CN115967548A

CN115967548A - Safety protection index optimization method based on big data information safety and artificial intelligence system

Info

Publication number: CN115967548A
Application number: CN202211544348.8A
Authority: CN
Inventors: 宋兵军; 肖晓军
Original assignee: Guangzhou Mofan Network Technology Co ltd
Current assignee: Shenzhen Zhongzhi Tiancheng Technology Co ltd
Priority date: 2022-12-04
Filing date: 2022-12-04
Publication date: 2023-04-14
Anticipated expiration: 2042-12-04
Also published as: CN115967548B

Abstract

The invention relates to the technical field of safety protection, in particular to a safety protection index optimization method based on big data information safety and an artificial intelligence system. The method comprises the following steps: acquiring attack protection information, wherein the attack protection information comprises active attack information safety protection information and passive attack information safety protection information; when the attack protection information is determined to be the active attack information safety protection information, an active attack target is obtained and information search is carried out on the active attack target, so that an accurate coping scheme is obtained; triggering protection safety protection measures according to an accurate coping scheme; and when the attack protection information is determined to be the passive attack information safety protection information, acquiring flow direction data of the system data. The invention realizes classification of the attack targets and classification protection, and utilizes an artificial intelligence system to comprehensively protect the attack targets, thereby improving the safety of data storage.

Description

Safety protection index optimization method based on big data information safety and artificial intelligence system

Technical Field

The invention relates to the technical field of safety protection, in particular to a safety protection index optimization method based on big data information safety and an artificial intelligence system.

Background

The internet information technology brings convenience to users and also brings threats, the information security problem is one of the problems, the cloud service is attacked frequently, how to ensure the information security of the cloud service is a problem of wide attention of the operation and maintenance world, and the hidden plug-in is easy to carry in data transmitted between networks or users, so that the challenge of maintaining the confidentiality of information comes.

The cloud service deploys the attack protection service and the data transmission detection system which respond to the attack protection service, further attack protection is carried out on the attack events, bad plug-ins in the transmitted data can be cleared, and data security and confidentiality are brought to a data receiving and sending party. However, in the related art, it is not considered that the initiative and the passivity of the attack cannot complete the comprehensive data protection work, and there is a disadvantage in performing the reliability optimization of the cooperative protection behavior aiming at the initiative and the passivity of the attack.

Disclosure of Invention

The invention provides a safety protection index optimization method based on big data information safety and an artificial intelligence system, and aims to solve at least one technical problem.

In order to achieve the above object, the present invention provides a safety protection index optimization method based on big data information security, which comprises the following steps:

step S1: acquiring attack protection information, wherein the attack protection information comprises active attack information safety protection information and passive attack information safety protection information;

step S21: when the attack protection information is determined to be the active attack information safety protection information, an active attack target is obtained and information search is carried out on the active attack target, so that an accurate coping scheme is obtained;

step S22: triggering protection safety protection measures according to an accurate coping scheme;

step S31: when the attack protection information is determined to be passive attack information safety protection information, flow direction data of system data is obtained, the flow direction data of the system data is tracked, and flow direction information of the system data is obtained;

step S32: and carrying out safety processing on the flow data of the data according to the data flow information.

The embodiment improves data security guarantee and enables smooth operation of the system through real-time detection of data input and output and active attack of the monitoring system, reduces labor cost and artificial misoperation caused by difference of human subjective consciousness to objective judgment, improves reaction timeliness of emergency safety protection, and reduces data disaster area and quantity by adding the artificial intelligence system.

In an embodiment of the present specification, step S21 specifically includes:

when the attack protection information is determined to be the active attack information safety protection information, an active attack target is obtained, information search is carried out on the active attack target, and directional accurate information is generated;

matching the oriented accurate information with the safety measures in the safety measure storage library to obtain an accurate coping scheme;

step S22 specifically includes:

and triggering protection safety protection measures according to an accurate response scheme, wherein the safety protection measures comprise a plurality of protection stages and carry out accurate protection according to the safety protection measures.

The embodiment searches for the information of the active attack, can accurately acquire the attack mode and the attack means of the active attack, and can realize the most accurate processing scheme after accurate defense and attack, thereby reducing the deviation of the protection scheme to ensure that the safety protection effect is not good, the condition of regional paralysis or data loss is caused by the error of the processing scheme, and a plurality of protection stages are set, so as to accurately protect the active attack, the hidden danger of attack processing and root cause clearing is realized, thereby reducing the persistence of the active attack and the hacksaw battle as a whole, thereby reducing the calculation space of the system and the efficient and smooth operation of the system.

In one embodiment of the present description, the plurality of safeguard phases of the safeguard measure include: the method comprises a first safety measure protection stage, a second safety measure protection stage, a third safety measure protection stage and a fourth safety measure protection stage, wherein the execution time of the plurality of safety measure protection stages is respectively executed in sequence from the first safety measure protection stage to the fourth safety measure protection stage according to the time sequence:

the steps of the first protection stage of the safety measure are as follows:

controlling the attacked area;

the invasion and diffusion of the disaster area are prevented;

according to the disaster area, carrying out original information backup, cutting off other link areas, generating a protective isolation protection wall, and resisting an active attack target;

the steps of the second protection stage of the safety measure are as follows:

decoding the active attack target to generate an active attack target code, and matching the active attack target code according to an active attack target code library to generate a matching degree link table;

when the matching degree in the matching degree link table is greater than the attack target threshold value, determining the active attack target as the recorded active attack target and marking the active attack target as a similar attack target;

searching a historical processing scheme in an active attack target processing library according to the similar attack targets, and carrying out reasonability or analysis on the historical processing scheme to generate a reasonability decision scheme;

obtaining an original processing decision scheme of a similar attack target, and optimizing a reasonable decision scheme according to the original processing decision scheme to generate an accurate decision scheme;

restoring the disaster area according to the accurate decision scheme, thereby restoring the operation function of the disaster area, marking the restored disaster area as a restoration area, recording the backup data into the restoration area, activating the operation mechanism from the new one, and storing all the processing processes;

when the matching degree in the matching degree link table is smaller than the attack target threshold value, determining that the active attack target is an unregistered active attack target and marking the active attack target as a new attack target, detecting a disaster area caused by the new attack target, and generating an analysis report of the disaster area;

analyzing and reporting according to the disaster area to obtain an attack mechanism and a damage mode of a new attack target;

acquiring the access authority of an attack mechanism and a destruction mode library of an active attack target, and matching and analyzing the attack mechanism and the destruction mode of a new attack target so as to generate a reasonable decision scheme;

restoring the disaster area according to a reasonable decision scheme, thereby restoring the operation function of the disaster area, marking the restored disaster area as a pre-restoration area, putting virtual operation data into the pre-restoration area, performing performance operation detection, and generating a virtual operation report;

acquiring a historical operation report, and comparing the virtual operation report with the historical operation report to generate pre-recovery reliability;

when the pre-recovery reliability is smaller than a preset reliable threshold value, completely cleaning a disaster area, newly building an original data processing framework so as to generate a new framework, inputting backup data into the new framework, activating an operation mechanism, and storing all processing processes;

or when the pre-recovery reliability is greater than a preset reliability threshold, recovering the operation function of the pre-recovery area, marking the recovered disaster-affected area as a recovery area, recording the backup data into the recovery area, activating an operation mechanism from the new recovery area, and storing all the processing processes;

the third protection stage of the safety measure specifically comprises the following steps:

carrying out source address tracking on the active attack target code to generate initial parameter information of a sending address;

according to the initial parameter information and the active attack target, combining and analyzing, acquiring a sending path of the active attack target, sending a preset latent monitoring coding section through the original path according to the sending path of the active attack target, and implanting attack side equipment for latency;

when a preset time threshold value is reached, a preset latent monitoring coding section gradually enters a working state, internal information of an attacker device is collected, data information collected by the preset latent monitoring coding section is carried and sent back to the artificial intelligence system when the attacker device sends a signal to the outside, the collected data information is analyzed, a threat level table of the attacker device to the artificial intelligence system is generated, and a safety measure fourth protection stage is entered according to the threat level table of the attacker device to the artificial intelligence system;

the fourth protection stage of the safety measure specifically comprises the following steps:

when the attacker device judges that the attacker device has threat to the threat degree table of the artificial intelligent system, the security measure is taken in the fourth protection stage, and the attacker device is sent data to fuse the code segment according to the attacker device receiving window opened by the preset latent monitoring code segment, so that the internal data of the attacker device is damaged, and the attack target with threat is eradicated;

or when the attack side device judges that the threat of the attack side device is low according to the threat degree table of the artificial intelligent system, the safety measure fourth protection stage is adopted, long-term monitoring is carried out through a preset latent monitoring coding section, the threat of the attack side device is evaluated in real time, and when the monitoring time length reaches a preset time length and the threat of the attack side device is always at a low level, the monitoring operation on the attack side device is stopped.

The first protection stage of the embodiment mainly controls, isolates, transfers and blocks the affected area to diffuse the affected area at the first time, so as to achieve the guarantee of timely responding to the safe operation of the active attack maintenance system, the second protection stage mainly analyzes and traces the source code of the attack target, determines the characteristics of the attack target for the follow-up, recovers the affected area, matches and analyzes the active attack target according to a large amount of reserved information bases, thereby determining the attack characteristics of the active attack target and the main target of the attack, whether the attack has infectivity and concealment so as to completely analyze the existing condition of the affected area, provides data and technical support for the follow-up work, the affected area carries out pre-operation test through simulation data, and is beneficial to the difference between the recovery operation of the affected area and the original operation, thereby carrying out system detection on the affected area at any time, the method has the advantages that the effect of large-scale maintenance on the area is achieved, meanwhile, the method is used for detecting whether an attack hidden coding section of active attack remains in the repaired disaster area or not, the protection process is stored, analysis data is provided for subsequent protection and recovery, the system is enabled to grow in the attack, the third protection stage is used for monitoring an attacker device sending an active attack target and evaluating the threat of the attacker device to the artificial intelligent system, the subsequent operation is carried out according to a root evaluation report, data support is provided for the subsequent operation of the fourth safety protection, the monitoring coding section is sent according to the sending path of the active attack target sent by the attacker device, the hiding of the monitoring coding section is facilitated, the attacker device is not favorable for perceiving the implantation of the monitoring coding section, the monitoring work is carried out after the monitoring coding section enters the attacker device and a period of time, the monitoring work is carried out when the protection mechanism of the attacker device carries or reduces the protection, the success rate of monitoring is greatly improved, more accurate and more complete data are provided for subsequent work, the fourth safety protection stage is classified operation according to the monitoring data of the third safety protection stage, the first type shows that the attacker equipment is extremely threatened, then the attacker equipment is destroyed, so that the method for clearly threatening the target from the root is achieved, resources consumed by the system for monitoring the attacker equipment for a long time are saved, the second type shows that the attacker equipment is low in threatened, the monitoring operation on the attacker equipment is stopped, rapid resource recovery is realized, the formation of a broaching saw is reduced, and the operating efficiency of the system is improved.

In an embodiment of the present specification, step S31 specifically includes:

when the attack protection information is determined to be the passive attack information safety protection information, flow direction data of the system data is obtained, and the flow direction data of the system data is tracked, wherein the flow direction data of the system data comprises: input data and output data;

classifying according to the type of the flow data of the system data, and summarizing the flow data of the classified system data to acquire data flow information, wherein the classifying according to the type of the flow data of the system data comprises: performing source tracking processing on input data and performing destination tracking processing on output data;

step S32 specifically includes:

and carrying out safety detection on the data sending end according to the input data, and carrying out safety detection on the destination equipment of the data according to the output data.

The embodiment monitors the flow direction data of the system in real time, so as to establish the legality of the flow direction of the data and the correctness of the data use, improve the guarantee of data security transmission and security storage, monitor the security of input equipment and output equipment, ensure the security of data in remote utilization, and realize the situation that the data are stolen by passive attack or the monitoring of the system is carried by a plug-in carried by the installation equipment, thereby providing the safety and the correctness of data transmission and reducing the risk of data tampering.

In one embodiment of the present specification, the source tracking processing of the input data includes the following steps:

carrying out source tracking on input data to generate data source information;

performing reliability analysis on the source equipment according to the data source information so as to generate a reliability report;

when the reliability of the reliability report is smaller than a preset reliability threshold value, performing isolation operation on input data, and sending reliability application data to the source equipment for filling so as to ensure that the source equipment provides safety information guarantee;

carrying a pre-monitoring coding segment in the sent reliability application data, carrying out security monitoring on source equipment, returning monitoring data, carrying out security identification on the monitoring data, and generating a security report;

when the security report is that the source device is secure, then further processing the isolated input data; or, when the safety report is the danger of the source equipment, destroying the isolated input data;

alternatively, when the reliability of the reliability report is greater than a preset reliability threshold, the isolated incoming data is further processed.

According to the method, an examination interval is equivalently set and the input data is isolated according to the source reliability analysis of the input data, so that the input data is guaranteed to be absolutely reliable, the safe storage of an internal data tool is guaranteed, an application process is set to guarantee or prove the input data, the examination process is greatly shortened, the input efficiency of emergency data is improved and guaranteed, the occurrence of data transmission efficiency delayed due to examination is eliminated, and the judgment result is more intelligent and accurate by using a preset reliability threshold value.

In an embodiment of the present specification, the performing a destination tracking process on the output data includes the following steps:

the outgoing data is tracked, data outgoing information is generated, application acquisition data of the outgoing equipment is obtained, and an application report of the application acquisition data of the outgoing equipment is checked, so that an initial review safety report of the outgoing equipment is obtained;

when the safety displayed by the initial review safety report of the destination equipment is smaller than a preset safety threshold, an interception information instruction is generated to carry out destination interception on the output data, and analog calculation is carried out according to the output data to generate analog output data;

the output data is continuously sent and processed by replacing the data output in a simulation mode, the data output in the simulation mode carries a monitoring coding section, the destination equipment is monitored, monitoring information is obtained, and the monitoring information is transmitted back to the artificial intelligence system for safety processing;

and when the safety displayed by the initial review safety report of the destination equipment is greater than a preset safety threshold value, determining that the destination equipment acquires data for compliance, sending a monitoring code segment to the equipment, carrying out purpose monitoring on the data sent to the output of the destination equipment, generating purpose monitoring information, and sending the purpose monitoring information back to the artificial intelligence system for further safety processing.

The embodiment carries out destination tracking on the output data, improves the safety of the data, judges whether the use mode of the destination equipment is safe or not according to the use mode of the data monitored and output by the destination equipment, thereby ensuring the safety of the data stored in the system outside the system and greatly improving the dependency of users.

In one embodiment of the present specification, the transmitting the monitoring information back to the human function system for security processing includes the following steps:

step S71: performing compliance operation analysis according to the monitoring information to generate a compliance information analysis report;

step S72: when the compliance information analysis report is an intrusion information sending data source, violation operation is performed, and a warning signal is sent to a data receiving interface of the monitoring coding section so that the monitoring coding section sends a warning to the equipment;

step S73: performing emission source search according to the output data, performing protection safety detection on the output data to generate a protection safety report, and performing coding field identification according to uncertain factors in the protection safety report so as to mark directional blasting points, thereby generating a directional blasting guide;

step S74: directionally crushing the abnormal coding sequence of the directional blasting points according to a directional blasting guide, performing regression safety detection, and judging whether the data is safe and reliable; when the potential safety hazard exists, the step S73 is carried out;

step S75: performing index optimization operation on a protection content security coding section by data security detection to generate an optimization operation guide, and performing weighting retraining on the artificial intelligence system according to the optimization operation guide so as to obtain a weighting index optimization coding scheme and optimize the artificial intelligence system;

step S76: or when the compliance information analysis report is a compliance information sending data source, acquiring a data compliance examination request report from the destination equipment so as to submit the data compliance examination request report to the destination equipment, so that the intercepted data is sent to the destination equipment again, and the monitoring code segment is deleted.

The embodiment transmits the monitoring information back to the artificial intelligence system for processing, thereby reducing the utilization of the system of the destination equipment by the monitoring code segment, keeping the destination equipment in a good running state, carrying out the risk of discovering the monitoring coding segment, analyzing the monitoring information by using the artificial intelligence system, accelerating the analysis efficiency of the monitoring information, timely responding the subsequent operation of the monitoring coding segment, simultaneously responding the output data, matching according to malicious coding segments in a massive data plugin library, thereby discovering the output data for directional blasting, ensuring the safety and integrity of the output data while destroying uncertain factors, carrying out multiple detection and multiple blasting on the output data through regression security detection, not leaving the persistence of any unsafe factors of the data, leading the data to be absolutely safe, recording and storing the safety protection operation each time for carrying out the weighted retraining on the artificial intelligence system, thereby obtaining a weighted index optimization coding scheme and optimizing the artificial intelligence system, leading the artificial intelligence system to carry out the change of the use time limit of the artificial intelligence system, and prolonging the use updating time limit of the original protection system for the change of the safety protection system.

In one embodiment of the present specification, the sending the usage monitoring information back to the artificial intelligence system for further security processing comprises the following steps:

performing purpose rationality analysis according to the purpose monitoring information to generate a rational information analysis report;

when the reasonable information analysis report is used maliciously for the output data, if the reasonable information analysis report is determined to be unreasonable, the output data interception and destruction instruction is sent to the monitoring coding section, so that the monitoring coding section commands to the equipment to clear the acquired output data and automatically clear the monitoring coding section;

when the reasonable information analysis report is used conventionally for the output data, a cancellation instruction is sent to the monitoring code segment, so that the monitoring code segment stops monitoring and destroys;

and completing efficiency analysis in the processing process of the output data to obtain an efficiency report, and pre-training the artificial intelligence system according to the efficiency report, so as to obtain an efficiency index optimization coding scheme and optimize the artificial intelligence system.

The method monitors the use reasonability of data output to equipment, adds safety guarantee to external safety protection of system data, sends an output data interception destroy instruction to a monitoring coding section, realizes that the output data is cleared while the integrity of internal data of the destination equipment and the fluency of the system are not influenced, ensures the use safety of the output data on other equipment, performs reasonability analysis according to the use monitoring information to ensure the reasonability utilization of the output data by the destination equipment, and transmits the use monitoring information to an artificial intelligence system for processing so as to reduce the utilization of a monitoring code segment on the system of the destination equipment, so that the destination equipment keeps a good operation state, carries out the risk of discovering the use monitoring coding section, analyzes the use monitoring information by using the artificial intelligence system, thereby accelerating the analysis efficiency of the use monitoring information and timely responding to subsequent operations of the monitoring coding section.

In an embodiment of the present specification, an artificial intelligence system for safety protection index optimization based on big data information safety is characterized by including:

a processor, and

at least one memory electrically connected to the processor, wherein a computer program is stored in the memory, and the computer program is used to execute the big data information security-based safety protection index optimization method according to any one of claims 1 to 8.

The embodiment provides a safety protection index optimization system based on big data information safety, which can realize any safety protection index optimization method based on big data information safety, analyzes the attack type of the current equipment, performs classification processing operation for active attack or passive attack according to the attack type, performs reasonable protection operation in time when the attack type is identified as the active attack, performs a first protection stage to a fourth protection stage, and accordingly performs judgment according to monitoring information so as to perform directional accurate operation by using information obtained by analysis, wherein the passive attack performs real-time monitoring and identification in real-time data transmission, and performs safety analysis according to the attack information of the identified passive attack so as to perform directional processing.

According to the method, through the real-time detection of data input and output and active attack of a monitoring system, the smooth operation of the system is realized while the data security guarantee is improved, the labor cost is reduced through the addition of an artificial intelligent system, meanwhile, the situation of artificial misoperation caused by the fact that the judgment of objective objects by artificial subjective consciousness is different is reduced, the response time efficiency of emergency safety protection is improved, the area and the quantity of data disasters are reduced, reasonable protection operation can be timely performed after the active attack is identified, a first protection stage to a fourth protection stage are carried out, pre-operation test is carried out on a disaster area through simulation data, the system detection can be conveniently carried out on the disaster area due to the difference between the recovery operation of the disaster area and the original operation, the effect of regular large-scale maintenance on the area is achieved, meanwhile, whether an attack hidden code segment of the active attack remains in the disaster area after the restoration exists or not is detected, the protection process is stored, analysis data is provided for the follow-up protection and recovery, the system grows in the attack, and therefore, the oriented and accurate operation can be carried out through the judgment according to the monitoring information obtained through the judgment.

Drawings

FIG. 1 is a schematic flow chart illustrating steps of a safety protection index optimization method based on big data information security according to the present invention;

FIG. 2 is a flowchart illustrating a detailed implementation procedure of the protection process performed on the active attack target in FIG. 1;

FIG. 3 is a schematic diagram illustrating a detailed processing procedure performed by the part A in FIG. 2 when the matching degree in the matching degree link table is greater than the attack target threshold;

FIG. 4 is a schematic diagram illustrating a detailed processing implementation procedure of the step B in FIG. 2 when the matching degree in the matching degree link table is smaller than the attack target threshold;

FIG. 5 is a flowchart illustrating the detailed implementation steps of the source tracking process for the input data according to the present invention;

FIG. 6 is a flowchart illustrating the detailed implementation steps of the present invention for performing the destination tracking process on the output data;

FIG. 7 is a diagram illustrating the hierarchical protection of input data according to the present invention.

The implementation, functional features and advantages of the present invention will be further described with reference to the accompanying drawings.

Detailed Description

It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.

The embodiment of the application provides a safety protection index optimization method based on big data information security and an artificial intelligence system, wherein an execution main body of the safety protection index optimization method based on big data information security comprises a control console, a single server, a server cluster, a cloud server or a cloud server cluster and the like, and the service control center can carry the artificial intelligence system.

Referring to fig. 1, a schematic flow chart of steps of a safety protection index optimization method based on big data information security according to the present invention is shown, in this example, the steps of the safety protection index optimization method based on big data information security include:

in the embodiment of the invention, the acquisition of the attack protection information refers to the real-time monitoring of the input information, the output information and the protection strong-resistance information in the safety protection area of the artificial intelligence system, and the marking of the extracted information as the attack protection information; the attack protection information is divided into active attack types which are expressed as direct attack damage to an artificial intelligence system, and has the effects of preventing damage and quick damage, an attack mode of direct collision is carried out along with the protection measures of the artificial intelligence system, but the active attack mode is generally attack of maliciousness of other people, or protection touched by other people through network broadcasting is generally damaged, so that the threat is low, wherein the attack protection information is divided into passive attack which is expressed as strong imperceptibility carried by data transmission, but is a safety hidden danger through autonomous input, and is generally used for small destructive threats such as latent ore excavation, monitoring, data stealing and the like, but data leakage which is safe and difficult to perceive is carried out.

in the embodiment of the invention, the information search of the active attack target means that the attack type of the attack target is preliminarily confirmed according to the attack mode and the attack range of the protection attack information database on the active attack target and the attack type is used for a preliminary protection stage (a first safety protection stage).

in the embodiment of the invention, the triggering protection safety protection measures according to the accurate response scheme refers to measures which are lower than safety protection initially and correspond to the accurate response scheme.

in the embodiment of the present invention, the flow direction data of the acquired system data refers to data input to the artificial intelligence system and output data sent by the artificial intelligence system to the destination device, and the system data flow direction information refers to device basic gateway information of the destination device or basic gateway information of the source device of the data and further includes a transmission path of the data.

Step S32: carrying out safety processing on the flow direction data of the data according to the data flow direction information;

in the embodiment of the present invention, the performing security processing on the flow direction data of the data according to the data flow direction information refers to performing security detection on input data sent by a source device and security detection on the source device, and performing security detection on a destination device to ensure security guarantee of output data outside an artificial intelligence system.

In an embodiment of the present specification, step S21 specifically includes:

matching the oriented accurate information with the safety measures in the safety measure storage library to obtain an accurate response scheme;

step S22 specifically includes:

The embodiment searches for the information of the active attack, can accurately acquire the attack mode and the attack means of the active attack, and can realize the most accurate processing scheme after accurate defense and attack, thereby reducing the deviation of the protection scheme to ensure that the safety protection effect is not good, the condition of regional paralysis or data loss caused by the error of the processing scheme is generated, and multiple protection stages are arranged, so that the active attack is accurately protected, the hidden danger of attack processing and root cause clearing is realized, thereby reducing the persistence of the active attack and the sawing battle as a whole, and further reducing the calculation space of the system and the efficient and smooth operation of the system.

In the embodiment of the invention, the oriented accurate information is marked as oriented accurate information by analyzing the generated information of the active attack according to the preliminary behavior expressed by the active attack, the matching of the safety measure in the safety measure storage library is that the attack characteristic of the active attack target displayed by the accurate information is determined to correspond to the safety protection measure entry corresponding to the attack characteristic of the active attack target recorded in the safety measure storage library, so that the safety protection measure corresponding to the attack characteristic of the active attack target is obtained and marked as an accurate corresponding scheme, and the safety protection measure comprises a plurality of protection stages, namely that the safety protection is divided into four stages to carry out protection operation sequentially, wherein the protection operation comprises the following steps: the method comprises a first safety measure protection stage, a second safety measure protection stage, a third safety measure protection stage and a fourth safety measure protection stage, wherein different safety measures are distributed according to different protection stages of the safety measures to perform safety protection.

the steps of the first protection stage of the safety measure are as follows:

controlling the attacked area;

the invasion and diffusion of disaster areas are prevented;

performing original information backup according to the disaster area, cutting off other link areas, generating a protection isolation protection wall, and resisting an active attack target;

the steps of the second protection stage of the safety measure are as follows:

searching a historical processing scheme in the active attack target processing library according to the similar attack target, and carrying out reasonability or analysis on the historical processing scheme to generate a reasonable decision scheme;

when the matching degree in the matching degree link table is smaller than the attack target threshold value, determining that the active attack target is an unregistered active attack target and marking the active attack target as a new attack target, detecting a disaster area caused by the new attack target, and generating a disaster area analysis report;

acquiring the access authority of an attack mechanism and a damage mode library of an active attack target, and matching and analyzing the attack mechanism and the damage mode of a new attack target so as to generate a reasonable decision scheme;

restoring the disaster area according to a reasonable decision scheme, thereby recovering the operation function of the disaster area, marking the restored disaster area as a pre-restoration area, putting virtual operation data into the pre-restoration area, performing performance operation detection, and generating a virtual operation report;

when the pre-recovery reliability is smaller than a preset reliability threshold, completely cleaning a disaster area, newly building an original data processing framework so as to generate a new framework, inputting backup data into the new framework, activating an operation mechanism, and storing all processing processes;

carrying out source address tracking on the active attack target code to generate sending address initial parameter information;

or when the threat degree table of the artificial intelligent system is judged to be low by the attack side equipment, the fourth protection stage of the safety measure is adopted, long-term monitoring is carried out through a preset latent monitoring coding section, the threat of the attack side equipment is evaluated in real time, and when the monitoring time length reaches a preset time length and the threat of the attack side equipment is always at a low level, the monitoring operation on the attack side equipment is stopped.

The first protection stage of the embodiment mainly controls, isolates, transfers and blocks the affected area to diffuse the affected area at the first time, so as to achieve the guarantee of timely responding to the safe operation of the active attack maintenance system, the second protection stage mainly analyzes and traces the source code of the attack target, determines the characteristics of the attack target for the follow-up, recovers the affected area, matches and analyzes the active attack target according to a large amount of reserved information bases, thereby determining the attack characteristics of the active attack target and the main target of the attack, whether the attack has infectivity and concealment so as to completely analyze the existing condition of the affected area, provides data and technical support for the follow-up work, the affected area carries out pre-operation test through simulation data, and is beneficial to the difference between the recovery operation of the affected area and the original operation, thereby carrying out system detection on the affected area at any time, the method has the advantages that the effect of large-scale maintenance on the area is achieved, meanwhile, the method is used for detecting whether an attack hidden coding section of active attack remains in the repaired disaster area or not, the protection process is stored, analysis data are provided for follow-up protection and recovery, the system is enabled to grow in the attack, the third protection stage is used for monitoring an attacker device sending an active attack target and evaluating the threat of the attacker device to the artificial intelligence system, a root evaluation report carries out follow-up operation to provide data support for the follow-up operation of the fourth safety protection, the monitoring coding section is sent according to the sending path of the active attack target sent by the attacker device, the hiding of the monitoring coding section is facilitated, the attacker device is not beneficial to perceiving the implantation of the monitoring coding section, and the monitoring work is carried out only when the monitoring coding section enters the attacker device and carries out a period of latency for the protection mechanism of the attacker device or reduces the protection, the success rate of monitoring is greatly improved, more accurate and more complete data are provided for subsequent work, the fourth safety protection stage is classified operation according to the monitoring data of the third safety protection stage, the first type shows that the attacker equipment is extremely threatened, then the attacker equipment is destroyed, so that the method for clearly threatening the target from the root is achieved, resources consumed by the system for monitoring the attacker equipment for a long time are saved, the second type shows that the attacker equipment is low in threatened, the monitoring operation on the attacker equipment is stopped, rapid resource recovery is realized, the formation of a broaching saw is reduced, and the operating efficiency of the system is improved.

In the embodiment of the invention, the analysis of the collected data information refers to that an attacker device enables protection measures of a specified party to attack or carries out attack measures of a broadcast network with a same mass of attack targets to be used for judging a judgment condition of the attacker device for the threat of the artificial intelligent system, and also carries out threat analysis according to damage caused by an attacked area, wherein the attack measures are used for a fourth protection phase of safety measures, and the sending of the data fusing code segment to the attacker device refers to the sending of the fusing code segment to a monitoring code segment to damage the attacker device so as to achieve a mode of solving the potential safety hazard from the root.

Referring to fig. 2, a schematic flow chart of a detailed implementation step of performing protection processing on an active attack target in fig. 1 is shown, in this example, the step of performing protection processing on the active attack target includes:

step S41: decoding the active attack target to generate an active attack target code, and matching the active attack target code according to an active attack target code library to generate a matching degree link table;

in the embodiment of the invention, the decoding of the active attack target means that the decoder decodes the active attack target, so as to obtain the operation logic carried out by the active attack target and mark the operation logic as the active attack target code, the matching of the active attack target code according to the active attack target code library means that the matching is carried out according to the active attack target code in the stored active attack target code library so as to obtain the safety protection process of the target code corresponding to the active attack target code, the safety protection process is used for analyzing the safety protection of the current active attack target, the similarity matching is carried out on the active attack target code in the active attack target code library, and thus a matching degree link table is generated for providing reliable opinions for the current safety protection;

wherein, the capital a in fig. 2 and the capital a in fig. 3 indicate that the same capital a is used for linking the nodes in fig. 2 and fig. 3, and the capital B in fig. 2 and the capital B in fig. 4 indicate that the same capital B is used for linking the nodes in fig. 2 and fig. 4.

Referring to fig. 3, a flow chart of detailed processing implementation steps of the part a in fig. 2 when the matching degree existing in the matching degree link table is greater than the attack target threshold value is shown, in this example, the detailed processing implementation steps of the part a when the matching degree existing in the matching degree link table is greater than the attack target threshold value include:

step A1: when the matching degree in the matching degree link table is greater than the attack target threshold value, determining the active attack target as the recorded active attack target and marking the active attack target as a similar attack target;

in the embodiment of the invention, the attack target threshold is a pre-training model for determining whether the attack target is matched or not according to the attack target identification degree of the neural network, so that the recorded active attack target exists when the matching degree is greater than the attack target threshold.

Step A2: searching a historical processing scheme in an active attack target processing library according to the similar attack targets, and carrying out reasonability or analysis on the historical processing scheme to generate a reasonability decision scheme;

in the embodiment of the present invention, the searching of the historical processing scheme in the active attack target processing library according to the similar attack target means that the attack mode of the similar attack target is searched for a corresponding processing mode in the active attack target processing library to evaluate and optimize the current processing scheme.

Step A3: obtaining an original processing decision scheme of a similar attack target, and optimizing a reasonable decision scheme according to the original processing decision scheme to generate an accurate decision scheme;

in the embodiment of the invention, the original processing decision scheme for obtaining the similar attack target is an original decision scheme generated according to the characteristics of the active attack target, and is combined and optimized with a historical decision scheme for acquainting the active attack target to generate an accurate decision scheme, so that an artificial intelligent system can grow by itself while protecting the active attack target.

Step A4: restoring the disaster area according to the accurate decision scheme, thereby restoring the operation function of the disaster area, marking the restored disaster area as a restoration area, recording the backup data into the restoration area, activating the operation mechanism from the new one, and storing all the processing processes;

in the embodiment of the present invention, the repairing the disaster area according to the precise decision scheme refers to performing a directional decision on the disaster area according to a repairing manner of the precise decision scheme, and the repairing process is performed only for the operation of the disaster area without changing the subsidence logic.

Referring to fig. 3, a flow chart of detailed processing implementation steps of the part B in fig. 2 when the matching degree existing in the matching degree link table is smaller than the attack target threshold value is shown, in this example, the detailed processing implementation steps of the part B when the matching degree existing in the matching degree link table is smaller than the attack target threshold value include:

step B1: when the matching degree in the matching degree link table is smaller than the attack target threshold value, determining that the active attack target is an unregistered active attack target and marking the active attack target as a new attack target, detecting a disaster area caused by the new attack target, and generating a disaster area analysis report;

in the embodiment of the invention, the attack target threshold is a pre-training model for determining whether the attack target is matched or not according to the attack target identification degree of the neural network, so that the condition that the input active attack target does not exist when the matching degree is smaller than the attack target threshold is shown, and the detection of the damaged area caused by the new attack target is further detailed detection of the area attacked by the active attack target, so that the corresponding protection and repair process can be better generated by analyzing the unsent active attack target by using an analyzing means.

And step B2: analyzing and reporting according to the disaster area to obtain an attack mechanism and a damage mode of a new attack target;

in the embodiment of the invention, the attack mechanism and the damage mode of the new attack target refer to the offensiveness evaluation of the new attack target and the detailed analysis of the attack entry point and the damage point, and the repair scheme for generating the new attack target is studied.

And step B3: acquiring the access authority of an attack mechanism and a damage mode library of an active attack target, and matching and analyzing the attack mechanism and the damage mode of a new attack target so as to generate a reasonable decision scheme;

in the embodiment of the invention, the acquisition of the access right of the attack mechanism and the destruction mode library of the active attack target means that the attack mechanism and the destruction mode library of the active attack target are high-level safety protection units, and the subsequent lower protection measures than the active attack target are brought by the contents tampered by the attack, so that the access right is distributed when the attack mechanism and the destruction mode library of the active attack target are required by an artificial intelligence system, and the highest level protection measures are achieved.

And step B4: restoring the disaster area according to a reasonable decision scheme, thereby restoring the operation function of the disaster area, marking the restored disaster area as a pre-restoration area, putting virtual operation data into the pre-restoration area, performing performance operation detection, and generating a virtual operation report;

in the embodiment of the present invention, the delivering of the virtual operation data to the pre-repair area and the performance operation detection refer to generating the virtual data by using the original data to simulate the working state and the working mode of the pre-repair area, analyzing and comparing the virtual data with the original working efficiency of the area, and determining whether the active attack target has residue, so as to generate a simulation operation report for the system to display the working state of the pre-repair area.

And step B5: acquiring a historical operation report, and comparing the virtual operation report with the historical operation report to generate pre-recovery reliability;

in an embodiment of the present invention, the pre-recovery reliability refers to a recovery degree for deciding the pre-repair area determined by comparing the virtual operation report with the historical operation report.

Step B6: when the pre-recovery reliability is smaller than a preset reliability threshold, completely cleaning a disaster area, newly building an original data processing framework so as to generate a new framework, inputting backup data into the new framework, activating an operation mechanism, and storing all processing processes;

in the embodiment of the present invention, the preset reliability threshold refers to a red line threshold obtained by training according to a neural network and used for determining the secondary usability of a pre-recovery area (a damaged area) for judgment, when the pre-recovery reliability is smaller than the preset reliability threshold, it indicates that the pre-recovery area (the damaged area) is unusable, the damaged area is completely cleaned, an original data processing framework is newly built, so as to generate a new framework, backup data is entered into the new framework and an operation mechanism is activated, all processing procedures are stored, and a memory framework of the damaged area is built, so that the damaged area is recovered to a working level before being attacked or exceeds the original working level.

Step B7: when the pre-recovery reliability is greater than a preset reliability threshold value, recovering the operation function of the pre-recovery area, marking the recovered disaster-affected area as a recovery area, recording the backup data into the recovery area, activating an operation mechanism from the new recovery area, and storing all the processing processes;

in the embodiment of the present invention, the preset reliability threshold refers to a red line threshold obtained by training according to a neural network and used for determining the usability of the pre-recovery area (the disaster area) for judgment, and when the pre-recovery reliability is greater than the preset reliability threshold, it indicates that the pre-recovery area (the disaster area) has returned to the original working level but remains as an active attack target, so that the use of the pre-recovery area can be relieved.

In an embodiment of the present specification, step S31 specifically includes:

step S32 specifically includes:

carrying out source tracking on input data to generate data source information;

when the security report is that the source device is secure, then further processing the isolated input data; or when the safety report is the danger of the source equipment, destroying the isolated input data;

Referring to fig. 5, a flow chart of detailed implementation steps of the source tracking process performed on the input data according to the present invention is shown, in this example, the detailed implementation steps of the source tracking process performed on the input data include:

step S51: carrying out source tracking on input data to generate data source information;

in the embodiment of the present invention, the source tracing of the input data refers to analyzing the transmission device information carried by the off-path encryption code carried by the input data, and transmitting the data passing through the obtained input data to a device, where the data passing device may be a router, a switch, a source device, and the like, and performing statistical analysis on the transmission process of the input device to form data source information.

Step S52: when the reliability of the reliability report is smaller than a preset reliability threshold value, performing isolation operation on input data, and sending reliability application data to the source equipment for filling so as to ensure that the source equipment provides safety information guarantee;

in the embodiment of the invention, the preset reliability threshold value is a stable threshold value obtained by inputting a large amount of judgment on whether input data carry unsafe contents for training through a deep learning pre-training model, safety red lines are calibrated for the reliability of the input data, unsafe factors of input data in an operation mode are checked and isolated, and the input data enter a data protection safety region protected by an artificial intelligence system, so that safety guarantee is provided for other stored data.

Step S53: carrying a pre-monitoring coding segment in the sent reliability application data, carrying out security monitoring on source equipment, returning monitoring data, carrying out security identification on the monitoring data, and generating a security report;

in the embodiment of the present invention, the pre-monitoring code segment carried in the sent reliability application data is to send reliability application data to the source device, and the pre-monitoring code segment carried in the data is used to monitor whether a latency factor exists in the source device, perform security protection on the source device, clear an insecure factor of the source device, and perform detection on a threat factor carried by data information sent by the source device.

Step S54: when the security report is that the source device is secure, then further processing the isolated input data; or when the safety report is the danger of the source equipment, destroying the isolated input data;

in the embodiment of the present invention, when the security report is a source device security, the pre-monitoring code segment may be directly deleted, and the further processing of the isolated input data refers to detection of the input data carrying threat factors, so as to achieve an absolute security effect by implementing multiple times of detection.

Step S55: when the reliability of the reliability report is greater than a preset reliability threshold, further processing the isolated input data;

In the embodiment of the invention, when the input data is represented as safe, the data is stored in a grading way, wherein the grading storage way is as follows:

analyzing and storing the input data in a classified manner according to the protection level of the input data, generally dividing the input data into a low level, a middle level and a high level, performing classified defense according to the level of safety protection required by the input data, and storing the data into a corresponding area, which is described with reference to fig. 7, according to the invention, a classified protection schematic diagram is performed on the input data;

s71 is an outermost layer of safety protection layer;

s72, an intermediate layer safety protection layer;

s73, an innermost safety protection layer;

the data storage module is used for storing low-level input data between S71 and S72, storing intermediate-level input data between S72 and S73, and storing high-level input data in S73;

if the storage area of the data needing to be invaded to the high-level input is required to be firstly invaded into the low-level area and invaded into the middle-level area, the artificial intelligence system immediately starts the protection work in the protection stage when the attack occurs, and therefore the effect of graded protection is achieved.

when the safety displayed by the initial review safety report of the destination equipment is smaller than a preset safety threshold value, generating an interception information instruction to carry out destination interception on output data, and carrying out analog calculation according to the output data to generate analog output data;

Referring to fig. 6, a flow chart of detailed implementation steps of the destination tracking processing performed on the output data according to the present invention is shown, in this example, the step of performing the destination tracking processing on the output data includes:

step S61: the outgoing data is tracked, data outgoing information is generated, application acquisition data of the outgoing equipment is obtained, and an application report of the application acquisition data of the outgoing equipment is checked, so that an initial review safety report of the outgoing equipment is obtained;

in the embodiment of the present invention, the forward tracking of the output data refers to performing a real-time tracking information feedback operation when the data is output.

Step S62: when the safety displayed by the initial review safety report of the destination equipment is smaller than a preset safety threshold value, generating an interception information instruction to carry out destination interception on output data, and carrying out analog calculation according to the output data to generate analog output data;

in the embodiment of the invention, the preset safety threshold value refers to the function of training according to a deep learning pre-training model to judge whether the destination equipment is safe or not, the data which is generated by performing simulation calculation according to the output data is subjected to simulation output through a random data generation model and a data link emotion analysis model, and the data is generated and simulated so as to achieve the function of simulating with false or false.

Step S63: the output data is continuously sent and processed by replacing the data output in an analog mode, the data output in the analog mode carries a monitoring coding section, the destination equipment is monitored, monitoring information is obtained, and the monitoring information is transmitted back to the human power intelligent system to be processed safely;

in the embodiment of the invention, the step of continuously sending the output data by replacing the analog output data refers to intercepting the output data in the data transmission process and sending the analog output data for continuous sending processing, so that the effects of replacing and monitoring the destination equipment and preventing frightened snakes are achieved under the condition that the destination equipment is not perceived.

Step S64: when the safety displayed by the initial review safety report of the destination equipment is greater than a preset safety threshold value, determining that the destination equipment acquires data for compliance, sending a monitoring code segment to the equipment, carrying out purpose monitoring on the data output by the destination equipment, generating purpose monitoring information, and sending the purpose monitoring information back to the artificial intelligence system for advanced safety processing;

in the embodiment of the invention, the preset safety threshold refers to the function of training according to a deep-learning pre-training model to judge whether the destination equipment is safe, and the purpose monitoring on the output data sent to the destination equipment is to output the data to the equipment for malicious use.

In the embodiment of the invention, the sending of the warning signal to the data receiving interface of the monitoring code segment to enable the monitoring code segment to send a warning to the destination equipment is to analyze the returned monitoring information to obtain the use safety judgment of the destination equipment on the output data, so as to send the warning information to prompt the violation operation data of the destination equipment, perform source search according to the output data, perform protection safety detection on the output data, generate a protection safety report, which is to detect the safety of the destination equipment and generate a safety report for providing data support for the safety optimization operation of the destination equipment on the system, perform weighted retraining on the artificial intelligence system according to the optimized operation guide, so as to obtain the weighted index optimized coding scheme and optimize the artificial intelligence system, which is to perform a recording processing process according to the scheme of data processing, so as to optimize the operation guide, and perform weighted retraining on the artificial intelligence system because of the weighted retraining on the artificial intelligence system, wherein the weighted training needs to store a certain number of safety protection operation flows of the artificial intelligence system to perform weighted retraining, and the modified offset is not large, so that the adjusted range can be continuously updated in the normal working range of the system.

and completing efficiency analysis on the processing process of the output data to obtain an efficiency report, and pre-training the artificial intelligence system according to the efficiency report, so as to obtain an efficiency index optimization coding scheme and optimize the artificial intelligence system.

In the embodiment of the invention, the sending of the output data interception and destruction instruction to the monitoring coding section means that the output data is destroyed in time when the output data has a risk of leakage to the equipment, so that the output data does not have the risk of leakage, and the output data is monitored in real time by using the special purpose coding section, so that the risk of data leakage is prevented.

a processor, and

The embodiment provides a safety protection index optimization system based on big data information safety, which can realize any safety protection index optimization method based on big data information safety, analyzes the attack type of the current equipment, performs classification processing operation for active attack or passive attack according to the attack type, wherein reasonable protection operation can be timely performed if the attack type is identified as the active attack, performs a first protection stage to a fourth protection stage, thereby performing judgment according to monitoring information so as to perform directional accurate operation by using information obtained by analysis, wherein the passive attack performs real-time monitoring and identification in real-time data transmission, and performs safety analysis according to attack information of the identified passive attack, thereby performing directional processing.

The embodiment improves data safety guarantee and enables the system to operate smoothly at the same time through real-time detection of data input and output and active attack of a monitoring system, reduces labor cost and artificial operational errors caused by differences of judgment of objective objects by artificial subjective consciousness through the addition of an artificial intelligent system, improves response timeliness of emergency safety protection, and reduces the area and the number of data disasters, wherein reasonable protection operation can be timely performed through identification as active attack, a first protection stage to a fourth protection stage are performed, a disaster area is subjected to pre-operation test through simulation data, so that system detection can be performed on the disaster area due to the difference between recovery operation and original operation of the disaster area, and the effect of regularly maintaining the area in a large scale is achieved.

The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.

It is noted that, in this document, relational terms such as "first" and "second," and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.

The foregoing are merely exemplary embodiments of the present invention, which enable those skilled in the art to understand or practice the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A safety protection index optimization method based on big data information safety is characterized by being applied to an artificial intelligence system and comprising the following steps:

2. The method according to claim 1, wherein step S21 is specifically:

step S22 specifically includes:

3. The method of claim 2, wherein the plurality of safeguard phases of the safeguard measure comprise: the method comprises a first safety measure protection stage, a second safety measure protection stage, a third safety measure protection stage and a fourth safety measure protection stage, wherein the execution time of the plurality of safety measure protection stages is respectively executed in sequence from the first safety measure protection stage to the fourth safety measure protection stage according to the time sequence:

the steps of the first protection stage of the safety measure are as follows:

controlling the attacked area;

the invasion and diffusion of the disaster area are prevented;

the steps of the second protection stage of the safety measure are as follows:

restoring the disaster area according to the precise decision scheme, thereby restoring the operation function of the disaster area, marking the restored disaster area as a restoration area, recording backup data into the restoration area, activating an operation mechanism from the restoration area, and storing all processing processes;

or when the pre-recovery reliability is greater than a preset reliability threshold value, recovering the operation function of the pre-repair area, marking the recovered disaster area as a repair area, recording backup data into the repair area, activating an operation mechanism from the repair area, and storing all processing processes;

according to the initial parameter information and the active attack target, the sending path of the active attack target is obtained through combined analysis, the original path is sent to a preset latent monitoring coding section according to the sending path of the active attack target, and an attack side device is implanted for latency;

4. The method according to claim 1, wherein step S31 is specifically:

step S32 specifically includes:

5. The method of claim 4, wherein the source tracking processing of the input data comprises the steps of:

carrying out source tracking on input data to generate data source information;

6. The method of claim 4, wherein said performing a forward tracking process on the output data comprises the steps of:

the output data is continuously sent and processed by replacing the data output in an analog mode, the data output in the analog mode carries a monitoring coding section, the destination equipment is monitored, monitoring information is obtained, and the monitoring information is transmitted back to the human power intelligent system to be processed safely;

7. The method of claim 6, wherein said transmitting the monitoring information back to the human functional system for security processing comprises the steps of:

8. The method of claim 6, wherein sending usage monitoring information back to the artificial intelligence system for further security processing comprises:

when the reasonable information analysis report is used maliciously for the output data and is determined to be unreasonable, the output data interception and destruction instruction is sent to the monitoring coding segment, so that the monitoring coding segment commands can clearly obtain the output data to the equipment, and the monitoring coding segment can be automatically and clearly monitored;

9. An artificial intelligence system based on big data information safety's safety protection index optimization, its characterized in that includes:

a processor, and