CN117768220A - Network security level protection evaluation method, system and device based on artificial intelligence - Google Patents
Network security level protection evaluation method, system and device based on artificial intelligence Download PDFInfo
- Publication number
- CN117768220A CN117768220A CN202311828011.4A CN202311828011A CN117768220A CN 117768220 A CN117768220 A CN 117768220A CN 202311828011 A CN202311828011 A CN 202311828011A CN 117768220 A CN117768220 A CN 117768220A
- Authority
- CN
- China
- Prior art keywords
- network security
- level protection
- security level
- evaluation
- model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011156 evaluation Methods 0.000 title claims abstract description 115
- 238000013473 artificial intelligence Methods 0.000 title claims abstract description 36
- 238000000034 method Methods 0.000 claims abstract description 35
- 238000013135 deep learning Methods 0.000 claims abstract description 17
- 230000003993 interaction Effects 0.000 claims abstract description 14
- 238000001514 detection method Methods 0.000 claims description 35
- 239000013598 vector Substances 0.000 claims description 26
- 238000005516 engineering process Methods 0.000 claims description 23
- 238000012549 training Methods 0.000 claims description 17
- 238000012545 processing Methods 0.000 claims description 14
- 238000006243 chemical reaction Methods 0.000 claims description 13
- 238000012937 correction Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 10
- 238000005457 optimization Methods 0.000 claims description 9
- 238000012360 testing method Methods 0.000 claims description 9
- 238000004458 analytical method Methods 0.000 claims description 8
- 238000007781 pre-processing Methods 0.000 claims description 7
- 238000004422 calculation algorithm Methods 0.000 claims description 6
- 230000011218 segmentation Effects 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 5
- 238000003058 natural language processing Methods 0.000 claims description 5
- 230000002787 reinforcement Effects 0.000 claims description 5
- 238000013139 quantization Methods 0.000 claims description 4
- 230000033228 biological regulation Effects 0.000 claims description 3
- 230000010485 coping Effects 0.000 claims description 3
- 238000013480 data collection Methods 0.000 claims description 3
- 238000013210 evaluation model Methods 0.000 claims description 3
- 230000006872 improvement Effects 0.000 claims description 3
- 238000012986 modification Methods 0.000 claims description 3
- 230000004048 modification Effects 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000003909 pattern recognition Methods 0.000 claims description 3
- 230000001105 regulatory effect Effects 0.000 claims description 3
- 238000012502 risk assessment Methods 0.000 claims description 3
- 238000013526 transfer learning Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 230000001939 inductive effect Effects 0.000 claims description 2
- 238000002372 labelling Methods 0.000 claims description 2
- 238000005259 measurement Methods 0.000 claims description 2
- 238000012805 post-processing Methods 0.000 claims description 2
- 230000000694 effects Effects 0.000 description 5
- 238000012854 evaluation process Methods 0.000 description 3
- 238000013527 convolutional neural network Methods 0.000 description 2
- 238000013136 deep learning model Methods 0.000 description 2
- 230000006698 induction Effects 0.000 description 2
- 230000007787 long-term memory Effects 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000002790 cross-validation Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000002592 echocardiography Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000004451 qualitative analysis Methods 0.000 description 1
- 238000011002 quantification Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 231100000279 safety data Toxicity 0.000 description 1
- 230000006403 short-term memory Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a network security level protection evaluation method, system and device based on artificial intelligence, which comprises the steps of constructing a network security level protection model based on deep learning and a knowledge graph, designing a security management and equipment configuration scanning method based on intelligent voice interaction, constructing an artificial intelligence driven network security level protection rating and decision system and setting a network security information system.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network security level protection evaluation method, system and device based on artificial intelligence.
Background
With the wide application of the network information system in China, the network security level protection work is increasingly important. Currently, network security level protection assessment mainly relies on traditional methods of qualitative analysis and quantitative calculation, such as manual inspection, testing and interview. The traditional method has lower efficiency, and in addition, the technical capability and working experience of different assessment personnel are uneven, so that the accuracy and consistency of the assessment conclusion are difficult to ensure.
In recent years, artificial intelligence technology has demonstrated great potential for application in a variety of fields. Particularly, the intelligent voice technology, the natural voice processing technology, the deep learning technology and the reinforcement learning technology can realize man-machine natural voice interaction, the natural voice processing technology enables a computer to understand, interpret and generate natural language texts, and the reinforcement learning technology can enable a system to learn how to obtain the maximum rewards or achieve the established targets by trying to learn how to make optimal decisions in a wrong way on the premise of testing evaluation data in the past. However, although artificial intelligence technology has achieved significant results in many fields, there are relatively few studies in terms of intelligent modification and application in the field of network security level protection evaluation.
Therefore, there is an urgent need to provide a network security level protection assessment method, system and device based on artificial intelligence, so as to solve the above problems.
Disclosure of Invention
The invention aims to overcome the defects and the shortcomings of the prior art, and provides a network security level protection evaluation method, system and device based on artificial intelligence, which realize an automatic network security level protection evaluation process, reduce manual intervention and operation, reduce evaluation cost and improve evaluation efficiency and accuracy.
The aim of the invention is realized by the following technical scheme:
network security level protection evaluation method, system and device based on artificial intelligence, comprising
S100, constructing a network security level protection model based on deep learning and a knowledge graph, comprising the steps of creating a knowledge base set of network security level protection, acquiring element information of a basic requirement set of network security level protection, constructing a three-section result record model based on the element information, and outputting an evaluation conclusion;
s200, designing a security management and equipment configuration scanning method based on intelligent voice interaction, which is used for automatically identifying and summarizing voices, and forming network equipment unit evaluation item evidence and intermediate evaluation conclusion according to summary contents;
s300, constructing an artificial intelligent driven network security level protection rating and decision system, and outputting a result record, an evaluation report and a level protection correction proposal of an evaluation item;
s400, setting a network security information system for timely coping with continuously-changing network threats, collecting and monitoring vulnerability information in real time, comparing the vulnerability information with a tested system, automatically identifying the threats, evaluating risks and providing protection suggestions, and timely repairing the vulnerabilities.
As a preferred technical scheme of the invention, the knowledge base set for protecting the network security level comprises national laws and regulations related to network security, network security level protection evaluation standards and network security level protection standard knowledge, and the related security requirement points are subjected to inductive analysis, specifically created by the following steps:
s110, data collection: the system comprises structured data and unstructured data, wherein the structured data comprises internal company data, external industry data and implementation data; the unstructured data comprise voice data, and voice preprocessing, voice-to-text and text post-processing are carried out on the voice data;
s120, splitting the document and writing the document into a vector database: after the data acquisition is completed, the data is subjected to refinement and segmentation, and the documents are classified according to the detection method, the detection object, the current safety measures and other subjects;
the segmentation steps are as follows:
(1) Introducing a natural language processing advanced technology, analyzing the syntax of the file and marking the semantic roles, and dividing the file;
(2) Text vectorization, comprising: loading a pre-training embedded model, converting sentences in the document into a vectorization representation form, taking the converted vectors as characteristics to train a classifier, classifying the document, and storing the result into a vector database;
s130, vector database optimization: the method comprises index optimization, quantization processing, parallel computing, data preprocessing and distance measurement selection;
s140, vector reasoning forms a database set: the existing security detection document library is converted into a numerical vector form, conversion is realized by applying an advanced embedded model, the advanced embedded model can capture deep semantic relations in texts, and then the vectorized data are integrated into a vector database to perform efficient similarity query and pattern recognition.
According to the preferred technical scheme, element information of a network security level protection basic requirement set is obtained based on a network security level protection knowledge base set, the element information comprises a detection mode, a detection object and existing measures, a three-section result record model is built based on the element information, and through deep learning, information security assessment result records and assessment conclusions are used for combined training in combination with the network security level protection basic requirement set, so that a network security level protection model is obtained.
As a preferred technical solution of the present invention, the network security level protection model is obtained by the following steps:
s1000, designing a network security level protection evaluation model: comprehensively analyzing the result record of the field evaluation and the knowledge base set to obtain risk points of the tested object, and giving a rectifying and modifying suggestion;
s1100, collecting and annotating evaluation data: labeling and annotating semantics on the field evaluation voice data;
s1200, automatic speech recognition of site assessment interviews: text conversion is carried out on the voice data;
s1300, processing the text information recorded by the evaluation result: processing the converted text, extracting key information and classifying the text;
s1400, model training and algorithm optimization: performing supervised learning through the marked training set, optimizing the performance of the model, and simultaneously improving the adaptability and accuracy of the model by applying reinforcement learning or transfer learning;
s1500, performance evaluation and model verification: carrying out strict test on the model, and simultaneously verifying the evaluation and the suggested quality of the model;
s1600, feedback loop and continuous improvement: and inputting a more perfect data set to the model periodically according to the new evaluation item data, and performing fine adjustment to the data source to perfect and strengthen the model.
As a preferable technical scheme of the invention, the security management and equipment configuration scanning method based on intelligent voice interaction specifically comprises the following steps:
s210, converting the detected object into a text through intelligent voice recognition;
s220, inputting the information into a three-section result record model for information conversion, and regulating three-section result records;
s230, matching the obtained three-section result record with a network security level protection model;
s240, outputting the corresponding evaluation conclusion of the three-section type result record by the network security level protection model.
As a preferable technical scheme of the invention, the construction of the artificial intelligent driven network security level protection rating and decision system specifically comprises the steps of carrying out deep learning by combining the current system level with risk analysis and rectification suggestion corresponding to the inconsistent evaluation conclusion.
The invention also provides a network security level protection evaluation system based on artificial intelligence, which comprises:
the network security level protection model module based on deep learning and knowledge patterns integrates network security level protection evaluation standards and network security level protection standard knowledge and is used for intelligently sensing network security level protection states;
the security management and equipment configuration scanning method module based on intelligent voice interaction is used for automatically identifying, summarizing and summarizing voice communication in interview process, and forming network equipment unit evaluation item evidence and intermediate evaluation conclusion according to summary content;
and the artificial intelligent driven network security level protection rating and decision system module is used for evaluating the network security level protection rating and outputting a result record, an evaluation report and a level protection correction proposal of the evaluation item.
The invention also provides a network security level protection evaluation device based on the artificial intelligence, and the network security level protection evaluation method and system based on the artificial intelligence are integrated.
Compared with the prior art, the invention has the following beneficial effects:
according to the invention, a network security level protection model based on deep learning and knowledge graph is constructed by artificial intelligence technology, security features in network data are automatically learned and extracted, and security risks and vulnerabilities in a network system are accurately identified and evaluated; by the security management and equipment configuration scanning method based on intelligent voice interaction, voice is automatically identified, summarized and summarized, information and configuration of network equipment are rapidly obtained, and manual operation and errors are reduced; automatically evaluating the network security level protection level and outputting a result record, an evaluation report and a level protection correction suggestion of an evaluation item through an artificial intelligent driven network security level protection rating and decision system, so that the security and the protection effect of the network system are improved; by setting a network security information system, the network threat which is continuously changed is timely dealt with, and the network security protection effect is further improved; according to the invention, the artificial intelligence technology is applied to the field of network security level protection evaluation, so that the intellectualization and automation of a network security level protection evaluation flow are realized, the manual intervention and operation are effectively reduced, the evaluation cost is reduced, and the evaluation efficiency and accuracy are improved.
Drawings
FIG. 1 is a schematic flow chart of the present invention.
FIG. 2 is a flow chart of the present invention for creating a knowledge base set for network security level protection.
Fig. 3 is a schematic flow chart of the method for obtaining the network security level protection model according to the present invention.
FIG. 4 is a flow chart of a method for security management and device configuration scanning based on intelligent voice interaction according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but embodiments of the present invention are not limited thereto.
The specific implementation process of the invention is as follows:
referring to FIG. 1, an artificial intelligence based network security level protection evaluation method, system and device includes
S100, constructing a network security level protection model based on deep learning and a knowledge graph. The deep learning technology can automatically learn and extract modes and features in the data, and improves the recognition capability of network security threats. The knowledge graph can organize and integrate knowledge in the network security field, and provide richer background information and context for the network security level protection model. The network security level protection model integrates national laws and regulations related to network security, also comprises network security level protection evaluation standards and network security level protection standard knowledge, and forms a knowledge base set for network security level protection by carrying out induction analysis on relevant security requirement points. The intelligent perception of the network security level protection state is realized, and the security risk and the security vulnerability in the network system are accurately identified and evaluated.
S200, designing a security management and equipment configuration scanning method based on intelligent voice interaction. The voice communication in the interview process is automatically identified and summarized, and the network equipment unit evaluation item evidence and intermediate evaluation conclusion are formed according to the summary content. Specifically, the intelligent voice interaction technology is utilized to automatically identify and summarize voice communication in interview process, and information related to network security level protection is extracted. Such information may include configuration information of the network device, security policies, log files, etc., which may be used as evidence of the network device unit evaluation items. Based on these evidences, intermediate evaluation results were further formed. By automatically extracting the information related to the network security level protection, the efficiency and accuracy of the evaluation are improved. Through intelligent voice interaction technology, automatic identification and induction summarization of safety management and equipment configuration are realized, the intention and the demand of a user can be accurately understood, and the evaluation accuracy is further improved. Meanwhile, the safety problem can be monitored and responded in real time, and the safety problem can be found and solved in time.
S300, constructing an artificial intelligent driven network security level protection rating and decision system. And evaluating the network security level protection level, and outputting a result record, an evaluation report and a level protection correction proposal of the evaluation item. Specifically, after the network security level protection is evaluated, an artificial intelligence technology can be used for constructing a rating and decision system, and automatic evaluation and generation of rating protection correction suggestions can be performed on the evaluation result. The system can analyze and evaluate the result record of the evaluation item according to the network security level protection standard and specification by utilizing the technologies of machine learning, deep learning and the like, and output corresponding evaluation report and level protection correction proposal. Meanwhile, the system can also have a visual display function, and the assessment report and the grade protection correction advice are presented to the user in an intuitive mode, so that the user can conveniently and quickly know the network security grade protection condition, and the correction is carried out aiming at the existing problems. The efficiency and accuracy of network security level protection can be greatly improved,
s400, a network security information system is used for coping with the continuously changing network threats. By periodically or real-timely collecting and monitoring various large vulnerability library sites such as CVE, national information security vulnerability library and the like and vulnerability information published by the authorities of application system components, the information can comprise system component names, version numbers, utilization paths, solution suggestions and the like, according to the collected component names and version numbers, a network security intelligence system can be automatically matched with the component names and version numbers used in a tested system, possible vulnerability risks are automatically identified, and system maintenance personnel are timely notified to repair according to vulnerability solution suggestions, so that system security is improved. Because the traditional network security level protection evaluation method mainly depends on a knowledge base and experience, the continuous network threat cannot be timely dealt with. And more real-time and accurate data are provided for evaluation through a network security information system. Better identify threats, assess risk, and provide personalized protective advice. The artificial intelligence is enabled to depend not only on a knowledge base but also on network security information in the evaluation process, the knowledge base is used for providing basic security knowledge and experience, and the network security information can provide real-time and up-to-date security information. By combining network security information, the network security level protection evaluation method based on artificial intelligence is more real-time, accurate and flexible, can better cope with continuously changing network threats, and further improves the network security protection effect.
Referring to fig. 2, in an embodiment of the present invention, a set of knowledge bases for network security level protection is created specifically by:
s110, data collection, including:
the structured data comprises an internal data source, an external data source and implementation data, wherein the internal data source comprises a security detection report, a network security level protection evaluation standard and network security level protection specification knowledge of a company for a plurality of years; the external data source can be an industry safety report and public database containing a large amount of safety data for training and verifying the model; and data quality management measures are implemented, so that the accuracy and consistency of the acquired data of the knowledge base set are ensured by the network security level.
The unstructured data mainly aims at voice data, noise reduction and echo cancellation are carried out through a voice preprocessing technology, background noise in the environment is removed, the definition of voice signals is improved, echoes caused by the environment or equipment are eliminated, and the accuracy of voice recognition is improved; and converting the voice into text by using a high-precision automatic recognition system ASR, and training a customized voice recognition model for the technical terms and the industry specific vocabulary so as to improve the conversion accuracy. And then processing the converted text, and correcting and editing the text after voice recognition to correct potential recognition errors. And further analyzing and processing the text data by natural language processing technology.
S120, splitting the document and writing the document into a vector database: after the data acquisition is completed, the data is subjected to refinement and segmentation. This process involves classifying documents according to the subject matter of the detection method, the detection object, and the current security measures. Each topic is further subdivided into independent sentence and vocabulary units.
The specific segmentation steps are as follows:
(1) Introducing a natural language processing advanced technology NLP, analyzing the syntax of the file and marking the semantic roles, and dividing the file;
(2) Text vectorization, comprising:
loading an embedded model: a pre-trained embedding model BERT is loaded.
Sentence vectorization: with the loaded model we convert sentences in the document into vector representations, each of which is encoded into a fixed length vector, regardless of its original length, ensuring that they can be efficiently processed by machine learning algorithms.
Feature extraction and classification: after the vectorized sentences are obtained, the vectors can be used as characteristics to train a classifier, and documents are classified according to the detection method, the detection object, the current safety measures and other topics.
And (5) storing into a vector database: a distributed computing framework, such as MapReduce, is employed to achieve efficient vectorization of text and store the results in a vector database.
S130, vector database optimization, which comprises the following steps:
index optimization: an index structure suitable for high-dimensional vectors is applied, e.g., hierarchical Navigable Small World, to improve query efficiency.
And (3) quantification treatment: vector storage space and query time are reduced by techniques such as product quantization Product Quantization.
Parallel computing: and performing parallel computation by using a multi-core CPU or GPU so as to improve the query efficiency.
Data preprocessing: and through standardized data preprocessing technologies and the like, the query accuracy is improved.
Distance metric selection: an appropriate distance measure, such as cosine similarity, is selected based on the embedding characteristics to optimize the query results.
S140, vector reasoning and forming a knowledge base set, converting the existing security detection document library into a numerical vector form, wherein the conversion is realized by applying an advanced embedded model, and the model can capture deep semantic relations in a text. These vectorized data are then integrated into a vector database to facilitate efficient similarity queries and pattern recognition.
Further, through the steps, a knowledge base set of network security level protection is created, and element information of a basic requirement set of network security level protection is obtained, including: detection mode, detection object and existing measures. And constructing a three-section result record model based on the three element information. Specifically, the three-section type result recording module divides the detection result of network security level protection into three parts for recording and analyzing:
detection mode and result: whether the network is safely detected by adopting a detection mode based on artificial intelligence or a detection mode based on a traditional method is recorded, and whether a detection result is normal, for example, whether a security threat or a loophole is found or not is recorded.
Detecting objects and results: this section records the results of the detection for different detection objects, including network devices, servers, terminal devices, applications, etc. For each object, details of the detection are recorded, such as the type, level, and hazard of the vulnerability, etc.
Existing measures and results: security measures and safeguards such as firewalls, intrusion detection systems, encrypted communications, etc. have been taken are recorded. At the same time, the effectiveness, reliability and security results of these measures are recorded, for example whether attacks and intrusions can be effectively prevented.
Through the three-section type result recording model, the detection results of the network security level protection can be comprehensively recorded, and the results are analyzed and evaluated, so that the efficiency and accuracy of the network security level protection are improved.
Furthermore, through deep learning, information security assessment result records and assessment conclusions are combined with the network security level protection basic requirement set to perform combined training, wherein when the result records are trained, three-section result record models are used for conversion, and the three-section result records and the assessment conclusions are subjected to association learning to form a network security level protection model. Specifically, the detection mode, the detection object and the existing measures in the three-section result record can be used as input features, and the evaluation conclusion can be used as an output label for training. The method can adopt a deep learning model such as a cyclic neural network RNN, a long and short term memory network LSTM or a transducer to carry out modeling, and the mapping relation between the input characteristics and the output labels is learned and optimized through the learning and training of the model. By means of the combined training mode, a network security level protection model can be formed, and the model can automatically predict and generate corresponding evaluation conclusion according to input evaluation result records. The model has higher accuracy and generalization capability, can automatically complete evaluation and decision process of network security level protection, and improves efficiency and accuracy of network security level protection work.
Referring to fig. 3, in an embodiment of the present invention, the network security level protection model is specifically obtained by:
s1000, designing a network security level protection evaluation model: the model target is to obtain risk points of the tested object according to the result record of the field evaluation and the comprehensive analysis of the result record and the knowledge base set, and give a rectifying and modifying suggestion;
interview voice, detection method, detection object, current security measure and detection result record in the field evaluation process are used as data source input;
and outputting whether the tested object meets the network security level protection evaluation basic requirement of the corresponding level, and indicating potential risk points and corresponding correction suggestions.
S1100, collecting and annotating evaluation data: and collecting voice data in the field evaluation interview process, marking, and converting the voice data into a correct text format for training of a deep learning model.
Text data of relevant fields, such as security assessment reports and reformulation advice documents, are collected and subjected to semantic annotation.
S1200, automatic speech recognition ASR of site assessment interview: end-to-end ASR models are constructed and trained using a deep learning framework, such as TensorFlow or PyTorch. And combining the long-term memory network LSTM or the convolutional neural network CNN with an acoustic model to perform high-precision conversion from voice to text.
S1300, processing the text information recorded by the evaluation result: processing and understanding the converted text using natural speech processing techniques such as syntactic analysis and entity recognition; and loading the BERT model by using a text mining technology and algorithm, and extracting key information and classifying texts.
S1400, model training and algorithm optimization: performing supervised learning through the marked training set, optimizing the performance of the model by using cross validation and super-parameter adjustment, and simultaneously improving the adaptability and accuracy of the model by applying reinforcement learning or transfer learning.
S1500, performance evaluation and model verification: the model is subjected to a rigorous test, and the efficacy of the model in the actual situation is evaluated by using an unseen data set, and meanwhile, the evaluation and the suggested quality of the model are verified, so that the model meets the preset safety standard.
S1600, feedback loop and continuous improvement: and inputting a more perfect data set to the model periodically according to the new evaluation item data, and performing fine adjustment to the data source to perfect and strengthen the model.
Through the steps, the evaluation conclusion of the scene of the result record of the three-section type result record conversion of a certain safety basic requirement in different elements can be output.
Referring to fig. 4, in an embodiment of the present invention, a security management and device configuration scanning method based on intelligent voice interaction is designed, comprising the steps of:
s210, converting the detected object into a text through intelligent voice recognition;
s220, inputting the information into a three-section result record model for information conversion, and regulating three-section result records;
s230, matching the obtained three-section result record with a network security level protection model;
s240, outputting the corresponding evaluation conclusion of the three-section type result record by the network security level protection model.
Specifically, through intelligent speech recognition technology, the test result record of the related tested object dictated by the test operator in the test implementation process is converted into text, then the text is input into the three-section type result record model for conversion, the text is arranged into a standard three-section type result record, then the standard three-section type result record can be transmitted into the network security level protection model for matching through an interface, and the process can be completed by inputting element information such as a detection mode, a detection object and existing measures in the three-section type result record into the network security level protection model for learning and prediction. And obtaining the regular three-section result record and the corresponding evaluation conclusion through matching and learning. These conclusions may include whether the object under test meets the requirements of network security level protection, the risk points present, the corresponding rectification advice, and the like. The efficiency and the quality of field evaluation in network security level protection evaluation work can be improved.
In other embodiments, the device configuration may be provided by a party by scanning, and the scanning of the device configuration may include devices and systems such as network devices, servers, terminal devices, applications, and the like. Configuration information of the devices, such as operating system versions, application installation conditions, security patch levels, etc., is obtained through specialized scanning tools or techniques. After converting the scanning result of equipment configuration into a text, converting the text by using a three-section result record model, finishing the text into a standard three-section result record, and then matching the standard three-section result record with a network security level protection model, wherein the regular three-section result record and a corresponding evaluation conclusion can be obtained.
Furthermore, the overall analysis result can be generated after the comprehensive analysis of the single evaluation item result record, so that the overall network safety protection effect of the tested system can be further evaluated. Specifically, after each network device or system component is evaluated, a single evaluation result record is generated, the evaluation results of different devices or system components are compared by integrating and analyzing the single evaluation result record, the association and the existing security risk among the evaluation results are found to be combined with the overall network architecture and the security policy, the overall security condition is evaluated, and the overall analysis result record is generated. The network security condition can be more comprehensively known, and potential security risks and vulnerabilities can be found and timely solved.
In the embodiment of the invention, the risk analysis and rectification suggestion corresponding to the non-conforming evaluation conclusion is combined with the current system level and then the deep learning is carried out, so as to form the network security level protection rating and decision system based on artificial intelligence driving. By inputting the related evaluation object and result record information of the tested system, the result record, the grade protection correction proposal and the evaluation report which do not accord with the item can be rapidly output. The method realizes rapid and accurate automatic processing and decision support, and can effectively shorten the time for one party to evaluate and implement and report preparation. Not only improves the working efficiency, but also reduces the possibility of human error and omission.
Furthermore, the network security level protection evaluation method based on artificial intelligence is more real-time, accurate and flexible by combining the knowledge base with network security information, and can better cope with continuously-changing network threats and improve the network security protection effect.
In another embodiment of the invention, a network security level protection evaluation system and device based on artificial intelligence are also provided. The system and the device realize automatic network security level protection evaluation by integrating an artificial intelligence algorithm and network security level protection knowledge.
It should be noted that the foregoing explanation of the embodiment of the network security level protection evaluation method based on artificial intelligence is also applicable to the network security level protection evaluation system and device based on artificial intelligence of this embodiment, and will not be repeated here.
The foregoing examples merely illustrate embodiments of the invention and are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.
Claims (8)
1. The network security level protection evaluation method based on artificial intelligence is characterized by comprising the following steps of:
s100, constructing a network security level protection model based on deep learning and a knowledge graph, comprising the steps of creating a knowledge base set of network security level protection, acquiring element information of a basic requirement set of network security level protection, constructing a three-section result record model based on the element information, and outputting an evaluation conclusion;
s200, designing a security management and equipment configuration scanning method based on intelligent voice interaction, which is used for automatically identifying and summarizing voices, and forming network equipment unit evaluation item evidence and intermediate evaluation conclusion according to summary contents;
s300, constructing an artificial intelligent driven network security level protection rating and decision system, and outputting a result record, an evaluation report and a level protection correction proposal of an evaluation item;
s400, setting a network security information system for timely coping with continuously-changing network threats, collecting and monitoring vulnerability information in real time, comparing the vulnerability information with a tested system, automatically identifying the threats, evaluating risks and providing protection suggestions, and timely repairing the vulnerabilities.
2. The network security level protection evaluation method based on artificial intelligence according to claim 1, wherein the network security level protection knowledge base set includes network security related national legal regulations, network security level protection evaluation standards and network security level protection standard knowledge, and the related security requirement points are subjected to inductive analysis, specifically created by the following steps:
s110, data collection: the system comprises structured data and unstructured data, wherein the structured data comprises internal company data, external industry data and implementation data; the unstructured data comprise voice data, and voice preprocessing, voice-to-text and text post-processing are carried out on the voice data;
s120, splitting the document and writing the document into a vector database: after the data acquisition is completed, the data is subjected to refinement and segmentation, and the documents are classified according to the detection method, the detection object, the current safety measures and other subjects;
the segmentation steps are as follows:
(1) Introducing a natural language processing advanced technology, analyzing the syntax of the file and marking the semantic roles, and dividing the file;
(2) Text vectorization, comprising: loading a pre-training embedded model, converting sentences in the document into a vectorization representation form, taking the converted vectors as characteristics to train a classifier, classifying the document, and storing the result into a vector database;
s130, vector database optimization: the method comprises index optimization, quantization processing, parallel computing, data preprocessing and distance measurement selection;
s140, vector reasoning forms a database set: the existing security detection document library is converted into a numerical vector form, conversion is realized by applying an advanced embedded model, the advanced embedded model can capture deep semantic relations in texts, and then the vectorized data are integrated into a vector database to perform efficient similarity query and pattern recognition.
3. The network security level protection evaluation method based on artificial intelligence according to claim 2, wherein element information of a network security level protection basic requirement set is obtained based on a network security level protection knowledge base set, the element information comprises a detection mode, a detection object and existing measures, a three-section result record model is built based on the element information, and information security evaluation result record and evaluation conclusion are combined with the network security level protection basic requirement set to perform combined training through deep learning, so that the network security level protection model is obtained.
4. The network security level protection evaluation method based on artificial intelligence according to claim 3, wherein the network security level protection model is obtained by:
s1000, designing a network security level protection evaluation model: comprehensively analyzing the result record of the field evaluation and the knowledge base set to obtain risk points of the tested object, and giving a rectifying and modifying suggestion;
s1100, collecting and annotating evaluation data: labeling and annotating semantics on the field evaluation voice data;
s1200, automatic speech recognition of site assessment interviews: text conversion is carried out on the voice data;
s1300, processing the text information recorded by the evaluation result: processing the converted text, extracting key information and classifying the text;
s1400, model training and algorithm optimization: performing supervised learning through the marked training set, optimizing the performance of the model, and simultaneously improving the adaptability and accuracy of the model by applying reinforcement learning or transfer learning;
s1500, performance evaluation and model verification: carrying out strict test on the model, and simultaneously verifying the evaluation and the suggested quality of the model;
s1600, feedback loop and continuous improvement: and inputting a more perfect data set to the model periodically according to the new evaluation item data, and performing fine adjustment to the data source to perfect and strengthen the model.
5. The network security level protection evaluation method based on artificial intelligence according to claim 4, wherein the security management and equipment configuration scanning method based on intelligent voice interaction specifically comprises the following steps:
s210, converting the detected object into a text through intelligent voice recognition;
s220, inputting the information into a three-section result record model for information conversion, and regulating three-section result records;
s230, matching the obtained three-section result record with a network security level protection model;
s240, outputting the corresponding evaluation conclusion of the three-section type result record by the network security level protection model.
6. The method for evaluating network security level protection based on artificial intelligence according to claim 5, wherein the constructing the network security level protection rating and decision system driven by artificial intelligence specifically comprises performing deep learning on risk analysis and modification advice corresponding to an evaluation conclusion which does not conform to the current system level.
7. An artificial intelligence based network security level protection assessment system, comprising:
the network security level protection model module based on deep learning and knowledge patterns integrates network security level protection evaluation standards and network security level protection standard knowledge and is used for intelligently sensing network security level protection states;
the security management and equipment configuration scanning method module based on intelligent voice interaction is used for automatically identifying, summarizing and summarizing voice communication in interview process, and forming network equipment unit evaluation item evidence and intermediate evaluation conclusion according to summary content;
and the artificial intelligent driven network security level protection rating and decision system module is used for evaluating the network security level protection rating and outputting a result record, an evaluation report and a level protection correction proposal of the evaluation item.
8. An artificial intelligence based network security level protection assessment device, comprising the artificial intelligence based network security level protection assessment method and system as set forth in any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311828011.4A CN117768220A (en) | 2023-12-27 | 2023-12-27 | Network security level protection evaluation method, system and device based on artificial intelligence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311828011.4A CN117768220A (en) | 2023-12-27 | 2023-12-27 | Network security level protection evaluation method, system and device based on artificial intelligence |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117768220A true CN117768220A (en) | 2024-03-26 |
Family
ID=90325542
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311828011.4A Pending CN117768220A (en) | 2023-12-27 | 2023-12-27 | Network security level protection evaluation method, system and device based on artificial intelligence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117768220A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108965244A (en) * | 2018-05-30 | 2018-12-07 | 江苏安又恒信息科技有限公司 | A kind of Formal Safety Assessment method of network semi-automation |
| CN111934906A (en) * | 2020-07-05 | 2020-11-13 | 上海纽盾科技股份有限公司 | Artificial intelligence evaluation method, client and system for level protection |
| CN113407265A (en) * | 2021-05-07 | 2021-09-17 | 上海纽盾科技股份有限公司 | AR-based data acquisition method, device and system in equal insurance evaluation |
| CN115357906A (en) * | 2022-09-01 | 2022-11-18 | 中国电子科技集团公司第十五研究所 | Intelligent auxiliary evaluation method and system for network security level protection 2.0 |
| CN115907519A (en) * | 2022-11-03 | 2023-04-04 | 北京卓识网安技术股份有限公司 | Information security compliance detection method and system |
| WO2023116565A1 (en) * | 2021-12-21 | 2023-06-29 | 中电信数智科技有限公司 | Method for intelligently designing network security architecture diagram |
-
2023
- 2023-12-27 CN CN202311828011.4A patent/CN117768220A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108965244A (en) * | 2018-05-30 | 2018-12-07 | 江苏安又恒信息科技有限公司 | A kind of Formal Safety Assessment method of network semi-automation |
| CN111934906A (en) * | 2020-07-05 | 2020-11-13 | 上海纽盾科技股份有限公司 | Artificial intelligence evaluation method, client and system for level protection |
| CN113407265A (en) * | 2021-05-07 | 2021-09-17 | 上海纽盾科技股份有限公司 | AR-based data acquisition method, device and system in equal insurance evaluation |
| WO2023116565A1 (en) * | 2021-12-21 | 2023-06-29 | 中电信数智科技有限公司 | Method for intelligently designing network security architecture diagram |
| CN115357906A (en) * | 2022-09-01 | 2022-11-18 | 中国电子科技集团公司第十五研究所 | Intelligent auxiliary evaluation method and system for network security level protection 2.0 |
| CN115907519A (en) * | 2022-11-03 | 2023-04-04 | 北京卓识网安技术股份有限公司 | Information security compliance detection method and system |
Non-Patent Citations (1)
| Title |
|---|
| 陶源;黄涛;李末岩;胡巍;: "基于知识图谱驱动的网络安全等级保护日志审计分析模型研究", 信息网络安全, no. 01, 10 January 2020 (2020-01-10) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20050182736A1 (en) | Method and apparatus for determining contract attributes based on language patterns | |
| CN118013963B (en) | Method and device for identifying and replacing sensitive words | |
| CN114491034B (en) | Text classification method and intelligent device | |
| CN117648093A (en) | RPA flow automatic generation method based on large model and self-customized demand template | |
| CN116578980A (en) | Code analysis method and device based on neural network and electronic equipment | |
| CN118192949A (en) | Vulnerability code tool generation method, system and medium based on large language model | |
| CN118035757A (en) | Electric drive assembly fault diagnosis method and device based on large language model | |
| CN103853701A (en) | Neural-network-based self-learning semantic detection method and system | |
| CN110020190A (en) | A kind of suspected threat index verification method and system based on multi-instance learning | |
| CN116881971A (en) | Sensitive information leakage detection method, device and storage medium | |
| CN116578703A (en) | Intelligent identification system and method | |
| CN116976321A (en) | Text processing method, apparatus, computer device, storage medium, and program product | |
| CN113343051B (en) | Abnormal SQL detection model construction method and detection method | |
| CN117768220A (en) | Network security level protection evaluation method, system and device based on artificial intelligence | |
| CN114328819A (en) | Power safety production hidden danger pre-control method based on knowledge graph | |
| CN117056209B (en) | Software defect prediction model, interpretation method and quantitative evaluation method | |
| CN116863481A (en) | Service session risk processing method based on deep learning | |
| CN117112791B (en) | Unknown log classification decision system, method and device and readable storage medium | |
| CN118349998A (en) | Automatic code auditing method, device, equipment and storage medium | |
| CN116244407A (en) | Method and device for detecting financial transaction communication text and electronic equipment | |
| CN117218668A (en) | Intelligent small-scale method and system based on deep learning and rules | |
| CN118551045A (en) | Detection report auditing method and device based on large model | |
| CN118674169A (en) | Intelligent analysis method, system, device and medium for deep mining of enterprise data | |
| CN117896136A (en) | Sensitive file plaintext transmission risk early warning treatment method and system | |
| CN118677694A (en) | Chat content phishing detection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |