree model comprises the following steps:
s41, inputting a pre-acquired training data set into the decision tree model to obtain a score data set;
s42, calculating a loss value of the decision tree model according to the score data set and a preset loss function, wherein the preset loss function comprises:
wherein,
in order to obtain the value of the loss,
score data in the score data set,
is the preset real score data of the real data,
is the number of the decision tree,
in the form of an inverse cosine function,
is a logarithmic function;
s43, when the loss value is larger than or equal to a preset loss threshold value, performing decision tree adding processing operation on the decision tree model until the loss value is smaller than the loss threshold value, and outputting the current decision tree model as an interception scoring model;
s44, inputting the access information into the interception scoring model to obtain the interception scoring of the access information;
s5, intercepting the access information with the interception score larger than a preset score threshold value, and extracting the core information semantics of the access information with the interception score larger than the preset score threshold value;
s6, building a second sub decision tree cluster by utilizing the core information semantics, and performing feedback adjustment on the decision tree model by utilizing the second sub decision tree cluster.
2. The method for processing interception feedback based on big data analysis interception according to claim 1, wherein said obtaining an interception decision basis of said service system comprises:
extracting interception parameters in the interception logs;
and generating an interception decision basis of the business service system according to the interception parameters.
3. The big data analysis interception based interception feedback processing method according to claim 1, wherein said extracting core decision semantics of said interception decision basis according to said vector interception decision basis comprises:
extracting a first attention weight of each decision word vector in the vector interception decision basis by using a preset Bert model;
adding the first attention weights of the same decision word vector according to the position code of each decision word vector to obtain a second attention weight;
and selecting the decision word vector with the highest second attention weight as the core decision semantic.
4. The big data analysis interception based interception feedback processing method according to claim 1, wherein said constructing a first sub-decision tree cluster according to said core decision semantics comprises:
classifying and labeling the core decision semantics to obtain decision labels corresponding to the core decision semantics;
selecting the decision labels one by one as first root nodes, and splitting a first left node and a first right node on the first root nodes;
distributing the core decision semantics to the first left node and the first right node to obtain a sub-decision tree;
and collecting the sub-decision tree into the first sub-decision tree cluster.
5. The big data analysis interception based interception feedback processing method of claim 1, wherein said aggregating said first sub-decision tree clusters into a decision tree model comprises:
calculating a first information gain of a corresponding decision label of a root node of the sub-decision tree in the first sub-decision tree cluster by using an information gain algorithm as follows:
wherein,
for the purpose of the first information gain, the gain of the first information,
is as follows
The proportion of class decision labels is taken up,
in the form of a function of a logarithm,
a number of decision semantic samples for the core decision semantics,
is as follows
The number of decision semantic samples in the class decision label,
marking the number of corresponding attributes for the decision;
selecting a first decision label with the maximum first information gain as a second root node of the decision tree model, and splitting a first left node and a second right node on the attribute corresponding to the first decision label;
selecting second decision labels with the largest first information gain from the unselected decision labels one by one, and distributing the second decision labels to the first left node and the second right node;
and when the decision labels are all selected, obtaining the decision tree model.
6. The big data analysis interception based interception feedback processing method according to any one of claims 1 to 5, wherein said intercepting access information whose interception score is greater than a preset score threshold comprises:
extracting access parameters of the access information;
and intercepting the access parameters by using a preset interceptor.
7. An interception feedback processing method according to claim 5, wherein said performing feedback adjustment on said decision tree model by using said second sub-decision tree cluster comprises:
calculating a second information gain of a second decision label in the second sub-decision tree cluster;
selecting a decision corresponding to the largest information gain in the first information gain and the second information gain as a third node of the decision tree model, and splitting an attribute node on an attribute corresponding to the third node;
determining an optimal split node for the attribute nodes using a splitting algorithm as follows:
wherein,
for the gain value of the best split node,
to partition the sum of the gradients of all samples in the collocated left sub-tree,
to partition the sum of the gradients of all samples in the collocated right sub-tree,
to partition the sum of the second derivatives of all samples in the collocated left sub-tree,
to partition the sum of the second derivatives of all samples in the collocated right sub-tree,
is a regularization constant;
distributing the maximum value of a first information gain corresponding to the first decision label and a second information gain corresponding to the second decision label to the optimal splitting node;
and when the first sub-decision tree and the second sub-decision tree have decision labels which are not selected, iterating the decision tree model until the decision labels are all selected, and finishing the feedback adjustment of the decision tree model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211093209.8A CN115168848B (en) | 2022-09-08 | 2022-09-08 | Interception feedback processing method based on big data analysis interception |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211093209.8A CN115168848B (en) | 2022-09-08 | 2022-09-08 | Interception feedback processing method based on big data analysis interception |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115168848A true CN115168848A (en) | 2022-10-11 |
| CN115168848B CN115168848B (en) | 2022-12-16 |
Family
ID=83482076
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211093209.8A Active CN115168848B (en) | 2022-09-08 | 2022-09-08 | Interception feedback processing method based on big data analysis interception |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115168848B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116693163A (en) * | 2023-07-21 | 2023-09-05 | 耀昶嵘相变材料科技(广东)有限公司 | Control method, terminal and system of sludge drying system |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160094429A1 (en) * | 2013-09-13 | 2016-03-31 | Network Kinetix, LLC | Mobile payment verification system for socially engineered fraud |
| US20160142435A1 (en) * | 2014-11-13 | 2016-05-19 | Cyber-Ark Software Ltd. | Systems and methods for detection of anomalous network behavior |
| CN107404473A (en) * | 2017-06-06 | 2017-11-28 | 西安电子科技大学 | Based on Mshield machine learning multi-mode Web application means of defences |
| CN108616498A (en) * | 2018-02-24 | 2018-10-02 | 国家计算机网络与信息安全管理中心 | A kind of web access exceptions detection method and device |
| CN108733966A (en) * | 2017-04-14 | 2018-11-02 | 国网重庆市电力公司 | A kind of multidimensional electric energy meter field thermodynamic state verification method based on decision woodlot |
| CN108764273A (en) * | 2018-04-09 | 2018-11-06 | 中国平安人寿保险股份有限公司 | A kind of method, apparatus of data processing, terminal device and storage medium |
| CN109978650A (en) * | 2017-12-28 | 2019-07-05 | 北京京东尚科信息技术有限公司 | Construct the method and system of decision tree |
| CN110311902A (en) * | 2019-06-21 | 2019-10-08 | 北京奇艺世纪科技有限公司 | A kind of recognition methods of abnormal behaviour, device and electronic equipment |
| CN110602137A (en) * | 2019-09-25 | 2019-12-20 | 光通天下网络科技股份有限公司 | Malicious IP and malicious URL intercepting method, device, equipment and medium |
| EP3869374A2 (en) * | 2020-10-30 | 2021-08-25 | Beijing Baidu Netcom Science And Technology Co., Ltd. | Method, apparatus and electronic device for processing user request and storage medium |
| CN113364788A (en) * | 2021-06-11 | 2021-09-07 | 广州洪昇软件和信息技术有限公司 | Protection configuration updating method based on big data and AI and big data defense system |
| CN113468539A (en) * | 2021-06-15 | 2021-10-01 | 江苏大学 | Attack program identification method based on vulnerability attack database and decision tree |
| CN113658002A (en) * | 2021-08-17 | 2021-11-16 | 中国平安财产保险股份有限公司 | Decision tree-based transaction result generation method and device, electronic equipment and medium |
| CN113706322A (en) * | 2021-08-31 | 2021-11-26 | 康键信息技术(深圳)有限公司 | Service distribution method, device, equipment and storage medium based on data analysis |
| WO2021249086A1 (en) * | 2020-06-12 | 2021-12-16 | 深圳前海微众银行股份有限公司 | Multi-party joint decision tree construction method, device and readable storage medium |
| CN114117079A (en) * | 2021-12-07 | 2022-03-01 | 宁安市伟恒互联网信息服务有限公司 | Interception feedback processing method based on big data analysis interception and information interception system |
| CN114462625A (en) * | 2022-02-25 | 2022-05-10 | 北京百度网讯科技有限公司 | Decision tree generation method and device, electronic equipment and program product |
-
2022
- 2022-09-08 CN CN202211093209.8A patent/CN115168848B/en active Active
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160094429A1 (en) * | 2013-09-13 | 2016-03-31 | Network Kinetix, LLC | Mobile payment verification system for socially engineered fraud |
| US20160142435A1 (en) * | 2014-11-13 | 2016-05-19 | Cyber-Ark Software Ltd. | Systems and methods for detection of anomalous network behavior |
| CN108733966A (en) * | 2017-04-14 | 2018-11-02 | 国网重庆市电力公司 | A kind of multidimensional electric energy meter field thermodynamic state verification method based on decision woodlot |
| CN107404473A (en) * | 2017-06-06 | 2017-11-28 | 西安电子科技大学 | Based on Mshield machine learning multi-mode Web application means of defences |
| CN109978650A (en) * | 2017-12-28 | 2019-07-05 | 北京京东尚科信息技术有限公司 | Construct the method and system of decision tree |
| CN108616498A (en) * | 2018-02-24 | 2018-10-02 | 国家计算机网络与信息安全管理中心 | A kind of web access exceptions detection method and device |
| CN108764273A (en) * | 2018-04-09 | 2018-11-06 | 中国平安人寿保险股份有限公司 | A kind of method, apparatus of data processing, terminal device and storage medium |
| CN110311902A (en) * | 2019-06-21 | 2019-10-08 | 北京奇艺世纪科技有限公司 | A kind of recognition methods of abnormal behaviour, device and electronic equipment |
| CN110602137A (en) * | 2019-09-25 | 2019-12-20 | 光通天下网络科技股份有限公司 | Malicious IP and malicious URL intercepting method, device, equipment and medium |
| WO2021249086A1 (en) * | 2020-06-12 | 2021-12-16 | 深圳前海微众银行股份有限公司 | Multi-party joint decision tree construction method, device and readable storage medium |
| EP3869374A2 (en) * | 2020-10-30 | 2021-08-25 | Beijing Baidu Netcom Science And Technology Co., Ltd. | Method, apparatus and electronic device for processing user request and storage medium |
| CN113364788A (en) * | 2021-06-11 | 2021-09-07 | 广州洪昇软件和信息技术有限公司 | Protection configuration updating method based on big data and AI and big data defense system |
| CN113468539A (en) * | 2021-06-15 | 2021-10-01 | 江苏大学 | Attack program identification method based on vulnerability attack database and decision tree |
| CN113658002A (en) * | 2021-08-17 | 2021-11-16 | 中国平安财产保险股份有限公司 | Decision tree-based transaction result generation method and device, electronic equipment and medium |
| CN113706322A (en) * | 2021-08-31 | 2021-11-26 | 康键信息技术(深圳)有限公司 | Service distribution method, device, equipment and storage medium based on data analysis |
| CN114117079A (en) * | 2021-12-07 | 2022-03-01 | 宁安市伟恒互联网信息服务有限公司 | Interception feedback processing method based on big data analysis interception and information interception system |
| CN114462625A (en) * | 2022-02-25 | 2022-05-10 | 北京百度网讯科技有限公司 | Decision tree generation method and device, electronic equipment and program product |
Non-Patent Citations (3)
| Title |
|---|
| SAQIB YOUSAF 等: "Closed-Loop Restoration Approach to Blurry Images Based on Machine Learning and Feedback Optimization", 《 IEEE TRANSACTIONS ON IMAGE PROCESSING》 * |
| 周艳等: "基于决策属性挑选策略的改进的决策树算法", 《沈阳师范大学学报(自然科学版)》 * |
| 林华山 等: "自适应软件的策略自动生成与演化", 《计算机科学》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116693163A (en) * | 2023-07-21 | 2023-09-05 | 耀昶嵘相变材料科技(广东)有限公司 | Control method, terminal and system of sludge drying system |
| CN116693163B (en) * | 2023-07-21 | 2023-12-05 | 耀昶嵘相变材料科技(广东)有限公司 | Control method, terminal and system of sludge drying system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115168848B (en) | 2022-12-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20170109657A1 (en) | Machine Learning-Based Model for Identifying Executions of a Business Process | |
| US11042581B2 (en) | Unstructured data clustering of information technology service delivery actions | |
| US20170109667A1 (en) | Automaton-Based Identification of Executions of a Business Process | |
| US20170109636A1 (en) | Crowd-Based Model for Identifying Executions of a Business Process | |
| US20170109639A1 (en) | General Model for Linking Between Nonconsecutively Performed Steps in Business Processes | |
| CN110855648A (en) | Early warning control method and device for network attack | |
| US20170109638A1 (en) | Ensemble-Based Identification of Executions of a Business Process | |
| CN115081025A (en) | Sensitive data management method and device based on digital middlebox and electronic equipment | |
| CN112861056A (en) | Enterprise website construction information display and release system and method | |
| CN114844792A (en) | Dynamic monitoring method, device, equipment and storage medium based on LUA language | |
| CN115168848B (en) | Interception feedback processing method based on big data analysis interception | |
| CN115952544A (en) | Intelligent storage system based on big data | |
| CN109711849B (en) | Ether house address portrait generation method and device, electronic equipment and storage medium | |
| US11893132B2 (en) | Discovery of personal data in machine learning models | |
| US20170109640A1 (en) | Generation of Candidate Sequences Using Crowd-Based Seeds of Commonly-Performed Steps of a Business Process | |
| CN115809466B (en) | Security requirement generation method and device based on STRIDE model, electronic equipment and medium | |
| US20170109670A1 (en) | Crowd-Based Patterns for Identifying Executions of Business Processes | |
| US20170109637A1 (en) | Crowd-Based Model for Identifying Nonconsecutive Executions of a Business Process | |
| CN116739605A (en) | Transaction data detection method, device, equipment and storage medium | |
| CN114722789B (en) | Data report integrating method, device, electronic equipment and storage medium | |
| CN115544566A (en) | Log desensitization method, device, equipment and storage medium | |
| WO2022057425A1 (en) | Identifying siem event types | |
| CN112346938B (en) | Operation auditing method and device, server and computer readable storage medium | |
| CN114662095A (en) | Safety monitoring method, device and equipment based on operation data and storage medium | |
| CN114518993A (en) | System performance monitoring method, device, equipment and medium based on business characteristics |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |