CN115174230A - Information attack analysis method and server combined with deep learning - Google Patents
Information attack analysis method and server combined with deep learning Download PDFInfo
- Publication number
- CN115174230A CN115174230A CN202210799119.4A CN202210799119A CN115174230A CN 115174230 A CN115174230 A CN 115174230A CN 202210799119 A CN202210799119 A CN 202210799119A CN 115174230 A CN115174230 A CN 115174230A
- Authority
- CN
- China
- Prior art keywords
- information
- risk element
- element knowledge
- interaction event
- active interaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides an information attack analysis method and a server combined with deep learning, aiming at a cloud service session with an active interaction event (interference and misleading can be generated to information attack analysis), data information corresponding to the active interaction event is fused with risk description characteristics of session activity information (for example, a first risk element knowledge relationship network, a second risk element knowledge relationship network, first branch characteristic member distribution and second branch characteristic member distribution), the active interaction event in the session activity information can be identified by an information attack analysis network (such as the deep learning network), and further, the information set corresponding to the active interaction event is prevented from being identified as having information attack threat, so that the accuracy and reliability of information attack analysis aiming at abnormal interaction session behaviors can be improved.
Description
Technical Field
The invention relates to the technical field of artificial intelligence, in particular to an information attack analysis method and a server combined with deep learning.
Background
In recent years, network information attack events are frequent, and trojan horse, worm and lasso software on the internet are layered endlessly, which poses a serious threat to network security. The related novel network attack tools comprise a large number of remote attack tools, vulnerabilities, network attack platforms and related attacks. The openness of the internet greatly reduces the attack cost of network information attackers. The network information attack is to attack the system and resources by using the loopholes and security defects existing in the network information system. The threat faced by the network information system comes from many aspects and changes with the change of time, and the traditional information attack analysis technology is easy to be interfered, so the analysis precision and reliability for the network information attack are difficult to be guaranteed.
Disclosure of Invention
The invention provides an information attack analysis method and a server combined with deep learning, and adopts the following technical scheme in order to achieve the technical purpose.
The first aspect is an information attack analysis method combined with deep learning, which is applied to an intelligent security server, and the method at least comprises the following steps: performing risk element knowledge mining on streaming conversation activity information and thermodynamic conversation activity information of abnormal interactive conversation behaviors, which are acquired by a distributed data processing thread in parallel, and acquiring a first risk element knowledge relation network and a second risk element knowledge relation network respectively; obtaining first branch characteristic member distribution of a first risk element knowledge relationship network according to a first active interaction event information set in streaming session activity information, and obtaining second branch characteristic member distribution of a second risk element knowledge relationship network according to a second active interaction event information set in thermodynamic session activity information; and obtaining an information attack analysis report of the abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network and the second branch feature member distribution.
The method is applied to the embodiment, risk element knowledge mining is carried out on the streaming conversation activity information and the thermodynamic conversation activity information of the abnormal interactive conversation behavior, which are acquired by the distributed data processing threads in parallel, so that a first risk element knowledge relationship network and a second risk element knowledge relationship network are respectively acquired; obtaining first branch characteristic member distribution of a first risk element knowledge relationship network according to a first active interaction event information set in streaming session activity information, and obtaining second branch characteristic member distribution of a second risk element knowledge relationship network according to a second active interaction event information set in thermodynamic session activity information; and obtaining an information attack analysis report of the abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network and the second branch feature member distribution. Thus, for a cloud service session with an active interaction event (which may interfere and mislead with information attack analysis), data information corresponding to the active interaction event is fused with risk description features of session activity information (e.g., a first risk element knowledge relationship network, a second risk element knowledge relationship network, first branch feature member distribution, and second branch feature member distribution), so that the active interaction event in the session activity information can be identified by an information attack analysis network (such as a deep learning network), and further, information sets corresponding to the active interaction event are prevented from being identified as having information attack threats, so that accuracy and reliability of information attack analysis for abnormal interaction session behaviors can be improved.
In some possible embodiments, obtaining an information attack analysis report of abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network, and the second branch feature member distribution includes: obtaining a first information attack analysis weight and a second information attack analysis weight of abnormal interactive session behaviors according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network and the second branch feature member distribution; and obtaining an information attack analysis report according to the first information attack analysis weight and the second information attack analysis weight.
The method is applied to the embodiment, two information attack analysis weights are respectively determined based on the distribution of two branch feature members carrying active activity event information and the distribution of risk element knowledge obtained by mining the streaming session activity information and the distribution of risk element knowledge obtained by mining the thermodynamic session activity information, the final information attack analysis weight is determined by adopting the two information attack analysis weights, and the accuracy and the reliability of information attack analysis are improved by means of a risk element knowledge relation network of linkage session activity information (streaming session activity information + thermodynamic session activity information) and the active activity event information as much as possible.
In some possible embodiments, obtaining a first information attack analysis weight and a second information attack analysis weight of an abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network, and the second branch feature member distribution includes: performing vector operation on the first risk element knowledge relationship network and the first branch feature member distribution to obtain a first target risk element knowledge relationship network; performing vector operation on the second risk element knowledge relationship network and the distribution of the second branch feature members to obtain a second target risk element knowledge relationship network; risk element knowledge mining is carried out on the first target risk element knowledge relationship network, weight analysis processing is carried out on the mined risk element knowledge relationship network, and a first information attack analysis weight is obtained; and carrying out risk element knowledge mining on the second target risk element knowledge relation network, and carrying out weight analysis processing on the mined risk element knowledge relation network to obtain a second information attack analysis weight.
The method is applied to the embodiment, the first branch feature member distribution is merged into the first risk element knowledge relationship network, and the second branch feature member distribution is merged into the second risk element knowledge relationship network, so that the intelligent security server can mainly consider the active activity event information, and the information attack analysis error is reduced.
In some possible embodiments, obtaining a first branch feature member distribution of a first risk element knowledge relationship network according to a first active interaction event information set in the streaming session activity information includes: performing upsampling and mapping operation on the first active interaction event information set to obtain a first candidate risk element knowledge relationship network consistent with the first risk element knowledge relationship network in size; and combining the first risk element knowledge relationship network with the first candidate risk element knowledge relationship network, and performing mapping operation on the combined risk element knowledge relationship network to obtain the member distribution of the first branch characteristics.
The first branch feature member distribution is obtained through the ideas of the upsampling, the mapping operation, the combining and the mapping operation, the first mapping operation is convenient for enabling the scale of the obtained risk element knowledge relationship network to be consistent with that of the first risk element knowledge relationship network, and the second mapping operation can analyze the obtained risk element knowledge relationship network according to the combined risk element knowledge relationship network to obtain the first branch feature member distribution.
In some possible embodiments, obtaining a second distribution of branch feature members of the second risk element knowledge relationship network according to a second active interaction event information set in the thermodynamic type session activity information includes: performing upsampling and mapping operation on the second active interaction event information set to obtain a second candidate risk element knowledge relation network consistent with the second risk element knowledge relation network in size; and combining the second risk element knowledge relationship network with the second candidate risk element knowledge relationship network, and performing mapping operation on the combined risk element knowledge relationship network to obtain the member distribution of the second branch characteristics.
Similarly, the second branch feature member distribution is obtained through the idea of upsampling, mapping operation, combination and mapping operation, the first mapping operation facilitates to make the scale of the obtained risk element knowledge relationship network consistent with that of the second risk element knowledge relationship network, and the second mapping operation can analyze the obtained risk element knowledge relationship network according to the combined risk element knowledge relationship network to obtain the second branch feature member distribution.
In some possible embodiments, after performing risk element knowledge mining on streaming session activity information and thermodynamic session activity information of abnormal interaction session behaviors, which are acquired by a distributed data processing thread in parallel, and acquiring a first risk element knowledge relationship network and a second risk element knowledge relationship network, respectively, the method further includes: resolving the streaming session activity information into X streaming session activity data blocks with consistent window sizes, wherein X is an integer not less than 2; for each streaming session activity data block in the X streaming session activity data blocks, processing each streaming session activity data block by adopting a set disassembly rule to determine Y streaming session activity data blocks comprising an active interaction event data block from the X streaming session activity data blocks, wherein Y is not more than X and not less than 1; obtaining Y disassembly variables determined when Y streaming session active data blocks are subjected to data block disassembly; and obtaining a first active interaction event information set according to the Y disassembly variables, the Y active interaction event characteristics in the Y streaming session activity data blocks and the streaming session activity information.
Be applied to above embodiment, disassemble STREAMING conversation activity information, adopt data block to disassemble to carry out information set to each STREAMING conversation activity data block and disassemble, obtain first active interaction event information set by the data block that obtains, the disassembling variable when disassembling and STREAMING conversation activity information to careful, accurate information set is disassembled, and then is convenient for obtain the first active interaction event information set that the distribution label is more accurate.
In some possible embodiments, obtaining a first active interaction event information set according to Y parsing variables, Y active interaction event characteristics in Y streaming session activity data blocks, and streaming session activity information includes: determining a first information disassembly factor according to the Y disassembly variables; carrying out text-level correction processing on the streaming session activity information to obtain streaming session activity information subjected to correction processing; adopting a first information disassembling factor to disassemble an active interaction event information set of the streaming session activity information subjected to the correction processing to obtain a first reference active interaction event information set; globally processing the Y active interaction event data blocks according to the distribution label of each data unit of the Y active interaction event data blocks to obtain a first global active interaction event information set; and taking the overlapping information of the first reference active interaction event information set and the first global active interaction event information set as a first active interaction event information set.
The method is applied to the embodiment, the flow type conversation activity information is processed by adopting the correction processing of the text layer, the optimization of the distribution of the data units corresponding to the active interaction events is convenient to realize, the first reference active interaction event information set is accurately disassembled, in addition, Y active interaction event data blocks are subjected to global processing, the overlapped information of the globally processed first global active interaction event information set and the first reference active interaction event information set is used as the first active interaction event information set, and the accuracy and the reliability of information disassembly are improved.
In some possible embodiments, after performing risk element knowledge mining on streaming session activity information and thermodynamic session activity information of abnormal interactive session behaviors, which are acquired by a distributed data processing thread in parallel, and acquiring a first risk element knowledge relationship network and a second risk element knowledge relationship network, respectively, the method further includes: resolving the thermodynamic type session activity information into Z thermodynamic type session activity data blocks with consistent window sizes, wherein Z is an integer not less than 2; for each thermodynamic type conversation activity data block in the Z thermodynamic type conversation activity data blocks, processing each thermodynamic type conversation activity data block by adopting a set disassembly rule so as to determine R thermodynamic type conversation activity data blocks comprising active interaction event data blocks from the Z thermodynamic type conversation activity data blocks, wherein R is not more than Z and not less than 1; obtaining R disassembly variables determined when R thermodynamic session activity data blocks are disassembled; and obtaining a second active interaction event information set according to the R disassembly variables, the R active interaction event characteristics in the R thermodynamic type session activity data blocks and the thermodynamic type session activity information.
Be applied to above embodiment, disassemble heating power type conversation activity information, adopt the data block to disassemble and carry out the information set to each heating power type conversation activity data piece and disassemble, obtain the second and activate the interactive event information set by the data block that obtains disassembling, the variable of disassembling when disassembling and heating power type conversation activity information to careful, accurate information set is disassembled, and then is convenient for obtain the more accurate second of distribution label and activates the interactive event information set.
In some possible embodiments, obtaining a second active interaction event information set according to the R disassembly variables, the R active interaction event characteristics in the R thermodynamic session activity data blocks, and the thermodynamic session activity information, includes: determining a second information disassembly factor according to the R disassembly variables; performing text-level correction processing on the thermodynamic session activity information to obtain thermodynamic session activity information subjected to correction processing; adopting a second information disassembling factor to disassemble the thermal type conversation activity information subjected to the correction processing into an active interaction event information set to obtain a second reference active interaction event information set; globally processing the R active interaction event data blocks according to the distribution label of each data unit of the R active interaction event data blocks to obtain a second global active interaction event information set; and taking the overlapping information of the second reference active interaction event information set and the second global active interaction event information set as a second active interaction event information set.
The method is applied to the embodiment, the thermal conversation activity information is processed by adopting the correction processing of the text layer, the optimization of the distribution of the data units corresponding to the active interaction events is convenient to realize, a second reference active interaction event information set is accurately disassembled, in addition, R active interaction event data blocks are subjected to global processing, the second global active interaction event information set after the global processing and the overlapped information of the second reference active interaction event information set are used as the second active interaction event information set, and the accuracy and the reliability of information disassembly are improved.
The second aspect is a smart security server, which comprises a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; wherein the computer instructions, when executed by the processor, cause the smart security server to perform the method of the first aspect.
A third aspect is a computer-readable storage medium having stored thereon a computer program which, when executed, performs the method of the first aspect.
Drawings
Fig. 1 is a schematic flow chart of an information attack analysis method combined with deep learning according to an embodiment of the present invention.
Fig. 2 is a block diagram of an information attack analysis apparatus incorporating deep learning according to an embodiment of the present invention.
Detailed Description
In the following, the terms "first", "second" and "third", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," or "third," etc., may explicitly or implicitly include one or more of that feature.
Fig. 1 is a schematic flowchart illustrating an information attack analysis method combined with deep learning according to an embodiment of the present invention, where an information attack analysis method combined with deep learning may be implemented by an intelligent security server, and the intelligent security server may include a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; when the processor executes the computer instructions, the intelligent security server is enabled to execute the technical scheme described in the following steps.
And step 21, performing risk element knowledge mining on the streaming conversation activity information and the thermodynamic conversation activity information of the abnormal interactive conversation behavior acquired by the distributed data processing thread in parallel, and acquiring a first risk element knowledge relationship network and a second risk element knowledge relationship network respectively.
In the embodiment of the present invention, the abnormal interactive session behavior may be a user operation behavior associated with an active interactive event (for example, belonging to a session process), such as: for the stream-type conversation activity information (carrying the conversation activity information of time sequence precedence characteristics) and the thermal-type conversation activity information (carrying the conversation activity information of activity heat value or activity characteristic identification degree) of abnormal interaction conversation behaviors collected by a distributed data processing thread (comprising a plurality of data collection modules capable of running in parallel), the intelligent security server loads the abnormal interaction conversation activities information into a first deep learning algorithm and a second deep learning algorithm respectively to carry out risk element knowledge mining, and a first risk element knowledge relationship network and a second risk element knowledge relationship network are obtained. In view of the above, the first risk element knowledge relationship network and the second risk element knowledge relationship network have characteristic knowledge such as abnormal behavior tendency, information attack preference, data intrusion pattern and the like which are diversified as much as possible. Further, streaming session activity information and thermodynamic type session activity information may be understood as different types of data information for the same session activity or different emphasis points of interest.
For example, the smart security server further adopts a big data disassembly rule (big data disassembly algorithm), for example, a disassembly rule (a data disassembly strategy based on a disassembly index, where the disassembly index is used to indicate disassembly range or disassembly sequence and other indication information) is set, and the active interaction event information sets are disassembled respectively from the streaming session activity information and the thermal session activity information to obtain a corresponding first active interaction event information set and a second active interaction event information set.
The active interaction events have high attention and high data analysis sensitivity, and therefore may interfere with and mislead the information attack analysis, for example, the active interaction events may be mistaken as activity events with information attack tendency, or cause other activity events with information attack tendency to be ignored.
In addition, the risk element knowledge relationship network can also be understood as a risk element feature map or a risk element feature set.
And step 22, obtaining first branch characteristic member distribution of the first risk element knowledge relationship network according to a first active interaction event information set in the streaming session activity information, and obtaining second branch characteristic member distribution of the second risk element knowledge relationship network according to a second active interaction event information set in the thermodynamic session activity information.
In the embodiment of the invention, the intelligent security server performs up-sampling and mapping operation on the first active interaction event information set to obtain a first candidate risk element knowledge relationship network which is consistent with the first risk element knowledge relationship network in size, combines (connects or splices) the first risk element knowledge relationship network and the first candidate risk element knowledge relationship network, and performs mapping operation (such as linear regression processing) on the combined risk element knowledge relationship network to obtain the first branch feature member distribution.
Further, the members in the first distribution of branch feature members have a one-to-one relationship with the risk element knowledge units in the first risk element knowledge relationship network. In this way, the first branch feature member distribution is obtained through the ideas of the upsampling, the mapping operation, the combining and the mapping operation, the first mapping operation is convenient for enabling the scale of the obtained risk element knowledge relationship network to be consistent with that of the first risk element knowledge relationship network, and the second mapping operation can analyze the obtained risk element knowledge relationship network according to the combined risk element knowledge relationship network to obtain the first branch feature member distribution.
In the embodiment of the invention, the intelligent security server performs up-sampling and mapping operation on the second active interaction event information set to obtain a second candidate risk element knowledge relationship network which is in accordance with the second risk element knowledge relationship network in a standard mode, combines the second risk element knowledge relationship network and the second candidate risk element knowledge relationship network, and performs mapping operation on the combined risk element knowledge relationship network to obtain the distribution of the second branch feature members.
Wherein the members in the second branch feature member distribution have a one-to-one relationship with the risk element knowledge units in the second risk element knowledge relationship network. Therefore, the second branch feature member distribution is obtained through the ideas of the upsampling, the mapping operation, the combining and the mapping operation, the first mapping operation is convenient for enabling the scale of the obtained risk element knowledge relationship network to be consistent with that of the second risk element knowledge relationship network, and the second mapping operation can obtain the second branch feature member distribution through analysis according to the combined risk element knowledge relationship network.
In other examples, the candidate risk element knowledge relationship network may be understood as a set of risk element features to be combined, and the distribution of the branch feature members may be understood as a branch feature member matrix, or a feature map corresponding to local attention indexes (e.g., different risk detection criteria).
And 23, obtaining an information attack analysis report of the abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network and the second branch feature member distribution.
In the embodiment of the present invention, the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network, and the second branch feature member distribution may be loaded into the information attack analysis network one by one for analysis, so as to obtain an information attack analysis report of the abnormal interactive session behavior, and further, the information attack analysis report may reflect an attack type, an attack manner, an attack urgency degree, and the like of the abnormal interactive session behavior, for example, reflect whether the attack type of the abnormal interactive session behavior is type a1 or type b1, whether the attack manner is type a2 or type b2, and whether the attack urgency degree is high urgency degree or low urgency degree.
In some possible embodiments, obtaining the information attack analysis report of the abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network, and the second branch feature member distribution may be implemented by the following steps 231 and 232.
And 231, obtaining a first information attack analysis weight and a second information attack analysis weight of the abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network and the second branch feature member distribution.
And 232, obtaining an information attack analysis report according to the first information attack analysis weight and the second information attack analysis weight.
In the embodiment of the invention, the smart security server performs vector operation (dot product processing) on the first risk element knowledge relationship network and the first branch feature member distribution (exemplarily, the risk element knowledge relationship network corresponding to the relevant distribution area and the members corresponding to the relevant distribution area perform vector operation) to obtain a first target risk element knowledge relationship network, loads the first target risk element knowledge relationship network into a third deep learning algorithm to perform risk element knowledge mining, and performs weight analysis processing on the mined risk element knowledge relationship network to obtain a first information attack analysis weight for performing information attack analysis on the flow session activity information. Further, a third deep learning algorithm is combined with the deep learning network layer to perform risk element knowledge mining, and a support vector machine is adopted to perform weight analysis processing (or differentiated label adding processing) on the risk element knowledge relationship network obtained by the deep learning network layer mining.
And the intelligent security server performs vector operation on the second risk element knowledge relationship network and the distribution of the second branch feature members to obtain a second target risk element knowledge relationship network, loads the second target risk element knowledge relationship network into a fourth deep learning algorithm to perform risk element knowledge mining, performs weight analysis processing on the mined risk element knowledge relationship network, and obtains a second information attack analysis weight for performing information attack analysis on the thermodynamic session activity information. And the fourth deep learning algorithm also adopts a deep learning network layer and a support vector machine to carry out risk element knowledge mining and weight calculation. In the embodiment of the invention, the first branch feature member distribution is merged into the first risk element knowledge relationship network, and the second branch feature member distribution is merged into the second risk element knowledge relationship network, so that the intelligent security server can mainly consider the active activity event information, and the information attack analysis error is reduced.
And the intelligent security server calculates to obtain the final information attack analysis weight of the abnormal interactive session behavior according to the first information attack analysis weight and the second information attack analysis weight, and determines an information attack analysis report of the abnormal interactive session behavior according to the information attack analysis weight, wherein if the information attack analysis weight is not less than a set disassembly variable, the abnormal interactive session behavior is indicated as a high-risk data tampering behavior, and otherwise, the abnormal interactive session behavior is indicated as a low-risk data tampering behavior.
The intelligent security server can determine the mean value of the first information attack analysis weight and the second information attack analysis weight, and the mean value is used as the final information attack analysis weight of the abnormal interactive session behavior. The intelligent security server can also perform global processing (for example, weighted summation) on the first information attack analysis weight and the second information attack analysis weight, and use the result of the global processing as the last information attack analysis weight of the abnormal interactive session behavior, and the like. Therefore, two information attack analysis weights are respectively determined based on the distribution of two branch feature members carrying active activity event information and the distribution of risk element knowledge obtained by stream type session activity information mining and the distribution of risk element knowledge obtained by thermodynamic type session activity information mining, the final information attack analysis weight is determined by adopting the two information attack analysis weights, and the accuracy and the reliability of information attack analysis are improved by means of a risk element knowledge relation network of linkage session activity information (stream type session activity information + thermodynamic type session activity information) and the active activity event information as much as possible.
In some possible embodiments, in terms of obtaining the first active interaction event information set, the method may further include the following technical solutions recorded in steps 31 to 34.
And 31, disassembling the streaming session activity information into X streaming session activity data blocks with consistent window sizes, wherein X is an integer not less than 2.
And step 32, for each streaming session activity data block in the X streaming session activity data blocks, processing each streaming session activity data block by adopting a set disassembly rule to determine Y streaming session activity data blocks including the active interaction event data block from the X streaming session activity data blocks, wherein Y is not more than X and not less than 1.
And step 33, obtaining Y streaming session activity data blocks, and determining Y disassembly variables when the data blocks are disassembled.
And step 34, obtaining a first active interaction event information set according to the Y disassembly variables, the Y active interaction event characteristics in the Y streaming session activity data blocks and the streaming session activity information.
In the embodiment of the present invention, a value of X is not limited, and in some examples, streaming session activity information is disassembled into 9 streaming session activity data blocks with consistent window sizes (which may be understood as the same size), and it may be understood that, in view of that an active interaction event only interferes with partial data information of an abnormal interaction session behavior, an active interaction event may be associated in partial streaming session activity data blocks in the X streaming session activity data blocks. The smart security server determines a first information parsing factor according to the Y parsing variables, for example, the mean value of the Y parsing variables is used as the first information parsing factor (quantized data parsing instruction for guiding related data parsing processing). The intelligent security server performs text-level correction processing on the streaming session activity information by adopting a text-level correction processing thread (such as a natural language processing network) to obtain streaming session activity information subjected to correction processing, wherein the text-level correction processing thread performs linear processing on a streaming session activity information mapping list by adopting a thought similar to a feature mapping algorithm to correct the distribution state of active interaction events in the streaming session activity information.
The text-level correction processing thread can be obtained by debugging by referring to the session activity information in advance. The intelligent security server adopts a first information disassembling factor to disassemble an active interaction event information set of the streaming conversation activity information subjected to the correction processing, and the obtained active interaction event information set is a first reference active interaction event information set (reference information set).
In addition, for Y active interaction event characteristics in Y streaming session activity data blocks, global processing can be performed on the Y active interaction event data blocks according to the distribution tags of the data units in each active interaction event characteristic, and a first global active interaction event information set is obtained.
For example, the smart security server crosses the first reference active interaction event information set and the first global active interaction event information set, and uses the overlapping information as the first active interaction event information set, and further, the overlapping information indicates that the first reference active interaction event information set and the first global active interaction event information set both reflect a set of data units (a minimum unit of measurement data information, such as a data entity, a rectangular data area, and the like) of which the distribution tags are distribution tags where active interaction events are located. Therefore, the streaming session activity information is disassembled, then the data block disassembly is adopted to disassemble the information set of each streaming session activity data block, and a first active interaction event information set is obtained through the data blocks obtained through disassembly, the disassembly variables during disassembly and the streaming session activity information, so that the careful and accurate information set disassembly is carried out, and the first active interaction event information set with more accurate distributed labels is obtained.
In addition, the flow type conversation activity information is processed by adopting the correction processing of the text layer, the optimization of the distribution of data units corresponding to the active interaction events is convenient to realize, a first reference active interaction event information set is accurately disassembled, in addition, Y active interaction event data blocks are subjected to global processing, the overlapped information of the globally processed first global active interaction event information set and the first reference active interaction event information set is used as the first active interaction event information set, and the accuracy and the reliability of information disassembly are improved.
In some possible embodiments, in terms of obtaining the second active interaction event information set, the method may further include the following technical solutions recorded in steps 41 to 44.
And 41, disassembling the thermal type session activity information into Z thermal type session activity data blocks with consistent window sizes, wherein Z is an integer not less than 2.
And 42, processing each thermodynamic type session activity data block in the Z thermodynamic type session activity data blocks by adopting a set disassembly rule so as to determine R thermodynamic type session activity data blocks comprising the active interaction event data block from the Z thermodynamic type session activity data blocks, wherein R is not more than Z and not less than 1.
And 43, obtaining R thermal conversation activity data blocks, and determining R disassembly variables when the data blocks are disassembled.
And step 44, obtaining a second active interaction event information set according to the R disassembly variables, the R active interaction event characteristics in the R thermodynamic type session activity data blocks and the thermodynamic type session activity information.
In the embodiment of the present invention, values of Z are not limited, for example, the thermodynamic type session activity information is disassembled into 9 streaming session activity data blocks with consistent window sizes, it can be understood that, in view of that an active interaction event may interfere with partial data information of an abnormal interaction session behavior, a partial thermodynamic type session activity data block in the Z thermodynamic type session activity data blocks may be associated with the active interaction event, and in view of this, each thermodynamic type session activity data block is processed by using a set disassembly rule, and only some obtained thermodynamic type session activity data blocks including the active interaction event data block, such as the above R thermodynamic type session activity data blocks, are obtained.
The intelligent security server determines a second information disassembling factor according to the R disassembling variables, for example, the mean value of the R disassembling variables is used as the second information disassembling factor. The intelligent security server performs text-level correction processing on the thermal conversation activity information by adopting a text-level correction processing thread to obtain the thermal conversation activity information subjected to correction processing, wherein the text-level correction processing thread performs linear processing on a thermal conversation activity information mapping list by adopting a thought similar to a characteristic mapping algorithm to correct the distribution state of active interaction events in the thermal conversation activity information.
And the intelligent security server adopts a second information disassembling factor to disassemble the active interaction event information set of the corrected thermodynamic session activity information, and the obtained active interaction event information set is a second reference active interaction event information set.
In addition, for R active interaction event characteristics in the R thermodynamic session activity data blocks, the R active interaction event data blocks may be globally processed according to the distribution label of the data unit in each active interaction event characteristic, so as to obtain a second global active interaction event information set. And the intelligent security server crosses the second reference active interaction event information set and the second global active interaction event information set, and takes the overlapped information as the second active interaction event information set, wherein the overlapped information indicates that the second reference active interaction event information set and the second global active interaction event information set both reflect the set of data units of which the distribution labels are the distribution labels where the active interaction events are located.
Therefore, the thermodynamic type conversation activity information is disassembled, then the data block disassembly is adopted to disassemble the information set of each thermodynamic type conversation activity data block, and a second active interaction event information set is obtained through the data blocks obtained through disassembly, the disassembly variables during disassembly and the thermodynamic type conversation activity information, so that the careful and accurate information set disassembly is carried out, and the second active interaction event information set with more accurate distributed labels is obtained.
In addition, the thermal conversation activity information is processed by adopting the text-level correction processing, so that the optimization of the distribution of data units corresponding to the active interaction events is conveniently realized, a second reference active interaction event information set is accurately disassembled, in addition, R active interaction event data blocks are subjected to global processing, the overlapped information of the globally processed second global active interaction event information set and the second reference active interaction event information set is used as the second active interaction event information set, and the accuracy and the reliability of information disassembly are improved.
The method is applied to the embodiment, risk element knowledge mining is carried out on the streaming conversation activity information and the thermodynamic conversation activity information of the abnormal interactive conversation behavior, which are acquired by the distributed data processing threads in parallel, so that a first risk element knowledge relationship network and a second risk element knowledge relationship network are respectively acquired; obtaining first branch characteristic member distribution of a first risk element knowledge relationship network according to a first active interaction event information set in streaming session activity information, and obtaining second branch characteristic member distribution of a second risk element knowledge relationship network according to a second active interaction event information set in thermodynamic session activity information; and obtaining an information attack analysis report of the abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network and the second branch feature member distribution.
Thus, for a cloud service session with an active interaction event (which may interfere and mislead with information attack analysis), data information corresponding to the active interaction event is fused with risk description features of session activity information (e.g., a first risk element knowledge relationship network, a second risk element knowledge relationship network, first branch feature member distribution and second branch feature member distribution), so that the information attack analysis network can be assisted to identify the active interaction event in the session activity information, and further, information sets corresponding to the active interaction event are prevented from being identified as having information attack threats, and therefore, accuracy and reliability of information attack analysis for abnormal interaction session behaviors can be improved.
In some possible embodiments, another idea of an information attack analysis method combined with deep learning is provided in the embodiments of the present invention, where the method includes the contents recorded in steps 61-64.
And 61, carrying out risk element knowledge mining on the streaming conversation activity information and the thermodynamic conversation activity information of the abnormal interactive conversation behavior acquired by the distributed data processing thread in parallel, and respectively acquiring a first risk element knowledge relationship network and a second risk element knowledge relationship network.
And step 62, obtaining a first branch characteristic member distribution of the first risk element knowledge relationship network according to a first active interaction event information set in the streaming session activity information, and obtaining a second branch characteristic member distribution of the second risk element knowledge relationship network according to a second active interaction event information set in the thermodynamic session activity information.
And 63, obtaining a first information attack analysis weight and a second information attack analysis weight of the abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network and the second branch feature member distribution.
And step 64, obtaining an information attack analysis report according to the first information attack analysis weight and the second information attack analysis weight.
In addition, in some independent embodiments, in obtaining the information attack analysis report of the abnormal interactive session behavior, the method may further include: and if the information attack analysis report represents that the abnormal interactive session behavior is a high-risk data tampering behavior, performing information attack protection processing according to the selected session activity information corresponding to the abnormal interactive session behavior.
It can be understood that if the abnormal interactive session behavior is a high-risk data tampering behavior, it indicates that the risk level of the current cloud service session is high, and if the security protection processing is not performed in time, a certain loss may be caused. The information attack protection processing comprises authority verification, random number verification, abnormal request interception, data backup and the like.
In addition, in some independent embodiments, the performing of the information attack protection processing according to the selected session activity information corresponding to the abnormal interactive session behavior may include the following technical solutions: obtaining a first potential attack activity data record by using the selected session activity information, wherein the first potential attack activity data record comprises to-be-processed potential attack activity data and at least one linkage potential attack activity data associated with the to-be-processed potential attack activity data; respectively carrying out attack activity matching processing on the to-be-processed potential attack activity data and each linkage potential attack activity data to obtain a matched attack tendency of each linkage potential attack activity data; carrying out attack tendency updating processing on the matched attack tendency of each linkage potential attack activity data through the to-be-processed potential attack activity data to obtain the matched attack tendency of each linkage potential attack activity data which is updated; determining target potential attack activity data corresponding to the to-be-processed potential attack activity data according to the updated matched attack tendency; and determining a target information attack protection strategy according to the attack subject label of the target potential attack activity data.
Therefore, the target potential attack activity data can be corrected by sinking to an attack tendency layer, so that the matching and customization of the target information attack protection strategy are carried out based on the accurate and credible attack subject label (class label), and the credibility and the quality of the subsequent information attack protection are improved.
In some independent embodiments, the attack activity matching process comprises: and splicing and analyzing attack activity tendency fields in a first attack activity tendency field set of the potential attack activity data to be processed and a second attack activity tendency field set of the linkage potential attack activity data to obtain matched attack tendency of the linkage potential attack activity data, wherein the first attack activity tendency field set and the second attack activity tendency field set both comprise at least one attack activity tendency field with different dimensionalities, and the dimensionality of the matched attack tendency of the linkage potential attack activity data is the same as that of the potential attack activity data to be processed.
In some independent embodiments, the splicing and analyzing the attack activity tendency fields in the first attack activity tendency field set of the to-be-processed potential attack activity data and the second attack activity tendency field set of the linkage potential attack activity data to obtain the matched attack tendency of the linkage potential attack activity data includes: performing first field identification on the attack activity tendency field with the minimum dimensionality in the first attack activity tendency field set and the attack activity tendency field with the minimum dimensionality in the second attack activity tendency field set to obtain basic analysis information; sequentially and circularly executing the splicing operation and the analysis operation through the attack activity tendency field in the first attack activity tendency field set, the attack activity tendency field in the second attack activity tendency field set and the basic analysis information until a derived attack tendency with the dimension same as that of the potential attack activity data to be processed is obtained, wherein the derived attack tendency is the result of the splicing operation; determining a derived attack propensity with the same dimension as the dimension of the pending potential attack activity data as the matched attack propensity.
In some independent embodiments, the step of splicing operation comprises: performing linear interpolation operation on the obtained analytic information with the largest dimensionality to obtain analytic information after linear interpolation; acquiring a first attack activity tendency field with the same dimension as the analysis information after linear interpolation from the second attack activity tendency field set; and adjusting the first attack activity tendency field and the analysis information after linear interpolation to obtain a derivative attack tendency, wherein the derivative attack tendency has the same dimension as the analysis information after linear interpolation, and the derivative attack tendency is used for performing the analysis operation to obtain the analysis information with the same dimension as the derivative attack tendency.
In some independent embodiments, the parsing operation comprises: acquiring a second attack activity tendency field with the same dimension as the analysis information after linear interpolation from the first attack activity tendency field set; carrying out first field identification on the derived attack tendency and the second attack activity tendency field; and obtaining new analysis information through the result of the first field identification and the analysis information after the linear interpolation, wherein the new analysis information is used for carrying out the splicing operation in the next round to obtain a new derivative attack tendency.
In some independent embodiments, the attack propensity update process comprises: determining credibility factor information of matched attack tendencies of the linkage potential attack activity data through the to-be-processed potential attack activity data, wherein the credibility factor information comprises a first credibility factor list of the matched attack tendencies of the linkage potential attack activity data and a second credibility factor list of a maximum dimension attack activity tendency field of the to-be-processed potential attack activity data, and the dimension of the maximum dimension attack activity tendency field is the same as the dimension of the matched attack tendencies of the linkage potential attack activity data; determining matched attack tendencies of the linked potential attack activity data and first calculation data of the first list of credibility factors; determining the maximum dimension attack activity tendency field and second calculation data of the second credibility factor list; and obtaining matched attack tendency for finishing updating by linking the potential attack activity data through the first calculation data and the second calculation data.
In some independent embodiments, the determining, from the updated matched attack tendencies as a result of the completion update, target potential attack activity data corresponding to the pending potential attack activity data includes: and processing the matched attack tendency of each linkage potential attack activity data after updating through a second attack tendency processing network to obtain target potential attack activity data corresponding to the to-be-processed potential attack activity data.
Based on the same inventive concept, fig. 2 shows a block diagram of an information attack analysis apparatus combined with deep learning according to an embodiment of the present invention, and an information attack analysis apparatus combined with deep learning may include the following modules that implement the relevant method steps shown in fig. 1.
An activity information obtaining module 210, configured to: and carrying out risk element knowledge mining on the streaming conversation activity information and the thermal conversation activity information of the abnormal interactive conversation behavior acquired by the distributed data processing thread in parallel to respectively acquire a first risk element knowledge relationship network and a second risk element knowledge relationship network.
A risk element analysis module 220 to: and obtaining the distribution of the first branch feature members of the first risk element knowledge relationship network according to a first active interaction event information set in the streaming session activity information, and obtaining the distribution of the second branch feature members of the second risk element knowledge relationship network according to a second active interaction event information set in the thermodynamic session activity information.
An analysis report generation module 230 configured to: and obtaining an information attack analysis report of the abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network and the second branch feature member distribution.
The related embodiment applied to the invention can achieve the following technical effects:
risk element knowledge mining is carried out on streaming conversation activity information and thermal conversation activity information of abnormal interactive conversation behaviors, which are acquired by a distributed data processing thread in parallel, so that a first risk element knowledge relationship network and a second risk element knowledge relationship network are respectively acquired; obtaining first branch characteristic member distribution of a first risk element knowledge relationship network according to a first active interaction event information set in streaming session activity information, and obtaining second branch characteristic member distribution of a second risk element knowledge relationship network according to a second active interaction event information set in thermodynamic session activity information; and obtaining an information attack analysis report of the abnormal interactive conversation behavior according to the first risk element knowledge relation network, the first branch feature member distribution, the second risk element knowledge relation network and the second branch feature member distribution.
Thus, for a cloud service session with an active interaction event (which may interfere and mislead with information attack analysis), data information corresponding to the active interaction event is fused with risk description features of session activity information (e.g., a first risk element knowledge relationship network, a second risk element knowledge relationship network, first branch feature member distribution, and second branch feature member distribution), so that the active interaction event in the session activity information can be identified by an information attack analysis network (such as a deep learning network), and further, information sets corresponding to the active interaction event are prevented from being identified as having information attack threats, so that accuracy and reliability of information attack analysis for abnormal interaction session behaviors can be improved.
The foregoing is only illustrative of the present invention. Those skilled in the art can conceive of changes or substitutions based on the specific embodiments provided by the present invention, and all such changes or substitutions are intended to be included within the scope of the present invention.
Claims (10)
1. An information attack analysis method combined with deep learning is characterized by being applied to an intelligent security server and at least comprising the following steps:
performing risk element knowledge mining on streaming conversation activity information and thermodynamic conversation activity information of abnormal interactive conversation behaviors, which are acquired by a distributed data processing thread in parallel, and acquiring a first risk element knowledge relation network and a second risk element knowledge relation network respectively;
obtaining a first branch characteristic member distribution of the first risk element knowledge relationship network according to a first active interaction event information set in the streaming session activity information, and obtaining a second branch characteristic member distribution of the second risk element knowledge relationship network according to a second active interaction event information set in the thermodynamic session activity information;
and obtaining an information attack analysis report of the abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network and the second branch feature member distribution.
2. The method according to claim 1, wherein obtaining the information attack analysis report of the abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network and the second branch feature member distribution comprises:
obtaining a first information attack analysis weight and a second information attack analysis weight of the abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network and the second branch feature member distribution;
and obtaining the information attack analysis report by using the first information attack analysis weight and the second information attack analysis weight.
3. The method according to claim 2, wherein the obtaining a first information attack analysis weight and a second information attack analysis weight of the abnormal interactive session behavior according to the first risk element knowledge relationship network, the first branch feature member distribution, the second risk element knowledge relationship network and the second branch feature member distribution comprises:
performing vector operation on the first risk element knowledge relationship network and the first branch feature member distribution to obtain a first target risk element knowledge relationship network;
performing vector operation on the second risk element knowledge relationship network and the second branch feature member distribution to obtain a second target risk element knowledge relationship network;
risk element knowledge mining is carried out on the first target risk element knowledge relation network, weight analysis processing is carried out on the risk element knowledge relation network obtained through mining, and the first information attack analysis weight is obtained;
and carrying out risk element knowledge mining on the second target risk element knowledge relation network, and carrying out weight analysis processing on the mined risk element knowledge relation network to obtain a second information attack analysis weight.
4. The method of claim 1, wherein obtaining a first distribution of branch feature members of the first risk element knowledge relationship network according to a first active interaction event information set in the streaming session activity information comprises:
performing upsampling and mapping operation on the first active interaction event information set to obtain a first candidate risk element knowledge relationship network with the same size as the first risk element knowledge relationship network;
and combining the first risk element knowledge relationship network with the first candidate risk element knowledge relationship network, and performing mapping operation on the combined risk element knowledge relationship network to obtain the member distribution of the first branch characteristics.
5. The method according to claim 1, wherein the obtaining a second branch feature member distribution of the second risk element knowledge relationship network according to a second active interaction event information set in the thermodynamic type session activity information comprises:
performing upsampling and mapping operation on the second active interaction event information set to obtain a second candidate risk element knowledge relation network which is consistent with the second risk element knowledge relation network in size;
and combining the second risk element knowledge relationship network with the second candidate risk element knowledge relationship network, and performing mapping operation on the combined risk element knowledge relationship network to obtain the member distribution of the second branch characteristics.
6. The method of claim 1, wherein after performing risk element knowledge mining on streaming session activity information and thermodynamic session activity information of abnormal interactive session behavior acquired by the distributed data processing threads in parallel to obtain a first risk element knowledge relationship network and a second risk element knowledge relationship network, respectively, the method further comprises:
the streaming session activity information is disassembled into X streaming session activity data blocks with consistent window sizes, wherein X is an integer not less than 2;
for each streaming session activity data block in the X streaming session activity data blocks, processing each streaming session activity data block by adopting a set disassembly rule to determine Y streaming session activity data blocks including an active interaction event data block from the X streaming session activity data blocks, where Y is not greater than X and not less than 1;
obtaining Y disassembly variables determined when the Y streaming session active data blocks are subjected to data block disassembly;
and obtaining the first active interaction event information set by utilizing the Y disassembly variables, the Y active interaction event characteristics in the Y streaming session activity data blocks and the streaming session activity information.
7. The method of claim 6, wherein the using the Y defragmentation variables, the Y active interactivity event characteristics in the Y streaming session activity data blocks, and the streaming session activity information to obtain the first active interactivity event information set comprises:
determining a first information disassembly factor by utilizing the Y disassembly variables;
performing text-level correction processing on the streaming session activity information to obtain streaming session activity information subjected to correction processing;
performing active interaction event information set decomposition on the streaming session activity information subjected to the correction processing by combining the first information decomposition factor to obtain a first reference active interaction event information set;
globally processing the Y active interaction event data blocks through the distribution label of each data unit of the Y active interaction event data blocks to obtain a first global active interaction event information set;
and taking the overlapping information of the first reference active interaction event information set and the first global active interaction event information set as the first active interaction event information set.
8. The method of claim 1, wherein after performing risk element knowledge mining on streaming session activity information and thermodynamic session activity information of abnormal interactive session behavior acquired by the distributed data processing threads in parallel to obtain a first risk element knowledge relationship network and a second risk element knowledge relationship network, respectively, the method further comprises:
decomposing the thermodynamic type conversation activity information into Z thermodynamic type conversation activity data blocks with consistent window sizes, wherein Z is an integer not less than 2;
for each thermodynamic type session activity data block in the Z thermodynamic type session activity data blocks, processing each thermodynamic type session activity data block by adopting a set disassembly rule to determine R thermodynamic type session activity data blocks including an active interaction event data block from the Z thermodynamic type session activity data blocks, where R is not greater than Z and not less than 1;
obtaining R disassembly variables determined when the R thermodynamic session activity data blocks are subjected to data block disassembly;
and obtaining the second active interaction event information set by utilizing the R disassembly variables, the R active interaction event characteristics in the R thermodynamic type session activity data blocks and the thermodynamic type session activity information.
9. The method according to claim 8, wherein the obtaining the second active interaction event information set using the R disassembly variables, the R active interaction event characteristics in the R thermodynamic session activity data blocks, and the thermodynamic session activity information comprises:
determining a second information disassembly factor by utilizing the R disassembly variables;
performing text-level correction processing on the thermal type session activity information to obtain thermal type session activity information subjected to correction processing;
performing active interaction event information set decomposition on the corrected thermal type session activity information by combining the second information decomposition factor to obtain a second reference active interaction event information set;
globally processing the R active interaction event data blocks through the distribution label of each data unit of the R active interaction event data blocks to obtain a second global active interaction event information set;
and taking the overlapping information of the second reference active interaction event information set and the second global active interaction event information set as the second active interaction event information set.
10. The utility model provides an intelligent security protection server which characterized in that includes: a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; wherein the computer instructions, when executed by the processor, cause the smart security server to perform the method of any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210799119.4A CN115174230A (en) | 2022-07-08 | 2022-07-08 | Information attack analysis method and server combined with deep learning |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210799119.4A CN115174230A (en) | 2022-07-08 | 2022-07-08 | Information attack analysis method and server combined with deep learning |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115174230A true CN115174230A (en) | 2022-10-11 |
Family
ID=83492908
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210799119.4A Withdrawn CN115174230A (en) | 2022-07-08 | 2022-07-08 | Information attack analysis method and server combined with deep learning |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115174230A (en) |
-
2022
- 2022-07-08 CN CN202210799119.4A patent/CN115174230A/en not_active Withdrawn
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114218568B (en) | Big data attack processing method and system applied to cloud service | |
| CN116414948A (en) | Abnormal data mining method and software product based on cloud data and artificial intelligence | |
| CN109388551A (en) | There are the method for loophole probability, leak detection method, relevant apparatus for prediction code | |
| US20150186195A1 (en) | Method of analysis application object which computer-executable, server performing the same and storage media storing the same | |
| CN111930610B (en) | Software homology detection method, device, equipment and storage medium | |
| CN113965389A (en) | Network security management method, equipment and medium based on firewall log | |
| CN109815697A (en) | Wrong report behavior processing method and processing device | |
| CN115168868A (en) | Business vulnerability analysis method and server applied to artificial intelligence | |
| CN114491282B (en) | Abnormal user behavior analysis method and system based on cloud computing | |
| CN115022080A (en) | Data attack processing method and server applied to smart cloud | |
| CN113722719A (en) | Information generation method and artificial intelligence system for security interception big data analysis | |
| CN107579944B (en) | Artificial intelligence and MapReduce-based security attack prediction method | |
| CN111159482A (en) | Data verification method and system | |
| CN110855635A (en) | URL (Uniform resource locator) identification method and device and data processing equipment | |
| CN117171695B (en) | Method and system for evaluating ecological restoration effect of antibiotic contaminated soil | |
| CN115174230A (en) | Information attack analysis method and server combined with deep learning | |
| CN114168949A (en) | Application software anomaly detection method and system applied to artificial intelligence | |
| CN113781068A (en) | Online problem solving method and device, electronic equipment and storage medium | |
| CN112686676A (en) | Industrial Internet identification chain processing method, device and equipment | |
| CN113742208A (en) | Software detection method, device, equipment and computer readable storage medium | |
| CN111754103A (en) | Enterprise risk image method, device, computer equipment and readable storage medium | |
| Ahn et al. | Data embedding scheme for efficient program behavior modeling with neural networks | |
| CN111967043B (en) | Method, device, electronic equipment and storage medium for determining data similarity | |
| CN114329471A (en) | Data processing method, data processing device, electronic equipment and storage medium | |
| Yousefnezhad et al. | Reproducibility of Firmware Analysis: An Empirical Study |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230224 Address after: No. 57, Zhanqian North Road, Jiaming Economic Development Zone, Dongchangfu District, Liaocheng City, Shandong Province, 252000 Applicant after: Hu Qian Address before: No. 57, Zhanqian North Road, Jiaming Economic Development Zone, Dongchangfu District, Liaocheng City, Shandong Province, 252000 Applicant before: Liaocheng Jinmoli Network Technology Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20221011 |
|
| WW01 | Invention patent application withdrawn after publication |