CN117575321A - Risk prediction method and device, electronic equipment and storage medium - Google Patents

Risk prediction method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN117575321A
CN117575321A CN202311616012.2A CN202311616012A CN117575321A CN 117575321 A CN117575321 A CN 117575321A CN 202311616012 A CN202311616012 A CN 202311616012A CN 117575321 A CN117575321 A CN 117575321A
Authority
CN
China
Prior art keywords
data
risk
information system
prediction
operation data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311616012.2A
Other languages
Chinese (zh)
Inventor
梁生吉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202311616012.2A priority Critical patent/CN117575321A/en
Publication of CN117575321A publication Critical patent/CN117575321A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/02Knowledge representation; Symbolic representation
    • G06N5/022Knowledge engineering; Knowledge acquisition

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • Tourism & Hospitality (AREA)
  • Development Economics (AREA)
  • Operations Research (AREA)
  • Marketing (AREA)
  • General Business, Economics & Management (AREA)
  • Game Theory and Decision Science (AREA)
  • Educational Administration (AREA)
  • Quality & Reliability (AREA)
  • Artificial Intelligence (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention discloses a risk prediction method, a risk prediction device, electronic equipment and a storage medium. The method comprises the following steps: acquiring operation data of an information system according to a preset time interval; constructing a knowledge graph of the information system based on the operation data and metadata of the information system; and carrying out risk prediction on the information system according to the knowledge graph and the operation data to obtain a prediction result of the risk prediction, and sending prompt information to a user based on the prediction result. According to the method, the knowledge graph can be established through the data braiding technology, interconnection and intercommunication of operation data of the cross-center system are achieved, risk prediction is accurately and rapidly carried out on the information system, and the overall operation efficiency and usability of the information system are further improved.

Description

Risk prediction method and device, electronic equipment and storage medium
Technical Field
The embodiment of the invention relates to the field of information system management, in particular to a risk prediction method, a risk prediction device, electronic equipment and a storage medium.
Background
An information system is a system that is an entity, consisting of people, computers, and data, for collecting, storing, processing, delivering, and using information. It includes various aspects such as hardware devices, software programs, network facilities, and personnel organizations. With the progress of technology and the development of business, the complexity of information systems is higher and higher, and the information systems are generally deployed in multiple places, and various software and hardware resources such as servers, operating systems, cloud platforms, databases, middleware and the like are involved. Therefore, the information system needs to deploy application programs across multiple data centers, the overall condition of the system operation is difficult to intuitively know, potential operation risks are predicted in advance, risk treatment is carried out, the risk treatment has the problems of individual combat, information splitting and the like, and the overall operation efficiency and usability of the system are affected.
At present, risk prediction of an information system is performed by manually checking a system log or inquiring a database to obtain system running state data, determining whether risk occurs according to the running state data and field experience, and performing problem positioning and risk disposal in the information system after the risk occurs. The mode can only predict risks according to data singleization of each structure and equipment of the information system, and can not interconnect and communicate the whole operation data of the information system. The prediction result of the prediction risk is not accurate enough, and meanwhile, the efficiency and the accuracy of risk treatment are reduced, and the user experience is affected.
Disclosure of Invention
The risk prediction method, the risk prediction device, the electronic equipment and the storage medium can realize interconnection and intercommunication of operation data of the cross-center system, accurately and rapidly predict the risk of the information system, and further improve the overall operation efficiency and usability of the information system.
In a first aspect, an embodiment of the present invention provides a risk prediction method, where the method includes:
acquiring operation data of an information system according to a preset time interval;
building a knowledge graph of the information system based on the operation data and metadata of the information system;
And carrying out risk prediction on the information system according to the knowledge graph and the operation data to obtain a prediction result of the risk prediction, and sending prompt information to a user based on the prediction result.
In a second aspect, an embodiment of the present invention further provides a risk prediction system, where the system includes: a data layer, a map layer, a service layer and an application layer; wherein,
the data layer is used for acquiring and managing the operation data of the information system;
the map layer is used for establishing a knowledge map of the information system;
the service layer is used for analyzing the operation data based on the knowledge graph;
the application layer is used for carrying out risk prediction on the information system based on the analyzed operation data, obtaining a prediction result of the risk prediction, and displaying the prediction result for a user.
In a third aspect, an embodiment of the present invention further provides a risk prediction apparatus, where the apparatus includes:
the data acquisition module is used for acquiring the operation data of the information system according to a preset time interval;
the map construction module is used for constructing a knowledge map of the information system based on the operation data and metadata of the information system;
And the risk prediction module is used for carrying out risk prediction on the information system according to the knowledge graph and the operation data to obtain a prediction result of the risk prediction, and sending prompt information to a user based on the prediction result.
In a fourth aspect, an embodiment of the present invention further provides an electronic device, including:
one or more processors;
a memory for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the risk prediction method as provided by any embodiment of the present invention.
In a fifth aspect, embodiments of the present invention further provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a risk prediction method as provided by any of the embodiments of the present invention.
In the embodiment of the invention, the operation data of the information system is acquired according to a preset time interval; constructing a knowledge graph of the information system based on the operation data and metadata of the information system; and carrying out risk prediction on the information system according to the knowledge graph and the operation data to obtain a prediction result of the risk prediction, and sending prompt information to a user based on the prediction result. In the embodiment of the invention, the interconnection and intercommunication of the operation data of the cross-center system can be realized, the risk prediction of the information system can be accurately and rapidly carried out, and the overall operation efficiency and availability of the information system are further improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a first flowchart of a risk prediction method according to an embodiment of the present invention;
FIG. 2 is a second flowchart of a risk prediction method provided by an embodiment of the present invention;
FIG. 3 is a first schematic diagram of a risk prediction system according to an embodiment of the present invention;
FIG. 4 is a second schematic diagram of a risk prediction system according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a risk prediction apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Fig. 1 is a first flowchart of a risk prediction method provided by the embodiment of the present invention, where the method of the present embodiment implements interconnection and interworking of operation data across a central system, accurately and quickly performs risk prediction on an information system, and further improves overall operation efficiency and usability of the information system. The method may be performed by a risk prediction device in an embodiment of the present invention, where the device may be integrated in an electronic device, which may be a server, and the method may be implemented in software and/or hardware. The risk prediction method provided in this embodiment specifically includes the following steps:
step 101, acquiring operation data of an information system according to a preset time interval.
The operation data of the information system comprises central processing unit data, memory data, connection number data, transaction amount data and the like of each server, database, middleware and the like of the information system. The data of different data centers (i.e. different devices) are stored in a distributed mode, and physical concentration is not needed. In an alternative embodiment, in order to determine whether the information system has risk, whether the operation is normal, and the like in real time, the operation data of the information system may be dynamically obtained according to a preset time interval, and the data range and granularity of the obtained operation data may be globally configured and dynamically adjusted according to the characteristics and specific requirements of the information system.
And 102, constructing a knowledge graph of the information system based on the operation data and metadata of the information system.
Metadata of an information system refers to data describing and defining data and resources in the information system. It provides detailed information about the data and resources, including their meaning, structure, relationships, attributes, rules, etc. Metadata may help users understand and use data and support various operations of data management and data analysis. A knowledge graph is a data structure that graphically represents knowledge. It consists of entities (nodes) and relationships (edges) between entities, describing things and relationships between things in the real world. The construction of knowledge maps of information systems requires the extraction and integration of information from various data sources. These data sources may include structured data (e.g., databases), semi-structured data (e.g., web pages), and unstructured data (e.g., text). The data can be converted into a knowledge graph form through technologies such as data cleaning, entity extraction, relation extraction and the like.
In the scheme, a knowledge graph of an information system is constructed based on a data braiding technology. The data compiling technology is a data integration and management technology and method, can be independent of a deployment platform, a data flow, a geographic position and an architecture mode, and can provide a data unified access point by utilizing the functions of artificial intelligence, machine learning and data science on the premise of not moving the data position, so that the data dynamic integration is supported, and the data acquisition efficiency is improved. Based on the data compiling technology, through new technologies such as embedding knowledge patterns, machine learning, recommendation algorithms and the like, more active, intelligent and convenient data service can be provided, and the on-demand use of data is realized. And an overall view of the operation of the cross-center system is constructed through a data braiding technology, so that the overall state of the operation of the system can be intuitively displayed, and risk analysis and quick identification can be performed based on the operation data.
In an alternative embodiment, after the operation data is acquired, metadata corresponding to the operation data is acquired, and the operation data is subjected to data arrangement according to preset configuration information to obtain arranged candidate operation data; performing data description on the candidate operation data according to the metadata to obtain description data of the candidate operation data; wherein the description data includes data attribute information of the operation candidate data; determining an association relationship between the data based on the description data; based on the description data and the association relationship, defining an entity and a relationship corresponding to the description data; according to a preset knowledge graph structure, converting the entity and the relation into nodes and edges corresponding to the knowledge graph structure, and building a knowledge graph of the information system according to the nodes and the edges.
And 103, carrying out risk prediction on the information system according to the knowledge graph and the operation data to obtain a prediction result of the risk prediction, and sending prompt information to a user based on the prediction result.
Risk prediction refers to the early identification and prediction of risk events or potential adverse effects that may occur in an information system through analysis and evaluation of the operational data and metadata of the information system.
Specifically, after the knowledge graph of the information system is established or updated, key data for risk prediction, such as data of connection number, transaction amount, and the like, are screened out from the information system according to the domain big data and the like. And inputting the key data into a preset risk prediction model according to the key data, and rapidly acquiring the operation data crossing the center by the risk prediction model by utilizing a knowledge graph to obtain a change trend corresponding to the key data. Further, risk prediction can be performed on the information system according to the change trend.
In an alternative embodiment, the risk prediction result includes a probability of risk occurrence. After the operation data is acquired, a risk threshold value may be set according to a risk type of a risk to be predicted, a specific requirement, an actual operation environment, and the like. After the prediction result of the risk prediction is obtained, if the probability of risk occurrence in the prediction result is larger than the set risk threshold value, determining that the risk prediction result is at risk, and further determining that the information system is at risk. Further, a prompt message may be generated to prompt the user according to the prediction result. If the probability of risk occurrence in the prediction result is smaller than the set risk threshold value, determining that the information system cannot risk.
In this embodiment, optionally, sending, based on the prediction result, a prompt message to the user includes: when the risk prediction result is that the risk exists, determining a risk treatment suggestion according to the risk type; generating a data arrangement instruction based on the risk treatment suggestion and preset treatment authority information; and generating prompt information according to the data arrangement instruction, and sending the prompt information to a user.
Wherein the risk treatment recommendation is determined for the risk prediction result, and is a strategy for solving the risk that the information system will occur. The treatment authority information includes authority information of each part of the information system set in advance. Data orchestration instruction is a technique that organizes treatment strategies in the form of instruction sequences for automating the execution of risk treatment processes. The data orchestration instruction includes a trigger condition: defining when to trigger a certain handling policy, such as to trigger a current limiting or demotion operation when an abnormal traffic or error rate of the system exceeds a certain threshold. Treatment action: specific treatment actions, such as current limiting, degradation, fusing, and dilatation, etc., are specified to address the risk event. Each treatment action should contain explicit instructions and operational flows. The execution sequence is as follows: the order of execution of the treatment actions is determined to ensure gradual execution in terms of priority and dependency. For example, a current limiting operation is performed first, and then a degradation operation is performed. Monitoring and feedback: after each treatment action is performed, monitoring and feedback is performed to verify the effect of the operation and whether the effect is expected. If the effect is not ideal, the adjustment and optimization can be performed according to the feedback result.
In an alternative embodiment, when the risk prediction result is that there is a risk, according to the risk type, the range and the influence of the risk, and the like, means such as current limiting, degradation, fusing, capacity expansion and the like are combined, and a risk treatment suggestion corresponding to the risk prediction result is given. After the risk treatment advice is obtained, generating a data arrangement instruction corresponding to the risk treatment advice according to the treatment authority information. Further, corresponding prompt information is generated according to the data arrangement instruction. Prompt information is displayed for the user so that relevant operators can respond in advance according to the risk treatment suggestions. Meanwhile, the overall operation condition of the information system is intuitively displayed, and the observability of the operation state of the information system is improved.
Through the steps, the corresponding data arrangement instruction can be generated according to the risk treatment suggestion, so that a user can quickly and accurately know and execute risk treatment establishment, and the efficiency of risk prediction is improved.
In the scheme of the embodiment of the invention, the operation data of the information system is acquired according to a preset time interval; and constructing a knowledge graph of the information system based on the operation data and the metadata of the information system, carrying out risk prediction on the information system according to the knowledge graph and the operation data to obtain a prediction result of risk prediction, and sending prompt information to a user based on the prediction result. According to the method, the knowledge graph can be established through the data braiding technology, interconnection and intercommunication of operation data of the cross-center system are achieved, risk prediction is accurately and rapidly conducted on the information system, and the overall operation efficiency and usability of the information system are further improved.
Fig. 2 is a second flowchart of a risk prediction method according to an embodiment of the present invention, as shown in fig. 2, the method mainly includes the following steps:
step 201, acquiring operation data of an information system according to a preset time interval.
And 202, performing data arrangement on the operation data according to preset configuration information to obtain the arranged candidate operation data.
The configuration information comprises hardware configuration, software version, network topology, security policy and the like of the information system. The candidate operation data is operation data after preprocessing (data arrangement) the operation data.
In an alternative embodiment, the data arrangement is performed on the operation data according to the configuration information to obtain candidate operation data, including: screening data matching the configuration information, for example, if the hardware configuration of the information system includes a cpu model and a memory size, operation data having the same cpu model and memory size may be screened; cleaning and preprocessing the screened operation data to ensure the reliability and consistency of the data, such as removing repeated data, processing missing values, abnormal values and the like; depending on the type of configuration information, the data is encoded and normalized, for example, if the configuration information is discrete, it may be converted into a binary vector using one-hot encoding. If the configuration information is continuous, it can be scaled to within a specific range using a normalization method; feature selection and construction: suitable features are selected and constructed based on configuration information and analysis requirements. The features may be directly related to the configuration information or may be calculated from the operating data. For example, the performance of a system is measured by calculating characteristics of the system such as load balancing or network traffic.
And 203, carrying out data description on the candidate operation data according to the metadata to obtain description data of the candidate operation data.
Wherein the description data includes data attribute information of the operation candidate data. Metadata is data about data that describes attributes, structure, and semantic information of the data. By analyzing the metadata, the meaning and characteristics of each field of the candidate operation data can be known, so that the data description is performed. The data description is a detailed description and definition of data to better understand the contents and characteristics of the data. The data description includes information describing the type, value range, association relationship, and the like of the data. The candidate operation data is described according to the metadata of the operation data, so that the characteristics and potential problems of the data can be better understood, the visualization and the interpretability of the data are facilitated, and the understanding and application effects of the data are improved.
And 204, constructing a knowledge graph of the information system based on the description data.
Wherein the knowledge graph is a data structure that graphically represents knowledge. It consists of entities (nodes) and relationships (edges) between entities, describing things and relationships between things in the real world. In this embodiment, optionally, building a knowledge graph of the information system based on the description data includes: determining an association relationship between the data based on the description data; based on the description data and the association relationship, defining an entity and a relationship corresponding to the description data; according to a preset knowledge graph structure, converting the entity and the relation into nodes and edges corresponding to the knowledge graph structure, and building a knowledge graph of the information system according to the nodes and the edges.
Where entities represent various objects, concepts or attributes in the system, and relationships represent connections and dependencies between entities. Specifically, after the description data is obtained, the association relationship between the data can be determined by analyzing the description data. For example, if there is an association between two fields in the description data, they may be defined as a relationship between entities. After the relation between the entities is obtained, the entities are converted into nodes in the knowledge graph by combining the structural characteristics of the knowledge graph, and the association relation is converted into an edge structure in the knowledge graph. Further, the nodes and edges are inserted into the graph database, and the connection relation between the nodes and the edges is established. Thus, a complete knowledge graph can be constructed.
In the steps, the knowledge graph of the information system can be accurately and comprehensively built, so that the system can build virtual links among operation data based on the knowledge graph, quick access to associated data is realized, and timeliness of data analysis is improved.
Step 205, extracting key data in the operation data according to a preset screening rule, and preprocessing the key data to obtain preprocessed key data.
The screening rules are preset according to specific requirements, large domain data and the like, and are used for obtaining key data. The preprocessing comprises the operations of data cleaning, data denoising, data conversion and the like. Specifically, after the operation data is obtained, the key data is extracted according to the screening rule.
For example, assuming that the information system is an e-commerce information system, the extraction of key data in the purchasing behavior of the user may be performed according to the following preset filtering rules: screening rule one: purchase data over a period of time, such as purchase data over the last month, is extracted. Screening rule II: purchase data having a purchase amount greater than a certain threshold value is extracted, for example, purchase data having a purchase amount greater than 100 yuan is extracted. Screening rule III: purchase data of a specific category, for example, purchase data of purchasing an electronic product is extracted. Screening rule IV: purchase data of a specific region is extracted, for example, purchase data of a place of purchase in a certain city is extracted. According to the above screening rules, the key data can be extracted by: and acquiring data of the purchasing behavior of the user from a database of the system, wherein the data comprise information such as user identification, purchasing time, purchasing amount, purchasing category, purchasing region and the like. The purchase time is filtered and only the purchase data in the last month is reserved. The purchase amount is filtered, and only the purchase data with the purchase amount greater than 100 yuan is reserved. And screening the purchased products, and only reserving purchasing data for purchasing the electronic products. The purchasing region is screened, and only purchasing data of purchasing places in a certain city is reserved. Further, the selected purchase data is key data.
And 206, inputting the preprocessed key data into a predetermined risk model, and performing risk analysis on the key data based on a knowledge graph through the risk model to obtain an analysis result of the key data.
The analysis result at least comprises a risk type and a risk value, wherein the risk value is used for representing the probability of risk occurrence. The risk model is used for predicting whether the information system will risk according to the key data. Common risk models include. Specifically, according to the big data of the field, specific requirements and the like, a corresponding risk model such as a decision tree, logistic regression, a support vector machine and the like can be selected.
In an alternative embodiment, after obtaining the key data and the knowledge graph, inputting the key data into a predetermined risk model, and performing risk analysis on the key data by combining the risk model with the knowledge graph to quickly integrate the cross-center data, so as to output an analysis result corresponding to the key data.
Step 207, determining a prediction result of risk prediction according to the analysis result.
Wherein the predicted outcome includes risky and risky. The analysis results include risk types and risk values, which are used to represent the probability of risk occurrence. In this solution, optionally, determining a prediction result of the risk prediction according to the analysis result includes: determining a preset risk threshold corresponding to the analysis result; when the risk value in the analysis result is not smaller than a preset risk threshold corresponding to the analysis result, determining that a predicted result of risk prediction is risk; and when the risk value in the analysis result is smaller than a preset risk threshold corresponding to the analysis result, determining that the prediction result of the risk prediction is risk-free.
The risk threshold is preset according to the risk type, the field big data and the like and is used for determining whether a risk value can occur, and different types of risk events correspond to different risk thresholds. In an alternative embodiment, after determining the analysis result, a preset risk threshold corresponding to the analysis result is determined according to the analysis type. Comparing the risk value in the analysis result with preset risk preset, and if the risk value is not smaller than a preset risk threshold corresponding to the analysis result, determining that the prediction result of risk prediction is risk; and when the risk value in the analysis result is smaller than a preset risk threshold corresponding to the analysis result, determining that the prediction result of the risk prediction is risk-free.
According to the steps, different risk thresholds can be set according to different risk types, whether risks occur or not is accurately determined according to the risk thresholds, and accuracy of predicting the risks is improved.
And step 208, sending prompt information to the user based on the prediction result.
The risk prediction method provided by the embodiment of the invention can acquire the operation data of the information system according to the preset time interval. And performing data arrangement on the operation data according to preset configuration information to obtain the arranged candidate operation data. And carrying out data description on the candidate operation data according to the metadata to obtain description data of the candidate operation data. Wherein the description data includes data attribute information of the operation candidate data. And constructing a knowledge graph of the information system based on the description data. And extracting key data in the operation data according to a preset screening rule, and preprocessing the key data to obtain preprocessed key data. Inputting the preprocessed key data into a predetermined risk model, and performing risk analysis on the key data based on a knowledge graph through the risk model to obtain an analysis result of the key data; wherein the analysis result comprises at least a risk type and a risk value. And determining a prediction result of the risk prediction according to the analysis result. Wherein the predicted outcome includes risky and risky. And sending prompt information to the user based on the prediction result. The method of the embodiment can realize centralized and unified analysis of production running conditions of the cross-center information system, intuitively display the overall running conditions of the system and improve observability of the running state of the system. Based on the knowledge graph, establishing virtual links among system operation data, realizing quick access to associated data, improving timeliness of data analysis, and displaying the whole operation condition of the information system more quickly. And identifying and establishing prediction of potential operation risks based on unified agility analysis of the information system operation history data and development trend. And realizing cross-platform, cross-environment and cross-center management and sharing of information system operation data based on the knowledge graph, executing expected result analysis by relying on risks, and generating intelligent suggestions for risk disposal. And the risk handling capacity and efficiency are improved, and the safe and stable operation of the information system is ensured.
Fig. 3 is a first structural schematic diagram of a risk prediction system according to an embodiment of the present invention. The embodiment of the invention provides a risk prediction system.
As shown in fig. 3, the risk prediction system includes: a data layer, a map layer, a service layer and an application layer; the data layer is used for acquiring and managing the operation data of the information system; the map layer is used for establishing a knowledge map of the information system; and the service layer is used for analyzing the operation data based on the knowledge graph. And the application layer is used for carrying out risk prediction on the information system based on the analyzed operation data, obtaining a prediction result of the risk prediction and displaying the prediction result for a user.
Fig. 4 is a second schematic structural diagram of a risk prediction system according to an embodiment of the present invention. As shown in fig. 4, the data layer is used to collect, transmit, store, and manage critical data for the operation of the information system, including data of servers, memories, networks, databases, and the like. The data range and granularity can be globally configured and dynamically adjusted according to the characteristics and requirements of the system. The data of different data centers are stored in a distributed mode, and physical concentration is not needed. The map layer comprises an enhanced data catalog and a semantic knowledge map and is used for describing data sources, values, categories, storage positions, heat and other business and technical attributes and the like. Based on the data catalogue and the attributes, a semantic-based enterprise level knowledge graph is further constructed, the association relation between the data is identified from the service angle, and intelligent searching and quick access of the data are supported by establishing virtual links. The service layer includes data orchestration, recommendation engines, and analysis models. The service layer can rely on data to enhance catalogues and semantic knowledge graphs, and adopts artificial intelligence and machine learning technologies to realize dynamic, intelligent and automatic analysis and management of system operation data and provide data services such as automatic arrangement, intelligent recommendation, analysis insight and the like. The application layer includes run-time presentation, risk prediction, co-processing, and attribute configuration. The application layer can perform unified view display on the overall running condition of the information system, and perform risk prediction in combination with threshold attribute configuration, so as to support operations such as cross-center collaborative treatment, attribute configuration and the like.
In the scheme, a data braiding technology is utilized to integrate distributed and heterogeneous data sources in a cross-center system together to form a knowledge graph with structuring, relevance and queriability. For a complex information system deployed across centers, a unified view of system operation data is established based on data braiding, collaborative treatment of operation of the information system by multiple persons is supported, a control range and granularity are ensured through authority control, and integrated operation is realized. The problem of information system operation data mutually splitting, the data management degree of difficulty is big is solved.
The system provided in this embodiment includes: a data layer, a map layer, a service layer and an application layer; the data layer is used for acquiring and managing the operation data of the information system; the map layer is used for establishing a knowledge map of the information system; and the service layer is used for analyzing the operation data based on the knowledge graph. And the application layer is used for carrying out risk prediction on the information system based on the analyzed operation data, obtaining a prediction result of the risk prediction and displaying the prediction result for a user. The system provided by the embodiment can realize interconnection and intercommunication of the operation data of the cross-center system, accurately and rapidly conduct risk prediction on the information system, and further improve the overall operation efficiency and usability of the information system.
The data acquisition, storage, use, processing and the like in the technical scheme meet the relevant regulations of national laws and regulations.
Fig. 5 is a schematic structural diagram of a risk prediction apparatus according to an embodiment of the present invention. The embodiment of the invention provides a risk prediction device, which comprises:
a data acquisition module 501, configured to acquire operation data of the information system according to a preset time interval;
the map construction module 502 is configured to construct a knowledge map of the information system based on the operation data and metadata of the information system;
and the risk prediction module 503 is configured to perform risk prediction on the information system according to the knowledge graph and the operation data, obtain a prediction result of the risk prediction, and send prompt information to a user based on the prediction result.
Optionally, the map construction module 502 is specifically configured to: according to preset configuration information, carrying out data arrangement on the operation data to obtain candidate operation data after arrangement;
performing data description on the candidate operation data according to the metadata to obtain description data of the candidate operation data; wherein the description data includes data attribute information of the operation candidate data;
And building a knowledge graph of the information system based on the description data.
Optionally, the map construction module 502 is further configured to: determining an association relationship between data based on the description data;
based on the description data and the association relation, defining an entity and a relation corresponding to the description data;
and converting the entity and the relation into nodes and edges corresponding to the knowledge graph structure according to a preset knowledge graph structure, and building the knowledge graph of the information system according to the nodes and edges.
Optionally, the risk prediction module 503 is specifically configured to: extracting key data in the operation data according to a preset screening rule, and preprocessing the key data to obtain preprocessed key data;
inputting the preprocessed key data into a predetermined risk model, and performing risk analysis on the key data based on the knowledge graph through the risk model to obtain an analysis result of the key data; wherein the analysis result at least comprises a risk type and a risk value;
determining a prediction result of the risk prediction according to the analysis result; wherein the predicted outcome includes risky and risky.
Optionally, the risk prediction module 503 is further configured to: determining a preset risk threshold corresponding to the analysis result;
when the risk value in the analysis result is not smaller than a preset risk threshold corresponding to the analysis result, determining that the predicted result of the risk prediction is at risk;
and when the risk value in the analysis result is smaller than a preset risk threshold corresponding to the analysis result, determining that the prediction result of the risk prediction is risk-free.
Optionally, the risk prediction module 503 is further configured to: determining a risk treatment suggestion according to the risk type when the risk prediction result is that the risk exists;
generating a data arrangement instruction based on the risk treatment suggestion and preset treatment authority information;
and generating prompt information according to the data arrangement instruction, and sending the prompt information to the user.
The risk prediction device provided by the embodiment of the invention can execute the risk prediction method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and referring to fig. 6, a schematic structural diagram of a computer system 12 suitable for implementing the electronic device according to the embodiment of the present invention is shown. The electronic device shown in fig. 6 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the invention. Components of the electronic device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, a bus 18 that connects the various system components, including the system memory 28 and the processing units 16.
Bus 18 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, micro channel architecture (MAC) bus, enhanced ISA bus, video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Electronic device 12 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by electronic device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 30 and/or cache memory 32. The electronic device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from or write to non-removable, nonvolatile magnetic media (not shown in FIG. 6, commonly referred to as a "hard disk drive"). Although not shown in fig. 6, a magnetic disk drive for reading from and writing to a removable non-volatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from or writing to a removable non-volatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In such cases, each drive may be coupled to bus 18 through one or more data medium interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored in, for example, memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 42 generally perform the functions and/or methods of the embodiments described herein.
The electronic device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), one or more devices that enable a user to interact with the electronic device 12, and/or any devices (e.g., network card, modem, etc.) that enable the electronic device 12 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 22. In the electronic device 12 of the present embodiment, the display 24 is not provided as a separate body but is embedded in the mirror surface, and the display surface of the display 24 and the mirror surface are visually integrated when the display surface of the display 24 is not displayed. Also, the electronic device 12 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through a network adapter 20. As shown, the network adapter 20 communicates with other modules of the electronic device 12 over the bus 18. It should be appreciated that although not shown in fig. 6, other hardware and/or software modules may be used in connection with electronic device 12, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
The processing unit 16 executes various functional applications and risk prediction by running programs stored in the system memory 28, for example, implementing a risk prediction method provided by an embodiment of the present invention: acquiring operation data of an information system according to a preset time interval; building a knowledge graph of the information system based on the operation data and metadata of the information system; and carrying out risk prediction on the information system according to the knowledge graph and the operation data to obtain a prediction result of the risk prediction, and sending prompt information to a user based on the prediction result.
The embodiments of the present invention provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a risk prediction method as provided by all the embodiments of the present invention: acquiring operation data of an information system according to a preset time interval; building a knowledge graph of the information system based on the operation data and metadata of the information system; and carrying out risk prediction on the information system according to the knowledge graph and the operation data to obtain a prediction result of the risk prediction, and sending prompt information to a user based on the prediction result. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present invention may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.

Claims (10)

1. A risk prediction method, the method comprising:
acquiring operation data of an information system according to a preset time interval;
building a knowledge graph of the information system based on the operation data and metadata of the information system;
and carrying out risk prediction on the information system according to the knowledge graph and the operation data to obtain a prediction result of the risk prediction, and sending prompt information to a user based on the prediction result.
2. The method of claim 1, wherein building a knowledge-graph of the information system based on the operational data and a metadata source of the information system comprises:
According to preset configuration information, carrying out data arrangement on the operation data to obtain candidate operation data after arrangement;
performing data description on the candidate operation data according to the metadata to obtain description data of the candidate operation data; wherein the description data includes data attribute information of the operation candidate data;
and building a knowledge graph of the information system based on the description data.
3. The method of claim 2, wherein building a knowledge-graph of the information system based on the description data comprises:
determining an association relationship between data based on the description data;
based on the description data and the association relation, defining an entity and a relation corresponding to the description data;
and converting the entity and the relation into nodes and edges corresponding to the knowledge graph structure according to a preset knowledge graph structure, and building the knowledge graph of the information system according to the nodes and edges.
4. The method according to claim 1, wherein performing risk prediction on a system according to the knowledge graph and the operation data to obtain a prediction result of the risk prediction comprises:
Extracting key data in the operation data according to a preset screening rule, and preprocessing the key data to obtain preprocessed key data;
inputting the preprocessed key data into a predetermined risk model, and performing risk analysis on the key data based on the knowledge graph through the risk model to obtain an analysis result of the key data; wherein the analysis result at least comprises a risk type and a risk value;
determining a prediction result of the risk prediction according to the analysis result; wherein the predicted outcome includes risky and risky.
5. The method of claim 4, wherein determining a predicted outcome of the risk prediction based on the analysis results comprises:
determining a preset risk threshold corresponding to the analysis result;
when the risk value in the analysis result is not smaller than a preset risk threshold corresponding to the analysis result, determining that the predicted result of the risk prediction is at risk;
and when the risk value in the analysis result is smaller than a preset risk threshold corresponding to the analysis result, determining that the prediction result of the risk prediction is risk-free.
6. The method of claim 4, wherein sending a hint to a user based on the prediction comprises:
determining a risk treatment suggestion according to the risk type when the risk prediction result is that the risk exists;
generating a data arrangement instruction based on the risk treatment suggestion and preset treatment authority information;
and generating prompt information according to the data arrangement instruction, and sending the prompt information to the user.
7. A risk prediction system, the system comprising: a data layer, a map layer, a service layer and an application layer; wherein,
the data layer is used for acquiring and managing the operation data of the information system;
the map layer is used for establishing a knowledge map of the information system;
the service layer is used for analyzing the operation data based on the knowledge graph;
the application layer is used for carrying out risk prediction on the information system based on the analyzed operation data, obtaining a prediction result of the risk prediction, and displaying the prediction result for a user.
8. A risk prediction apparatus, the apparatus comprising:
the data acquisition module is used for acquiring the operation data of the information system according to a preset time interval;
The map construction module is used for constructing a knowledge map of the information system based on the operation data and metadata of the information system;
and the risk prediction module is used for carrying out risk prediction on the information system according to the knowledge graph and the operation data to obtain a prediction result of the risk prediction, and sending prompt information to a user based on the prediction result.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the risk prediction method of any one of claims 1 to 6 when the program is executed by the processor.
10. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the risk prediction method according to any of claims 1-6.
CN202311616012.2A 2023-11-29 2023-11-29 Risk prediction method and device, electronic equipment and storage medium Pending CN117575321A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311616012.2A CN117575321A (en) 2023-11-29 2023-11-29 Risk prediction method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311616012.2A CN117575321A (en) 2023-11-29 2023-11-29 Risk prediction method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117575321A true CN117575321A (en) 2024-02-20

Family

ID=89860614

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311616012.2A Pending CN117575321A (en) 2023-11-29 2023-11-29 Risk prediction method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117575321A (en)

Similar Documents

Publication Publication Date Title
US11151024B2 (en) Dynamic automation of DevOps pipeline vulnerability detecting and testing
US10769009B2 (en) Root cause analysis for correlated development and operations data
US20170109657A1 (en) Machine Learning-Based Model for Identifying Executions of a Business Process
US20170109676A1 (en) Generation of Candidate Sequences Using Links Between Nonconsecutively Performed Steps of a Business Process
US20170109636A1 (en) Crowd-Based Model for Identifying Executions of a Business Process
US11119979B2 (en) Content based recommendations of file system save locations
CN110389748A (en) Business data processing method and terminal device
US20170109639A1 (en) General Model for Linking Between Nonconsecutively Performed Steps in Business Processes
US20170109638A1 (en) Ensemble-Based Identification of Executions of a Business Process
US11968224B2 (en) Shift-left security risk analysis
Ahmed et al. Big data analytics for intelligent internet of things
US10762089B2 (en) Open ended question identification for investigations
US11023356B2 (en) Utilization of publicly available source code
US20230117225A1 (en) Automated workflow analysis and solution implementation
US11062330B2 (en) Cognitively identifying a propensity for obtaining prospective entities
Fernández-Pérez et al. Fuzzy multi-criteria decision making methods applied to usability software assessment: An annotated bibliography
WO2019097362A1 (en) Automatically connecting external data to business analytics process
US20220058707A1 (en) Product recommendation based on machine learning
CN112948275A (en) Test data generation method, device, equipment and storage medium
US20170109670A1 (en) Crowd-Based Patterns for Identifying Executions of Business Processes
US20170109637A1 (en) Crowd-Based Model for Identifying Nonconsecutive Executions of a Business Process
US20230029218A1 (en) Feature engineering using interactive learning between structured and unstructured data
CN113674065B (en) Service contact-based service recommendation method and device, electronic equipment and medium
US20070061177A1 (en) Method for providing a contextual view of a process step
US11893132B2 (en) Discovery of personal data in machine learning models

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination