CN117807590B - Information security prediction and monitoring system and method based on artificial intelligence - Google Patents
Information security prediction and monitoring system and method based on artificial intelligence Download PDFInfo
- Publication number
- CN117807590B CN117807590B CN202410231546.1A CN202410231546A CN117807590B CN 117807590 B CN117807590 B CN 117807590B CN 202410231546 A CN202410231546 A CN 202410231546A CN 117807590 B CN117807590 B CN 117807590B
- Authority
- CN
- China
- Prior art keywords
- data
- security
- prediction
- module
- data set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 238000012544 monitoring process Methods 0.000 title claims abstract description 33
- 238000013473 artificial intelligence Methods 0.000 title claims abstract description 24
- 230000004044 response Effects 0.000 claims abstract description 44
- 238000012545 processing Methods 0.000 claims abstract description 42
- 230000008569 process Effects 0.000 claims abstract description 38
- 238000007781 pre-processing Methods 0.000 claims abstract description 18
- 238000001514 detection method Methods 0.000 claims abstract description 7
- 238000012549 training Methods 0.000 claims description 39
- 238000004422 calculation algorithm Methods 0.000 claims description 31
- 230000009467 reduction Effects 0.000 claims description 18
- 238000004458 analytical method Methods 0.000 claims description 17
- 238000005457 optimization Methods 0.000 claims description 10
- 230000000694 effects Effects 0.000 claims description 6
- 230000002708 enhancing effect Effects 0.000 claims description 6
- 230000004927 fusion Effects 0.000 claims description 3
- 238000013507 mapping Methods 0.000 claims description 3
- 238000007405 data analysis Methods 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 13
- 230000008859 change Effects 0.000 description 10
- 238000013528 artificial neural network Methods 0.000 description 6
- 125000004122 cyclic group Chemical group 0.000 description 6
- 230000006399 behavior Effects 0.000 description 5
- 238000004140 cleaning Methods 0.000 description 5
- 238000012795 verification Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000013480 data collection Methods 0.000 description 3
- 238000011156 evaluation Methods 0.000 description 3
- 238000010801 machine learning Methods 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 2
- 241000700605 Viruses Species 0.000 description 2
- 238000012550 audit Methods 0.000 description 2
- 238000007635 classification algorithm Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000010606 normalization Methods 0.000 description 2
- 230000002085 persistent effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000033228 biological regulation Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 210000002569 neuron Anatomy 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000010183 spectrum analysis Methods 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 239000013598 vector Substances 0.000 description 1
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the technical field of prediction and detection systems, in particular to an information security prediction and monitoring system and method based on artificial intelligence. The method specifically comprises the following steps: firstly, collecting original information data, preprocessing the original information data to obtain a preprocessed data set, and then carrying out enhancement processing on the preprocessed data set; then, analyzing the data set after the enhancement treatment through a prediction model to obtain a prediction result of the security threat; and finally, based on the predicted result of the security threat, formulating a security response proposal and a policy, executing security measures, generating a response execution result and a status report, and simultaneously carrying out privacy protection on the information data. The technical problems of lack of compatibility in the data analysis and processing process and low accuracy of safety prediction results in the prior art are solved.
Description
Technical Field
The invention relates to the technical field of prediction and detection systems, in particular to an information security prediction and monitoring system and method based on artificial intelligence.
Background
In recent years, with rapid development of information technology, network security problems are increasingly prominent. Especially, under the promotion of new technologies such as big data, cloud computing, internet of things and the like, the types of security threats facing the information system are increased, and attack means are more complex. These threats include not only traditional viruses, trojans, hacking attacks, etc., but also more concealed and complex internal threats, advanced Persistent Threats (APT), etc. Against this background, conventional security protection methods based on rules and signatures have been difficult to cope with increasingly complex security threats, and a more intelligent and efficient security protection means is urgently needed. Advances in artificial intelligence technology have provided new possibilities for solving this problem. By utilizing artificial intelligence technologies such as machine learning, deep learning and the like, the security threat can be effectively analyzed and predicted, and the rapid identification and response of abnormal behaviors in a complex network environment can be realized. The system can learn from a large amount of data such as network traffic, user behaviors, system logs and the like, and identify the modes of normal behaviors and abnormal behaviors, so that early warning is carried out before security threat occurs, and the system can rapidly locate and respond when attack occurs.
There are many methods for predicting and monitoring information security, and our invention patent "network information security monitoring method and system based on artificial intelligence", application number: "CN202211243527.8", mainly includes: acquiring the whole content of a current interface by acquiring a current browsing network interface browsed by a current information browsing main body, and extracting current browsing subject information of the whole content of the current interface; obtaining standard network security supervision data and current comparison difference information; reading the text pinyin of the current contrast difference information, acquiring the current difference text pinyin, and extracting an image of the current contrast difference information, and acquiring a current abnormal risk image; generating a current Pinyin harmonic character, generating a current image risk value, judging whether a current browsing network interface has browsing risk, and if so, generating a current browsing interface risk prompt. According to the invention, comprehensive consideration in the browsing process is realized based on the characters and the images, so that the reliability and accuracy of network security judgment are improved.
However, the above technology has at least the following technical problems: the technical problems of lack of compatibility and low accuracy of safety prediction results in the data analysis and processing process are solved.
Disclosure of Invention
The invention provides an information security prediction and monitoring system and method based on artificial intelligence, which solve the technical problems of lack of compatibility and lower accuracy of security prediction results in the process of data analysis and processing in the prior art, and realize the technical effects of high compatibility, high accuracy processing and accurate security prediction of data.
The invention discloses an information security prediction and monitoring system and method based on artificial intelligence, which concretely comprises the following technical scheme:
an information security prediction and monitoring system based on artificial intelligence comprises the following parts:
The system comprises a data acquisition and preprocessing module, a data enhancement module, an intelligent threat ascertaining module, a decision support module, a safety response execution module and a privacy protection module;
The data acquisition and preprocessing module is used for carrying out data collection of multiple data sources to obtain original information data; preprocessing the original information data to obtain a preprocessed data set, and transmitting the preprocessed data set to a data enhancement module;
the data enhancement module is used for carrying out dimension reduction treatment on the preprocessed data set; performing enhancement processing on the data set subjected to the dimension reduction processing; the data set after the enhancement processing is sent to an intelligent threat detection module;
The intelligent threat ascertaining module analyzes the data set after the enhancement processing to obtain an analysis result, predicts potential information security threats based on the analysis result to obtain a prediction result of the security threats, and transmits the prediction result of the security threats to the decision support module;
the decision support module analyzes the prediction result of the security threat, formulates a security response suggestion and a policy, and sends the security response suggestion and the policy to the security response execution module;
The safety response executing module executes safety measures according to the safety response suggestion and the strategy, and analyzes the state in the executing process to obtain a response executing result and a state report;
and the privacy protection module is used for protecting the privacy of the data in the implementation process of the information security prediction and monitoring system.
An information security prediction and monitoring method based on artificial intelligence comprises the following steps:
s1, collecting original information data, preprocessing the original information data to obtain a preprocessed data set, and then carrying out enhancement processing on the preprocessed data set;
s2, analyzing the data set after the enhancement treatment through a prediction model to obtain a prediction result of the security threat;
and S3, based on the predicted result of the security threat, making a security response suggestion and a policy, executing security measures, generating a response execution result and a state report, and simultaneously carrying out privacy protection on information data.
Preferably, the S1 specifically includes:
In the process of preprocessing, a heterogeneous data coordination algorithm is introduced to adjust the isomerism and mismatch between different data sources.
Preferably, in the S1, the method further includes:
The specific implementation process of the heterogeneous data coordination algorithm is as follows: firstly, extracting features from each standardized data source; calculating the similarity between the features in different data sources; then carrying out data coordination processing based on the similarity; and finally, combining the coordinated features, constructing a coordinated feature set, and mapping the coordinated feature set to obtain a preprocessed data set.
Preferably, in the S1, the method further includes:
In the process of enhancing treatment, carrying out dimension reduction treatment on the preprocessed data set, and carrying out synthetic data treatment on the data set subjected to the dimension reduction treatment to obtain a synthetic data set; and carrying out data expansion on the synthesized data set to obtain the data set after enhancement processing.
Preferably, the S2 specifically includes:
Collecting historical threat information data and normal information data, and training and verifying a prediction model; and analyzing the data set after the enhancement processing by using a prediction model which is trained and verified to obtain a prediction result of the security threat.
Preferably, in the S2, the method further includes:
in the process of training a prediction model, a frequency domain balance optimization algorithm is introduced to adjust the training set based on the frequency domain.
Preferably, in the S2, the method further includes:
in the process of training the prediction model, a dynamic weight adjusting algorithm is introduced to dynamically adjust the weights of the features.
Preferably, the S3 specifically includes:
Analyzing the prediction result of the security threat, and formulating a security response suggestion and strategy according to the type, severity and influence range of the threat; performing priority analysis based on the safety response suggestion and the strategy, and executing safety measures corresponding to the safety response suggestion and the strategy according to the priority; and monitoring the executed safety measures in real time, collecting the execution state data, evaluating the effect of the safety measures, and sorting the safety measures into response execution results and state reports.
The technical scheme of the invention has the beneficial effects that:
The invention ensures the quality and consistency of data by cleaning, standardizing and structuring the conversion of the original data from a plurality of data sources, thereby providing an accurate and reliable basis for the subsequent analysis, effectively solving the problems of mismatching and isomerism among different data sources by using the isomerism data coordination algorithm, improving the compatibility and the use value of the data, reducing the complexity of the data by data reduction and synthetic data processing, enhancing the representativeness and diversity of a data set, improving the effectiveness of the data in model training and analysis, and enabling the system to predict and identify potential threats more accurately.
According to the invention, the cyclic neural network is utilized to train the model, and the training data is optimized and adjusted through the frequency domain balance optimization algorithm and the dynamic weight adjustment algorithm, so that the capability of capturing and analyzing complex data modes of the model is enhanced. This enables the model to more accurately identify and predict potential information security threats; the frequency domain balance optimization algorithm strengthens the characteristics which are not obvious in frequency, so that the model can capture all possible information. This is particularly advantageous for handling threat patterns that are complex or difficult to visually identify; the dynamic weight adjustment algorithm allows the model to be dynamically adjusted according to the change of the importance of the feature data in the training process, so that the model training process is more in line with the feature importance change trend in practical application.
Drawings
FIG. 1 is a block diagram of an artificial intelligence based information security prediction and monitoring system according to one embodiment of the present invention;
FIG. 2 is a flow chart of an artificial intelligence based information security prediction and monitoring method according to an embodiment of the present invention.
Detailed Description
In order to further illustrate the technical means and effects adopted by the present invention to achieve the preset purpose, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
The following specifically describes a specific scheme of the information security prediction and monitoring system and method based on artificial intelligence provided by the invention with reference to the accompanying drawings.
Referring to FIG. 1, a block diagram of an artificial intelligence based information security prediction and monitoring system according to one embodiment of the present invention is shown, the system comprising:
The system comprises a data acquisition and preprocessing module, a data enhancement module, an intelligent threat ascertaining module, a decision support module, a safety response execution module and a privacy protection module;
The data acquisition and preprocessing module is used for carrying out data collection of multiple data sources to obtain original information data, and the multiple data sources such as network traffic, system logs and user behaviors; preprocessing the original information data, such as cleaning, standardization and preliminary data conversion, to obtain a preprocessed data set, and transmitting the preprocessed data set to the data enhancement module;
The data enhancement module is used for carrying out dimension reduction on the preprocessed data set by using a data dimension reduction technology to obtain a dimension-reduced data set, carrying out enhancement on the dimension-reduced data set to obtain an enhanced data set, and sending the enhanced data set to the intelligent threat detection module;
The intelligent threat detection module is used for carrying out recognition analysis on the enhanced data set by using an optimized cyclic neural network technology to obtain an analysis result, predicting potential information security threats based on the analysis result to obtain a prediction result of the security threats, and transmitting the prediction result to the decision support module;
the decision support module analyzes the prediction result obtained by the intelligent threat detection module by using a machine learning classification algorithm, formulates a safety response suggestion and a strategy, and sends the safety response suggestion and the strategy to the safety response execution module;
The safety response execution module is used for executing specific safety measures according to the safety response suggestion and the strategy provided by the decision support module, analyzing the state in the execution process, obtaining a response execution result and a state report, and realizing the monitoring of information safety;
the privacy protection module is used for carrying out privacy protection on data in the implementation process of the information security prediction and monitoring system and protecting the security of user data;
Referring to FIG. 2, a flow chart of an artificial intelligence based information security prediction and monitoring method according to an embodiment of the invention is shown, the method comprising the steps of:
s1, collecting original information data, preprocessing the original information data to obtain a preprocessed data set, and then carrying out enhancement processing on the preprocessed data set;
Collecting information data of a plurality of data sources by using a data collection tool to obtain original information data; raw information data such as network traffic data, system logs, and user behavior data; and preprocessing the original information data, wherein the preprocessing specifically comprises the following steps:
Performing data cleaning by using a data cleaning technology, such as removing repeated records, correcting wrong data formats and filtering irrelevant data; carrying out standardization treatment on the cleaned data, namely converting the cleaned data into a consistent format, so that the standardized data meets the requirement of subsequent analysis; converting the normalized data into a form suitable for analysis, such as converting the original log into a structured data record; obtaining a preprocessed data set;
Further, in the implementation process of preprocessing, in order to deal with the problem of isomerism and mismatching from different data sources, a isomerism data coordination algorithm is introduced to adjust mismatching and isomerism among data; the heterogeneous data coordination algorithm is specifically realized as follows:
first, extracting key features from each standardized data source to form a key feature set Extracting the traffic size and duration from the network traffic data; extracting event types, time stamps and the like from the system log; and converting all key features into common dimensions and ranges:
,
wherein, Is/>Key features,/>Is a key feature after normalization; /(I)Is the minimum in the key feature set; /(I)Is the maximum in the key feature set;
Re-computing similarity between key features in different data sources :
,
Wherein,Is a measure of the distance between local features, such as using Euclidean distance; /(I)Is a measure of distance between global features, such as using cosine similarity; /(I)Representing the variance of the two feature vectors for capturing variability between features; /(I)Is an attenuation factor used for reducing the contribution of high variability among features to the similarity; /(I)And/>The weight parameters are used for adjusting the importance and influence of different feature dimensions; /(I)For balancing local and global features in a distance function;
Then carrying out data coordination processing based on the similarity; firstly, setting a fusion threshold according to expert experience method When the similarity is greater than/>At the time, coordination processing is carried out, and the characteristics after coordination/>Can be defined as:
,
Finally, combining all the coordinated features to construct a coordinated feature set, and remapping the coordinated feature set back to the original data structure by using the existing data processing algorithm to obtain a coordinated data set, namely a preprocessed data set;
Performing enhancement processing on the preprocessed data set to obtain an enhanced data set; the enhancement process is implemented as follows:
and adjusting the data dimension reduction technology according to the characteristics of the data and the required information retention degree. After the dimension reduction processing, the data should keep key characteristics, redundancy and unnecessary information are reduced, a data set after the dimension reduction processing is obtained, the data set after the dimension reduction processing is subjected to synthetic data processing, a trained generation countermeasure network model is used for generating a new data instance based on the data after the dimension reduction processing, and the data instance is added into the data set after the dimension reduction processing, so that a synthetic data set is obtained; performing data expansion on the synthesized data set by using a data expansion technology to obtain an expanded data set containing derivative characteristics, namely an enhanced data set;
The invention ensures the quality and consistency of data by cleaning, standardizing and structuring the conversion of the original data from a plurality of data sources, thereby providing an accurate and reliable basis for the subsequent analysis, effectively solving the problems of mismatching and isomerism among different data sources by using the isomerism data coordination algorithm, improving the compatibility and the use value of the data, reducing the complexity of the data by data reduction and synthetic data processing, enhancing the representativeness and diversity of a data set, improving the effectiveness of the data in model training and analysis, and enabling the system to predict and identify potential threats more accurately.
S2, analyzing the data set after the enhancement treatment through a prediction model to obtain a prediction result of the security threat;
Training a prediction model:
Collecting historical known threat information data and normal information data, classifying the historical known threat information data and normal information data to obtain a training set and a verification set, wherein the training set is used for model learning, and the verification set is used for model adjustment and evaluation; selecting a cyclic neural network frame for model training, and carrying out feature extraction and pretreatment on input training set data, wherein the pretreatment comprises normalization and standardization on the feature data; training a model using training set data, training processes such as feature extraction, forward propagation, loss calculation, back propagation, and weight update; further optimizing the cyclic neural network to obtain an optimized cyclic neural network technology, which specifically comprises the following steps:
In the training process, in order to avoid the loss and deficiency of the feature dimension information of the training set, a frequency domain balance optimization algorithm is introduced to adjust the training set, and the expression of the information loss dimension is enhanced by dynamically adjusting the frequency domain distribution of the data features in the model training process; the frequency domain balance optimization algorithm emphasizes the angle of data processing in information processing, and ensures that a model can capture all possible information by strengthening the characteristics which are not obvious in frequency, and the implementation process is as follows:
carrying out frequency domain analysis on each feature of the training set data, identifying a frequency band with lost information, and enhancing the lost frequency band;
Spectral analysis:
,
wherein, A frequency domain representation of the feature data; /(I)Representing feature data in a time domain, and obtaining features extracted from a training set; /(I)The representation frequency is a specific frequency point in fourier transform; /(I)Time is represented, and is an argument of time domain data; /(I)Is the imaginary part in the complex representation;
Training set frequency domain enhancement processing:
,
wherein, Original characteristic data of the training set; /(I)For enhancing the coefficient, the enhancement degree of the information loss frequency band is determined for controlling the enhancement degree of the data; /(I)Is the characteristic data processed by the frequency domain balance optimization algorithm;
Performing further model training on the frequency domain enhanced data to ensure that all possible information can be captured by the prediction model;
In order to avoid that in the training stage, when the predictive model cannot effectively adapt to the change due to the change of the importance of the feature data, a dynamic weight adjustment algorithm is introduced to flexibly cope with the dynamic change in the training process, so that the model training is more in accordance with the change trend of the importance of the feature in practical application; the dynamic weight adjustment algorithm dynamically adjusts the weights of the features according to different stages of model training so as to adapt to the change of the importance of the features; the implementation process is as follows:
Analyzing the contribution degree of the features to the output of the prediction model when each training period is finished, and adjusting the feature weight according to the contribution degree;
Degree of characteristic contribution Is calculated according to the formula:
,
wherein, For the output of training model,/>For/>Characteristic data processed by the frequency domain balance optimization algorithm;
and then carrying out weight adjustment:
,
wherein, For/>Characteristic weight of the period; /(I)For adjusting the coefficient; /(I)First/>Characteristic weight of the period;
The feature weight is dynamically adjusted through the algorithm so as to adapt to the change of the feature importance, and the finally obtained prediction model has higher accuracy and robustness;
Then, the trained prediction model is verified and evaluated by a cross verification technology by using a verification set, and model parameters such as learning rate, layer number, neuron number and the like are adjusted according to performance results, so that a verified prediction model is finally obtained;
Analyzing the enhanced data set by using a prediction model which is trained and verified to identify and predict potential information security threats, so as to obtain a prediction result of the security threats; the predicted outcome of the security threat includes: potential threat types, such as viruses, trojans, phishing, advanced Persistent Threats (APT), etc.; threat level, the predicted outcome may rank the threat according to the potential hazard level, such as low, medium, high level threat; systems that may be affected, such as a particular server, database, or network area; threat behavior patterns such as data theft, system destruction, unauthorized access, etc.; time information, time or duration at which the threat occurred.
According to the invention, the cyclic neural network is utilized to train the model, and the training data is optimized and adjusted through the frequency domain balance optimization algorithm and the dynamic weight adjustment algorithm, so that the capability of capturing and analyzing complex data modes of the model is enhanced. This enables the model to more accurately identify and predict potential information security threats; the frequency domain balance optimization algorithm strengthens the characteristics which are not obvious in frequency, so that the model can capture all possible information. This is particularly advantageous for handling threat patterns that are complex or difficult to visually identify; the dynamic weight adjustment algorithm allows the model to be dynamically adjusted according to the change of the importance of the feature data in the training process, so that the model training process is more in line with the feature importance change trend in practical application.
S3, based on the prediction result of the security threat, making a security response suggestion and a policy, executing security measures, generating a response execution result and a state report, and simultaneously carrying out privacy protection on information data;
Analyzing the predicted result of the security threat by using a machine learning classification algorithm, accurately understanding the essence of the threat and possibly causing specific influence on an information security prediction and monitoring system, and formulating specific security response suggestions and strategies according to the type, severity and influence range of the threat; security response suggestions and policies such as updating firewall rules, isolating affected system parts, initiating emergency response procedures, etc.;
Based on the safety response suggestion and the strategy, firstly, carrying out priority analysis by using a value priority method, and executing safety measures corresponding to the safety response suggestion and the strategy according to the priority; security measures such as configuring network devices, initiating security software, or sending alarms; monitoring the executed security measures in real time, collecting execution state data, and evaluating the effect of the security measures, for example, an information security prediction and monitoring system monitors network traffic to confirm whether a firewall rule effectively prevents bad access; finally, the collected execution state data and effect evaluation are arranged into a response execution result and a state report; status reports include, but are not limited to, handling of security events, evaluation of effectiveness of performed measures, future security recommendations, etc.;
In the implementation process of the information security prediction and monitoring system, privacy protection is carried out on information data, wherein privacy includes that when the data enter preprocessing from acquisition, anonymization processing is carried out on the acquired data, so that the data processed in the subsequent steps does not contain any information which can be traced to individuals, for example, the anonymization processing is carried out on the data by adopting a k-anonymization technology, so that the identification information of the individuals cannot be identified in a data set; the k-anonymization technique is the prior art and is not described in detail herein;
In the data processing link, strict access rights are set, for example, only technical management personnel are allowed to access a complete data set, and other users (such as non-technical management personnel) can only access processed summarized data or reports, and particularly, a role-based access control method is adopted to control the access to the data;
In the data transmission process, an encryption algorithm (such as AES and RSA) is used for encrypting the data in transmission, so that even if the data is intercepted in the transmission process, the data cannot be read by an unauthorized third party;
The privacy influence assessment and compliance check are carried out regularly to ensure the effectiveness of privacy protection measures and meet the latest legal and legal requirements, the regular internal audit and third party audit are arranged, the implementation condition of the privacy protection measures is assessed, and the privacy protection measures are adjusted according to the requirement; meanwhile, updating the privacy policy to reflect the latest legal regulation changes; the safety of the information data is ensured;
in summary, the information security prediction and monitoring system and method based on artificial intelligence are completed.
The sequence of the embodiments of the invention is merely for description and does not represent the advantages or disadvantages of the embodiments. The processes depicted in the accompanying drawings do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
In this specification, each embodiment is described in a progressive manner, and the same or similar parts of each embodiment are referred to each other, and each embodiment mainly describes differences from other embodiments.
The above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention, and are intended to be included in the scope of the present invention.
Claims (7)
1. The information security prediction and monitoring system based on artificial intelligence is characterized by comprising the following parts:
The system comprises a data acquisition and preprocessing module, a data enhancement module, an intelligent threat ascertaining module, a decision support module, a safety response execution module and a privacy protection module;
The data acquisition and preprocessing module is used for collecting data of at least two data sources to obtain original information data; preprocessing original information data, and introducing a heterogeneous data coordination algorithm to adjust the isomerism and mismatching among different data sources; the specific implementation process of the heterogeneous data coordination algorithm is as follows: firstly, extracting features from each standardized data source; calculating the similarity between the features in different data sources; then carrying out data coordination processing based on the similarity; finally, combining the coordinated features, constructing a coordinated feature set, and mapping the coordinated feature set to obtain a preprocessed data set; the implementation process of the data coordination process is as follows:
Setting fusion threshold according to expert experience method When the similarity is greater than/>At the time, coordination processing is carried out, and the characteristics after coordination/>The definition is as follows:
,
is the similarity between key features in different data sources,/> Is/>Normalized key features,/>Is the firstThe normalized key features; transmitting the preprocessed data set to a data enhancement module;
the data enhancement module is used for carrying out dimension reduction treatment on the preprocessed data set; performing enhancement processing on the data set subjected to the dimension reduction processing; the data set after the enhancement processing is sent to an intelligent threat detection module;
The intelligent threat ascertaining module analyzes the data set after the enhancement processing to obtain an analysis result, predicts potential information security threats based on the analysis result to obtain a prediction result of the security threats, and transmits the prediction result of the security threats to the decision support module;
the decision support module analyzes the prediction result of the security threat, formulates a security response suggestion and a policy, and sends the security response suggestion and the policy to the security response execution module;
The safety response executing module executes safety measures according to the safety response suggestion and the strategy, and analyzes the state in the executing process to obtain a response executing result and a state report;
and the privacy protection module is used for protecting the privacy of the data in the implementation process of the information security prediction and monitoring system.
2. The information security prediction and monitoring method based on artificial intelligence is characterized by comprising the following steps:
S1, collecting original information data, preprocessing the original information data, and introducing a heterogeneous data coordination algorithm to adjust the isomerism and mismatching among different data sources; the specific implementation process of the heterogeneous data coordination algorithm is as follows: firstly, extracting features from each standardized data source; calculating the similarity between the features in different data sources; then carrying out data coordination processing based on the similarity; finally, combining the coordinated features, constructing a coordinated feature set, and mapping the coordinated feature set to obtain a preprocessed data set; then carrying out enhancement treatment on the preprocessed data set; the implementation process of the data coordination process is as follows:
Setting fusion threshold according to expert experience method When the similarity is greater than/>At the time, coordination processing is carried out, and the characteristics after coordination/>The definition is as follows:
,
is the similarity between key features in different data sources,/> Is/>Normalized key features,/>Is the firstThe normalized key features;
s2, analyzing the data set after the enhancement treatment through a prediction model to obtain a prediction result of the security threat;
and S3, based on the predicted result of the security threat, making a security response suggestion and a policy, executing security measures, generating a response execution result and a state report, and simultaneously carrying out privacy protection on information data.
3. The method for predicting and monitoring information security based on artificial intelligence according to claim 2, wherein in S1, further comprising:
In the process of enhancing treatment, carrying out dimension reduction treatment on the preprocessed data set, and carrying out synthetic data treatment on the data set subjected to the dimension reduction treatment to obtain a synthetic data set; and carrying out data expansion on the synthesized data set to obtain the data set after enhancement processing.
4. The method for predicting and monitoring information security based on artificial intelligence according to claim 2, wherein S2 specifically comprises:
Collecting historical threat information data and normal information data, and training and verifying a prediction model; and analyzing the data set after the enhancement processing by using a prediction model which is trained and verified to obtain a prediction result of the security threat.
5. The method for predicting and monitoring information security based on artificial intelligence of claim 4, further comprising, in S2:
in the process of training a prediction model, a frequency domain balance optimization algorithm is introduced to adjust the training set based on the frequency domain.
6. The method for predicting and monitoring information security based on artificial intelligence of claim 5, further comprising, in S2:
in the process of training the prediction model, a dynamic weight adjusting algorithm is introduced to dynamically adjust the weights of the features.
7. The method for predicting and monitoring information security based on artificial intelligence according to claim 2, wherein S3 specifically comprises:
Analyzing the prediction result of the security threat, and formulating a security response suggestion and strategy according to the type, severity and influence range of the threat; performing priority analysis based on the safety response suggestion and the strategy, and executing safety measures corresponding to the safety response suggestion and the strategy according to the priority; and monitoring the executed safety measures in real time, collecting the execution state data, evaluating the effect of the safety measures, and sorting the safety measures into response execution results and state reports.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410231546.1A CN117807590B (en) | 2024-03-01 | 2024-03-01 | Information security prediction and monitoring system and method based on artificial intelligence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410231546.1A CN117807590B (en) | 2024-03-01 | 2024-03-01 | Information security prediction and monitoring system and method based on artificial intelligence |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117807590A CN117807590A (en) | 2024-04-02 |
| CN117807590B true CN117807590B (en) | 2024-04-26 |
Family
ID=90425971
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410231546.1A Active CN117807590B (en) | 2024-03-01 | 2024-03-01 | Information security prediction and monitoring system and method based on artificial intelligence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117807590B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116662989A (en) * | 2023-08-01 | 2023-08-29 | 深圳奥联信息安全技术有限公司 | Security data analysis method and system |
| CN117155667A (en) * | 2023-09-04 | 2023-12-01 | 杭州安恒信息技术股份有限公司 | Network security equipment information processing system, method, equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210174257A1 (en) * | 2019-12-04 | 2021-06-10 | Cerebri AI Inc. | Federated machine-Learning platform leveraging engineered features based on statistical tests |
-
2024
- 2024-03-01 CN CN202410231546.1A patent/CN117807590B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116662989A (en) * | 2023-08-01 | 2023-08-29 | 深圳奥联信息安全技术有限公司 | Security data analysis method and system |
| CN117155667A (en) * | 2023-09-04 | 2023-12-01 | 杭州安恒信息技术股份有限公司 | Network security equipment information processing system, method, equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 基于人工智能的安全态势预测技术研究综述;肖喜生;龙春;彭凯飞;魏金侠;赵静;冯伟华;陈瑞;;信息安全研究;20200604(第06期);36-43 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117807590A (en) | 2024-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109347801B (en) | Vulnerability exploitation risk assessment method based on multi-source word embedding and knowledge graph | |
| CN112804196A (en) | Log data processing method and device | |
| CN111641634B (en) | Honey net based active defense system and method for industrial control network | |
| CN110020687B (en) | Abnormal behavior analysis method and device based on operator situation perception portrait | |
| CN112637108B (en) | Internal threat analysis method and system based on anomaly detection and emotion analysis | |
| CN116662989B (en) | Security data analysis method and system | |
| CN114785563B (en) | Encryption malicious traffic detection method of soft voting strategy | |
| CN113904881B (en) | Intrusion detection rule false alarm processing method and device | |
| CN115987544A (en) | Network security threat prediction method and system based on threat intelligence | |
| CN117424740A (en) | Intelligent network equipment service host safety management system based on deep learning | |
| CN117478433B (en) | Network and information security dynamic early warning system | |
| CN110598397A (en) | Deep learning-based Unix system user malicious operation detection method | |
| CN117786748A (en) | Digital analysis management system and method based on Internet | |
| CN117592092A (en) | Secret checking method and system for database content | |
| Majidpour et al. | Application of deep learning to enhance the accuracy of intrusion detection in modern computer networks | |
| CN117807590B (en) | Information security prediction and monitoring system and method based on artificial intelligence | |
| Liao et al. | Research on network intrusion detection method based on deep learning algorithm | |
| CN116545679A (en) | Industrial situation security basic framework and network attack behavior feature analysis method | |
| Lu et al. | One intrusion detection method based on uniformed conditional dynamic mutual information | |
| CN111475380A (en) | Log analysis method and device | |
| CN118070294B (en) | Safety operation and maintenance big data processing system based on multidimensional data | |
| CN117421761B (en) | Database data information security monitoring method | |
| Yu et al. | Dynamic threat weight of network security communication based on multisource data analysis | |
| Abbas | IDS feature reduction using two algorithms | |
| CN117544420B (en) | Fusion system safety management method and system based on data analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |