CN115225532A - Network security situation prediction method, device, equipment and storage medium - Google Patents
Network security situation prediction method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN115225532A CN115225532A CN202210864728.3A CN202210864728A CN115225532A CN 115225532 A CN115225532 A CN 115225532A CN 202210864728 A CN202210864728 A CN 202210864728A CN 115225532 A CN115225532 A CN 115225532A
- Authority
- CN
- China
- Prior art keywords
- monitoring target
- risk
- monitoring
- generate
- vector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
Abstract
The disclosure relates to a method, a device, equipment and a storage medium for predicting network security situation, wherein the method comprises the following steps: preprocessing risk index data of a monitoring target to generate a risk index vector of the monitoring target; generating a knowledge graph of the monitoring target according to the basic data of the monitoring target, and preprocessing the knowledge graph and the external emergency report data of the monitoring target to generate an event embedded vector of the monitoring target; and inputting the risk index vector and the event embedding vector into a pre-trained time convolution network to generate a risk prediction result of the monitoring target. According to the technical scheme disclosed by the invention, the timeliness and effectiveness of network security situation perception and risk prediction can be improved.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for predicting a network security situation.
Background
The network security situation prediction is to search potential network security problems by collecting historical related data or information, and predict the network security development trend in a future period of time on the basis of the potential network security problems. Situation prediction is an important link of network security situation perception, and by accurately predicting the network security situation, large-scale threat events can be actively prevented and avoided, and harm of the network threat events is reduced.
In practical application, network security situation prediction has certain requirements on timeliness and effectiveness, and if the possibility that a monitoring target is attacked cannot be predicted timely and effectively, advance prevention cannot be performed timely, so that loss is caused, and therefore how to improve timeliness and effectiveness of network security situation prediction is a technical problem to be solved urgently.
Disclosure of Invention
In order to solve the technical problem, the present disclosure provides a method, an apparatus, a device, and a storage medium for predicting a network security situation.
In a first aspect, an embodiment of the present disclosure provides a method for predicting a network security situation, including:
preprocessing risk index data of a monitoring target to generate a risk index vector of the monitoring target;
generating a knowledge graph of the monitoring target according to the basic data of the monitoring target, and preprocessing the knowledge graph and the external emergency report data of the monitoring target to generate an event embedded vector of the monitoring target;
and inputting the risk index vector and the event embedding vector into a pre-trained time convolution network to generate a risk prediction result of the monitoring target.
Optionally, the number of the monitoring targets is multiple, and the preprocessing the risk indicator data of the monitoring targets to generate the risk indicator vector of the monitoring targets includes:
determining a risk index value of each monitoring target at a specified monitoring time to generate a risk index corresponding to the specified monitoring time;
and counting the risk indexes corresponding to the monitoring time to generate a risk index vector of the monitoring target.
Optionally, the monitoring target includes a service system, and the generating a knowledge graph of the monitoring target according to the basic data of the monitoring target includes:
acquiring application components, version information and category information contained in all service systems to generate a relationship list of the service systems;
and associating according to the entities in the relation list and the relation between the entities to generate a knowledge graph.
Optionally, the preprocessing based on the knowledge-graph and the external emergency report data of the monitoring target to generate an event embedding vector of the monitoring target includes:
extracting event numbers, levels, influence components and version information of the external emergency report data to form report event triples;
linking entities and relationships in the report event triplets to a knowledge graph of the monitoring target;
and extracting a graph representation vector of each event based on the knowledge graph by a graph embedding method to serve as the event embedding vector.
Optionally, the method further comprises:
acquiring training sample data, wherein the training sample data comprises risk index data and external emergency report data in a specified time period, and the training sample data is labeled with a risk index labeling value;
training the time convolutional network based on the training sample data.
Optionally, the generating a risk prediction result of the monitoring target includes:
determining the change rate of the monitoring target according to the output of the time convolution network;
determining the monitoring target as a risk target if the rate of change is greater than a threshold.
Optionally, the rate of change is determined by the following formula:
wherein
To monitor an object a n The actual value of the risk indicator at time T,
to monitor an object a n And (4) predicting the risk index at the T +1 moment.
In a second aspect, an embodiment of the present disclosure provides a device for predicting a network security situation, including:
the system comprises a first generation module, a second generation module and a third generation module, wherein the first generation module is used for preprocessing risk index data of a monitoring target and generating a risk index vector of the monitoring target;
the second generation module is used for generating a knowledge graph of the monitoring target according to the basic data of the monitoring target, and preprocessing the knowledge graph and the external emergency report data of the monitoring target to generate an event embedding vector of the monitoring target;
and the prediction module is used for inputting the risk index vector and the event embedding vector into a pre-trained time convolution network to generate a risk prediction result of the monitoring target.
In a third aspect, an embodiment of the present disclosure provides an electronic device, including: a processor; a memory for storing the processor-executable instructions; the processor is configured to read the executable instruction from the memory, and execute the instruction to implement the network security situation prediction method according to the first aspect.
In a fourth aspect, an embodiment of the present disclosure provides a computer-readable storage medium, where the storage medium stores a computer program, and the computer program, when executed by a processor, implements the network security situation prediction method according to the first aspect.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages: the risk index data of the monitoring target are preprocessed to generate a risk index vector of the monitoring target, a knowledge graph of the monitoring target is generated according to basic data of the monitoring target, preprocessing is carried out based on the knowledge graph and external emergency report data of the monitoring target to generate an event embedding vector of the monitoring target, the risk index vector and the event embedding vector are input into a pre-trained time convolution network to generate a risk prediction result of the monitoring target, and therefore in the network security situation perceiving process, historical risk index data of the monitoring target, the basic data of the monitoring target and the external emergency report data are effectively combined, emergent bugs, attack events and the like are timely brought into prediction, and timeliness and effectiveness of network security situation perceiving and risk prediction are improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic flowchart of a method for predicting a network security situation according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a network security situation prediction apparatus according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
Fig. 1 is a schematic flow diagram of a network security situation prediction method provided by an embodiment of the present disclosure, where the method provided by the embodiment of the present disclosure may be executed by a network security situation prediction apparatus, and the apparatus may be implemented by software and/or hardware, and may be integrated on any electronic device with computing capability, such as a user terminal, e.g., a smart phone, a tablet computer, and the like.
As shown in fig. 1, a method for predicting a network security situation provided by an embodiment of the present disclosure may include:
In this embodiment, the monitoring target may be an information infrastructure, a service system, a key unit, or the like, and may be specifically selected according to the regulatory characteristic requirement, which is not limited herein.
In one embodiment of the present disclosure, the number of the monitoring targets is multiple, and the preprocessing is performed on the risk indicator data of the monitoring targets to generate a risk indicator vector of the monitoring targets, including: determining a risk index value of each monitoring target in specified monitoring time to generate a risk index corresponding to the specified monitoring time; and counting the risk indexes corresponding to the monitoring time to generate a risk index vector of the monitoring target.
In the network security situation awareness system, a set of indexes is generally defined to reflect the risk of each monitored target, measure the risk index of each monitored target and display the risk index on the system. Wherein, the risk indicators are of various types, for example, the risk indicators includeThe attacker index of the attacker and the vulnerability index of the attacked party are reflected, and the risk index can be calculated in various ways such as statistical analysis, correlation analysis, multidimensional aggregation comparison and the like. The risk index is used for reflecting the risk of the monitored target to be attacked, and the larger the value of the risk index is, the higher the possibility of attack is. By predicting the risk index value of each monitoring target, the possibility that the monitoring target in the monitoring range is about to be attacked can be determined, and therefore early prevention is achieved. As an example, the number of monitoring targets in the monitoring range is N, the time span is T, and the risk indicator vector P = { P } is obtained 0 ,p 1 ,p 2 ,…,p T-1 Wherein each p i Is a vector of length N, whose value is the risk indicator of all current monitoring targets at the current time i, where p i ={a 1,i ,a 2,i ,…,a N,i In which a is n,i And (4) the risk index value of the corresponding nth monitoring target at the current monitoring time i. Thus, historical risk index data of each monitoring target relative to the current time can be obtained, and a risk index vector of the monitoring target can be generated.
And 102, generating a knowledge graph of the monitoring target according to basic data of the monitoring target, preprocessing the knowledge graph and external emergency report data of the monitoring target, and generating an event embedding vector of the monitoring target.
In this embodiment, a relationship list including entities and relationships between the entities is constructed according to basic data of the monitoring target, and a knowledge graph of the monitoring target is generated according to the relationship list.
As an example, taking a monitoring target as a business system as an example, generating a knowledge graph of the monitoring target according to basic data of the monitoring target includes: acquiring application components, version information and category information contained in all service systems to generate a relationship list of the service systems, and associating according to entities in the relationship list and relationships among the entities to generate a knowledge graph.
In this example, information such as application components and open ports of assets related to all service systems in the monitoring range is obtained, and each service system may form a relationship list including the components, for example, as shown in the following table:
therefore, all entities such as the business systems, the components and the like and the inclusion relations thereof related in the list are associated to form the knowledge graph of the business systems.
In practical application, network security situation prediction has certain requirements on timeliness, and if the possibility that a monitored target is attacked cannot be predicted in time, advance prevention cannot be performed in time, so that loss is caused. In the embodiment, the sudden external event or the external report can be brought into the prediction system in time, so that the sudden bugs, attack events and the like can be brought into the prediction in time by setting the external report data processing module, and the timeliness and the effectiveness of network security situation perception are improved.
The following describes a specific implementation of the external report data processing module.
In one embodiment of the present disclosure, preprocessing is performed based on a knowledge graph and external emergency report data of a monitoring target to generate an event embedding vector of the monitoring target, including: extracting event numbers, levels, influence components and version information of external emergency report data to form report event triples; linking entities and relationships in the report event triples to a knowledge graph of the monitoring target; and extracting a graph representation vector of each event by a graph embedding method based on the knowledge graph to serve as an event embedding vector.
The external emergency report includes a vulnerability report and an attack event report, and the external emergency report includes data such as an event number, a level, an affected component, version information, and the like. In this embodiment, the external incident report data is extracted, the event number, the level, the influence component, and the version information are extracted, and a plurality of report event triples are generated according to the extracted information, where the report event triples include entities and relationships between the entities, for example, a report event triplet (a common vulnerability disclosure CVE, existing in the XX component). And linking the entities and the relations in the report event triple to a knowledge graph of the monitoring target, realizing the combination of external emergency report data and data of the monitoring target, and further extracting a graph representation vector of each event by a graph embedding method to be used as an event embedding vector E.
And 103, embedding the risk index vector and the event into a pre-trained time convolution network, and generating a risk prediction result of the monitoring target.
In this embodiment, a Time Convolutional Network (TCN) is used to perform risk prediction, a risk indicator vector P and an event embedding vector E obtained in a preprocessing stage are input to a TCN model to be learned, and a prediction result is generated by prediction processing
Thereby obtaining the risk trend of the monitoring target in a future period of time.
The model training process is explained below. Optionally, acquiring training sample data, wherein the training sample data comprises risk index data and external emergency report data within a specified time period, and the training sample data is labeled with a risk index labeling value; training the time convolution network based on the training sample data, enabling the input of the time convolution network to be a risk index vector and an event embedding vector, and outputting the input to be a risk index predicted value. The time convolution network algorithm is adopted for prediction, and the time convolution network is used for time sequence prediction. The TCN model is based on a CNN (Convolutional neural network) model, and adds an applicable sequence model: causal Convolution (cause Convolution), and, memory history: hole Convolution/dilation Convolution (scaled Convolution), residual block (Residual block).
In this embodiment, generating a risk prediction result of the monitoring target includes: determining the change rate of a monitoring target according to the output of the time convolution network; in the case that the rate of change is greater than the threshold, the monitoring target is determined to be a risk target.
As an example, the rate of change is determined by the following equation:
wherein
To monitor an object a n The actual value of the risk indicator at time T,
to monitor an object a n And (4) predicting the risk index at the T +1 moment. Therefore, the corresponding monitoring target with the predicted change rate larger than the threshold value is selected, and the monitoring target with the predicted future risk change larger can be determined.
According to the technical scheme of the embodiment of the disclosure, risk index data of a monitoring target are preprocessed to generate a risk index vector of the monitoring target, a knowledge graph of the monitoring target is generated according to basic data of the monitoring target, the event embedded vector of the monitoring target is generated on the basis of the knowledge graph and external emergency report data of the monitoring target, the risk index vector and the event embedded vector are input into a pre-trained time convolution network, and a risk prediction result of the monitoring target is generated. Furthermore, a monitoring target with large future risk change is determined through the change rate, so that the targeted advance prevention is realized, and the loss caused by the network security problem is reduced.
Fig. 2 is a schematic structural diagram of a network security situation prediction apparatus according to an embodiment of the present disclosure, and as shown in fig. 2, the network security situation prediction apparatus includes: a first generation module 21, a second generation module 22, a prediction module 23.
The first generating module 21 is configured to preprocess risk indicator data of a monitoring target, and generate a risk indicator vector of the monitoring target.
And the second generating module 22 is configured to generate a knowledge graph of the monitoring target according to the basic data of the monitoring target, and perform preprocessing based on the knowledge graph and the external emergency report data of the monitoring target to generate an event embedding vector of the monitoring target.
And the prediction module 23 is configured to input the risk indicator vector and the event embedding vector into a pre-trained time convolution network, and generate a risk prediction result of the monitoring target.
In an embodiment of the present disclosure, the number of the monitoring targets is multiple, and the first generating module 21 is specifically configured to: determining a risk index value of each monitoring target at a specified monitoring time to generate a risk index corresponding to the specified monitoring time; and (4) counting the risk indexes corresponding to each monitoring time to generate a risk index vector of the monitoring target.
In an embodiment of the present disclosure, the monitoring target includes a service system, and the second generating module 22 is specifically configured to: acquiring application components, version information and category information contained in all service systems to generate a relationship list of the service systems; and associating according to the entities in the relation list and the relation between the entities to generate a knowledge graph.
In an embodiment of the present disclosure, the second generating module 22 is specifically configured to: extracting event numbers, levels, influence components and version information of the external emergency report data to form report event triples; linking entities and relationships in the report event triplets to a knowledge graph of the monitoring target; and extracting a graph representation vector of each event based on the knowledge graph by a graph embedding method to serve as the event embedding vector.
In one embodiment of the present disclosure, the apparatus further comprises: the training module is used for acquiring training sample data, wherein the training sample data comprises risk index data and external emergency report data in a specified time period, and the training sample data is labeled with a risk index labeling value; training the time convolutional network based on the training sample data.
In an embodiment of the present disclosure, the prediction module 23 is specifically configured to: determining the change rate of the monitoring target according to the output of the time convolution network; determining the monitoring target as a risk target if the rate of change is greater than a threshold.
In one embodiment of the present disclosure, the rate of change is determined by the following formula:
wherein
To monitor an object a n The actual value of the risk indicator at time T,
to monitor an object a n And (4) predicting the risk index at the T +1 moment.
The network security situation prediction device provided by the embodiment of the disclosure can execute any network security situation prediction method provided by the embodiment of the disclosure, and has corresponding functional modules and beneficial effects of the execution method. Reference may be made to the description of any method embodiment of the disclosure that may not be described in detail in the embodiments of the apparatus of the disclosure.
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. As shown in fig. 3, the electronic device 600 includes one or more processors 601 and memory 602.
The processor 601 may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device 600 to perform desired functions.
The memory 602 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. Volatile memory can include, for example, random Access Memory (RAM), cache memory (or the like). The non-volatile memory may include, for example, read Only Memory (ROM), a hard disk, flash memory, and the like. One or more computer program instructions may be stored on a computer-readable storage medium and executed by processor 601 to implement the methods of the embodiments of the present disclosure above and/or other desired functionality. Various content such as an input signal, signal components, noise components, etc. may also be stored in the computer readable storage medium.
In one example, the electronic device 600 may further include: an input device 603 and an output device 604, which are interconnected by a bus system and/or other form of connection mechanism (not shown). The input device 603 may also include, for example, a keyboard, a mouse, and the like. The output device 604 may output various information including the determined distance information, direction information, and the like to the outside. The output devices 604 may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, among others.
Of course, for simplicity, only some of the components of the electronic device 600 relevant to the present disclosure are shown in fig. 3, omitting components such as buses, input/output interfaces, and the like. In addition, electronic device 600 may include any other suitable components depending on the particular application.
In addition to the methods and apparatus described above, embodiments of the present disclosure may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform any of the methods provided by embodiments of the present disclosure.
The computer program product may write program code for performing the operations of embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform any of the methods provided by the embodiments of the present disclosure.
A computer-readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A network security situation prediction method is characterized by comprising the following steps:
preprocessing risk index data of a monitoring target to generate a risk index vector of the monitoring target;
generating a knowledge graph of the monitoring target according to the basic data of the monitoring target, and preprocessing the knowledge graph and the external emergency report data of the monitoring target to generate an event embedded vector of the monitoring target;
and inputting the risk index vector and the event embedding vector into a pre-trained time convolution network to generate a risk prediction result of the monitoring target.
2. The method of claim 1, wherein the number of monitoring targets is multiple, and the preprocessing the risk indicator data of the monitoring targets to generate the risk indicator vector of the monitoring targets comprises:
determining a risk index value of each monitoring target in specified monitoring time to generate a risk index corresponding to the specified monitoring time;
and counting the risk indexes corresponding to the monitoring time to generate a risk index vector of the monitoring target.
3. The method of claim 1, wherein the monitored target comprises a business system, and wherein generating the knowledge-graph of the monitored target based on the underlying data of the monitored target comprises:
acquiring application components, version information and category information contained in all business systems to generate a relation list of the business systems;
and associating according to the entities in the relation list and the relation between the entities to generate a knowledge graph.
4. The method of claim 3, wherein the preprocessing based on the knowledge-graph and the external incident report data of the monitoring target to generate the event embedding vector of the monitoring target comprises:
extracting event numbers, levels, influence components and version information of the external emergency report data to form report event triples;
linking entities and relationships in the report event triplets to a knowledge graph of the monitoring target;
and extracting a graph representation vector of each event based on the knowledge graph by a graph embedding method to serve as the event embedding vector.
5. The method of claim 1, further comprising:
acquiring training sample data, wherein the training sample data comprises risk index data and external emergency report data in a specified time period, and the training sample data is labeled with a risk index labeling value;
training the time convolutional network based on the training sample data.
6. The method of claim 1, wherein generating a risk prediction result for the monitoring objective comprises:
determining the change rate of the monitoring target according to the output of the time convolution network;
determining the monitoring objective as a risk objective if the rate of change is greater than a threshold.
7. The method of claim 6, wherein the rate of change is determined by the formula:
wherein
To monitor an object a n The actual value of the risk indicator at time T,
to monitor an object a n And predicting the risk index at the T +1 moment.
8. A network security situation prediction apparatus, comprising:
the system comprises a first generation module, a second generation module and a third generation module, wherein the first generation module is used for preprocessing risk index data of a monitoring target and generating a risk index vector of the monitoring target;
the second generation module is used for generating a knowledge graph of the monitoring target according to the basic data of the monitoring target, and preprocessing the knowledge graph and the external emergency report data of the monitoring target to generate an event embedding vector of the monitoring target;
and the prediction module is used for inputting the risk index vector and the event embedding vector into a pre-trained time convolution network to generate a risk prediction result of the monitoring target.
9. An electronic device, comprising:
a processor;
a memory for storing the processor-executable instructions;
the processor is configured to read the executable instructions from the memory and execute the instructions to implement the network security situation prediction method of any one of claims 1 to 7.
10. A computer-readable storage medium, characterized in that the storage medium stores a computer program, which when executed by a processor implements the network security situation prediction method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210864728.3A CN115225532B (en) | 2022-07-21 | 2022-07-21 | Network security situation prediction method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210864728.3A CN115225532B (en) | 2022-07-21 | 2022-07-21 | Network security situation prediction method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115225532A true CN115225532A (en) | 2022-10-21 |
| CN115225532B CN115225532B (en) | 2023-04-07 |
Family
ID=83614719
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210864728.3A Active CN115225532B (en) | 2022-07-21 | 2022-07-21 | Network security situation prediction method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115225532B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180048662A1 (en) * | 2016-08-15 | 2018-02-15 | International Business Machines Corporation | Cognitive offense analysis using enriched graphs |
| US20180159876A1 (en) * | 2016-12-05 | 2018-06-07 | International Business Machines Corporation | Consolidating structured and unstructured security and threat intelligence with knowledge graphs |
| CN113822494A (en) * | 2021-10-19 | 2021-12-21 | 平安科技(深圳)有限公司 | Risk prediction method, device, equipment and storage medium |
| CN114491082A (en) * | 2022-03-31 | 2022-05-13 | 南京众智维信息科技有限公司 | Plan matching method based on network security emergency response knowledge graph feature extraction |
-
2022
- 2022-07-21 CN CN202210864728.3A patent/CN115225532B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180048662A1 (en) * | 2016-08-15 | 2018-02-15 | International Business Machines Corporation | Cognitive offense analysis using enriched graphs |
| US20180159876A1 (en) * | 2016-12-05 | 2018-06-07 | International Business Machines Corporation | Consolidating structured and unstructured security and threat intelligence with knowledge graphs |
| CN113822494A (en) * | 2021-10-19 | 2021-12-21 | 平安科技(深圳)有限公司 | Risk prediction method, device, equipment and storage medium |
| CN114491082A (en) * | 2022-03-31 | 2022-05-13 | 南京众智维信息科技有限公司 | Plan matching method based on network security emergency response knowledge graph feature extraction |
Non-Patent Citations (1)
| Title |
|---|
| 杨波等: ""知识图谱研究综述及其在风险管理领域应用"", 《小型微型计算机系统》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115225532B (en) | 2023-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200293946A1 (en) | Machine learning based incident classification and resolution | |
| US11190562B2 (en) | Generic event stream processing for machine learning | |
| US8442926B2 (en) | Information filtering system, information filtering method and information filtering program | |
| US10885167B1 (en) | Intrusion detection based on anomalies in access patterns | |
| CN110730164B (en) | Safety early warning method, related equipment and computer readable storage medium | |
| Costante et al. | A white-box anomaly-based framework for database leakage detection | |
| CN111813960B (en) | Knowledge graph-based data security audit model device, method and terminal equipment | |
| US20220382784A1 (en) | Determining an association rule | |
| CN105431859A (en) | Signal tokens indicative of malware | |
| CN108092985B (en) | Network security situation analysis method, device, equipment and computer storage medium | |
| US10824694B1 (en) | Distributable feature analysis in model training system | |
| US11556871B2 (en) | Systems and methods for escalation policy activation | |
| CN110162939B (en) | Man-machine identification method, equipment and medium | |
| EP4085332A1 (en) | Creating predictor variables for prediction models from unstructured data using natural language processing | |
| Liu et al. | Probabilistic modeling and analysis of sequential cyber‐attacks | |
| US10291483B2 (en) | Entity embedding-based anomaly detection for heterogeneous categorical events | |
| WO2021168617A1 (en) | Processing method and apparatus for service risk management, electronic device, and storage medium | |
| Sentuna et al. | A novel Enhanced Naïve Bayes Posterior Probability (ENBPP) using machine learning: Cyber threat analysis | |
| Weiss et al. | Uncertainty quantification for deep neural networks: An empirical comparison and usage guidelines | |
| CN115225532B (en) | Network security situation prediction method, device, equipment and storage medium | |
| CN115204886A (en) | Account identification method and device, electronic equipment and storage medium | |
| Liu | Prediction of network security based on DS evidence theory | |
| CN107291614B (en) | File abnormity detection method and electronic equipment | |
| Awiszus et al. | Building resilience in cybersecurity: An artificial lab approach | |
| CN114500075A (en) | User abnormal behavior detection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |