CN115967548B

CN115967548B - Safety protection index optimization method based on big data information safety and artificial intelligence system

Info

Publication number: CN115967548B
Application number: CN202211544348.8A
Authority: CN
Inventors: 宋兵军; 肖晓军
Original assignee: Shenzhen Zhongzhi Tiancheng Technology Co ltd
Current assignee: Shenzhen Zhongzhi Tiancheng Technology Co ltd
Priority date: 2022-12-04
Filing date: 2022-12-04
Publication date: 2024-04-09
Anticipated expiration: 2042-12-04
Also published as: CN115967548A

Abstract

The invention relates to the technical field of safety protection, in particular to a safety protection index optimization method and an artificial intelligence system based on big data information safety. The method comprises the following steps: the method comprises the steps of obtaining attack protection information, wherein the attack protection information comprises active attack information security protection information and passive attack information security protection information; when the attack protection information is determined to be the active attack information security protection information, acquiring an active attack target and carrying out information search on the active attack target so as to acquire an accurate coping scheme; triggering protection safety measures according to an accurate countermeasure; and when the attack protection information is determined to be the passive attack information security protection information, acquiring the flow data of the system data. The invention realizes the classification and the classified protection of the attack targets, utilizes the artificial intelligent system to comprehensively protect and improves the safety of data storage.

Description

Safety protection index optimization method based on big data information safety and artificial intelligence system

Technical Field

The invention relates to the technical field of safety protection, in particular to a safety protection index optimization method and an artificial intelligence system based on big data information safety.

Background

The internet information technology brings convenience to users and threats, the information security problem is one of the problems, the attack event of the cloud service is frequent nowadays, how to guarantee the information security of the cloud service is a problem of wide attention of the operation and maintenance world, hidden plugins are easy to carry in the data transmitted between networks or users, and the security of the maintenance information is a challenge.

The cloud service deploys the responsive attack protection service and data transmission detection system, so that attack events are protected, bad plug-ins in transmitted data can be clearly provided with data security and confidentiality for data receiving and transmitting parties, and a plurality of attack protection events can be generated in the process and can reflect the data security of the current cloud service, so that the optimization of safety protection indexes can be conveniently carried out later by carrying out threat clear work based on the attack protection events. However, in the related art, the situation that the attack has initiative and passivity and cannot complete comprehensive data protection work is not considered, and the reliability optimization of the cooperative protection behavior aiming at the initiative and the passivity of the attack has the disadvantage.

Disclosure of Invention

The invention provides a safety protection index optimization method and an artificial intelligence system based on big data information safety, which are used for solving at least one of the technical problems.

In order to achieve the above object, the present invention provides a safety protection index optimization method based on big data information security, the safety protection index optimization method based on big data information security includes the following steps:

step S1: the method comprises the steps of obtaining attack protection information, wherein the attack protection information comprises active attack information security protection information and passive attack information security protection information;

step S21: when the attack protection information is determined to be the active attack information security protection information, acquiring an active attack target and carrying out information search on the active attack target so as to acquire an accurate coping scheme;

step S22: triggering protection safety measures according to an accurate countermeasure;

step S31: when the attack protection information is determined to be passive attack information security protection information, acquiring flow data of system data, tracking the flow data of the system data, and acquiring flow information of the system data;

step S32: and carrying out security processing on the stream data of the data according to the stream information.

According to the embodiment, through the real-time detection of the data input and output and the active attack of the monitoring system, the smooth operation of the system is realized while the data safety guarantee is improved, and through the addition of the artificial intelligent system, the occurrence of human operation errors caused by the fact that the judgment of the objective objects is different by the artificial subjective consciousness is reduced while the labor cost is reduced, the response timeliness of the emergency safety protection is improved, and the area and the number of data disasters are reduced.

In one embodiment of the present specification, step S21 is specifically:

when the attack protection information is determined to be the active attack information security protection information, acquiring an active attack target, and carrying out information search on the active attack target to generate directional accurate information;

matching the directional accurate information with the safety measures in the safety measure storage library so as to obtain an accurate coping scheme;

the step S22 specifically includes:

triggering protection safety measures according to an accurate countermeasure, wherein the safety measures comprise a plurality of protection stages, and performing accurate protection according to the safety measures.

According to the embodiment, the information of the active attack is searched, the attack mode and the attack means of the active attack can be accurately obtained, the most accurate processing scheme after the active attack is accurately defended and attacked can be realized, so that the deviation of the protection scheme is reduced, the safety protection effect is poor, the situation that the area is paralyzed or the data is lost due to the error of the processing scheme is caused, multiple protection stages are arranged, the active attack is accurately protected, the attacked processing and the root cause are clear hidden danger are integrated, the active attack sustainability and the saw fight are reduced, and the calculation space of the system and the efficient operation smoothness of the system are reduced.

In one embodiment of the present description, the multiple stages of safeguarding include: the safety measure comprises a first safety measure protection stage, a second safety measure protection stage, a third safety measure protection stage and a fourth safety measure protection stage, wherein the execution time of the safety measure protection stages is respectively executed from the first safety measure protection stage to the fourth safety measure protection stage in time sequence:

the first protection stage of the safety measure comprises the following steps:

controlling the attacked region;

preventing the invasion and the diffusion of disaster areas;

backing up original information according to the disaster area, cutting off other link areas, and generating a protection isolation protection wall to resist an active attack target;

the second protection stage of the safety measure comprises the following steps:

decoding the active attack target to generate an active attack target code, and matching the active attack target code according to an active attack target code library to generate a matching degree link table;

when the matching degree in the matching degree link table is larger than the attack target threshold, determining that the active attack target is the recorded active attack target and marking the active attack target as a similar attack target;

Searching a historical processing scheme in an active attack target processing library according to the similar attack targets, and reasonably or analyzing the historical processing scheme to generate a reasonable decision scheme;

acquiring an original processing decision scheme of a similar attack target, optimizing a reasonable decision scheme according to the original processing decision scheme, and generating an accurate decision scheme;

repairing the disaster-stricken area according to the accurate decision scheme, so as to recover the operation function of the disaster-stricken area, mark the recovered disaster-stricken area as a repair area, enter backup data into the repair area from a new activation operation mechanism, and store all processing procedures;

when the matching degree in the matching degree link table is smaller than the attack target threshold, determining that the active attack target is an uninformed active attack target and marking the active attack target as a new attack target, detecting a disaster area caused by the new attack target, and generating an analysis report of the disaster area;

analyzing and reporting according to the disaster area to obtain an attack mechanism and a destruction mode of a new attack target;

the method comprises the steps of obtaining an attack mechanism of an active attack target and access rights of a destructive mode library, and matching and analyzing the attack mechanism and the destructive mode of a new attack target so as to generate a reasonable decision scheme;

Repairing the disaster-stricken area according to a reasonable decision scheme, so as to recover the operation function of the disaster-stricken area, marking the recovered disaster-stricken area as a pre-repair area, putting virtual operation data into the pre-repair area, performing performance operation detection, and generating a virtual operation report;

acquiring a historical operation report, comparing the virtual operation report with the historical operation report, and generating pre-recovery reliability;

when the pre-recovery reliability is smaller than a pre-set reliability threshold, the disaster area is completely cleaned, an original data processing framework is newly built, so that a new framework is generated, backup data are input into the new framework, an operation mechanism is activated, and all processing procedures are stored;

or when the pre-restoration reliability is greater than a preset reliability threshold, restoring the operation function of the pre-restoration area, marking the restored disaster-stricken area as a restoration area, inputting backup data into the restoration area from a new activation operation mechanism, and storing all processing procedures;

the third protection stage of the safety measure comprises the following steps:

tracking source addresses of active attack target codes to generate initial parameter information of a transmitting address;

acquiring a transmission path of an active attack target according to the combination analysis of the initial parameter information and the active attack target, transmitting a preset incubation monitoring coding section of the original path according to the transmission path of the active attack target, and implanting an attacker device for incubation;

When the preset time threshold is reached, the preset incubation monitoring coding section gradually enters a working state, internal information of the attack side equipment is collected, data information collected by the preset incubation monitoring coding section is carried when the attack side equipment sends out signals, the data information is sent back to the artificial intelligent system, the collected data information is analyzed, a threat level table of the attack side equipment to the artificial intelligent system is generated, and the attack side equipment enters a fourth protection stage of safety measures according to the threat level table of the attack side equipment to the artificial intelligent system;

the fourth protection stage of the safety measure comprises the following steps:

when the attacker device judges that the attacker device has extremely threat to the threat level table of the artificial intelligent system, the fourth protection stage of the security measure is adopted, and the attacker device is sent to the data fusing coding section according to the attacker device receiving window opened by the preset latency monitoring coding section so as to destroy the internal data of the attacker device, thereby eradicating the extremely threatening attack target;

or when the threat degree table of the attacker equipment to the artificial intelligent system judges that the threat of the attacker equipment is low, the fourth protection stage of the security measures is adopted, long-term monitoring is carried out through a preset latent monitoring coding section, real-time evaluation is carried out on the threat of the attacker equipment, and when the monitoring duration reaches a preset time length but the threat of the attacker equipment is always at a low level, the monitoring operation on the attacker equipment is stopped.

The first protection stage of the embodiment mainly controls, isolates, transfers and intercepts the diffusion of the disaster area of the first time, achieves the guarantee of timely responding to the safe operation of the active attack maintenance system, the second protection stage mainly analyzes and traces the source code of the attack target, determines the characteristic of the attack target for the subsequent recovery work of the attack area, carries out matching analysis on the active attack target according to a large amount of information bases stored, thereby determining the attack characteristic of the active attack target and the main target of the attack, whether the infectivity and the hiding performance exist in the attack so as to completely analyze the existing condition of the attack area, provide data and technical support for the subsequent work, and the disaster area carries out the pre-operation test through the simulation data, the method is favorable for carrying out system detection on the disaster-stricken area in time due to the difference between the recovery operation and the original operation of the disaster-stricken area so as to achieve the effect of periodical large maintenance on the area, is also used for detecting whether the restored disaster-stricken area has residual attack hidden coding segments of active attack or not, storing protection processes, providing analysis data for subsequent protection and recovery, allowing the system to grow in the attack, monitoring an attacker device sending an active attack target and evaluating the threat of the attacker device to an artificial intelligent system in a third protection stage, carrying out subsequent operation according to a root evaluation report, providing data support for the subsequent operation of a fourth safety protection, sending a monitoring coding segment according to a sending path of the active attack target sent by the attacker device, facilitating the hiding of the monitoring coding segment and being unfavorable for the attacker device to perceive the implantation of the monitoring coding segment, the monitoring code segment enters the attacker device and then is hidden for a period of time, so that the attacker device is carried by a protection mechanism or the protection is reduced, the monitoring success rate is greatly improved, more accurate and more perfect data is provided for subsequent work, the fourth safety protection stage is to conduct classification operation according to the monitoring data of the third protection stage, the first type indicates that the attacker device is extremely threatening, the attacker device is destroyed, the method of knowing threat targets from sources is achieved, resources consumed by a system for monitoring the attacker device for a long time are saved, the second type indicates that the attacker device has low threat, the monitoring operation of the attacker device is stopped, the quick recovery of the resources is realized, the formation of a pull saw is reduced, and the operation efficiency of the system is improved.

In one embodiment of the present specification, step S31 is specifically:

when the attack protection information is determined to be passive attack information security protection information, stream data of the system data are obtained, and the stream data of the system data are tracked, wherein the stream data of the system data comprise: input data and output data;

classifying according to the type of the stream data of the system data, and summarizing the stream data of the system data processed by classification to obtain the stream information, wherein the classifying of the stream data type of the system data comprises the following steps: performing source tracking processing on input data and performing forward tracking processing on output data;

the step S32 specifically includes:

and carrying out safety detection on the data transmitting end according to the input data, and carrying out safety detection on the data forwarding equipment according to the output data.

The embodiment monitors the flow direction data of the system in real time, so as to be used for constructing the validity of the flow direction data and the correctness of the data use, improving the guarantee of the safe transmission and the safe storage of the data, monitoring the safety of the input equipment and the output equipment, ensuring the safety of the data on the reuse, realizing the face detection, avoiding the condition that the data are stolen by passive attack or the monitoring of the system is carried by the installation equipment, providing the safety and the correctness of the data transmission, and reducing the risk of the data tampering.

In one embodiment of the present disclosure, the source tracking process for the input data includes the following steps:

carrying out source tracking on input data to generate data source information;

performing reliability analysis on the source equipment according to the data source information so as to generate a reliability report;

when the reliability of the reliability report is smaller than a preset reliability threshold, performing isolation operation on the input data, and sending reliability application data filling to the source equipment so as to ensure that the source equipment provides security information guarantee;

carrying a pre-monitoring coding section in the sent reliability application data, carrying out safety monitoring on source equipment, sending back monitoring data, carrying out safety identification on the monitoring data, and generating a safety report;

when the security report is that the source equipment is safe, further processing the isolated input data; or when the security report is that the source equipment is dangerous, destroying the isolated input data;

alternatively, when the reliability of the reliability report is greater than a preset reliability threshold, the isolated input data is further processed.

According to the embodiment, according to the source reliability analysis of the input data, the method is equivalent to setting an inspection interval and isolating the input data, guaranteeing the absolute reliability of the input data, guaranteeing the safe storage of the internal data, setting the application flow to guarantee or prove the input data, greatly shortening the inspection flow, improving the input efficiency of emergency data, guaranteeing the input efficiency of the emergency data, eliminating the occurrence of data transmission efficiency prolonged by inspection, and enabling the judgment result to be more intelligent and accurate by utilizing a preset reliability threshold value.

In one embodiment of the present disclosure, the forward trace processing of the output data includes the steps of:

carrying out forward tracking on the output data, generating data forward information, acquiring application acquisition data of the forward equipment, and auditing an application report of the application acquisition data of the forward equipment, thereby acquiring a primary audit security report of the forward equipment;

when the security displayed by the initial review security report of the destination device is smaller than a preset security threshold, an interception information instruction is generated to intercept the outputted data, and simulation calculation is performed according to the outputted data to generate simulated outputted data;

the output data is replaced by the data which is simulated and output, the data which is simulated and output is carried with a monitoring coding section, the outgoing equipment is monitored, monitoring information is obtained, and the monitoring information is transmitted back to the human intelligent system for safety processing;

when the security displayed by the primary audit security report of the destination device is greater than a preset security threshold, determining that the destination device is in compliance with the acquired data, transmitting a monitoring code segment to the device, the data sent to the output to the device is subjected to usage monitoring, usage monitoring information is generated, and the usage monitoring information is sent back to the artificial intelligence system for advanced security processing.

According to the embodiment, the output data is tracked in the forward direction, the safety of the data is improved, the use mode of the data which is output by monitoring the forward-to equipment is judged whether the use mode of the forward-to equipment is safe, so that the safety of the data stored in the system outside the system can be guaranteed, the dependence of a user is greatly improved, the data is clearly operated according to unsafe operation of the output data which is utilized by the forward-to equipment, the effect of data safety protection is achieved, and meanwhile, the monitoring coding section can also repair and process the system safety of the forward-to equipment, and the use safety of the data forward-to equipment is improved.

In one embodiment of the present specification, the step of transmitting the monitoring information back to the human functional system for security processing includes the steps of:

step S71: performing compliance operation analysis according to the monitoring information to generate a compliance information analysis report;

step S72: when the compliance information analysis report forms are intrusion information sending data sources, the compliance information analysis report forms are illegal operations, and warning signals are sent to a receiving data interface of the monitoring coding section so that the monitoring coding section sends a warning to equipment;

step S73: performing source searching according to the output data, performing protection safety detection on the output data, generating a protection safety report, and performing coding field identification according to uncertain factors in the protection safety report so as to mark directional blasting points, thereby generating a directional blasting guide;

Step S74: carrying out directional crushing on the abnormal coding sequence of the directional blasting points according to the directional blasting guide, carrying out regression safety detection, and judging whether the data are safe and reliable; when the potential safety hazard exists, step S73 is performed;

step S75: performing index optimization operation on the safety coding section of the protected content by data safety detection, generating an optimization operation guide, and performing weighting retraining on the artificial intelligent system according to the optimization operation guide, so as to obtain a weighting index optimization coding scheme and optimize the artificial intelligent system;

step S76: or when the compliance information analysis report is a compliance information transmission data source, acquiring a data compliance review report from the destination device so as to enable the destination device to submit the data compliance review report, and accordingly, transmitting the interception data to the destination device again and deleting the monitoring coding section.

