CN115225404A - Big data analysis method and system based on network security - Google Patents

Big data analysis method and system based on network security Download PDF

Info

Publication number
CN115225404A
CN115225404A CN202210887922.3A CN202210887922A CN115225404A CN 115225404 A CN115225404 A CN 115225404A CN 202210887922 A CN202210887922 A CN 202210887922A CN 115225404 A CN115225404 A CN 115225404A
Authority
CN
China
Prior art keywords
session
target
medical
description
medical service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202210887922.3A
Other languages
Chinese (zh)
Inventor
周全
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202210887922.3A priority Critical patent/CN115225404A/en
Publication of CN115225404A publication Critical patent/CN115225404A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/67ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/88Medical equipments

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Business, Economics & Management (AREA)
  • Business, Economics & Management (AREA)
  • Epidemiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

The invention relates to a big data analysis method and a big data analysis system based on network security, which are used for receiving interception strategy indication information and marking intrusion intention characteristics in session events according to the interception strategy indication information. The interception policy indication information is generated after a behavior interception policy is enabled for the session event, and the interception policy indication information can be used for indicating the mark of the intrusion intention characteristic, so that autonomous session event interception can be realized through the intrusion intention characteristic mark, and effective network security protection of big data can be realized.

Description

Big data analysis method and system based on network security
The invention relates to a divisional application with the application number of CN202111517958.4, the application date of which is 12 months and 13 days in 2021, and the invention is named as a network security analysis method and a network security analysis system applied to intelligent medical big data.
Technical Field
The embodiment of the invention relates to the technical field of big data security, in particular to a big data analysis method and system based on network security.
Background
With the development of big data, emerging industrial modes such as online payment, remote office, intelligent medical treatment and the like are gradually mature. Taking smart medical treatment as an example, the smart medical treatment is a medical system which comprehensively applies technologies such as a medical internet of things, data fusion transmission and exchange, cloud computing, a metropolitan area network and the like, fuses medical infrastructure and IT infrastructure through an information technology, spans space-time limitation of an original medical system by taking a 'medical cloud data center' as a core, and performs intelligent decision on the basis to realize optimization of medical services. How to construct an energy-saving, efficient, integrated and safe converged service architecture is the current work focus.
In recent years, the big data + smart medical model has improved the utilization rate of medical resources and the degree of intelligence of medical services. However, the security risk of the communication network increases the probability of the attack on the relevant important data information of the intelligent medical service, and how to improve the above problems to avoid threats such as intrusion attack is an urgent technical problem to be solved.
Disclosure of Invention
In view of this, embodiments of the present invention provide a big data analysis method and system based on network security.
The embodiment of the invention provides big data analysis based on network security, which is applied to a front-end medical interaction system and comprises the following components: determining a multi-modal telemedicine session encompassing a target hospitalization service topic and a target telemedicine session encompassing the target hospitalization service topic; the target telemedicine session implies: at least one of a real-time telemedicine session and a derivative medical service session, the target telemedicine session and the multimodal telemedicine session being telemedicine sessions that meet a session record step condition; performing abnormal tendency analysis on session events corresponding to the target hospitalizing service theme according to the multi-modal remote medical session and the target remote medical session; performing network attack preference mining on the target hospitalizing service theme according to the multi-modal telemedicine session and the target telemedicine session; and reporting a network security protection application to a cloud medical service platform system on the premise of analyzing that the session event is a visual operation with abnormal tendency and completing the mining of the target network attack preference, wherein the cloud medical service platform system is used for receiving the network security protection application and starting a behavior interception strategy for the session event.
For the embodiment of the invention, after the multi-mode remote medical session and the target remote medical session which contain the target medical service theme are determined, the accuracy and the reliability of the abnormal tendency analysis can be improved according to the technical thought of performing the abnormal tendency analysis on the session event by the multi-mode remote medical session and the target remote medical session, and meanwhile, the quality of the network attack preference mining can be ensured as much as possible according to the technical thought of performing the network attack preference mining on the target medical service theme by the multi-mode remote medical session and the target remote medical session, so that the big data analysis method based on the network security can be matched with various intelligent medical network security protection conditions as much as possible. Aiming at the situation of security protection of the intelligent medical network with larger scale, the design idea of the invention can also obtain the abnormal tendency analysis result with high accuracy and high reliability and the network attack preference mining result, thereby ensuring the targeted behavior interception of the session event and avoiding the threat of intrusion attack and the like to the intelligent medical big data.
For some design considerations that can be implemented independently, the web attack preference mining on the target medical service topic according to the multimodal telemedicine session and the target telemedicine session comprises: determining the network state description of the current session process; determining an assisted mining telemedicine session having a corresponding relationship with the network state description from the multimodal telemedicine session and the target telemedicine session; and performing network attack preference mining on the target hospitalizing service theme by utilizing the auxiliary mining telemedicine session.
By such design, in view of different network states, the quality of the network attack preference mining according to different types of remote medical sessions may be different. For example, in the case where the network status is unstable or the network status is updated frequently, performing cyber attack preference mining according to the multimodal telemedicine session may reduce the accuracy of the cyber attack preference mining. Therefore, according to the technical idea of determining the auxiliary mining telemedicine session in the corresponding relation with the network state description, the network attack preference mining is carried out through the auxiliary mining telemedicine session, the accuracy of the network attack preference mining can be improved, and the attack coping precision of the intelligent medical big data is guaranteed.
For some design ideas that can be implemented independently, the determining a network state description of the current session process includes: determining a target network state variable, wherein the target network state variable implies one or more of: the risk evaluation method comprises the following steps of (1) session hot index, adaptation degree between the front-end medical interactive system and session events, and risk evaluation of network states corresponding to the session events; determining the network state description by the target network state variable.
By the design, the network state description is determined according to various different target network state variables, and various network state variables influencing behavior interception strategies can be considered, so that the protection scheme can be guaranteed to be matched with any intelligent medical network security attack situation as far as possible.
For some independently implementable design considerations, the determining of the presence of a correspondence to the network state description in the multimodal telemedicine session and the target telemedicine session assists in mining the telemedicine session, including: identifying a session hot index of a current session process network state; on the premise that the session trending index reaches a set index condition, determining the multimodal telemedicine session as the assisted mining telemedicine session; and on the premise that the session trending index does not reach the set index condition, determining the real-time telemedicine session as the auxiliary mining telemedicine session.
By the design, the conversation popularity index of the current conversation process network state can be identified according to an intelligent thread arranged on the front-end medical interactive system, and the conversation popularity index of the current conversation process network state can be determined according to the technical thought of remote medical conversation processing on the multi-modal remote medical conversation. According to the conversation hot index for identifying the network state, taking the conversation hot index as the network state description; and the technical idea of assisting in mining the remote medical session for network attack preference mining, which has a corresponding relation with the session trending index, is determined in the multi-modal remote medical session and the target remote medical session, so that the accuracy of network attack preference mining can be improved.
For some independently implementable design concepts, said network attack preference mining on said target hospitalization service topic using said assisted mining telemedicine session comprises: carrying out medical service subject description mining on the assisted mining remote medical session to obtain a first medical service subject description; and inquiring the first medical service subject description in the specified medical service subject description set, and determining that the network attack preference mining of the target medical service subject is completed on the premise of inquiring the first medical service subject description.
For some independently implementable design considerations, the method further comprises: on the premise that the first medical service theme description is not inquired in the designated medical service theme description set, an inquiry application is reported to a cloud medical service platform system, wherein the inquiry application is used for applying the cloud medical service platform system to inquire the first medical service theme description in a standby medical service theme description set; and determining that the network attack preference mining is completed on the premise of detecting the notification information fed back by the cloud medical service platform system aiming at the query application.
By the design, the technical idea of carrying out the medical service theme description differential analysis on the specified medical service theme description set is set, the technical idea of carrying out the medical service theme description differential analysis on the cloud medical service platform system is set on the premise that the medical service theme description differential analysis of the specified medical service theme description set is unsuccessful, non-critical interaction between the front-end medical interaction system and the cloud medical service platform system can be ignored, and the medical service theme differential analysis can be started on the premise that the communication stability is poor, so that the medical service theme differential analysis efficiency is further improved.
For some design ideas which can be implemented independently, the performing abnormal trend analysis on the session event corresponding to the target medical-seeking service topic according to the multimodal telemedicine session and the target telemedicine session includes: extracting a first telemedicine session in the multi-modal telemedicine session, wherein the first telemedicine session is embedded in the target medical service topic, and extracting a second telemedicine session in the target telemedicine session, wherein the second telemedicine session is embedded in the target medical service topic; conducting an abnormal trend analysis of the session event using the first and second telemedicine sessions.
For some independently implementable design considerations, said conducting an abnormal trend analysis of said session event using said first telemedicine session and said second telemedicine session comprises: and importing the first remote medical treatment session and the second remote medical treatment session into an abnormal tendency analysis network for operation, and obtaining abnormal tendency analysis of the session event.
When the abnormal tendency analysis is carried out on the session event, the abnormal tendency analysis can be carried out on the multi-modal remote medical session according to the abnormal tendency analysis network, however, the abnormal tendency analysis carried out by utilizing the individual multi-modal remote medical session is limited too much, so that the quality of the abnormal tendency analysis of the session cannot be ensured. By utilizing the technical scheme, the abnormal tendency analysis is carried out on the session event according to the multi-mode remote medical session and the target remote medical session, and the abnormal tendency analysis can be carried out by synthesizing as many comprehensive analysis ideas as possible, so that the abnormal tendency analysis quality is improved.
For some independently implementable design considerations, said extracting a first telemedicine session within said multimodal telemedicine session that implicates said target medical service topic comprises: performing hospitalizing service topic identification on the target hospitalizing service topic in the multi-modal telemedicine session to obtain a first topic identification condition, wherein the first topic identification condition comprises: session markers and/or salient session segments; and extracting a first remote medical session in which the target medical-seeking service theme is hidden from the multi-modal remote medical session by utilizing the first theme recognition condition.
By the design, the first remote medical session is obtained by extracting the multi-mode remote medical sessions, so that the abnormal tendency analysis and the network attack preference mining are carried out according to the first remote medical session, redundant data in the multi-mode remote medical session can be cleaned, and the identification quality of the abnormal tendency analysis and the identification quality of the network attack preference mining are improved.
For some independently implementable design considerations, said extracting a second telemedicine session within said target telemedicine session that implicates said target medical services topic comprises: determining a first thread variable for recording a first intelligent thread of the multimodal telemedicine session and determining a second thread variable for recording a second intelligent thread of the targeted telemedicine session; determining a visual correspondence between the multimodal telemedicine session and the target telemedicine session using the first and second thread variables; determining first session transformation distribution of session marks of the target hospitalization service theme in the target telemedicine session by utilizing the visual corresponding condition, and extracting a second telemedicine session in which the target hospitalization service theme is hidden in the target telemedicine session by utilizing the first session transformation distribution; or determining second session transformation distribution of each significant session segment of the target hospitalization service topic in the target telemedicine session by using the visual corresponding condition, and extracting the second telemedicine session in which the target hospitalization service topic is hidden in the target telemedicine session by using the second session transformation distribution.
By means of the design, according to the determined visual corresponding situation, a first session transformation distribution of the session marks of the target medical service theme in the target telemedicine session can be determined, or a second session transformation distribution of each significant session segment of the target medical service theme in the target telemedicine session can be determined. After the first session transformation distribution or the second session transformation distribution is determined, the technical idea of the second remote medical session in which the target hospitalizing service theme is hidden is extracted from the target remote medical session through the first session transformation distribution or the second session transformation distribution, the distribution situation of the target hospitalizing service theme in the target remote medical session can be accurately determined, and the identification quality of abnormal tendency analysis and the identification accuracy and reliability of network attack preference mining can be improved when abnormal tendency analysis and network attack preference mining are carried out through the second remote medical session and the first remote medical session.
For some design considerations that may be implemented independently, the determining a multi-modal telemedicine session that implicates a target medical service topic and a target telemedicine session that implicates the target medical service topic includes: determining a first continuous service log, and identifying medical service log items in the first continuous service log to obtain first medical service log items containing medical service topics; determining the medical service subject score of the medical service subject stored in the first medical service log item; determining the multimodal telemedicine session through the first medical service log item on the premise that the hospitalizing service topic score reaches a score index; a second continuous service log is determined and the target telemedicine session is determined from the second continuous service log.
By the design, after the first medical service log item with the medical service subject score reaching the score index is positioned in the first continuous service log, the identification quality of abnormal tendency analysis and the identification quality of network attack preference mining can be improved when abnormal tendency analysis and network attack preference mining are carried out according to the first medical service log item, so that the big data analysis based on network safety can be matched with different conditions as much as possible, and the protection performance of a session event is ensured.
For some independently implementable design considerations, said determining a medical services topic score for the medical services topic embodied in the first medical services log entry comprises: performing medical service subject identification on the first medical service log item to obtain medical service subject identification conditions, wherein the medical service subject identification conditions comprise one or more of the following conditions: the method comprises the steps of distinguishing conversation segments, conversation recognition degrees, topic classification conditions and conversation recognition credibility coefficients; and analyzing the topic of the medical service topic identification condition to obtain the medical service topic score.
By the design, the technical idea of scoring the medical service theme of the medical service theme stored in the first medical service log item is determined according to one or more of the obvious session fragment, the session identification degree, the theme classification condition and the session identification credibility coefficient, so that the accuracy of scoring the medical service theme can be improved.
For some independently implementable design considerations, determining the multimodal telemedicine session from the first medical service log entry upon determining that the medical service topic score meets a score index comprises: determining a session mark of each medical service topic to obtain a plurality of session marks on the premise that a plurality of medical service topics are contained in the first medical service log item; and using the remote medical session with the medical service theme, which is obtained by calibrating the session mark with the highest priority in the plurality of session marks and contains the target medical service theme, as the multi-mode remote medical session.
By the design, the remote medical session of the hospitalizing service theme corresponding to the session mark with the highest priority in the plurality of session marks is used as the multi-mode remote medical session, so that the time consumption for executing the protection task can be reduced, and the timeliness of big data protection is improved.
For some independently implementable design considerations, the method further comprises: on the premise that the score of the medical service subject carried in the medical service subject in the first medical service log items is continuously identified not to reach the score index, creating a target optimization indication, wherein the target optimization indication is used for optimizing not less than one target variable: a session hit index of a current session process network state, configured to record a configuration result of a first intelligent thread of the first continuous service log; optimizing the target variable according to the target optimization indication; after optimizing the target variable, determining again a first continuous service log; and medical service subject identification is carried out on medical service log items in the first continuous service log which is determined again.
By the design, the session hot index and the configuration result of the first intelligent thread are optimized according to the target optimization instruction, the medical service theme score of the medical service theme remote medical session stored in the first medical service log item can be improved, and the quality of abnormal tendency analysis and the quality of network attack preference mining can be improved.
For some independently implementable design considerations, the method further comprises: summarizing protection completion accumulated values of the session events in a first set time sequence constraint interval; and on the premise that the protection completion accumulated value reaches a first set accumulated value condition, adding the hospitalizing service theme description of the session event to a specified hospitalizing service theme description set.
For some design ideas which can be independently implemented, adding the medical service topic description of the session event to a specified medical service topic description set on the premise that the protection completion cumulative value reaches a first set cumulative value condition includes: on the premise that the protection completion accumulated value reaches a first set accumulated value condition, determining prior protection information of the session event; determining the attention coefficient of the session event at the protection node of the current session process according to the prior protection information; judging whether the attention coefficient reaches an attention judgment value; adding the medical service subject description of the session event to a specified medical service subject description set on the premise that the attention coefficient reaches the attention judging value.
By the design, on the premise that the attention coefficient reaches the attention judgment value, the medical service subject description of the session event is added to the technical idea in the appointed medical service subject description set, the session event with the prominent protection at the protection node can be accurately determined from a plurality of session events, and the efficiency of differential analysis is improved.
For some independently implementable design considerations, the method further comprises: determining a target session event that the protection completion accumulated value in a second set time sequence constraint interval does not reach the first set accumulated value condition; searching the medical service subject description of the target session event in the specified medical service subject description set to obtain a second medical service subject description; and binding a target description keyword for the second medical service subject description, wherein the target description keyword is used for indicating that the second medical service subject description is a medical service subject description to be cleaned.
For the embodiment of the present invention, in order to save the specified overhead of the front-end medical interaction system, a corresponding target description keyword may be further set for the second medical service topic description of the specified medical service topic description set, so as to indicate, according to the target description keyword, that the second medical service topic description is the medical service topic description to be cleaned. The front-end medical interactive system can periodically identify the target description keywords so as to clean the medical service subject description to be cleaned.
For some independently implementable design concepts, the method further comprises: on the premise that the session event is determined not to be visual operation with abnormal tendency and the network attack preference mining is determined to be completed, summarizing a target accumulated value of the session event which completes the network attack preference mining in a non-abnormal state; and reporting statistical data based on the session event on the premise that the target cumulative value reaches a second set cumulative value condition.
By the design, the target accumulated value of network attack preference mining is finished under the non-abnormal state according to the summarized session event, the pertinence of the behavior interception strategy can be improved, and the invasion risk behavior of the session event is avoided.
The embodiment of the invention also provides a front-end medical interaction system, which comprises a processor, a network module and a memory; the processor and the memory communicate through the network module, and the processor reads the computer program from the memory and operates to perform the above-described method.
The embodiment of the invention also provides a computer storage medium, wherein the computer storage medium stores a computer program, and the computer program realizes the method when running.
In the description that follows, additional features will be set forth, in part, in the description. These features will be in part apparent to those skilled in the art upon examination of the following and the accompanying drawings, or may be learned by production or use. The features of the present application may be realized and attained by practice or use of various aspects of the methodologies, instrumentalities and combinations particularly pointed out in the detailed examples that follow.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a flowchart of a big data analysis method based on network security according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The front-end medical interactive system in the embodiment of the invention can be a server with data storage, transmission and processing functions, and comprises: the device comprises a memory, a processor, a network module and a big data analysis device based on network security.
The memory, the processor and the network module are electrically connected directly or indirectly to enable data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The memory stores a big data analysis device based on network security, the big data analysis device based on network security comprises at least one software function module which can be stored in the memory in the form of software or firmware (firmware), and the processor executes various function applications and data processing by running software programs and modules stored in the memory, such as the big data analysis device based on network security in the embodiment of the present invention, so as to implement the big data analysis method based on network security in the embodiment of the present invention.
The Memory may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory is used for storing programs, and the processor executes the programs after receiving the execution instructions.
The processor may be an integrated circuit chip having data processing capabilities. The Processor may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), and the like. The various methods, steps and logic blocks disclosed in embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The network module is used for establishing communication connection between the front-end medical interactive system and other communication terminal equipment through a network, and realizing receiving and transmitting operation of network signals and data. The network signal may include a wireless signal or a wired signal.
The embodiment of the invention also provides a computer storage medium, wherein the computer storage medium stores a computer program, and the computer program realizes the method when running.
Fig. 1 shows a flowchart of big data analysis based on network security according to an embodiment of the present invention. The method steps defined by the related procedures of the method are applied to a front-end medical interactive system and can be realized by the processor, and the method comprises the contents described in the related steps as follows.
Step 401: determining a multi-modal telemedicine session in which a target hospitalizing service topic is embedded and a target telemedicine session in which the target hospitalizing service topic is embedded; the target telemedicine session implies: at least one of a real-time telemedicine session and a derivative medical services session, the target telemedicine session and the multimodal telemedicine session being telemedicine sessions that meet a session record stride condition.
For embodiments of the present invention, the target telemedicine session implies several types: type 1: a real-time telemedicine session; type 2: real-time telemedicine sessions and derivative medical services sessions; type 3: a derivative medical services session. For each type of real-time telemedicine session and derived medical service session, the telemedicine session is the telemedicine session which meets the session record step size condition with the multimodal telemedicine session. Wherein, the session recording step length condition can be understood as an acquisition period index. Further, the multimodal telemedicine session may enable steps 403 and 405 described below with respect to one of the types of targeted telemedicine sessions described above.
For the embodiment of the present invention, the condition that the target telemedicine session and the multimodal telemedicine session reach the session recording step length can be understood as follows: the recording periods of the target telemedicine session and the multimodal telemedicine session are the same, or the time difference between the recording period of the target telemedicine session and the recording period of the multimodal telemedicine session is less than a set time difference, for example, 1min. Further, the remote medical session includes different types of medical services interaction messages, such as online visits, payment of fees, patient information reporting, and so forth.
Step 403: according to the multi-modal telemedicine session and the target telemedicine session, conducting abnormal tendency analysis on session events corresponding to the target hospitalizing service theme; and performing network attack preference mining on the target hospitalization service topic according to the multi-modal telemedicine session and the target telemedicine session.
For the embodiment of the invention, network attack preference mining can be simultaneously carried out on the target hospitalizing service theme when the abnormal tendency analysis is carried out on the session event. According to the technical idea of simultaneously carrying out abnormal tendency analysis and network attack preference mining, the time consumed for executing the protection task can be reduced, and the big data protection timeliness of the protection task can be improved. In the embodiment, the abnormal tendency comprises a behavior tendency or an operation tendency which is not matched with the normal medical interactive service, and the network attack preference comprises data stealing, information tampering, fund stealing and the like. In addition, medical services topics include, but are not limited to, the remote visit topics described above, expense consultation topics, information improvement topics, and the like.
Step 405: and reporting a network security protection application to a cloud medical service platform system on the premise of analyzing that the conversation event is a visual operation with abnormal tendency and mining the attack preference of the target network is completed, wherein the cloud medical service platform system is used for receiving the network security protection application and starting a behavior interception strategy for the conversation event.
For some independently implementable technical solutions, on the premise that the analysis results that the session event is not a visualization operation with abnormal tendency, and/or the mining of the target network attack preference is unsuccessful, a notification indication that the protection is unsuccessful is fed back.
And feeding back an indication of unsuccessful protection notification on the premise that at least one result of the topic identification condition and the topic identification condition is not based on the topic identification condition analyzed by the abnormal tendency and the topic identification condition mined by the network attack preference.
In the embodiment of the invention, the front-end medical interactive system can feed back an unsuccessful protection notification instruction to the upstream cloud medical service platform system, so that the upstream cloud medical service platform system records the unsuccessful behavior intercepting strategy.
For the embodiment of the invention, if the conversation event is analyzed and obtained to be a visual operation with abnormal tendency and the target network attack preference mining is finished, it is indicated that the conversation event may have data intrusion or data attack risk, and under the condition, the corresponding network security protection application can be reported, so that the cloud medical service platform system enables a behavior interception strategy for the conversation event to intercept the related abnormal operation behavior corresponding to the conversation event, and the network security and the data information security of the intelligent medical big data are ensured.
For the embodiment of the invention, after the multi-mode remote medical session and the target remote medical session which contain the target medical service theme are determined, the accuracy and the reliability of the abnormal tendency analysis can be improved according to the technical thought of performing the abnormal tendency analysis on the session event by the multi-mode remote medical session and the target remote medical session, and meanwhile, the quality of the network attack preference mining can be ensured as much as possible according to the technical thought of performing the network attack preference mining on the target medical service theme by the multi-mode remote medical session and the target remote medical session, so that the network security-based big data analysis can be matched with various intelligent medical network security protection conditions as much as possible. Aiming at the situation of security protection of the intelligent medical network with a large scale, the design idea of the invention can also obtain the abnormal tendency analysis result with high accuracy and high reliability and the network attack preference mining result, thereby ensuring the targeted behavior interception of the session event and avoiding the threat of intrusion attack and the like to the intelligent medical big data.
For some independently implementable technical solutions, the above-mentioned determining the multi-modal telemedicine session in which the target medical service topic is hidden and the target telemedicine session in which the target medical service topic is hidden may exemplarily comprise the following steps.
Step 1011, determining a first continuous service log, and performing medical service subject identification on medical service log items in the first continuous service log to identify the first medical service log items containing the medical service subject.
Step 1012, determining the score of the medical service topic stored in the first medical service log item.
And step 1013, on the premise that the hospitalizing service theme score reaches a score index, determining the multimodal telemedicine session through the first medical service log item.
Step 1014, determining a second continuous service log, and determining the target telemedicine session from the second continuous service log.
For the embodiment of the present invention, a first continuous service log may be recorded according to a first intelligent thread, wherein medical service log items in the first continuous service log are multimodal telemedicine session messages. For each multimodal telemedicine session message, the multi-modal telemedicine session message can be subjected to medical service topic identification to identify whether the specified medical service topic is hidden in the multi-modal telemedicine session message. If the implication of the specified hospitalization service topic is identified, the multimodal telemedicine session message is determined to be a first medical service log entry.
Based on the above, the medical service subject score of the medical service subject contained in the first medical service log item can be determined, and whether the medical service subject score reaches the score index is judged. For example, it may be determined whether the medical service topic score reaches a score determination value, and if yes, the multimodal remote medical session may be determined through the first medical service log item on the premise that a score index is reached.
For the embodiment of the present invention, determining the score of the medical service topic contained in the first medical service log item may exemplarily comprise the following steps
(1) And identifying medical service subject for the first medical service log item to obtain medical service subject identification conditions, wherein the medical service subject identification conditions comprise one or more of the following conditions: the method comprises the steps of distinguishing conversation segments, conversation recognition degree, topic classification conditions and conversation recognition credibility coefficients.
(2) And analyzing the topic of the medical service topic identification condition to obtain the medical service topic score.
After the medical service subject identification condition is obtained, the medical service subject score can be determined by utilizing the medical service subject identification condition.
For some independently implementable technical solutions, an importance index may be configured for each stage identification case in the medical service topic identification case, and the sum of the importance indexes corresponding to all the stage identification cases is 1. Then, each stage identification condition and the importance index are subjected to weighted fusion determination, and the obtained determination result is used as the medical service topic score.
By means of the design, the technical thought of scoring the medical service theme of the medical service theme stored in the first medical service log item is determined according to one or more of the obvious session fragment, the session identification degree, the theme classification condition and the session identification credibility coefficient, and the accuracy of scoring the medical service theme can be improved.
For embodiments of the present invention, after the multimodal telemedicine session is determined according to the above-described technical concept, a second continuous service log may be determined. Then, a second medical service log item having the same session progress as that of the first medical service log item or a second medical service log item having a session recording step length reaching a set index with respect to the first medical service log item is specified in the second continuous service log. Thereafter, the determined second medical service log entry is determined as the target telemedicine session.
If the target remote medical session is embedded in the real-time remote medical session, a second continuous service log crawled by a related legal crawler program can be determined, a second medical service log item which is the same as the recording session progress of the first medical service log item is determined in the second continuous service log, or the second medical service log item of which the session recording step length reaches a set index is determined, and the second medical service log item is determined to be the real-time remote medical session. If the derived medical service session is hidden in the target remote medical session, a second continuous service log crawled by the depth camera can be determined, a second medical service log item which is the same as the recording session progress of the first medical service log item is determined in the second continuous service log, or the second medical service log item of which the session recording step length reaches a set index is determined and the second medical service log item is determined as the derived medical service session.
By the design, after the first medical service log item with the medical service theme score reaching the score index is positioned in the first continuous service log, the identification quality of abnormal tendency analysis and the identification quality of network attack preference mining can be improved when abnormal tendency analysis and network attack preference mining are carried out according to the first medical service log item, so that the big data analysis based on network safety can be matched with different conditions as far as possible, and the protection performance of a session event is ensured.
For some embodiments that can be implemented independently, the determining the multimodal telemedicine session through the first medical service log entry in step 1011 may include the following processes: firstly, on the premise that a plurality of medical service topics are stored in the first medical service log item, determining a session mark of each medical service topic to obtain a plurality of session marks; and secondly, the medical service topic remote medical session of the target medical service topic, which is obtained by calibrating the session marker with the highest priority in the session markers, is used as the multi-mode remote medical session.
If the network state of the current session progress is relatively chaotic, a situation that a plurality of medical service topics are hidden in medical service log items of the first continuous service log may occur. Based on this, in order to avoid mistakenly adopting the hospitalizing service theme information of other session events for protection, the target hospitalizing service theme can be determined from a plurality of hospitalizing service themes which are mostly contained in the first medical service log item, and the behavior interception policy is enabled according to the related information of the session event corresponding to the target hospitalizing service theme.
In the embodiment of the invention, the session mark of each medical service topic can be determined, and then the medical service topic remote medical session of the target medical service topic obtained by marking the session mark with the highest feature dimension priority in the session marks is used as the multi-modal remote medical session. It can be understood that after the session event corresponding to the target hospitalization service topic obtained by calibration using the session label with the highest priority activates the behavior interception policy, protection completion information may be reported to the session event.
For the embodiment of the present invention, the method may further include the following steps: determining a global session mark which contains a global hospitalizing service theme in the plurality of session marks; network attack preference mining is carried out on the hospitalizing service theme in the global session mark to obtain a theme identification condition; and determining a complete session mark of network attack preference mining in the global session mark according to the topic identification condition, and recording keyword information of keywords matched with the hospitalization service topic corresponding to the complete session mark.
By the design, the remote medical session of the hospitalizing service theme corresponding to the session mark with the highest priority in the plurality of session marks is used as the multi-mode remote medical session, so that the time consumption for executing the protection task can be reduced, and the timeliness of big data protection is improved. Meanwhile, according to the technical idea of recording the identity information of the keywords corresponding to the hospitalization service theme corresponding to the session mark containing the global hospitalization service theme in the plurality of session marks, the keywords with the protection deviation can be quickly and accurately determined on the premise of abnormal positioning of the target hospitalization service theme, and the stability of the behavior interception strategy is guaranteed as much as possible.
For some independently implementable technical solutions, on the premise that the first medical service log item contains a plurality of medical service topics, the positioning request of the session event for the plurality of medical service topics can be further identified, the medical service topic selected by the session event is determined as the target medical service topic by using the positioning request, and the remote medical session containing the target medical service topic is extracted as the multi-modal remote medical session in the first medical service log item.
For some independently implementable solutions, the method may also encompass the following: (1) And on the premise that the score of the medical service topic of the medical service topics deposited in the first medical service log items is continuously identified to not reach the score index, creating a target optimization instruction, wherein the target optimization instruction is used for optimizing not less than one of the following target variables: a session hit index of a current session process network state, configured to record a configuration result of a first intelligent thread of the first continuous service log; (2) Optimizing the target variable according to the target optimization indication; (3) After optimizing the target variable, determining the first continuous service log again; and performing medical service subject identification on medical service log items in the first continuous service log determined again.
If the network state of the current session process does not meet the condition, the scoring of the medical service topic stored in the first medical service log item may not meet the scoring index. By utilizing the method, the goal optimization indication can be established on the premise that the score of the medical service topic of the medical service topics stored in the continuous medical service log items is not up to the score index. Here, the target optimization indicates a session hot index for optimizing a current session progress network state, and/or a configuration result of a first intelligent thread for recording a first continuous service log.
By the design, the session hot index and the configuration result of the first intelligent thread are optimized according to the target optimization instruction, the medical service theme score of the medical service theme remote medical session stored in the first medical service log item can be improved, and the quality of abnormal tendency analysis and the quality of network attack preference mining can be improved.
For some independently implementable technical solutions, the step 103 of performing cyber attack preference mining on the target medical service topic according to the multimodal telemedicine session and the target telemedicine session exemplarily includes the technical solutions described in the following steps.
Step 11, determining the network state description of the current session process.
For some independently implementable technical solutions, determining the network state description of the current session process includes: (1) Determining a target network state variable, wherein the target network state variable contains one or more of the following items: the risk evaluation method comprises the following steps of (1) session hot index, adaptation degree between the front-end medical interactive system and session events, and risk evaluation of network states corresponding to the session events; (2) And determining the network state description through the target network state variable.
For the embodiment of the present invention, after the target network state variables are determined, the quantization index of each target network state variable may be determined. For example, the quantitative index of each target network state variable may be determined according to a quantitative analysis result (such as a ratio) between the determined target network state variable and the standard network state variable.
After the quantization index is determined, an importance index configured for each target network state variable in advance can be determined; then, the quantitative index and the importance index are subjected to weighted fusion determination, and thus the network state description is obtained.
The network state description is determined according to various different target network state variables, and various network state variables influencing behavior interception strategies can be considered, so that the protection scheme can be ensured to be matched with any security attack situation of the intelligent medical network as much as possible, and the flexibility of the technical scheme is improved.
And step 12, determining the assistant mining telemedicine session corresponding to the network state description in the multi-modal telemedicine session and the target telemedicine session.
Here, a decision value may be set for the network state description, for example, when the network state description is greater than the decision value V, the multimodal telemedicine session may be selected as the assisted mining telemedicine session, and for example, when the network state description is not greater than the decision value V, the target telemedicine session may be selected as the assisted mining telemedicine session.
And step 13, performing network attack preference mining on the target hospitalizing service theme by using the auxiliary mining remote medical session.
By the design, because the network states are different, the quality of the network attack preference mining according to different types of remote medical sessions may be different. For example, in the case where the network status is unstable or the network status is updated frequently, performing cyber attack preference mining according to the multimodal telemedicine session may reduce the accuracy of the cyber attack preference mining. Therefore, the network attack preference mining can be carried out through the auxiliary mining telemedicine session according to the determined auxiliary mining telemedicine session which has the corresponding relation with the network state description, the accuracy of the network attack preference mining can be improved, and the attack coping precision of the intelligent medical big data can be guaranteed.
For some independently implementable technical solutions, on the premise that the network state description implies a session trending index, the step 12 determines, from the multimodal telemedicine session and the target telemedicine session, an assisted mining telemedicine session having a corresponding relationship with the network state description, and may further imply the following steps: identifying a session hot index of a current session process network state; determining the multimodal telemedicine session as the assisted mining telemedicine session on the premise that the session trending index reaches a set index condition; and on the premise that the session hot index does not reach the set index condition, determining the real-time telemedicine session as the assisted mining telemedicine session.
For the embodiment of the present invention, the session trending index of the current session progress network state may be determined according to the identification of the session trending index of the first medical service log entry (or the identification of the session trending index of other medical service log entries associated with the first medical service log entry).
In the implementation of the present invention, according to the recognition network of the session popularity index configured by the front-end medical interactive system, the first medical service log item (or other medical service log items associated with the first medical service log item) may be subjected to popularity analysis, so as to obtain the session popularity index of the current session progress network state.
For another embodiment, an intelligent thread may be configured inside the front-end medical interaction system, so as to identify the session hot index of the network state corresponding to the front-end medical interaction system in real time according to the intelligent thread.
By the design, the conversation popularity index of the current conversation process network state can be identified according to an intelligent thread arranged on the front-end medical interactive system, and the conversation popularity index of the current conversation process network state can be determined according to the technical thought of remote medical conversation processing on the multi-modal remote medical conversation. According to the session hot index for identifying the network state, taking the session hot index as the network state description; and the technical idea of assisting in mining the remote medical session for network attack preference mining, which has a corresponding relation with the session trending index, is determined in the multi-modal remote medical session and the target remote medical session, so that the accuracy of network attack preference mining can be improved.
For some independently implementable technical solutions, the step 13 of performing network attack preference mining on the target medical service topic by using the assisted mining telemedicine session includes the technical solution described in the following steps.
And 131, carrying out medical service subject description mining on the auxiliary mining remote medical session to obtain a first medical service subject description.
And 132, inquiring the first medical service theme description in the appointed medical service theme description set, and determining that the network attack preference mining of the target medical service theme is finished on the premise of inquiring the first medical service theme description.
For example, for the embodiment of the present invention, the medical service topic description mining may be performed on the assisted mining remote medical session according to the description mining network, so as to obtain the first medical service topic description. And then, inquiring the first medical service subject description in the designated medical service subject description set, and determining that the network attack preference mining of the target medical service subject is finished on the premise of inquiring the first medical service subject description.
For the embodiment of the present invention, on the premise that the first medical service topic description is not queried in the specified medical service topic description set, a query application is reported to a cloud medical service platform system, where the query application is used for applying the cloud medical service platform system to query the first medical service topic description in a standby medical service topic description set; and determining that the network attack preference mining is completed on the premise of detecting the notification information fed back by the cloud medical service platform system aiming at the query application.
Thus, when querying the first medical service topic description, the first medical service topic description can be queried in the specified medical service topic description set; on the premise that the first medical service subject description is not inquired, the inquiry application is reported to the cloud medical service platform system, so that the cloud medical service platform system can inquire the first medical service subject description, and based on the inquiry application, the cloud medical service platform system can inquire the first medical service subject description in the standby medical service subject description set. On the premise that the first medical service subject description is inquired, the cloud medical service platform system can feed back notification information to the front-end medical interaction system to confirm that the first medical service subject description is identified.
For the embodiment of the invention, differential analysis of the medical service subject description can be performed in the appointed medical service subject description set, and the differential analysis of the medical service subject description can be performed by applying to the cloud medical service platform system according to the network. According to the technical idea described in the embodiment, the technical idea of performing the differential analysis on the medical service theme description according to the specified medical service theme description set is set, and the technical idea of performing the differential analysis on the medical service theme description according to the cloud medical service platform system on the premise that the differential analysis on the medical service theme description of the specified medical service theme description set is unsuccessful can omit the non-critical interaction between the front-end medical interaction system and the cloud medical service platform system, and can also start the differential analysis on the medical service theme even under the premise of poor communication stability, so that the efficiency of the differential analysis on the medical service theme is further improved.
For some independently implementable technical solutions, the step 103 of performing abnormal trend analysis on the session event corresponding to the target medical service topic according to the multimodal telemedicine session and the target telemedicine session may exemplarily include the technical solutions described in the following steps.
Step 21, extracting a first remote medical session in the multi-modal remote medical session, wherein the target medical service theme is hidden in the first remote medical session, and extracting a second remote medical session in the target medical session, wherein the target medical service theme is hidden in the second remote medical session.
And step 22, carrying out abnormal tendency analysis on the session event by utilizing the first telemedicine session and the second telemedicine session.
For the embodiment of the invention, a first remote medical session in which the target medical-seeking service theme is hidden can be extracted from the multi-modal remote medical session, and a second remote medical session in which the target medical-seeking service theme is hidden can be extracted from at least one of the real-time remote medical session and the derivative medical service session.
In the embodiment of the present invention, if the feature dimensions of the first telemedicine session and the second telemedicine session are different, the feature dimensions of the first telemedicine session and the second telemedicine session may be optimized until the feature dimensions of the first telemedicine session and the second telemedicine session are the same. Further, the first remote medical treatment session and the second remote medical treatment session are imported into an abnormal tendency analysis network for operation, and abnormal tendency analysis is conducted on the session events.
When the abnormal tendency analysis is carried out on the session event, the abnormal tendency analysis can be carried out on the multi-modal remote medical session according to the abnormal tendency analysis network, however, the abnormal tendency analysis carried out by utilizing the individual multi-modal remote medical session is limited too much, so that the quality of the abnormal tendency analysis of the session cannot be ensured. By utilizing the technical scheme, the abnormal tendency analysis is carried out on the session event according to the multi-mode remote medical treatment session and the target remote medical treatment session, and the abnormal tendency analysis can be carried out by synthesizing as many comprehensive analysis ideas as possible, so that the abnormal tendency analysis quality is improved.
For some independently implementable technical solutions, the step 21 of extracting a first telemedicine session in the multi-modal telemedicine session, in which the target medical service topic is hidden, may exemplarily include the following processes: (1) Performing hospitalizing service topic identification on the target hospitalizing service topic in the multi-modal telemedicine session to obtain a first topic identification condition, wherein the first topic identification condition comprises: session markers and/or salient session segments; (2) And extracting the first remote medical session in which the target medical-seeking service theme is hidden in the multi-modal remote medical session by utilizing the first theme recognition condition.
For the embodiment of the invention, firstly, according to the medical service topic identification network, the medical service topic identification is carried out on the target medical service topic stored in the multi-modal telemedicine session, so as to obtain the session mark and/or the obvious session segment.
It is to be appreciated that after the first topic identification case is determined, the first telemedicine session can be extracted from the multimodal telemedicine session through the first topic identification case.
By the design, the first remote medical session is extracted, the abnormal tendency analysis and the network attack preference mining are carried out according to the first remote medical session, redundant data in the multi-mode remote medical session can be cleaned, and therefore the identification quality of the abnormal tendency analysis and the identification quality of the network attack preference mining are improved.
For some independently implementable technical solutions, the step 21 of extracting a second telemedicine session in the target telemedicine session, in which the target medical service topic is hidden, may exemplarily include the following processes: (1) Determining a first thread variable for recording a first intelligent thread of the multimodal telemedicine session, and determining a second thread variable for recording a second intelligent thread of the targeted telemedicine session; (2) Determining a visual correspondence between the multimodal telemedicine session and the target telemedicine session using the first and second thread variables; (3) Determining first session transformation distribution of session marks of the target hospitalizing service theme in the target remote medical session by utilizing the visual corresponding condition, and extracting a second remote medical session containing the target hospitalizing service theme in the target remote medical session by utilizing the first session transformation distribution; or determining second session transformation distribution of each significant session segment of the target hospitalization service theme in the target telemedicine session by using the visual correspondence, and extracting the second telemedicine session in which the target hospitalization service theme is hidden in the target telemedicine session by using the second session transformation distribution.
For the embodiment of the present invention, the thread variables of the first intelligent thread and the second intelligent thread can be utilized to determine the visual correspondence between the respective message segments in the multimodal telemedicine session and the target telemedicine session, where the visual correspondence can be understood as: the message segments P in the multimodal telemedicine session, the session in the target telemedicine session, are distributed in a transformed manner.
For example, a target transformation policy may be determined by thread variables of the first and second intelligent threads, and according to the target transformation policy, message segments in the multimodal telemedicine session, session transformation distribution in the target telemedicine session may be determined. Therefore, after the target transformation strategy is determined, the distribution condition information of the target hospitalization service theme in the target remote medical session can be determined by using the target transformation strategy, and the second remote medical session in which the target hospitalization service theme is stored can be extracted from the target remote medical session by using the distribution condition information.
For some independently implementable technical solutions, the distribution information of the target medical-seeking service topic in the target telemedicine session is determined by using the target transformation policy, and a second telemedicine session in which the target medical-seeking service topic is hidden is extracted from the target telemedicine session by using the distribution information, and the related process is described as follows: session tags are determined that result after hospitalization service topic identification for a target hospitalization service topic in the multimodal telemedicine session.
Determining the distribution information of the session mark, and then determining the first session transformation distribution of the session mark in the target telemedicine session through the determined target transformation strategy. After the first session transformation distribution is determined, the first session transformation distribution can be used for determining the distribution condition information of the target medical service theme in the target remote medical session, and then the second remote medical session containing the target medical service theme is extracted from the target remote medical session by using the distribution condition information.
For another embodiment, the distribution information of the target medical service topic in the target telemedicine session is determined by using the target transformation strategy, and a second telemedicine session in which the target medical service topic is hidden is extracted from the target telemedicine session by using the distribution information, and the related process is described as follows: a salient session fragment resulting after hospitalization service topic identification for a target hospitalization service topic in the multimodal telemedicine session is determined. And determining the distribution information of each significant session segment, and then determining the second session transformation distribution of the significant session segment in the target telemedicine session through the determined target transformation strategy. After the second session transformation distribution is determined, the second session transformation distribution can be used for determining the distribution condition information of the target medical service theme in the target remote medical session, and then the second remote medical session in which the target medical service theme is stored is extracted from the target remote medical session by using the distribution condition information.
By means of the design, according to the determined visual corresponding situation, a first session transformation distribution of the session marks of the target medical service theme in the target telemedicine session can be determined, or a second session transformation distribution of each significant session segment of the target medical service theme in the target telemedicine session can be determined. After the first session transformation distribution or the second session transformation distribution is determined, the technical idea of the second remote medical session in which the target hospitalizing service theme is hidden is extracted from the target remote medical session through the first session transformation distribution or the second session transformation distribution, the distribution situation of the target hospitalizing service theme in the target remote medical session can be accurately determined, and the identification quality of abnormal tendency analysis and the identification accuracy and reliability of network attack preference mining can be improved when abnormal tendency analysis and network attack preference mining are carried out through the second remote medical session and the first remote medical session.
For some independently implementable solutions, the method may also encompass the following: (1) Summarizing the protection completion accumulated value of the session event in a first set time sequence constraint interval; (2) And adding the medical service subject description of the session event to a specified medical service subject description set on the premise that the protection completion accumulated value reaches a first set accumulated value condition.
For the embodiment of the present invention, the protection completion accumulated value of each session event within the first set timing constraint interval may be summarized. And if the protection completion accumulated value is larger than the set accumulated value, determining that the protection completion accumulated value reaches the first set accumulated value condition, and adding the hospitalization service theme description of the session event to the specified hospitalization service theme description set based on the condition.
Illustratively, the medical service topic description identified by the front-end medical interaction system can be added to a set of specified medical service topic descriptions. Further, the front-end medical interaction system can also apply the medical service subject description of the protective device to the cloud medical service platform system, so that the applied medical service subject description is added to the specified medical service subject description set.
In the embodiment of the present invention, the first set timing constraint interval may be set to 3h or 6h, but is not limited thereto, and the specific time interval of the first set timing constraint interval is not specifically limited by the present invention.
For some technical solutions that can be implemented independently, the step (2): adding the hospitalizing service subject description of the session event to a specified hospitalizing service subject description set on the premise that the protection completion accumulated value reaches a first set accumulated value condition, comprising the following steps: (1) On the premise that the protection completion accumulated value reaches a first set accumulated value condition, determining prior protection information of the session event; (2) Determining the attention coefficient of the session event at the protection node of the current session process through the prior protection information; (3) Judging whether the attention coefficient reaches an attention judgment value; (4) And on the premise that the attention coefficient reaches the attention judging value, adding the medical service subject description of the session event into the specified medical service subject description set.
For the embodiment of the present invention, on the premise that it is determined that the protection completion accumulated value of each session event at any one protection node reaches the first set accumulated value condition, the prior protection information of the session event may also be determined.
In the embodiment of the present invention, the prior protection information may be a protection accumulated value of the session event in the protection node in the historical session process, or may also be a protection accumulated value of the session event in the target task process corresponding to the protection node in the historical session process.
And if the protective accumulated value reaches a certain judgment value, determining that the attention coefficient of the session event at the protective node reaches an attention judgment value, and adding the medical service subject description of the session event to a specified medical service subject description set based on the attention judgment value.
By the design, on the premise that the attention coefficient reaches the attention judgment value, the medical service subject description of the session event is added to the technical idea in the appointed medical service subject description set, the session event with the prominent protection at the protection node can be accurately determined from a plurality of session events, and the efficiency of differential analysis is improved.
For some independently implementable solutions, the method may also encompass the following: (1) Determining a target session event that the protection completion accumulated value in the second set time sequence constraint interval does not reach the first set accumulated value condition; (2) Obtaining the medical service subject description of the target session event in a specified medical service subject description set to obtain a second medical service subject description; (3) And binding a target description keyword for the second medical service subject description, wherein the target description keyword is used for indicating that the second medical service subject description is a medical service subject description to be cleaned.
For the embodiment of the invention, in order to save the specified overhead of the front-end medical interaction system, a corresponding target description keyword can be set for the second medical service topic description in the specified medical service topic description set, so as to indicate the second medical service topic description as the medical service topic description to be cleaned according to the target description keyword. Then, the front-end medical interactive system can periodically identify the target description keywords so as to clean the medical service subject description to be cleaned, and meanwhile, the front-end medical interactive system can indicate to clean the medical service subject description to be cleaned according to the target description keywords.
When the front-end medical interactive system deletes data in the appointed medical service topic description set regularly, the medical service topic description provided with the target description keywords can be cleaned preferentially, so that the appointed expense of the front-end medical interactive system is saved.
For some independently implementable solutions, the method may also encompass the following: (1) Summarizing a target accumulated value of the session event which finishes the network attack preference mining in a non-abnormal state on the premise of determining that the session event is not visual operation with abnormal tendency and determining that the network attack preference mining is finished; (2) And reporting statistical data based on the session event on the premise that the target cumulative value reaches a second set cumulative value condition.
For the embodiment of the invention, if the session event is determined not to be the abnormal event through the abnormal tendency analysis result, however, on the premise that the recognition is determined according to the network attack preference mining result, other session events can be preliminarily determined according to the event characteristics of the current session event or other non-abnormal events to enable the behavior interception strategy.
It can be understood that, in order to ensure the network attack interception quality of the current session event, the target accumulated value of network attack preference mining can be completed in a non-abnormal state by summarizing the session event, that is: and carrying out hospitalizing service subject behavior interception strategy on the session event in a non-abnormal state, and completing the cumulative value of network attack preference mining.
If the target integrated value reaches a specified integrated value determination value, it is determined that the target integrated value reaches a second set integrated value condition, based on which an instruction may be notified to the protection report. Further, the specified integrated value determination value may be set to 6 times but is not limited thereto.
By the design, the target accumulated value of network attack preference mining is completed under the non-abnormal state according to the summarized session event, so that the stability of the behavior interception strategy can be improved, and the occurrence of the intrusion risk behavior of the session event is avoided.
In addition, for some independently implementable technical solutions, after the cloud medical service platform system enables the behavior interception policy for the session event, the method further includes: receiving interception strategy indication information fed back by the cloud medical service platform system; and marking the intrusion intention characteristics in the session event according to the interception strategy indication information.
In the embodiment of the invention, the interception policy indication information can be generated after the cloud medical service platform system starts a behavior interception policy for the session event, and the interception policy indication information can be used for indicating the front-end medical interaction system to mark the intrusion intention characteristics, so that the front-end medical interaction system can realize autonomous session event interception through the intrusion intention characteristic mark, and effective network security protection of intelligent medical big data can be realized.
In addition, for some independently implementable technical solutions, marking intrusion intention characteristics in the session event according to the interception policy indication information may be implemented by the following implementation manners: determining a target significance description to be marked in the session event based on an indication label of the interception policy indication information; sequentially executing local intrusion detection and remote intrusion detection on a plurality of session description features in the target significance description to obtain a local intrusion detection information set and a remote intrusion detection information set; performing first checking operation on the local intrusion detection information set by means of a first specified checking strategy to obtain a first significance description cluster corresponding to local intrusion; performing second checking operation on the remote intrusion detection information set by means of a second specified checking strategy to obtain a second significance description cluster corresponding to the remote intrusion; carrying out compaction processing on the basis of the first significance description cluster and the second significance description cluster to obtain a mark guide corresponding to the target intrusion in the target significance description; the target intrusion comprises one or two of local intrusion and remote intrusion, and the marking guide is used for marking the target significance description; and marking the target significance description according to the marking guide. By the design, accurate and complete marking of target significance description can be realized by considering different types of intrusion detection conditions.
In addition, for some independently implementable technical solutions, the sequentially performing local intrusion detection and remote intrusion detection on the plurality of session description features in the target saliency description to obtain a local intrusion detection information set and a remote intrusion detection information set includes: sequentially executing local intrusion detection on a plurality of session description features in the target significance description to obtain local intrusion detection contents in each session description feature and a basic intrusion type corresponding to each local intrusion detection content; determining a local intrusion detection information set based on local intrusion detection contents in each session description feature and corresponding basic intrusion types; and sequentially executing allopatric intrusion detection on the plurality of session description characteristics in the target significance description to obtain an allopatric intrusion detection information set. By the design, the local intrusion detection information set and the remote intrusion detection information set can be completely determined, and the local intrusion detection information set and the remote intrusion detection information set are prevented from being lost.
In addition, for some independently implementable technical solutions, the sequentially performing the heterogeneous intrusion detection on the plurality of session description features in the target saliency description to obtain a heterogeneous intrusion detection information set includes: sequentially executing local intention detection on a plurality of session description features in the target session description features to obtain local intention detection results corresponding to the session description features respectively; sequentially executing derived intention detection on a plurality of session description features in the target session description features to obtain derived intention detection results corresponding to the session description features respectively; combining the local intention detection result pointing to the same intention keyword with the derived intention detection result; and carrying out allopatric intrusion detection processing based on the derived intention detection result combined with the target local intention detection result in the target session description characteristics to obtain an allopatric intrusion detection information set. By the design, the different-place intrusion detection information set can be accurately and completely determined.
Based on the same inventive concept, the invention also provides a big data analysis device based on network security, which is applied to a front-end medical interactive system, and the device comprises:
the session determining module 21 is configured to determine a multi-modal remote medical session in which a target hospitalizing service topic is hidden and a target remote medical session in which the target hospitalizing service topic is hidden; the target telemedicine session implies: at least one of a real-time telemedicine session and a derivative medical service session, the target telemedicine session and the multimodal telemedicine session being telemedicine sessions that meet a session record step condition;
the session analysis module 22 is configured to perform abnormal tendency analysis on a session event corresponding to the target medical-seeking service topic according to the multi-modal telemedicine session and the target telemedicine session; performing network attack preference mining on the target hospitalizing service theme according to the multi-modal telemedicine session and the target telemedicine session;
and the behavior intercepting module 23 is configured to report a network security protection application to a cloud medical service platform system on the premise that the session event is analyzed to be a visual operation with an abnormal tendency and the mining of the target network attack preference is completed, where the cloud medical service platform system is configured to receive the network security protection application and enable a behavior intercepting policy for the session event.
In the embodiments provided in the embodiments of the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist alone, or two or more modules may be integrated to form an independent part.
The functions may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a front-end medical interactive system, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (7)

1. A big data analysis method based on network security is characterized by comprising the following steps:
receiving interception strategy indication information fed back by a cloud medical service platform system;
and marking the intrusion intention characteristics in the session event according to the interception strategy indication information.
2. The method of claim 1, wherein before receiving the interception policy indication information fed back by the cloud medical service platform system, the method further comprises:
determining a multi-modal telemedicine session encompassing a target hospitalization service topic and a target telemedicine session encompassing the target hospitalization service topic; the target telemedicine session implies: at least one of a real-time telemedicine session and a derivative medical service session, the target telemedicine session and the multimodal telemedicine session being telemedicine sessions that meet a session record step condition;
according to the multi-modal telemedicine session and the target telemedicine session, conducting abnormal tendency analysis on session events corresponding to the target hospitalizing service theme; performing network attack preference mining on the target hospitalizing service theme according to the multi-modal telemedicine session and the target telemedicine session;
and reporting a network security protection application to a cloud medical service platform system on the premise of analyzing that the conversation event is a visual operation with abnormal tendency and mining the attack preference of the target network is completed, wherein the cloud medical service platform system is used for receiving the network security protection application and starting a behavior interception strategy for the conversation event.
3. The method according to claim 1, wherein the marking intrusion intention characteristics in the session event according to the interception policy indication information comprises:
determining a target significance description to be marked in the session event based on an indication label of the interception policy indication information;
sequentially executing local intrusion detection and remote intrusion detection on a plurality of session description features in the target significance description to obtain a local intrusion detection information set and a remote intrusion detection information set;
performing first checking operation on the local intrusion detection information set by means of a first specified checking strategy to obtain a first significance description cluster corresponding to local intrusion;
performing second checking operation on the remote intrusion detection information set by means of a second specified checking strategy to obtain a second significance description cluster corresponding to the remote intrusion;
carrying out compaction processing based on the first significance description cluster and the second significance description cluster to obtain a mark guide corresponding to target intrusion in the target significance description; the target intrusion comprises one or two of local intrusion and remote intrusion, and the marking guide is used for marking the target significance description;
and marking the target significance description according to the marking guide.
4. The method according to claim 3, wherein said sequentially performing local intrusion detection and foreign intrusion detection on a plurality of session description features in said target saliency description to obtain a local intrusion detection information set and a foreign intrusion detection information set, comprises:
sequentially executing local intrusion detection on a plurality of session description features in the target significance description to obtain local intrusion detection contents in each session description feature and a basic intrusion type corresponding to each local intrusion detection content;
determining a local intrusion detection information set based on local intrusion detection contents in each session description feature and corresponding basic intrusion types;
and sequentially executing allopatric intrusion detection on the plurality of session description characteristics in the target significance description to obtain an allopatric intrusion detection information set.
5. The method according to claim 4, wherein said sequentially performing heterogeneous intrusion detection on a plurality of session description features in the target saliency description to obtain a heterogeneous intrusion detection information set, comprises:
sequentially executing local intention detection on a plurality of session description features in the target session description features to obtain local intention detection results corresponding to the session description features;
sequentially executing derived intention detection on a plurality of session description features in the target session description features to obtain derived intention detection results corresponding to the session description features respectively;
combining the local intention detection result and the derived intention detection result pointing to the same intention keyword;
and carrying out allopatric intrusion detection processing based on the derived intention detection result combined with the target local intention detection result in the target session description characteristics to obtain an allopatric intrusion detection information set.
6. A front-end medical interaction system, comprising a processor, a network module and a memory; the processor and the memory communicate through the network module, the processor reading a computer program from the memory and operating to perform the method of any of claims 1-5.
7. A computer storage medium, characterized in that it stores a computer program which, when executed, implements the method of any of claims 1-5.
CN202210887922.3A 2021-12-13 2021-12-13 Big data analysis method and system based on network security Withdrawn CN115225404A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210887922.3A CN115225404A (en) 2021-12-13 2021-12-13 Big data analysis method and system based on network security

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111517958.4A CN114221803B (en) 2021-12-13 2021-12-13 Network security analysis method, system and storage medium applied to intelligent medical big data
CN202210887922.3A CN115225404A (en) 2021-12-13 2021-12-13 Big data analysis method and system based on network security

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN202111517958.4A Division CN114221803B (en) 2021-12-13 2021-12-13 Network security analysis method, system and storage medium applied to intelligent medical big data

Publications (1)

Publication Number Publication Date
CN115225404A true CN115225404A (en) 2022-10-21

Family

ID=80701403

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202111517958.4A Active CN114221803B (en) 2021-12-13 2021-12-13 Network security analysis method, system and storage medium applied to intelligent medical big data
CN202210887922.3A Withdrawn CN115225404A (en) 2021-12-13 2021-12-13 Big data analysis method and system based on network security

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202111517958.4A Active CN114221803B (en) 2021-12-13 2021-12-13 Network security analysis method, system and storage medium applied to intelligent medical big data

Country Status (1)

Country Link
CN (2) CN114221803B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114691830B (en) * 2022-03-31 2022-12-20 江苏冬云云计算股份有限公司 Network security analysis method and system based on big data
CN114896401B (en) * 2022-05-23 2023-07-04 河北能瑞科技有限公司 Cloud computing business threat analysis method and server combined with AI

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200097651A1 (en) * 2018-09-26 2020-03-26 General Electric Company Systems and methods to achieve robustness and security in medical devices
CN112217691A (en) * 2020-02-19 2021-01-12 杜义平 Network diagnosis processing method and device based on cloud platform
CN113515606A (en) * 2021-06-08 2021-10-19 广州天悦科技信息有限公司 Big data processing method based on intelligent medical safety and intelligent medical AI system
CN113297393A (en) * 2021-06-25 2021-08-24 深圳市合美鑫精密电子有限公司 Situation awareness and big data based information generation method and information security system
CN113409958A (en) * 2021-07-08 2021-09-17 广州志往科技有限公司 Intelligent medical big data processing method combined with digitization and intelligent medical server
CN113361977A (en) * 2021-08-02 2021-09-07 深圳市合美鑫精密电子有限公司 Intelligent medical big data security risk processing method and intelligent medical server

Also Published As

Publication number Publication date
CN114221803A (en) 2022-03-22
CN114221803B (en) 2022-09-30

Similar Documents

Publication Publication Date Title
CN114221803B (en) Network security analysis method, system and storage medium applied to intelligent medical big data
CN110245035A (en) A kind of link trace method and device
CN111460813A (en) Method and system for matching recruitment information and job hunting resume
CN108363811A (en) Device identification method and device, electronic equipment, storage medium
CN109284369B (en) Method, system, device and medium for judging importance of securities news information
CN111953757B (en) Information processing method based on cloud computing and intelligent device interaction and cloud server
CN115422592A (en) Big data security processing method and system
CN113706176A (en) Information anti-fraud processing method and service platform system combined with cloud computing
CN114220548B (en) Big data anonymous protection method and system serving digital medical treatment
CN113313479A (en) Payment service big data processing method and system based on artificial intelligence
CN113361977A (en) Intelligent medical big data security risk processing method and intelligent medical server
CN112115468A (en) Service information detection method based on big data and cloud computing center
CN115174205B (en) Network space safety real-time monitoring method, system and computer storage medium
CN113918993A (en) User privacy protection method and system based on artificial intelligence
CN113409958A (en) Intelligent medical big data processing method combined with digitization and intelligent medical server
CN111353874B (en) Intelligent service system of bank outlets
CN111242779A (en) Financial data characteristic selection and prediction method, device, equipment and storage medium
CN114363002B (en) Method and device for generating network attack relation diagram
CN112866295B (en) Big data crawler-prevention processing method and cloud platform system
CN114417089A (en) Query method, query device, terminal equipment and computer readable storage medium
CN113946819A (en) Online payment information intrusion detection method based on cloud computing and server
CN113518118B (en) Information processing method and system based on Internet of things security service
CN112149183B (en) System for realizing data physical cutting through data cloud function
CN112565015B (en) Internet of things communication method and device, computer equipment and storage medium
CN117610921A (en) Information processing method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20221021