KR20180090537A - Artificial intelligence cause analysis pattern generation apparatus and analysis method - Google Patents

Artificial intelligence cause analysis pattern generation apparatus and analysis method Download PDF

Info

Publication number
KR20180090537A
KR20180090537A KR1020170015503A KR20170015503A KR20180090537A KR 20180090537 A KR20180090537 A KR 20180090537A KR 1020170015503 A KR1020170015503 A KR 1020170015503A KR 20170015503 A KR20170015503 A KR 20170015503A KR 20180090537 A KR20180090537 A KR 20180090537A
Authority
KR
South Korea
Prior art keywords
pattern
regular expression
payload area
keyword
extracting
Prior art date
Application number
KR1020170015503A
Other languages
Korean (ko)
Inventor
최강현
Original Assignee
최강현
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 최강현 filed Critical 최강현
Priority to KR1020170015503A priority Critical patent/KR20180090537A/en
Publication of KR20180090537A publication Critical patent/KR20180090537A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/31Indexing; Data structures therefor; Storage structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention relates to an apparatus and method for analyzing an accident using a new analysis method for enhancing accident intelligence by artificial intelligence.
The present invention relates to an artificial intelligence cause analysis pattern generating apparatus and a method of generating an artificial intelligence cause analysis pattern capable of generating a new pattern by analyzing an automatic pattern according to an artificial intelligence rule.

Description

[0001] ARTIFICIAL INTELLIGENCE CAUSE ANALYSIS PATTERN GENERATION APPARATUS AND ANALYSIS METHOD [0002]

Field of the Invention [0002] The present invention relates to an apparatus and method for generating an artificial intelligence causal analysis pattern, and more particularly, to a novel apparatus and method for enhancing intelligent intelligence by artificial intelligence.

Artificial intelligence is a field of computer engineering and information technology that studies how to make computers, such as thinking, learning, and self-development, to be able to imitate human intelligence.

Artificial intelligence does not exist in itself, but has many direct and indirect links with other areas of computer science. Especially, in the field of information technology, the artificial intelligence is introduced in many fields and it is actively trying to utilize it to solve problems in the field.

The evolution of artificial intelligence is not only limited to specific applications such as automatic translation, but also assumes a neural network structure consisting of numerous simple processor networks and processes, mimicking the human brain, rather than being a mathematical logic. will be.

While analyzing and acquiring human thoughts generally involves acquiring knowledge and information on a sequential basis, it devises a reverse sequential method of knowing the cause through outcome (result, phenomenon, reaction, etc.) And the like. The meaning of the pattern extraction mentioned here can serve as a neuron of an artificial neural network that presents a methodology including a simple pattern.

The present invention can be used in a wide variety of industrial fields.

The present invention relates to an apparatus and method for generating a cause analysis pattern, which is based on the theme of cause and effect and is applied to a new analysis method for enhancing an accident intelligence by artificial intelligence.

The present invention relates to an artificial intelligence analysis apparatus and an artificial intelligence analysis apparatus capable of automatically generating a new pattern (cause) by analyzing data (pattern or methodology) obtained by human experience (pattern or methodology) ≪ / RTI >

The cause analysis pattern of the present invention is broadly classified into a regular expression pattern and a numerical matrix pattern.

An apparatus for generating an artificial intelligence cause analysis pattern according to an aspect of the present invention includes:

A database for receiving and storing related information of an object corresponding to the response;

A pattern extracting unit for extracting a pattern of the related information; And

A pattern verification unit for verifying whether the extracted pattern is included in the database; And

And an output unit outputting the result of the object using the extracted pattern.

Preferably,

The related information of the object stored in the database is data received and stored through an external sensor, digital and analog signals, frequency, image, external network connected to a wired or wireless network, and data processed and stored in an internal device do.

Preferably,

The pattern extracting unit

A payload area designating part for designating a payload area of the related information;

A keyword extracting unit for extracting a keyword from the payload area; And

And a regular expression converting unit for converting the payload area including the keyword into a regular expression pattern.

Preferably,

Wherein the payload area is specified according to a predefined detection pattern,

The payload area is at least one of an image, a document, a file, or computer data and network data. The payload area is composed of at least one of decimal, binary, octal, hexadecimal, ASCII, .

Preferably,

If the object is a computer hacking program, the payload area may be a wired or wireless network other than a URL (Uniform Resource Locator), a Network Packet, a CPU (Central Processing Unit), a memory, a malicious code and an operating system kernel, Data received and stored through a connected external network, and internal and external device data.

Preferably,

The pattern extracting unit

The keyword is extracted based on the log duplication designation count or the log collection period, or

The keyword extracts a keyword matched with a predefined keyword database.

Preferably,

Wherein the conversion into the regular expression pattern is performed by replacing a portion matched with a predefined regular expression pattern database among the payload regions excluding the keyword,

The conversion into the regular expression pattern is performed by encoding a payload area including the substituted regular expression pattern with the keyword into a specific code.

Preferably,

 The encoded regular expression pattern is characterized by verifying whether a pattern generated in an existing log is applied.

Preferably,

The conversion into the regular expression pattern is to combine items that are overlapped with each other according to the manner in which they are examined to extract a unified regular expression.

Preferably,

The combined regular expression pattern is characterized by verifying whether a pattern generated in an existing log is applied.

Preferably,

The unified regular expression constructing the latest regular expression pattern is also updated according to the updated related information.

Preferably,

The pattern extracting unit

A payload area designating part for designating a payload area of the information;

A reference value extracting unit for extracting a reference value from the payload area; And

And a numeric matrix converter for converting the payload area including the reference value into a numerical matrix pattern.

Preferably,

Wherein the payload area is specified according to a predefined detection pattern,

The payload area is configured with at least one of various types of numeric data including sensors, digital and analog signals, frequency, graph, spectrum, image, and the first section is a reference point in a repetitive section of the numeric data. .

Preferably,

A face image representing an emotion of the person or an animal, and an output signal of a sensory organ expressing a physical condition when the object is a human or an animal.

Preferably,

The numerical matrix pattern extracting unit

The reference value is extracted on the basis of the log duplication designation count or the log collection period,

And the reference value is set to at least one of a minimum / average / maximum value.

Preferably,

The conversion into the numerical matrix pattern includes encoding the payload area including the reference value with a specific code, and converting the payload area into a numeric matrix.

Preferably,

The encoded numeric matrix pattern is characterized by verifying whether a pattern generated in an existing log is applied.

Preferably,

The conversion into the numerical matrix pattern is performed by combining items overlapping each other according to a method of reviewing to extract a union numeric matrix pattern.

Preferably,

And the union mathematical matrix pattern verifies whether a pattern generated in an existing log is applied.

Preferably,

And the unified sum matrix constituting the numerical matrix pattern is updated according to the updated related information.

A method for generating an artificial intelligence cause analysis pattern according to an aspect of the present invention includes:

 Receiving and storing related information of an object in a database;

A pattern extracting step of extracting a regular expression pattern of the related information;

A pattern verification step of verifying whether the extracted regular expression pattern is included in the database; And

And outputting a response to the object using the extracted regular expression pattern.

Preferably,

And the related information of the object is received through an external sensor, an external network connected to a wired or wireless network.

Preferably,

The pattern extracting step

A payload area designation step of designating a payload area of the information;

A keyword extracting step of extracting a keyword from the payload area; And

And a regular expression converting step of converting the payload area including the keyword into a regular expression pattern.

Preferably,

Wherein the payload area is specified according to a predefined detection pattern,

The payload area is at least one of an image, a document, a graph, and a computer data. The payload area is composed of at least one of decimal, binary, octal, hexadecimal, ASCII, and Base 64.

Preferably,

When the object is a computer hacking program, the payload area includes at least one of a URL (Uniform Resource Locator), a CPU (Central Processing Unit) memory, a malicious code, and an operating system kernel.

Preferably,

If the object is a computer hacking program

And the keyword is extracted on the basis of the number of designated log redundancy or the log collection period.

Preferably,

The regular expression converting step into the regular expression pattern includes encoding a payload area including the keyword into a specific code.

Preferably,

Wherein the encoded regular expression pattern verifies whether a pattern generated in an existing log is applied.

Preferably,

The step of converting into the regular expression pattern may further include extracting a unified regular expression by combining items overlapping each other.

Preferably,

The unified regular expression constructing the latest regular expression pattern is also updated according to the updated related information.

Preferably,

The pattern extracting step

A payload area designation step of designating a payload area of the information;

A reference value extracting step of extracting a reference value from the payload area; And

And converting the payload area including the reference value into a numerical matrix pattern.

Preferably,

Wherein the payload area is specified according to a predefined detection pattern,

The payload area is configured of at least one of various types of numeric data including sensors, digital and analog signals, frequency, spectrum, and image, and the first section is a reference point in a repeated section of the numeric data .

Preferably,

A face image representing an emotion of the person or an animal, and an output signal of a sensory organ expressing a physical condition when the object is a human or an animal.

Preferably,

The numerical matrix pattern extracting step

The reference value is extracted on the basis of the log duplication designation count or the log collection period,

The reference value may be set to at least one of a minimum / average / maximum value.

Preferably,

The step of converting into the numerical matrix pattern includes encoding the payload area including the reference value into a specific code and converting the payload area into a numeric matrix.

Preferably,

36. The method of claim 35,

The encoded numeric matrix pattern is characterized by verifying whether a pattern generated in an existing log is applied.

Preferably,

The conversion into the numerical matrix pattern includes a step of extracting a union numerical value matrix pattern by combining items overlapping each other.

Preferably,

And the unified sum numerical matrix constituting the latest numerical matrix pattern is updated according to the updated related information.

According to the artificial intelligence cause analysis pattern generating apparatus and analyzing method according to the present invention, since it is implemented as a deep learning method based on artificial intelligence, the accident intelligence of the accident analyzing apparatus increases with time, Can be generated.

1 is a schematic diagram of an apparatus for generating an artificial intelligence cause analysis pattern according to the present invention.
2 is a schematic view of a pattern extracting unit of an artificial intelligence cause analysis pattern apparatus according to the present invention.
FIG. 3A is a flowchart illustrating a regular expression pattern analysis method according to the present invention.
FIG. 3B is a flowchart illustrating a regular expression pattern extraction process according to the present invention.
4A is a flowchart illustrating a method of analyzing a numerical matrix pattern according to the present invention.
FIG. 4B is a flowchart illustrating a process of extracting a numerical matrix pattern according to the present invention.
5 is a diagram showing an example of a payload region to be detected.
6A shows an example of a regular expression for the ASCII (character) of the payload area.
FIG. 6B is a diagram showing an example of a specific code in encoding ASCII in FIG. 5A.
FIG. 7 is a diagram showing an example of a result of encoding a web payload region into a regular expression.
FIG. 8 is a flowchart illustrating a method for enhancing a regular expression pattern in an apparatus and method for generating an artificial intelligence cause analysis pattern according to the present invention.
Figure 9 is a diagram showing an example in the field of bodily organ (voice) signals in the payload area.
10 is a diagram showing an example of pattern extraction of a graph composed of numerical values in the pattern extracting unit of the apparatus for generating an artificial intelligence cause analysis pattern according to the present invention.
11 is a diagram showing an example of a result of encoding a numeric matrix into a numeric matrix pattern.
FIG. 12 is a flowchart illustrating a method for enhancing a regular expression pattern in an apparatus and method for generating an artificial intelligence cause analysis pattern according to the present invention.

For a better understanding of the present invention and operational advantages of the present invention and the objects achieved by the practice of the present invention, reference should be made to the accompanying drawings and the accompanying drawings which illustrate preferred embodiments of the present invention.

Hereinafter, the present invention will be described in detail with reference to the preferred embodiments of the present invention with reference to the accompanying drawings. Like reference numerals in the drawings denote like elements.

In the present invention, the term " payload region "refers to a sensor output signal, an image, a document, a file, a digital signal, an analog signal, a graph or a computer Data, and network data, and may be at least one of decimal, binary, octal, hexadecimal, ASCII, non-Base64 encoded data, and numeric and numeric matrices.

The regular expression pattern method and the numerical matrix pattern method extracted in the present invention can be used individually or in whole according to the related field and purpose, and can be used in a mixing and multiplexing method if necessary.

In the present invention, the term "regular expression" is an expression including a character class for expressing a pattern of a payload, special characters, and other characters.

As a concrete example of expressing regular expressions, patterns can be expressed as [az], [AZ], [0-9], or whitespace () can be expressed as [[: space:]] To use it, escape the special character with a backslash ('\') character.

A specific example of a special character that can be used in pattern expression is as follows:

 '.' Special character - represents any single character, whatever the character is -

'*' Special character - means the character immediately before it, indicating that the character is missing or more than one -

'+' Special character - means the character immediately before '+', indicating that the character is more than one -

'?' Special character - '?' Indicates that there is no preceding character or -

'^' Special character - indicates that it starts with the same string as the string immediately following it -

'$' Special character - point to the end of the string -,

The string or special character for expressing regular expressions may vary depending on the payload's subject or language used.

The term " User Defined Keyword "in the present invention means predefining keywords in order to improve accuracy and system performance according to the purpose (related field).

As a concrete example of expressing a dictionary keyword, in a case of a hacking program, each frequently used function list (Union, Select, Exec etc.) and commands (cmd / c, nc -c, etc.) But can be used differently depending on the purpose.

The term " User Defined Regular Expression "in the present invention means predefining a regular expression pattern to improve accuracy and system performance according to the purpose (related field).

As a specific example of expressing a dictionary regular expression, a typical regular expression (date, time, URL, etc.) and an encoded region (unicode, utf16, oct, base64, etc.) It is only one example, and can be used differently depending on the purpose.

Another specific example of the payload area is a computer hacking program, such as a URL (Uniform Resource Locator), a Network Packet, a CPU (Central Processing Unit) memory, a malicious code and an operating system kernel, .

The term " response "in the present invention refers to a result value or a result pattern or a result phenomenon of a cause result theme in artificial intelligence. In the case of a hacking program, an optimal result value or result pattern Lt; / RTI >

As another concrete example of the response, in the case of a uniform resource locator (URL) received by the computer hacking program as the payload area, the optimal response of the apparatus and method for generating an AI pattern of the present invention will be a successful hacking attack.

A successful attack response can extract and generate a new attack (Zero-Day Attack) detection pattern in artificial intelligence.

This is because it can block and defend with the new attack pattern extracted by this device and other security equipment.

1 is a schematic diagram of an apparatus for generating an artificial intelligence cause analysis pattern according to the present invention.

1A is a block diagram illustrating an apparatus for generating an artificial intelligence cause analysis pattern according to the present invention. FIG. 1B is a specific application example of FIG. 1A, showing a schematic diagram of an artificial intelligence cause analysis pattern generating apparatus in a hacking program .

1A, the artificial intelligence cause analysis pattern apparatus of the present invention includes a database 120, a pattern extracting unit 110, a pattern verifying unit 130, and an output unit 140.

The database 120 receives and stores related information of a plurality of objects corresponding to the response.

The pattern extracting unit 110 extracts a regular expression pattern of the related information.

The verification unit 130 verifies whether the extracted regular expression pattern includes the corresponding pattern in the database.

The output unit 140 outputs the response value when applied to the extracted regular expression pattern.

As a specific application example of FIG. 1A, a schematic diagram of an artificial intelligence cause analysis pattern generating apparatus of the present invention applied to a hacking program is shown in FIG. 1B.

The database 120 receives and stores various related information corresponding to the response.

The pattern extracting unit 110 includes a payload area designating unit 201, a keyword extracting unit 202, and a regular expression converting unit 203, as will be described in more detail with reference to FIG.

The function and role of each component of the pattern extracting unit will be described in more detail in Fig.

As shown in FIG. 1B, the response of the output unit 140 may be 'successful attack of a hacking'.

The hacking attack shown in FIG. 1B is merely one example of hacking, but is not limited thereto.

2A is a schematic diagram of a pattern extracting unit of an artificial intelligence cause analysis pattern generating apparatus according to the present invention.

Hereinafter, unless otherwise specified, an artificial intelligence cause analysis pattern generation apparatus applied to a hacking program will be described as a specific application example. However, the artificial intelligence cause analysis pattern generating apparatus of the present invention should not be construed to be limited to being applied to a hacking program, and this is only one specific example.

The artificial intelligence cause analysis pattern generating apparatus according to the present invention includes a payload designating unit 201, a keyword extracting unit 202, and a regular expression converting unit 203.

The payload designation unit 201 designates a payload area to be detected.

The payload designation section designates the area for the detection pattern by predefining the payload area according to the attack type / type / manner.

The keyword extracting unit 202 extracts keywords from the payload area.

In the case of a regular expression expression, keyword extraction is performed by specifying the number of times of data collection for data that has been successfully attacked or by specifying a collection period separately.

The keyword extracting unit can further perform extraction using a predefined keyword database (not shown).

The keyword extracted by the keyword extracting unit may be stored in a separate database table (not shown).

The regular expression conversion unit 203 replaces the portion matched with the predefined regular expression pattern database (not shown) among the payload areas excluding the keyword.

The regular expression conversion unit 203 converts a payload area including a keyword or the like into a regular expression pattern.

In the case of encoding in the regular expression pattern, the regular expression part 203 can use a specific code in the regular expression part.

An example of a payload field including a keyword may include at least one of decimal, binary, octal, hexadecimal, ASCII, Base 64, and encoded data other than encryption.

The transformed regular expression pattern can also be stored in a separate database table.

3A is a flowchart showing a regular expression pattern extraction method of the artificial intelligence cause analysis pattern generation method according to the present invention.

The artificial intelligence cause analysis pattern generation method of the present invention receives and stores related information of a plurality of objects corresponding to a response (S310).

Then, the regular expression pattern of the related information is extracted through a regular expression pattern extraction process described in detail with reference to FIG. 3B (S320).

Then, it is verified whether the extracted regular expression pattern is included in the received and stored database ($ 310) (S330).

Finally, a response to the object is output using the extracted regular expression pattern (S340).

FIG. 3B is a flowchart illustrating a regular expression pattern extraction process according to the present invention.

The artificial intelligence cause analysis pattern generation method of the present invention can be performed by a deep learning method based on artificial intelligence, but is not limited thereto.

Deep learning method based on artificial intelligence increases attack detection rate of hacking program over time.

The apparatus and method for generating an artificial intelligence cause analysis pattern according to the present invention designate a payload region to be detected in step 350.

The payload region may vary depending on the field to which the analysis method and apparatus of the present invention is applied.

 Although the embodiments shown in the drawings show applications to the field of IT security, the application field of the present invention is not limited to the field of IT security, but may be applied to various fields such as electric / electronic field, medical research field, It can be widely used in various industrial fields such as incident / accident detection analysis technology, Internet of Things (IoT), information & communication technology (ICT), R & D research field, research field, artificial intelligence robot .

Specific examples of payload areas in IT security are:

Example 1) User-Agent: Molzila? Id = 12 union select 1 = 1 -

or

Example 2) Refferer: http://example.com?id=12 union select 1 = 1 - Uniform resource locator (URL), for example.

In step 360, keyword extraction is performed in the designated payload area.

The keyword extraction is a step of extracting a string including a keyword matched with a predefined keyword database in a plain text state and a character string in a plain text state.

An example of a keyword extracted from the payload area of the example 2 is 'union select';

Refferer: http://example.com?id=12 union select 1 = 1 - can be.

The payload area including the keyword extracted in step 370 is converted into a regular expression pattern.

The conversion to the regular expression pattern is accomplished by encoding the payload region using a regular expression matched to the predefined regular expression pattern database described below and a specific code (numbers \ d, \ w for characters, \ s for whitespace characters, etc.) Process. The result of encoding the payload region of Example 2 into a regular expression pattern is as follows:

Refferer: http://example.com?id=[\d]+\sunion\sselect[\w\W]+.

(Regular expressions converted to specific code)

Refferer: http: // [\ w] + \. [\ W] {2,4} \ id = [\ d] + \ sunion \ sselect [\ w \ W] +.

(Regular expressions with predefined regular expressions (URL Domain))

5 is a diagram showing an example of a payload region to be detected.

As described above, the payload region may vary depending on the field to which the analyzing apparatus and the analyzing method of the present invention are applied.

Thus, in the case of a hacking program, examples of the payload area include a uniform resource locator (URL), a network packet, a central processing unit (CPU), a memory, a malicious code or an operating system kernel, It can be varied.

The payload area shown in FIG. 5 is a diagram showing an example in the field of IT security.

The 'union select' (410) in FIG. 5 shows an example of the keyword extracted by the keyword extracting unit (202).

6A shows an example of a regular expression for the ASCII (character) of the payload area.

The payload area may include DEC (decimal), BIN (binary), OCT (octal), HEX (hexadecimal), character (ASCII), Base64, or ASCII 7bit.

The payload area to be encoded in the regular expression shown in FIG. 6A may vary depending on country differences according to a foreign language expression, definition of UTF-8, UTF-16, and the like.

FIG. 6B is a diagram showing an example of a specific code in encoding ASCII in FIG. 5A.

FIG. 6B is a diagram showing an example of encoding a character string constituting a payload area except key words and a corresponding character string into a regular expression using a specific code.

In FIG. 6B, 'non-numeric character' means 'character excluding numeric characters' in the payload area. In the rest of the string, 'excluded character' means 'character that excludes the string'.

7 is a diagram showing an example of a result of encoding a web payload region into a regular expression.

Figure 7 shows an example of a web payload region to be detected.

The analysis function and analysis method of the learning function method according to the present invention can extract or encode plain text / regular expression patterns and can cope with attack patterns that are not known in the past using regular expression patterns generated by updating keywords or regular expression patterns Create a new corresponding signature.

FIG. 7 exemplifies only the URL path. However, Header information, Body (Html document, etc.), and other payloads can also be analyzed by an apparatus for generating an artificial intelligence analysis pattern and an analysis method using artificial intelligence using the analyzing apparatus of the present invention.

The regular expression pattern shown at 740 in FIG. 7 shows a primary result.

The regular expression pattern derived by the regular expression encoding verifies whether or not the pattern 120 is normally applied to the database 120.

The regular expression pattern derived by the regular expression encoding can be advanced to the second and third regular expression patterns according to the method discussed below.

FIG. 8 is a flowchart illustrating a method for enhancing a regular expression pattern in an apparatus and method for generating an artificial intelligence cause analysis pattern according to the present invention.

The payload area including the extracted keyword is encoded with a specific code to extract the first regular expression pattern (S810).

Items that are overlapped with each other in the first regular expression pattern are combined to extract a unified regular expression (S820).

The payload area including the keyword is updated to the secondary regular expression pattern including the unified regular expression extracted in step 820 (S830).

The update in step 830 may be performed periodically, and the regular expression pattern may be continuously updated to the second, third, or more.

The secondary and tertiary enhanced regular expression patterns verify whether the pattern 120 is normally applied to the database 120.

The reason why the unified regular expression is applied is that it is aimed to prevent the performance overload due to the system upgrading and to manage the pattern effectively, because there are many similar patterns (meaning).

As a result of applying the unified regular expression, it registers the advanced regular expression pattern combined with the similar type attack pattern and the zero-day attack pattern in the attack request detection pattern list.

The keyword value of each extracted item can be used or quoted as a unique identifier of the corresponding pattern.

The process of combining overlapping patterns among attack regular expression patterns is performed periodically.

Attack Patterns Identified in Real-Time Monitoring Threads Regular Expressions Periodically perform the process of converting a union to a regular expression.

The apparatus and method for generating an artificial intelligence cause analysis pattern in the present invention have described an embodiment of analyzing a character string.

However, analytical apparatus and analysis methods using a GPU-based deep-running algorithm of an image of a payload are also within the scope of the present invention.

Another specific example of the payload area may be a body sensory output signal (RF frequency, graph, etc.) in the case of a human emotional expression, a response phrase or signal to the emotional expression, or a plurality of other types of data.

The term " response "in the present invention refers to a result value or a result pattern of a cause result theme in artificial intelligence. In the case of an emotional expression, an optimal result value or a result pattern when a bodily sensory output signal is executed .

As a specific example of the response, when the output signal of the bodily sensory organ representing the emotional state of the person as the payload region is analyzed as being in an angry state, the optimal response of the response is the voice of the phrase " It is an expression or an expression of a sentence.

This is because the 'calm' response can extract and generate a response pattern when an opponent is angry on artificial intelligence.

This is because the robot can accept various expressions of the other person in response to forming the relationship with the human being.

1 is a schematic diagram of an apparatus for generating an artificial intelligence cause analysis pattern according to the present invention.

1A is a block diagram of an apparatus for generating an artificial intelligence cause analysis pattern according to the present invention, FIG. 1C is a specific application example of FIG. 1A, and shows a schematic diagram of an artificial intelligence cause analysis pattern generating apparatus in an emotional expression .

1A, the artificial intelligence cause analysis pattern apparatus of the present invention includes a database 120, a pattern extracting unit 110, a pattern verifying unit 130, and an output unit 140.

As shown in the numerical matrix pattern, the database 120 receives and stores related information of a plurality of objects corresponding to a response.

The pattern extracting unit 110 extracts a numerical matrix pattern of the related information.

The verification unit 130 verifies whether the extracted numerical matrix pattern includes the corresponding pattern in the database.

The output unit 140 outputs the above response when applied to the extracted numerical matrix pattern.

As a specific application of Fig. 1A, a schematic diagram of an artificial intelligence cause analysis pattern generating apparatus of the present invention applied to a sensory organ signal is shown in Fig. 1C.

The database 120 receives and stores various related information corresponding to the response.

The pattern extracting unit 110 includes a payload area specifying unit 211, a reference value extracting unit 212, and a numeric matrix converting unit 213, as will be described in more detail with reference to FIG. 2C.

The function and role of each component of the pattern extracting unit are described in more detail in FIG. 2B.

As shown in FIG. 1C, the response of the output unit 140 may be 'calm down'.

The 'calm down' shown in FIG. 1C refers to a simple example of emotional expression, but is not limited thereto.

FIG. 2B is a flowchart illustrating a process of extracting a numerical matrix pattern according to the present invention.

Hereinafter, unless otherwise specified, an artificial intelligence cause analysis pattern generation apparatus applied to emotional expression will be described as a specific application example. However, the artificial intelligence cause analysis pattern generating apparatus of the present invention should not be construed to be limited to being applied to emotional expression, and this is merely one specific example.

The artificial intelligence cause analysis pattern generating apparatus according to the present invention includes a payload assigning unit 211, a reference value extracting unit 212, and a numerical matrix converting unit 213.

The payload designation unit 211 designates a payload area to be detected.

The payload designating unit designates the area for the detection pattern through predefinition according to a separate reference point other than the wavelength length, time, frame, and the like in the payload area.

The reference value extraction unit 212 extracts a reference value or the like from the payload area.

In the case of the numerical matrix pattern, the reference value extraction is performed by specifying the number of times of data collection for a response such as a somatic sensory output signal or by separately designating a collection period to extract a reference value.

The keyword extracted by the reference value extracting unit may be stored in a separate database table (not shown).

The numerical pattern conversion unit 213 converts a payload area including a keyword or the like into a numerical matrix pattern.

In the case of encoding in a numeric matrix pattern, a specific code can be used for the area portion in the numeric matrix converter 213. [

An example of a payload field including a reference value and the like may include at least one of decimal, binary, octal, hexadecimal, ASCII, Base 64, encryption, and encoded data other than a regular expression.

The converted numerical matrix pattern can also be stored in a separate database table.

FIG. 4A is a flowchart showing a numerical matrix pattern extraction method of the artificial intelligence cause analysis pattern generation method according to the present invention.

The artificial intelligence cause analysis pattern generation method of the present invention receives and stores related information of a plurality of objects corresponding to a response (S410).

Then, the regular expression pattern of the related information is extracted through a numerical matrix pattern extraction process described in detail with reference to FIG. 4A (S420).

Then, it is verified whether the extracted numerical matrix pattern is included in the received and stored database (410) (S430).

Finally, a response to the object is output using the extracted numerical matrix pattern (S440).

4B is a flowchart illustrating a regular expression pattern extraction process according to the present invention.

The artificial intelligence cause analysis pattern generation method of the present invention can be performed by a deep learning method based on artificial intelligence, but is not limited thereto.

By implementing the deep learning method based on artificial intelligence, the detection rate of emotional expression increases with time.

The apparatus and method for generating an artificial intelligence cause analysis pattern according to the present invention designate a payload region to be detected in step 450.

The payload region may vary depending on the field to which the analysis method and apparatus of the present invention is applied.

 Although the embodiments shown in the drawings show applications to the field of emotional expression, the application field of the present invention is not limited to the field of emotional expression, but may be applied to various fields such as an electric / electronic field, a medical research field, a technology requiring integrity, It can be widely used in various industrial fields such as incident / accident detection analysis technology, Internet of Things (IoT), information & communication technology (ICT), R & D research field, research field, artificial intelligence robot .

Specific examples of payload regions in the sensory system signal include

Example 1)

Figure pat00001

or

Example 2)

Figure pat00002

A frequency, a spectrum, a wave-like line, or other data that can be expressed in various types of graphs.

In step 460, reference value extraction is performed in the designated payload area.

The reference value extraction is a step of extracting duplicate numerical values or the like in the matrix state.

An example of the reference value extracted from the payload area of each of the examples 1 and 2 may be as follows.

Figure pat00003

The payload area including the reference value extracted in step 470 is converted into a numerical matrix pattern.

The conversion to the numerical matrix pattern includes a process of encoding the payload area using a specific code (regular expression) or a range (Array) or the like described below. The result of encoding the payload region of Example 2 into a regular expression or region is as follows:

Figure pat00004

This is not limited to the above expressions, but includes expressions of the same meaning.

9 is a diagram showing an example of pattern extraction of a graph composed of numerical values in the pattern extracting unit of the apparatus for generating an artificial intelligence cause analysis pattern according to the present invention.

9, the maximum value 930 indicates a maximum value in the graph area, the minimum value 910 indicates a minimum value in the graph area, and the average value 920 indicates an average value in the graph area.

In the example of Fig. 9, the numerical pattern conversion can be determined as a reference value of the pattern by deriving the minimum value / average value / maximum value / pattern of the extracted pattern.

A pattern refers to a task of digitizing an increase / decrease form by extracting data values matching a specific unit in a specific unit with a reference point in a specific unit (wavelength length, time, etc.) in the graph area when the result is met.

10 is a diagram showing an example of pattern extraction of a graph composed of numerical values in the pattern extracting unit of the apparatus for generating an artificial intelligence cause analysis pattern according to the present invention.

In FIG. 10, '3.13E-01, -3.03E-02, 6.84E-01 3.30E-02 6.84E-01 4.08E-02 3.12E-01 -4.52E-02' 212). ≪ / RTI >

The payload area may include DEC (decimal), BIN (binary), OCT (octal), HEX (hexadecimal), character (ASCII), Base64, or ASCII 7bit.

The payload area to be encoded may vary depending on country differences according to a foreign language language expression, definition of UTF-8, UTF-16, and the like.

The payload area shown in Fig. 11 is an example showing an example in the field of organ organs (speech) signals.

As described above, the payload region may vary depending on the field to which the analyzing apparatus and the analyzing method of the present invention are applied.

Thus, in the case of bodily organ signals, examples of payload regions may vary, such as frequency, parameters, real numbers, numeric data other than imaginary numbers, and so on.

11 shows frequency log data related to voice signals.

For simplicity, it is divided into frequency: frequency, real number of S parameter, imaginary number of S parameter, S parameter can be divided into S11, S21, S12, S22.

In response, extract the data from the phrase "calm down" or the voice signal frequency when the signal is received.

Then, the frequency domain corresponding to each 'calm down' can be represented by the numerical matrix pattern 1140. This can be expressed differently for each language and expression, but the meanings are the same.

11, 3.10E-01, -3.03E-02, 6.84E-01 3.30E-02 6.84E-01 4.08E-02 3.12E-01 -4.52E-02 'in FIG. An example of extracted keywords is shown.

11 is a diagram showing an example of a result of encoding a sensory organs (voice) payload region into a numerical matrix pattern.

Figure 11 shows an example of a sensory organs (voice) payload region to be detected.

The analysis function and analysis method of the learning function method according to the present invention judges whether or not to express a counterpart using a numerical matrix pattern generated by extracting or encoding reference values / numerical ranges (arrays) and updating a reference value or a numerical matrix pattern (Spoken) pattern of the sensory organs.

11 shows only the body organ signal (voice), but the voice, image, pressure, density, density, electricity, radio wave, digital / analog signal, RF frequency and other payloads are also analyzed by artificial intelligence It can be analyzed by intelligence cause analysis pattern generation device and analysis method.

The numerical matrix pattern shown at 1140 in FIG. 11 shows a primary result.

The numerical matrix pattern derived by the numerical matrix encoding verifies whether or not the pattern 120 is normally applied to the database 120.

A numerical matrix pattern derived by encoding in a numerical matrix pattern can be advanced to a second or third order numerical matrix pattern according to the method discussed below.

FIG. 12 is a flowchart illustrating a method for enhancing a numerical matrix pattern in an apparatus and method for generating an analysis pattern of an AI cause according to the present invention.

In case of a semantically equivalent response value, the payload area including the extracted keyword is encoded with a specific code to extract a first-order numerical matrix pattern (S1210).

The combined numeric matrix pattern is extracted by combining items overlapping each other in the first-order numeric matrix pattern (S1220).

The payload area including the reference value and the like is updated to the second order numerical matrix pattern including the unified sum numerical matrix pattern extracted in step 1220 (S1230).

The update in step 1230 may be performed periodically, and the numeric matrix pattern may be continuously updated to the second, third, or more.

The secondary and tertiary mathematical mathematical patterns verify whether the pattern 120 is normally applied to the database 120.

The reason for applying the union sum matrix pattern is that it aims at systematic performance overload prevention and efficient pattern management while performing pattern upgrading because there are many patterns of similar type (meaning).

As a result of the application of the unified numeric matrix pattern, a mathematical pattern pattern that is advanced by combining patterns of similar types is registered in the list of sensory organ (voice) signal detection patterns.

The extracted reference value (s) of each item can be used or quoted as a unique identifier of the corresponding pattern.

Periodically, a process of combining overlapping patterns among the numerical matrix patterns is performed.

Attack Patterns Identified in Real-Time Monitoring Threads Regular Expressions Periodically perform the process of converting a union to a regular expression.

The apparatus and method for generating an artificial intelligence cause analysis pattern in the present invention have described an embodiment of the analysis on the numerical value and the numerical value range.

However, analytical apparatus and analysis methods using a GPU-based deep-running algorithm of an image of a payload are also within the scope of the present invention.

The artificial intelligence cause analysis pattern generation method of the present invention can be performed by a deep learning method based on artificial intelligence, but is not limited thereto.

As it is realized by the deep learning method based on artificial intelligence, the detection rate of the numerical matrix pattern increases with time.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the inventive concept as defined by the appended claims and their equivalents. It will be clear to those who have knowledge.

Claims (38)

A database for receiving and storing related information of an object corresponding to the response;
A pattern extracting unit for extracting a pattern of the related information; And
A pattern verification unit for verifying whether the extracted pattern is included in the database; And
And an output unit for outputting the result of the object using the extracted pattern. The method according to claim 1,
The related information of the object stored in the database is data received and stored through an external sensor, digital and analog signals, frequency, image, external network connected to a wired or wireless network, and data processed and stored in an internal device , An artificial intelligence cause analysis pattern generation device. The method of claim 2,
The pattern extracting unit
A payload area designating part for designating a payload area of the related information;
A keyword extracting unit for extracting a keyword from the payload area; And
And a regular expression conversion unit for converting the payload area including the keyword into a regular expression pattern. The method of claim 3,
Wherein the payload area is specified according to a predefined detection pattern,
The payload area is at least one of an image, a document, a file, or computer data and network data. The payload area is composed of at least one of decimal, binary, octal, hexadecimal, ASCII, To generate an artificial intelligence cause analysis pattern generating device. The method of claim 4,
If the object is a computer hacking program, the payload area may be a wired or wireless network other than a URL (Uniform Resource Locator), a Network Packet, a CPU (Central Processing Unit), a memory, a malicious code and an operating system kernel, Data received and stored through a connected external network, and internal and external device data. The method of claim 5,
The pattern extracting unit
The keyword is extracted based on the log duplication designation count or the log collection period, or
Wherein the keyword extracts a keyword matched with a predefined keyword database. The method of claim 5,
Wherein the conversion into the regular expression pattern is performed by replacing a portion matched with a predefined regular expression pattern database among the payload regions excluding the keyword,
Wherein the conversion into the regular expression pattern encodes the payload area including the substituted regular expression pattern with the keyword into a specific code. The method of claim 7,
Wherein the encoded regular expression pattern verifies whether a pattern generated in an existing log is applied. The method of claim 7,
Wherein the transformation into the regular expression pattern is performed by combining items overlapping each other according to a method of reviewing, and extracting a unified regular expression. The method of claim 9,
Wherein the combined regular expression pattern verifies whether a pattern generated in an existing log is applied. The method of claim 10,
Wherein the unified regular expression constructing the latest regular expression pattern is updated according to the updated related information. The method of claim 2,
The pattern extracting unit
A payload area designating part for designating a payload area of the information;
A reference value extracting unit for extracting a reference value from the payload area; And
And a numerical matrix converter for converting the payload area including the reference value into a numerical matrix pattern. The method of claim 12,
Wherein the payload area is specified according to a predefined detection pattern,
The payload area is configured with at least one of various types of numeric data including sensors, digital and analog signals, frequency, graph, spectrum, image, and the first section is a reference point in a repetitive section of the numeric data. To generate an artificial intelligence cause analysis pattern generating device. 14. The method of claim 13,
Wherein the object is at least one of a voice signal representing the emotion of the person or animal, a face image, and an output signal of a sensory organ expressing the physical condition when the object is a person or an animal, Device. 15. The method of claim 14,
The numerical matrix pattern extracting unit
The reference value is extracted on the basis of the log duplication designation count or the log collection period,
Wherein the reference value is set to at least one of a minimum / average / maximum value. 15. The method of claim 14,
Wherein the conversion into the numerical matrix pattern includes encoding the payload area including the reference value into a specific code and converting the encoded data into a numeric matrix. 18. The method of claim 16,
Wherein the encoded numeric matrix pattern verifies whether a pattern generated in an existing log is applied. 18. The method of claim 16,
Wherein the transformation into the numerical matrix pattern extracts a union numeric matrix pattern by combining items overlapping with each other according to a method to be examined. 19. The method of claim 18,
Wherein the union mathematical matrix pattern verifies whether a pattern generated in an existing log is applied. The method of claim 19,
Wherein the unity numerical matrix constituting the numerical matrix pattern is updated according to the updated related information. Receiving and storing related information of an object in a database;
A pattern extracting step of extracting a regular expression pattern of the related information;
A pattern verification step of verifying whether the extracted regular expression pattern is included in the database; And
And outputting a response to the object using the extracted regular expression pattern. 23. The method of claim 21,
Wherein the related information of the object is received through an external sensor, a wired or an external network connected to the wireless network. 23. The method of claim 22,
The pattern extracting step
A payload area designation step of designating a payload area of the information;
A keyword extracting step of extracting a keyword from the payload area; And
And a regular expression converting step of converting a payload area including the keyword into a regular expression pattern. 24. The method of claim 23,
Wherein the payload area is specified according to a predefined detection pattern,
Characterized in that the payload region is at least one of an image, a document, a graph or computer data and is composed of at least one of decimal, binary, octal, hexadecimal, ASCII, Base 64, Generation method. 27. The method of claim 24,
If the object is a computer hacking program, the payload area includes at least one of a URL (Uniform Resource Locator), a CPU (Central Processing Unit) memory, a malicious code, and an operating system kernel, Way. 27. The method of claim 24,
If the object is a computer hacking program
Wherein the keyword is extracted based on a log redundancy designation count or a log collection period. 24. The method of claim 23,
Wherein the step of transforming the regular expression into the regular expression pattern includes encoding the payload field including the keyword into a specific code. 28. The method of claim 27,
Wherein the encoded regular expression pattern verifies whether a pattern generated in an existing log is applied. 28. The method of claim 27,
Wherein the step of transforming into the regular expression pattern further includes the step of extracting a unified regular expression by combining items overlapping each other. 29. The method of claim 29,
Wherein the unified regular expression constructing the latest regular expression pattern is also updated according to the updated related information. 23. The method of claim 22,
The pattern extracting step
A payload area designation step of designating a payload area of the information;
A reference value extracting step of extracting a reference value from the payload area; And
And converting the payload region including the reference value into a numerical matrix pattern. 32. The method of claim 31,
Wherein the payload area is specified according to a predefined detection pattern,
Wherein the payload area is constituted by at least one of various types of numerical data including sensors, digital and analog signals, frequency, spectrum and image, and the first section is a reference point in a repeated section of the numerical data , A method for generating an artificial intelligence cause analysis pattern. 33. The method of claim 32,
Wherein the object is at least one of a voice signal representing the emotion of the person or animal, a face image, and an output signal of a sensory organ expressing the physical condition when the object is a person or an animal, Way. 33. The method of claim 32,
The numerical matrix pattern extracting step
The reference value is extracted on the basis of the log duplication designation count or the log collection period,
Wherein the reference value and the like are set to at least one of a minimum / average / maximum value. 35. The method of claim 34,
Wherein the step of converting into the numerical matrix pattern includes encoding the payload area including the reference value into a specific code and converting the encoded data into a numeric matrix. 36. The method of claim 35,
Wherein the encoded numeric matrix pattern is verified whether a pattern generated in an existing log is applied. 37. The method of claim 36,
Wherein the transformation into the numerical matrix pattern includes combining items overlapping each other to extract a union numeric matrix pattern. 37. The method of claim 37,
Wherein the unity numerical matrix constituting the latest numerical matrix pattern is also updated according to the updated related information.

KR1020170015503A 2017-02-03 2017-02-03 Artificial intelligence cause analysis pattern generation apparatus and analysis method KR20180090537A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020170015503A KR20180090537A (en) 2017-02-03 2017-02-03 Artificial intelligence cause analysis pattern generation apparatus and analysis method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020170015503A KR20180090537A (en) 2017-02-03 2017-02-03 Artificial intelligence cause analysis pattern generation apparatus and analysis method

Publications (1)

Publication Number Publication Date
KR20180090537A true KR20180090537A (en) 2018-08-13

Family

ID=63250623

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020170015503A KR20180090537A (en) 2017-02-03 2017-02-03 Artificial intelligence cause analysis pattern generation apparatus and analysis method

Country Status (1)

Country Link
KR (1) KR20180090537A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020050671A1 (en) * 2018-09-06 2020-03-12 Samsung Electronics Co., Ltd. Method and apparatus for normalising data in artificial intelligence system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020050671A1 (en) * 2018-09-06 2020-03-12 Samsung Electronics Co., Ltd. Method and apparatus for normalising data in artificial intelligence system
US11937124B2 (en) 2018-09-06 2024-03-19 Samsung Electronics Co., Ltd. Method and apparatus for normalising data in artificial intelligence system

Similar Documents

Publication Publication Date Title
CN107516041B (en) WebShell detection method and system based on deep neural network
CN111428044B (en) Method, device, equipment and storage medium for acquiring supervision and identification results in multiple modes
CN108768986B (en) Encrypted traffic classification method, server and computer readable storage medium
US20220094713A1 (en) Malicious message detection
CN106778259A (en) A kind of abnormal behaviour based on big data machine learning finds method and system
CN111600919B (en) Method and device for constructing intelligent network application protection system model
CN108173854B (en) Safety monitoring method for power private protocol
CN112491643A (en) Deep packet inspection method, device, equipment and storage medium
KR20220066993A (en) Recognition of behavioural changes of online services
CN107579816A (en) Password dictionary generation method based on recurrent neural network
Altan SecureDeepNet‐IoT: A deep learning application for invasion detection in industrial Internet of things sensing systems
CN109446461A (en) A kind of method of CDN and CACHE caching flame content auditing
CN110011990A (en) Intranet security threatens intelligent analysis method
KR20180090537A (en) Artificial intelligence cause analysis pattern generation apparatus and analysis method
KR102118603B1 (en) A core sentence extraction method based on a deep learning algorithm
Ferrag et al. Revolutionizing Cyber Threat Detection with Large Language Models: A privacy-preserving BERT-based Lightweight Model for IoT/IIoT Devices
CN111310186A (en) Method, device and system for detecting confusion command line
Maudoux et al. Combined Forest: A New Supervised Approach for a Machine-Learning-based Botnets Detection
CN113239352A (en) Webshell detection method and system
CN114282218A (en) Attack detection method and device, electronic equipment and storage medium
CN111475812B (en) Webpage backdoor detection method and system based on data executable characteristics
Alex et al. Taylor–HHO algorithm: A hybrid optimization algorithm with deep long short‐term for malicious JavaScript detection
CN111562943B (en) Code clone detection method and device based on event embedded tree and GAT network
KR102202448B1 (en) Artificial intelligence based apparatus for handling malicious threats in files, method thereof and recording medium thereof
CN113935420A (en) Malicious encrypted data detection method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
A201 Request for examination
A302 Request for accelerated examination
E902 Notification of reason for refusal
E902 Notification of reason for refusal
E601 Decision to refuse application