According to the embodiment, the monitoring information is transmitted back to the artificial intelligent system for processing, so that the utilization of the monitoring code section to the system of the equipment is reduced, the equipment keeps a good running state, the risk of finding the monitoring code section is kept, the artificial intelligent system is utilized for analyzing the monitoring information, so that the analysis efficiency of the monitoring information can be quickened, the follow-up operation of the monitoring code section can be timely responded, the operation of responding to the output data is performed, the matching is performed according to the malicious code section in a massive data plugin library, the output data is found for directional blasting, the safety and the integrity of the output data are ensured while uncertain factors are destroyed, the output data are detected for multiple times and blasted for multiple times through regression safety detection, the retention of any unsafe factors of the data is not released, the data is absolutely safe, the safety protection operation of each time is recorded and stored for weighting and retraining the artificial intelligent system, the weighting index optimizing coding scheme is obtained, the artificial intelligent system is optimized according to the existing attack mode, the protection performance of the attack mode is improved, the artificial intelligent system can be established according to the existing attack mode, the development of the artificial intelligent system can be used for directional attack mode, the original protection system is improved, the work cost of the system is changed, and the original work cost of the intelligent system is reduced is changed, and the work cost of the system is saved.

In one embodiment of the present description, the process of sending usage monitoring information back to the artificial intelligence system advanced step security includes the steps of:

performing purpose rationality analysis according to the purpose monitoring information to generate a reasonable information analysis report;

when the reasonable information analysis report forms are used maliciously for the output data, the unreasonable use is determined, and an output data interception and destruction instruction is sent to the monitoring coding section, so that the monitoring coding section command is sent to the equipment to clearly acquire the output data, and the monitoring coding section is automatically and clearly acquired;

when the reasonable information analysis report forms are used conventionally for output data, a cancel instruction is sent to the monitoring coding section so that the monitoring coding section stops monitoring and is destroyed;

and completing efficiency analysis on the processing process of the output data to obtain an efficiency report, and pre-training the artificial intelligent system according to the efficiency report, so as to obtain an efficiency index optimized coding scheme and optimize the artificial intelligent system.

The embodiment monitors the use rationality of the data output to the equipment, adds safety guarantee for external safety protection of system data, sends an output data interception destroying instruction to the monitoring coding section, and eliminates the output data while not affecting the integrity of the internal data and the fluency of the system of the equipment so as to ensure the use safety of the output data on other equipment, carries out rationality analysis according to the use monitoring information to ensure the rationality utilization of the output data to the equipment, and transmits the use monitoring information back to the artificial intelligent system for processing so as to reduce the utilization of the monitoring code section to the system of the equipment, so that the equipment keeps a good running state, carries out the discovered risk of the use monitoring coding section, analyzes the use monitoring information by using the artificial intelligent system, accelerates the analysis efficiency of the use monitoring information and timely responds to the subsequent operation of the monitoring coding section.

In one embodiment of the present specification, an artificial intelligence system for optimizing safety protection metrics based on big data information security, comprising:

processor and method for controlling the same

At least one memory electrically connected to the processor, wherein a computer program is stored in the memory, and the computer program is used for executing the safety protection index optimization method based on big data information safety according to any one of claims 1-8.

The embodiment provides a safety protection index optimization system based on big data information safety, which can realize any safety protection index optimization method based on big data information safety, analyze the attack type of the current equipment, perform classification processing operation according to the attack type as active attack or passive attack, wherein the active attack is identified to be capable of timely making reasonable protection operation, and perform a first protection stage to a fourth protection stage, so that the judgment is performed according to monitoring information, and thus the information obtained by analysis is utilized to perform directional accurate operation, wherein the passive attack is monitored and identified in real time in real-time data transmission, and security analysis is performed according to the identified attack information of the passive attack, so that directional processing is performed.

According to the embodiment, through the real-time detection of the data input and output and the active attack of the monitoring system, the smooth operation of the system is realized while the data security is ensured, the artificial intelligence system is added, the occurrence of human operation errors caused by the fact that the judgment of the objective objects is different by the artificial subjective consciousness is reduced while the labor cost is reduced, the response time of emergency security protection is improved, the area and the number of data disasters are reduced, wherein the active attack can be identified to timely perform reasonable protection operation, the first protection stage to the fourth protection stage are performed, the disaster area is subjected to pre-operation test through simulation data, the difference between the recovery operation and the original operation of the disaster area is facilitated, the system detection can be performed on the disaster area in time, the effect of periodic large-scale maintenance of the area is achieved, meanwhile, the attack hiding coding section for detecting whether the active attack remains in the disaster area after the repair is used for storing the protection process, analysis data are provided for subsequent protection and recovery, and the system grows up in the attack, so that the judgment is performed according to the monitoring information, and the obtained information is utilized for carrying out directional and accurate operation.

Drawings

FIG. 1 is a schematic flow chart of the steps of a safety protection index optimization method based on big data information safety;

FIG. 2 is a flowchart illustrating a detailed implementation step of the protection process for the active attack target in FIG. 1;

FIG. 3 is a flowchart illustrating steps performed in detail when the matching degree in the matching degree link table in the portion A of FIG. 2 is greater than the attack target threshold;

FIG. 4 is a flowchart illustrating steps performed in detail when the degree of matching in the matching degree link table in the portion B of FIG. 2 is less than the attack target threshold;

FIG. 5 is a flowchart illustrating a detailed implementation of the source tracking process for input data according to the present invention;

FIG. 6 is a flowchart illustrating a detailed implementation of the forward trace processing of the output data according to the present invention;

FIG. 7 is a schematic diagram illustrating the hierarchical protection of input data according to the present invention.

The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.

Detailed Description

It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.

The embodiment of the application provides a safety protection index optimization method based on big data information safety and an artificial intelligent system, wherein an execution main body of the safety protection index optimization method based on big data information safety comprises, but is not limited to, a control console, a single server, a server cluster, a cloud server or a cloud server cluster and other service control centers capable of being provided with the artificial intelligent system.

As described with reference to fig. 1, a flow chart of steps of a safety protection index optimization method based on big data information security according to the present invention is shown, and in this example, the steps of the safety protection index optimization method based on big data information security include:

in the embodiment of the invention, the acquisition of the attack protection information refers to the real-time monitoring of the input information, the output information and the protection strong resisting information in the safety protection area of the artificial intelligent system, and the extracted information is marked as the attack protection information; the attack protection information is classified into an attack mode of directly attacking and damaging the artificial intelligent system, has the effects of damaging and quickly damaging the artificial intelligent system, and is an attack mode of directly colliding with the protection measures of the artificial intelligent system, but the active attack mode is generally an attack of other people with maliciousness, or is generally low in damage threat caused by protection touched by other people in networking, wherein the attack protection information is classified into a passive attack mode of being strong in hidden property and not easy to perceive, but is potential safety hazard of being input autonomously, and is generally used for being classified into potential mining, monitoring, data theft and the like with little damage threat, but is not low in data leakage which is safe and difficult to perceive.

in the embodiment of the present invention, the performing an information search on the active attack target refers to performing a preliminary confirmation on an attack type of the attack target according to an attack mode and an attack range of the active attack target by using a protection attack information database, where the preliminary confirmation is used in a preliminary protection stage (a first security protection stage).

in the embodiment of the invention, the triggering protection safety protection measures according to the accurate coping schemes refer to the measures which are preliminarily lower than the safety protection corresponding to the accurate coping schemes.

in the embodiment of the invention, the flow data of the acquired system data refers to the data input by the artificial intelligent system and the output data sent to the equipment by the artificial intelligent system, and the flow information of the system data refers to the equipment foundation gateway information of the equipment or the foundation gateway information of the source equipment of the data and also comprises a transmission path of the data.

Step S32: carrying out safety processing on stream data of the data according to the stream information of the data;

in the embodiment of the invention, the security processing of the flow data of the data according to the data flow information refers to the security detection of the source equipment and the security detection of the destination equipment according to the input data sent by the source equipment so as to ensure the security assurance of the output data outside the artificial intelligent system.

In one embodiment of the present specification, step S21 is specifically:

the step S22 specifically includes:

In the embodiment of the invention, the directional accurate information refers to the information of the active attack, which is generated by analyzing according to the preliminary behavior represented by the active attack, is marked as directional accurate information, the matching of the security measures in the security measure storage library refers to the step of sequentially performing the protection operation by determining that the attack characteristic of the active attack target shown by the accurate information corresponds to the security measure entry corresponding to the attack characteristic of the active attack target recorded in the security measure storage library, so as to obtain the security protection measure corresponding to the attack characteristic of the active attack target and marking the security protection measure as an accurate countermeasure, and the security protection measure comprises a plurality of protection stages, namely the security protection is divided into four stages, including the steps of: the safety measure protection method comprises a first safety measure protection stage, a second safety measure protection stage, a third safety measure protection stage and a fourth safety measure protection stage, and different safety measures are distributed according to different safety measures for safety protection.

The first protection stage of the safety measure comprises the following steps:

controlling the attacked region;

preventing the invasion and the diffusion of disaster areas;

the third protection stage of the safety measure comprises the following steps:

In the embodiment of the invention, the analysis of the collected data information means that the attacker device makes the designated my safeguard measure attack or the attack measure of the same mass attack target broadcast network widely used for judging the threat judgment condition of the attacker device to the artificial intelligent system, and also performs threat analysis according to the damage caused by the attacked area for the fourth protection stage of the safety measure, and the sending of the data fusing coding section to the attacker device means that the fusing coding section is sent to the monitoring coding section to destroy the attacker device so as to achieve the mode of fundamentally solving the safety hidden trouble.

The detailed implementation steps of the protection process for the active attack target in fig. 1 are shown in the flowchart of fig. 2, where in this example, the steps of the detailed implementation of the protection process for the active attack target include:

step S41: decoding the active attack target to generate an active attack target code, and matching the active attack target code according to an active attack target code library to generate a matching degree link table;

in the embodiment of the invention, the decoding of the active attack target means that the active attack target is decoded through a decoder so as to obtain the running logic implemented by the active attack target and mark the running logic as the active attack target code, the matching of the active attack target code according to the active attack target code library means that the security protection process of the target code corresponding to the active attack target code is obtained by matching the active attack target code in the stored active attack target code library so as to analyze the security protection of the current active attack target, and the similarity matching is carried out on the active attack target code in the active attack target code library so as to generate a matching degree link table for providing reliable opinion for the current security protection;

Wherein uppercase a in fig. 2 and uppercase a in fig. 3 represent the same uppercase a used to link the nodes of fig. 2 and 3, uppercase B in fig. 2 and uppercase B in fig. 4 represent the same uppercase B used to link the nodes of fig. 2 and 4.

As described with reference to fig. 3, a flowchart of a detailed process implementation step in the case where the matching degree existing in the matching degree link table is greater than the attack target threshold value in the portion a in fig. 2, in this example, the detailed process implementation step in the case where the matching degree existing in the matching degree link table is greater than the attack target threshold value includes:

step A1: when the matching degree in the matching degree link table is larger than the attack target threshold, determining that the active attack target is the recorded active attack target and marking the active attack target as a similar attack target;

in the embodiment of the invention, the attack target threshold value refers to a pre-training model for determining whether the attack target is matched or not according to the attack target identity of the neural network, so that the table shows that the recorded active attack target exists when the matching degree is greater than the attack target threshold value.

Step A2: searching a historical processing scheme in an active attack target processing library according to the similar attack targets, and reasonably or analyzing the historical processing scheme to generate a reasonable decision scheme;

In the embodiment of the present invention, searching the history processing scheme in the active attack target processing library according to the similar attack targets means that searching the corresponding processing manner in the active attack target processing library for the attack manner of the similar attack targets is used for evaluating and optimizing the current processing scheme.

Step A3: acquiring an original processing decision scheme of a similar attack target, optimizing a reasonable decision scheme according to the original processing decision scheme, and generating an accurate decision scheme;

in the embodiment of the invention, the original processing decision scheme for obtaining the similar attack target refers to an original decision scheme generated according to the characteristics of the active attack target, and the original decision scheme is combined and optimized with the historical decision scheme of the acquainted active attack target to generate an accurate decision scheme, so that the artificial intelligent system grows itself while protecting the active attack target.

Step A4: repairing the disaster-stricken area according to the accurate decision scheme, so as to recover the operation function of the disaster-stricken area, mark the recovered disaster-stricken area as a repair area, enter backup data into the repair area from a new activation operation mechanism, and store all processing procedures;

In the embodiment of the invention, the repairing of the disaster-stricken area according to the accurate decision scheme means that the disaster-stricken area is subjected to directional decision according to the repairing mode of the accurate decision scheme, and the repairing process only aims at the operation of the disaster-stricken area to repair the disaster-stricken area without changing the low-settlement logic.

As described with reference to fig. 3, a flowchart of a detailed process implementation step when the matching degree existing in the matching degree link table in fig. 2 is smaller than the attack target threshold value, in this example, the step implemented by the detailed process when the matching degree existing in the matching degree link table in fig. 2 is smaller than the attack target threshold value includes:

step B1: when the matching degree in the matching degree link table is smaller than the attack target threshold, determining that the active attack target is an uninformed active attack target and marking the active attack target as a new attack target, detecting a disaster area caused by the new attack target, and generating an analysis report of the disaster area;

in the embodiment of the invention, the attack target threshold value refers to a pre-training model for determining whether the attack targets are matched or not according to the attack target identity of the neural network, so that when the matching degree is smaller than the attack target threshold value, the table indicates that no recorded active attack targets exist, and the detection of the disaster area caused by the new attack target refers to the further detailed detection of the area attacked by the active attack target, so that an analysis means for analyzing the active attack targets which are not transmitted can better generate a corresponding protection repair process.

Step B2: analyzing and reporting according to the disaster area to obtain an attack mechanism and a destruction mode of a new attack target;

in the embodiment of the invention, the attack mechanism and the destruction mode of the new attack target refer to the detailed analysis of the aggressiveness evaluation and the attack entry point and the destruction point of the new attack target, and the repair scheme for generating the new attack target is studied.

Step B3: the method comprises the steps of obtaining an attack mechanism of an active attack target and access rights of a destructive mode library, and matching and analyzing the attack mechanism and the destructive mode of a new attack target so as to generate a reasonable decision scheme;

in the embodiment of the invention, the access rights of the attack mechanism and the damage mode library of the active attack target are obtained, namely the attack mechanism and the damage mode library of the active attack target are high-level safety protection units, and once the content is tampered with by attack, error protection measures are brought to follow-up lower than the active attack target, so that the access rights are distributed only when the attack mechanism and the damage mode library of the active attack target are needed by the artificial intelligent system, and the highest-level protection measures are achieved.

Step B4: repairing the disaster-stricken area according to a reasonable decision scheme, so as to recover the operation function of the disaster-stricken area, marking the recovered disaster-stricken area as a pre-repair area, putting virtual operation data into the pre-repair area, performing performance operation detection, and generating a virtual operation report;

In the embodiment of the invention, the step of throwing virtual operation data into the pre-repair area and performing performance operation detection refers to generating virtual data through original data to simulate the working state and working mode of the pre-repair area, analyzing and comparing the virtual data with the original working efficiency of the pre-repair area, and determining whether the active attack target has residues or not so as to generate a simulated operation report for displaying the working condition of the pre-repair area by the system.

Step B5: acquiring a historical operation report, comparing the virtual operation report with the historical operation report, and generating pre-recovery reliability;

in the embodiment of the present invention, the pre-recovery reliability refers to the recovery degree of the pre-recovery area determined by comparing the virtual operation report with the historical operation report.

Step B6: when the pre-recovery reliability is smaller than a pre-set reliability threshold, the disaster area is completely cleaned, an original data processing framework is newly built, so that a new framework is generated, backup data are input into the new framework, an operation mechanism is activated, and all processing procedures are stored;

in the embodiment of the invention, the preset reliable threshold is a red line threshold which is obtained according to training of a neural network and is used for determining the slave availability of a pre-recovery area (disaster-stricken area), when the pre-recovery reliability is smaller than the preset reliable threshold, the pre-recovery area (disaster-stricken area) is not available, the disaster-stricken area is completely cleaned, an original data processing framework is newly built, a new framework is generated, backup data is input into the new framework, an operation mechanism is activated, all processing procedures are stored, and the disaster-stricken area is restored to the working level before attack or exceeds the original working level from the memory framework of the disaster-stricken area.

Step B7: when the pre-restoration reliability is greater than a preset reliability threshold, the operation function of the pre-restoration area is restored, the restored disaster-stricken area is marked as a restoration area, the backup data is input into the restoration area from the new activation operation mechanism, and all the processing procedures are stored;

in the embodiment of the present invention, the preset reliability threshold is a red line threshold for determining the slave availability of the pre-recovery area (disaster-stricken area) obtained by training according to the neural network, and when the pre-recovery reliability is greater than the preset reliability threshold, the pre-recovery area (disaster-stricken area) is indicated to return to the original working level but is active attack target residue, which can be used with confidence.

In one embodiment of the present specification, step S31 is specifically:

The step S32 specifically includes:

Carrying out source tracking on input data to generate data source information;

As described with reference to fig. 5, a flowchart illustrating a detailed implementation step of the source tracking process for the input data according to the present invention is shown, in this example, the detailed implementation step of the source tracking process for the input data includes:

step S51: carrying out source tracking on input data to generate data source information;

in the embodiment of the present invention, the source tracking of the input data refers to analyzing the transmission device information carried by the extra-path city encryption code carried by the input data, and transmitting the data to the device from which the input data is obtained, where the data transmission device may be a router, a switch, a source device, etc., and performing statistical analysis on the transmission process of the input device to form data source information.

Step S52: when the reliability of the reliability report is smaller than a preset reliability threshold, performing isolation operation on the input data, and sending reliability application data filling to the source equipment so as to ensure that the source equipment provides security information guarantee;

in the embodiment of the invention, the preset reliability threshold is a stable threshold obtained by inputting a large amount of judgment whether the input data carries unsafe content or not for training through a deep learning pre-training model, calibrating the reliability of the input data by a safe red line, checking the input data and isolating unsafe factors of an operation mode into a data protection safety area protected by an artificial intelligent system, and providing safety guarantee for other stored data.

Step S53: carrying a pre-monitoring coding section in the sent reliability application data, carrying out safety monitoring on source equipment, sending back monitoring data, carrying out safety identification on the monitoring data, and generating a safety report;

in the embodiment of the invention, the step of carrying the pre-monitoring coding section in the sent reliability application data refers to sending the reliability application data to the source equipment, and carrying the pre-monitoring coding section in the data, which is used for monitoring whether the source equipment has the latent factor, carrying out safety protection on the source, clearing the unsafe factor of the source equipment, and carrying threat factor detection on the data information sent by the source equipment.

Step S54: when the security report is that the source equipment is safe, further processing the isolated input data; or when the security report is that the source equipment is dangerous, destroying the isolated input data;

in the embodiment of the invention, the pre-monitoring coding section can be directly deleted when the security report is that the source equipment is safe, the further processing of the isolated input data means that the input data carries threat factor detection, and the detection is realized for multiple times so as to achieve the effect of absolute security.

Step S55: when the reliability of the reliability report is greater than a preset reliability threshold, further processing the isolated input data;

In the embodiment of the invention, when the input data is expressed as safe, the data is stored in a grading manner, wherein the grading storage mode is as follows:

according to the protection level of the input data, the input data is analyzed and classified and stored, and is generally classified into a low level, a medium level and a high level, and according to the level of security protection required by the input data, the data is stored in a corresponding area through classified defense, and the input data is classified and protected according to the classification protection schematic diagram of the invention as described with reference to fig. 7;

s71 is an outermost safety protection layer;

s72 is an intermediate layer safety protection layer;

s73 is the innermost safety protection layer;

Wherein, data of low-level input is stored between S71 and S72, data of medium-level input is stored between S72 and S73, and data of high-level input is stored in S73;

if the storage area of the data which is required to be invaded to the advanced input is required to be first imported into the low-level area in the invaded medium-level area, the artificial intelligent system immediately starts the protection work of the protection stage when the attack occurs, so that the effect of hierarchical protection is achieved.

As described with reference to fig. 6, a flowchart illustrating a detailed implementation step of the forward trace processing on the output data according to the present invention is shown, where in this example, the step of performing the forward trace processing on the output data includes:

Step S61: carrying out forward tracking on the output data, generating data forward information, acquiring application acquisition data of the forward equipment, and auditing an application report of the application acquisition data of the forward equipment, thereby acquiring a primary audit security report of the forward equipment;

in the embodiment of the invention, the forward tracking of the output data refers to real-time tracking information feedback operation during data output.

Step S62: when the security displayed by the initial review security report of the destination device is smaller than a preset security threshold, an interception information instruction is generated to intercept the outputted data, and simulation calculation is performed according to the outputted data to generate simulated outputted data;

in the embodiment of the invention, the preset safety threshold value is the effect of training according to a pre-training model of deep learning to judge whether the equipment is safe or not, the data which is generated and simulated to be output according to the output data is generated by simulating the data which is generated and simulated to be output through a random data generation model and a data link emotion analysis model, and the simulated data is generated to achieve the effect of false and spurious.

Step S63: the output data is replaced by the data which is simulated and output, the data which is simulated and output is carried with a monitoring coding section, the outgoing equipment is monitored, monitoring information is obtained, and the monitoring information is transmitted back to the human intelligent system for safety processing;

In the embodiment of the invention, the continuous transmission processing of the data which is carried out the replacement simulation output on the output data means interception in the process of data transmission, and continuous transmission processing of the simulation data is carried out, so that the effects of replacing and monitoring the destination equipment under the condition that the destination equipment is not perceived and preventing the surprise from being drawn are achieved.

Step S64: when the security displayed by the primary audit security report of the equipment is larger than a preset security threshold, determining the equipment to be the compliance acquired data, sending a monitoring coding section to the equipment, monitoring the purpose of the output data sent to the equipment, generating purpose monitoring information, and sending the purpose monitoring information back to the artificial intelligent system for advanced security processing;

in the embodiment of the present invention, the preset security threshold is training according to a deep learning pre-training model to obtain the effect of determining whether the device is secure, and the purpose monitoring of the output data sent to the device is to use the output data maliciously for the device.

In the embodiment of the invention, the sending of the warning signal to the receiving data interface of the monitoring coding section so as to send the warning signal to the forward equipment means that the forward equipment obtains the use safety judgment of the output data by analyzing the returned monitoring information, so as to send the warning information to prompt the forward equipment to illegal operation data, the sending of source searching is carried out according to the output data, the protection safety detection is carried out on the output data, the generation of the protection safety report means that the safety of the forward equipment is detected, and the safety report is generated, so as to provide data support for the safety optimization operation of the forward equipment, the weighting retraining is carried out on the artificial intelligent system according to the optimized operation guide, so as to obtain the weighting index optimization coding scheme, the optimization processing is carried out on the artificial intelligent system according to the scheme for processing the data, the weighting retraining is carried out on the artificial intelligent system because the weighting training is carried out, the safety protection operation flow of the artificial system is required to be stored by a certain amount, the modified offset is not large, the adjustment is carried out within the range that the system can still work normally, and the system is updated continuously.

In the embodiment of the invention, the step of sending the output data interception and destruction instruction to the monitoring coding section means that the output data is timely destroyed when the output data is at risk of leakage to equipment, so that the output data cannot be at risk of leakage, and the output data is monitored in real time by using the dedicated purpose coding section, so that the risk of data leakage is prevented.

processor and method for controlling the same

The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.

It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The foregoing is only a specific embodiment of the invention to enable those skilled in the art to understand or practice the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. The safety protection index optimization method based on big data information safety is characterized by being applied to an artificial intelligent system and comprising the following steps of:

step S22: triggering protection safety measures according to an accurate countermeasure; the step S22 specifically includes:

Triggering protection safety measures according to an accurate countermeasure, wherein the safety measures comprise a plurality of protection stages, and performing accurate protection according to the safety measures;

step S31: when the attack protection information is the passive attack information security protection information, acquiring flow data of system data, wherein the flow data of the system data comprises input data and output data, tracking the flow data of the system data, and acquiring flow information of the system data;

step S32: carrying out safety processing on stream data of the data according to the stream information of the data; wherein the multiple stages of security protection include: the safety measure comprises a first safety measure protection stage, a second safety measure protection stage, a third safety measure protection stage and a fourth safety measure protection stage, wherein the execution time of the safety measure protection stages is respectively executed from the first safety measure protection stage to the fourth safety measure protection stage in time sequence:

the first protection stage of the safety measure comprises the following steps:

controlling a disaster area;

preventing the invasion and the diffusion of disaster areas;

searching a historical processing scheme in an active attack target processing library according to the similar attack targets, and reasonably analyzing the historical processing scheme to generate a reasonable decision scheme;

acquiring an original processing decision scheme of a similar attack target, wherein the original processing decision scheme refers to an original decision scheme generated according to the characteristics of an active attack target, and optimizing a reasonable decision scheme according to the original processing decision scheme to generate an accurate decision scheme;

repairing the disaster-stricken area according to the accurate decision scheme, so as to recover the operation function of the disaster-stricken area, mark the recovered disaster-stricken area as a repair area, enter backup data into the repair area to reactivate an operation mechanism, and store all processing procedures;

when the pre-recovery reliability is smaller than a pre-set reliability threshold, the disaster area is completely cleaned, the original data processing framework is rebuilt, so that a new framework is generated, the backup data is input into the new framework, an operation mechanism is activated, and all the processing procedures are stored;

Or when the pre-restoration reliability is greater than a preset reliability threshold, restoring the operation function of the pre-restoration area, marking the restored disaster-stricken area as a restoration area, inputting the backup data into the restoration area to re-activate the operation mechanism, and storing all the processing procedures;

the third protection stage of the safety measure comprises the following steps:

2. The method for optimizing safety protection indexes based on big data information safety according to claim 1, wherein step S21 is specifically:

The accurate response scheme is obtained by matching the directional accurate information with the security measures in the security measure storage library.

3. The method for optimizing safety protection indexes based on big data information safety according to claim 1, wherein step S31 is specifically:

the step S32 specifically includes: and carrying out safety detection on the data transmitting end according to the input data, and carrying out safety detection on the data forwarding equipment according to the output data.

4. The method for optimizing safety protection indexes based on big data information safety according to claim 3, wherein the source tracking processing of the input data comprises the following steps:

Carrying out source tracking on input data to generate data source information;

when the reliability of the reliability report is smaller than a preset reliability threshold, isolating the input data, and sending the reliability application data to the source equipment for filling so that the source equipment provides security information guarantee;

5. A method for optimizing security protection indexes based on big data information security according to claim 3, wherein the outgoing data tracking process comprises the following steps:

the output data is replaced by the analog output data, the continuous transmission processing is carried out, the analog output data carries a monitoring coding section, the outgoing equipment is monitored, monitoring information is obtained, and the monitoring information is transmitted back to the artificial intelligent system for safety processing;

6. The method for optimizing safety protection indexes based on big data information safety according to claim 5, wherein the step of transmitting the monitoring information back to the artificial intelligence system for safety processing comprises the following steps:

Step S76: or when the compliance information analysis report is a compliance information sending data source, acquiring a data compliance application report from the destination device so as to enable the destination device to submit the data compliance application report, and further sending the interception data to the destination device again and deleting the monitoring coding section.

7. The method for optimizing safety protection indexes based on big data information safety according to claim 5, wherein the step of sending the usage monitoring information back to the artificial intelligence system for advanced security processing comprises the steps of:

when the reasonable information analysis report forms are used maliciously for the output data, the reasonable information analysis report forms are determined to be used unreasonably, an output data interception and destruction instruction is sent to the monitoring coding section, so that the monitoring coding section commands to the equipment to remove the acquired output data, and the monitoring coding section is automatically removed;

8. An artificial intelligence system for optimizing safety protection indexes based on big data information safety, which is characterized by comprising:

a processor;

at least one memory electrically connected to the processor, wherein a computer program is stored in the memory, and the computer program is used for executing the safety protection index optimization method based on big data information safety according to any one of claims 1-7.