CN113536303A - A data processing method and artificial intelligence server for big data information protection - Google Patents
A data processing method and artificial intelligence server for big data information protection Download PDFInfo
- Publication number
- CN113536303A CN113536303A CN202110877998.3A CN202110877998A CN113536303A CN 113536303 A CN113536303 A CN 113536303A CN 202110877998 A CN202110877998 A CN 202110877998A CN 113536303 A CN113536303 A CN 113536303A
- Authority
- CN
- China
- Prior art keywords
- requirement
- detection
- report
- visual description
- detection report
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/50—Indexing scheme relating to G06F9/50
- G06F2209/5018—Thread allocation
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computing Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
本申请涉及大数据信息防护的数据处理方法及人工智能服务器,由于第二行为安全检测线程的训练过程是基于第二检测报告视觉描述和第三检测报告视觉描述实现的,因而可以提高第二行为安全检测线程对新的输入信息的适应能力和应对能力,进而能够通过对已设置需求事项执行防护意图挖掘处理,得到对应的检测报告视觉描述,并根据检测报告视觉描述得到相应的检测报告,从而达到根据实际的数据信息防护需求得到相应检测报告的技术效果,并且本申请还能够确保得到的检测报告与已设置需求事项之间的高适配度和强关联,该行为安全检测报告能够尽可能全面、丰富地反映出与已设置需求事项相关的报告内容,从而为数据信息防护处理提供准确可靠的分析依据。
This application relates to a data processing method and an artificial intelligence server for big data information protection. Since the training process of the second behavior security detection thread is implemented based on the visual description of the second detection report and the visual description of the third detection report, the second behavior can be improved. The ability of the security detection thread to adapt and respond to new input information, and then it can obtain the corresponding visual description of the detection report by performing the protection intent mining process on the set requirements, and obtain the corresponding detection report according to the visual description of the detection report. It achieves the technical effect of obtaining the corresponding detection report according to the actual data information protection requirements, and the application can also ensure a high degree of adaptation and strong correlation between the obtained detection report and the set requirements, and the behavior security detection report can be as much as possible. It comprehensively and abundantly reflects the report content related to the set requirements, so as to provide an accurate and reliable analysis basis for data information protection processing.
Description
Technical Field
The embodiment of the application relates to the technical field of big data and information security, in particular to a data processing method for big data information protection and an artificial intelligence server.
Background
Data information security protection (also referred to as data security protection) refers to security protection processing based on an integrity level, a confidentiality level, a reliability level, and an availability level. Under the big data era, the data scale is continuously increased, and the frequent occurrence of data safety accidents is the first problem. Management to enhance data security is key to ensure that data reflecting user identity, behavior, etc. is not used illegally.
With the development of artificial intelligence, data protection processing combined with a neural network has gradually become one of main application means, and generally, information security detection can be realized by analyzing and processing interaction behaviors. However, in the practical application process, the inventor finds that it is difficult for the related technology to generate a behavior safety detection report with high matching degree and strong correlation according to different protection requirements, so that it is difficult to ensure the quality of the report content related to the set requirement items reflected by the behavior safety detection report, and further it is difficult to ensure the protection analysis reliability of the behavior safety detection report.
Disclosure of Invention
In view of this, the embodiment of the present application provides a data processing method for big data information protection and an artificial intelligence server.
The embodiment of the application provides a data processing method for big data information protection, wherein a data information protection process for executing the data processing method for big data information protection comprises a first behavior safety detection thread and a second behavior safety detection thread, and the first behavior safety detection thread is set to execute content feature extraction and content feature translation processing;
the method comprises the following steps:
acquiring set requirement items carrying a safety detection report of the expected behavior;
carrying out protection intention mining processing on the set requirement item through the second behavior safety detection thread to obtain a detection report visual description corresponding to the set requirement item;
obtaining a behavior safety detection report corresponding to the set requirement item based on the visual description of the detection report;
the first behavior safety detection thread is used for performing feature translation processing on the detection report visual description to obtain the behavior safety detection report; the training process of the second behavior safety detection thread comprises the following steps: and improving the thread variables of the second behavior safety detection thread until a second training completion index is met based on quality evaluation data corresponding to a second detection report visual description and a third detection report visual description, wherein the second detection report visual description is obtained by performing content feature extraction processing on a second detection report example by the first behavior safety detection thread, the third detection report visual description is obtained by performing protection intention mining processing on a demand example corresponding to the second detection report example by the second behavior safety detection thread, and the demand example comprises demand items corresponding to the detection report example.
Under an independently implementable design idea, the mining process of the protection intention on the set requirement item to obtain the visual description of the detection report corresponding to the set requirement item includes:
determining key requirement constraint information corresponding to the set requirement items;
and executing the protection intention mining processing on the key requirement constraint information to obtain a detection report visual description corresponding to the set requirement item.
Under an independently implementable design concept, the determining key requirement constraint information corresponding to the set requirement item includes:
searching a first demand item matched with the set demand item in a demand information database;
distributing a first distinctive key for the first requirement item, and distributing a second distinctive key for each second requirement item other than the first requirement item in the requirement information database;
and integrating the first and second differential keywords to obtain the key demand constraint information.
Under an independently implementable design concept, the requirement information database includes an operation state requirement item, and the determining of the key requirement constraint information corresponding to the set requirement item includes:
configuring a third type keyword of the operation state requirement item as the set operation state information in response to a premise that the set operation state information is included in the set requirement item;
searching a first demand item which is adapted to a set demand item except the set operation state information in a demand information database;
labeling a first distinctive key for the first requirement item, and distributing a second distinctive key for each second requirement item other than the first requirement item and the operation state requirement item in the requirement information database;
and integrating the first differential type keywords, the second differential type keywords and the third differential type keywords to obtain the key demand constraint information.
Under an independently implementable design concept, the requirement information database includes an operation state requirement item, and the determining of the key requirement constraint information corresponding to the set requirement item includes:
in response to the premise that the set operation state information is not included in the set requirement item, distributing a fourth distinctive key word for the operation state requirement item in the requirement information database;
searching for a first demand item matched with the set demand item in the demand information database;
distributing a first distinctive key for the first requirement item, and distributing a second distinctive key for each second requirement item other than the first requirement item and the operation state requirement item in the requirement information database;
and integrating the first differential type keywords, the second differential type keywords and the fourth differential type keywords to obtain the key demand constraint information.
Under an independently implementable design concept, the distributing a fourth distinctive type keyword for the operation state requirement item in the requirement information database includes at least one of the following forms:
distributing a fourth distinct keyword to the operating state requirement item without limitation;
and obtaining operation state information adaptive to the set requirement item according to a behavior safety detection thread, and configuring the obtained operation state information as the fourth distinguishing type keyword.
Under an independently implementable design idea, the mining process of the protection intention on the set requirement item to obtain the visual description of the detection report corresponding to the set requirement item includes:
and executing at least one sliding average processing and at least one information dimension reduction processing on the key requirement constraint information to obtain the visual description of the detection report.
Under an independently implementable design concept, the content feature extraction and translation process includes:
a content feature extraction process to obtain a visual description of an inspection report corresponding to a feedstock-type inspection report based on the feedstock-type inspection report, and a feature translation process to obtain an inspection report corresponding to an incoming visual description of an inspection report based on the incoming visual description of the inspection report.
In an independently implementable design, the first behavioral security detection thread includes a dynamic-based dual-path activation model.
In an independently implementable design, the method further comprises the step of training the first behavioral security detection thread, comprising:
obtaining a first training example, the first training example comprising:
a first inspection reporting paradigm and a first inspection report visual description corresponding to the first inspection reporting paradigm;
respectively importing the first detection report example and the first detection report visual description into a first behavior security detection thread to execute the content feature extraction and content feature translation processing, so as to obtain an estimated detection report visual description corresponding to the first detection report example and an estimated detection report corresponding to the first detection report visual description;
and determining the first model quality quantitative evaluation of the first behavior safety detection thread based on the obtained prediction type detection report visual description and the prediction type detection report, and improving the first behavior safety detection thread in a feedback manner according to the first model quality quantitative evaluation until the first training completion index is met.
In an independently implementable design, the importing the first inspection report instance and the first inspection report visual description into a first behavior security inspection thread respectively to perform the content feature extraction and content feature translation processes to obtain an estimated inspection report visual description corresponding to the first inspection report instance and obtain an estimated inspection report corresponding to the first inspection report visual description includes:
extracting and processing the content characteristics of the first behavior safety detection thread to obtain an estimated detection report visual description corresponding to a first detection report example;
and obtaining an estimated detection report corresponding to the first detection report visual description according to the feature translation processing of the first behavior safety detection thread.
Under an independently implementable design idea, the determining a first model quality quantitative evaluation of a first behavior safety detection thread based on the obtained predictive detection report visual description and the predictive detection report, and improving the first behavior safety detection thread according to the first model quality quantitative evaluation feedback type until a first training completion index is met, includes:
obtaining first quality assessment data between a first inspection report paradigm and a predictive inspection report, and second quality assessment data between a first inspection report visual description and the predictive inspection report visual description;
determining the quality quantitative evaluation of the first model according to the first quality evaluation data and the second quality evaluation data;
and modifying the thread variable of the first behavior safety detection thread until the first training completion index is met on the premise that the first model quality quantitative evaluation value is larger than a first quantitative evaluation value.
Under a design concept that can be implemented independently, the method comprises the following steps:
and carrying out protection intention mining processing on the set requirement item through a second behavior safety detection thread to obtain a detection report visual description corresponding to the set requirement item, wherein the second behavior safety detection thread comprises a sparse feature mining model.
Under an independently implementable design concept, the step of training the second behavior safety detection thread through an auxiliary model includes:
obtaining a second training example, the second training example including a second inspection reporting example and a requirement example corresponding to the second inspection reporting example;
performing the content feature extraction process on the second inspection report example according to the first behavior security inspection thread to obtain a second inspection report visual description corresponding to the second inspection report example;
carrying out protection intention mining processing on the requirement example according to a second behavior safety detection thread to obtain a third detection report visual description corresponding to the requirement example;
and improving the thread variable of the second behavior safety detection thread according to the quality evaluation data corresponding to the auxiliary model based on the second detection report visual description and the third detection report visual description until a second training completion index is met.
Under an independently implementable design concept, the auxiliary model includes a decision unit, a difference analysis unit, and a demand secondary adjustment unit, and the method includes, based on quality evaluation data corresponding to the second detection report visual description and the third detection report visual description, improving a thread variable of the second behavior safety detection thread until the second training completion index is met according to the auxiliary model, including:
performing decision disturbance processing on the second detection report visual description and the third detection report visual description according to the decision unit to obtain third quality evaluation data between the second detection report visual description and the third detection report visual description based on the decision unit;
performing full-connection processing on the second detection report visual description and the third detection report visual description according to the difference analysis unit to obtain fourth quality evaluation data between the second detection report visual description and the third detection report visual description based on the difference analysis unit;
identifying a first operation state requirement corresponding to the third detection report visual description according to the requirement secondary adjustment unit, and obtaining fifth quality evaluation data between a second operation state requirement transmitted in the second behavior safety detection thread and the first operation state requirement;
and determining second model quality quantitative evaluation of a second behavior safety detection thread according to the third quality evaluation data, the fourth quality evaluation data and the fifth quality evaluation data, and improving the second behavior safety detection thread according to the second model quality quantitative evaluation until the second training completion index is met.
Under an independently implementable design concept, determining a second model quality quantitative evaluation of a second behavior safety detection thread according to the third quality evaluation data, the fourth quality evaluation data and the fifth quality evaluation data, and improving the second behavior safety detection thread according to the second model quality quantitative evaluation until a second training completion index is met, includes:
and in response to the premise that the second model quality quantitative evaluation value is larger than a second quantitative evaluation value, modifying the thread variable of the second behavior safety detection thread until the second model quality quantitative evaluation value is not larger than the second quantitative evaluation value, and determining that the second model quality quantitative evaluation value meets the second training completion index.
The embodiment of the application also provides an artificial intelligence server, which comprises a processor, a communication bus and a memory; the processor and the memory communicate via the communication bus, and the processor reads the computer program from the memory and runs the computer program to perform the method described above.
An embodiment of the present application further provides a computer storage medium, where a computer program is stored, and the computer program implements the method when running.
Compared with the prior art, in the embodiment of the application, the training process of the second behavior safety detection thread is realized based on the second detection report visual description and the third detection report visual description, so that the adaptability and the corresponding capability of the second behavior safety detection thread to new input information can be improved, the protection intention mining processing can be executed on the set requirement items, the corresponding detection report visual description is obtained, and the corresponding detection report is obtained according to the detection report visual description, so that the technical effect of obtaining the corresponding detection report according to the actual data information protection requirement is achieved, and the high adaptability and the strong association between the obtained detection report and the set requirement items can be ensured. The behavior safety detection report obtained by the embodiment of the application can reflect the report content related to the set requirement items as comprehensively and abundantly as possible, thereby providing accurate and reliable analysis basis for data information protection processing.
In the description that follows, additional features will be set forth, in part, in the description. These features will be in part apparent to those skilled in the art upon examination of the following and the accompanying drawings, or may be learned by production or use. The features of the present application may be realized and attained by practice or use of various aspects of the methodologies, instrumentalities and combinations particularly pointed out in the detailed examples that follow.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic block diagram of an artificial intelligence server according to an embodiment of the present disclosure.
Fig. 2 is a flowchart of a data processing method for big data information protection according to an embodiment of the present disclosure.
Fig. 3 is a block diagram of a data processing apparatus for big data information protection according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
Fig. 1 shows a block diagram of an artificial intelligence server 10 provided in an embodiment of the present application. The artificial intelligence server 10 in the embodiment of the present application may be a server with data storage, transmission, and processing functions, as shown in fig. 1, the artificial intelligence server 10 includes: memory 11, processor 12, communication bus 13 and big data information protected data processing device 20.
The memory 11, processor 12 and communication bus 13 are electrically connected, directly or indirectly, to enable the transfer or interaction of data. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The memory 11 stores a data processing device 20 for big data information protection, the data processing device 20 for big data information protection includes at least one software functional module that can be stored in the memory 11 in the form of software or firmware (firmware), and the processor 12 executes various functional applications and data processing by running software programs and modules stored in the memory 11, such as the data processing device 20 for big data information protection in the embodiment of the present application, that is, implements the data processing method for big data information protection in the embodiment of the present application.
The Memory 11 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 11 is used for storing a program, and the processor 12 executes the program after receiving an execution instruction.
The processor 12 may be an integrated circuit chip having data processing capabilities. The Processor 12 may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), and the like. The various methods, steps and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The communication bus 13 is used for establishing communication connection between the artificial intelligence server 10 and other communication terminal devices through a network, and realizing the transceiving operation of network signals and data. The network signal may include a wireless signal or a wired signal.
It will be appreciated that the configuration shown in FIG. 1 is merely illustrative and that the artificial intelligence server 10 may include more or fewer components than shown in FIG. 1 or may have a different configuration than shown in FIG. 1. The components shown in fig. 1 may be implemented in hardware, software, or a combination thereof.
An embodiment of the present application further provides a computer storage medium, where a computer program is stored, and the computer program implements the method when running.
Fig. 2 shows a flowchart of data processing of big data information protection provided by an embodiment of the present application. The method steps defined by the flow associated with the method, as applied to the artificial intelligence server 10, may be implemented by the processor 12, and include the following.
S10: and acquiring the set requirement items carrying the safety detection report of the expected behavior.
In the embodiment of the present application, the set requirement items include the set requirement of the detection report to be obtained, for example, the set requirement item may include at least one of online service environment information (e.g., a payment service environment, an online office service environment, an enterprise service environment, a smart city monitoring environment, etc.) corresponding to the detection report, security detection target category information (e.g., detection objects such as a user end and a client end) included in the detection report, distinct keyword information (e.g., tag identification information) of the security detection target, interest information of the security detection target, operation state and distribution information (e.g., relative network node position information in a data network) of the security detection target, multi-modal description information (e.g., attribute information) of the security detection target, and the like, that is, information related to the obtained detection report may be used as the set requirement item.
Under some possible design ideas, the recording mode of the set requirement items can be at least one of an auditory sense recording mode (voice recording), a visual sense recording mode (character recording), a mixed sense recording mode (image recording) and the like, and the set requirement items can be analyzed and identified to obtain the set requirements contained in the set requirement items. For example, when the set requirement item is in an auditory sense recording mode, the corresponding key field can be analyzed in an auditory sense recognition (voice recognition) mode, so that each set requirement (such as a data theft prevention requirement, a data verification requirement, an identity authority updating requirement and the like) in the set requirement item is obtained. Or, when the set requirement item is the interest image content, the corresponding interest category may be analyzed in a mixed sensory recognition manner, so as to obtain each set requirement in the set requirement item. Alternatively, when the set requirement item is in a visual sensory recording mode, each set requirement in the set requirement item can be obtained through visual sensory recognition or other types of recognition modes. The recording mode of the set requirement items is not particularly limited, and the set requirements covered in the set requirement items of different types can be obtained through corresponding analysis and identification modes.
Furthermore, the manner of acquiring the set requirement item may include at least one of the following forms: the input/output connector of the artificial intelligence server directly receives the incoming set requirement item, and receives the set requirement item transmitted by the external intelligent device through the interactive control, wherein the input/output connector can include: the touch panel, the microphone input, and the like, and the interactive control may include a Bluetooth control, a WiFi control, an NFC control, and the like, which are only exemplary illustrations, and this application is not limited thereto.
S20: and carrying out protection intention mining processing on the set requirement items to obtain a visual description of the detection report corresponding to the set requirement items.
In the embodiment of the application, after the set requirement item is obtained, the visual description of the detection report can be obtained based on the set requirement item. The protection intention mining processing can be executed on the set requirement items, so that the characteristic information obtained after the corresponding protection intention mining is obtained, namely the obtained visual description of the detection report. Wherein the protection intention mining process may include at least one round of sliding average processing (convolution processing) and at least one round of information dimension reduction processing (pooling processing).
Under some possible design considerations, step S20 may be implemented by a behavior safety detection thread, which may be a trained detection model that may obtain, according to the received set requirement item, a visual description of a detection report corresponding to the set requirement item. For example, the behavioral security detection thread may be a sparse feature mining model. Or under other design considerations, the protection intention mining process may also be executed according to a preset protection intention mining thread variable, which is not specifically limited in this application.
S30: and obtaining a behavior safety detection report corresponding to the set requirement item based on the visual description of the detection report.
After the visual description of the inspection report is obtained through step S20, the inspection report to be obtained can be further obtained through the obtained visual description of the inspection report. The behavior safety detection report is a detection report correspondingly adapted to the received set requirement item.
Under some possible design ideas, the corresponding detection report can be obtained directly through the visual description of the detection report, for example, the visual description of the detection report can be in a characteristic diagram (vector) or distribution list (matrix) recording mode, each element in the visual description of the detection report can represent the item content of each detection item of the detection report, and the corresponding detection report can be obtained according to each item content.
Under some possible design ideas, visual description of the detection report can be imported into the behavior safety detection thread, and the corresponding detection report is obtained through processing of the behavior safety detection thread. The behavior safety detection thread can be a trained behavior safety detection thread capable of obtaining a detection report with high precision according to the received detection report visual description. For example, the behavior safety detection thread may be a behavior safety detection thread based on a moving average idea. Alternatively, under other design considerations, the behavior safety detection thread may also be implemented by a dynamic-based dual-path activation model (such as a reversible model, a bidirectional model, and the like). The dynamic-based dual-path activation model may be a network trained to derive a visual description of a detection report corresponding to a received detection report from the detection report, and to derive a detection report corresponding to the visual description of the detection report from the visual description of the received detection report. That is, the behavioral security detection thread is capable of performing content feature extraction and content feature translation processes, wherein the content feature extraction and content feature translation processes (such as a codec process or a bi-directional process) include a content feature extraction process that obtains a detection report visual description corresponding to a raw-type detection report (such as input information) based on the raw-type detection report, and a feature translation process that obtains a detection report corresponding to an incoming detection report visual description based on the incoming detection report visual description. The selection of the behavior safety detection thread is not specifically limited in this application, and may be configured according to actual requirements.
Based on the configuration of the above embodiment, it is possible to obtain a corresponding detection report according to the received set requirement, obtain a complete and accurate visual description of the detection report by performing corresponding protection intention mining processing on the set requirement, and obtain a behavior safety detection report corresponding to the set requirement according to the visual description of the detection report, thereby improving the degree of adaptation (degree of matching) between the obtained detection report and the set requirement.
The processes of the examples of the present application are further described below. The following is a further implementation manner of step S20 in the data processing method for big data information protection according to the embodiment of the present application, wherein, under some design considerations that can be implemented independently, the protection intention mining process is performed on the set requirement item to obtain a visual description of a detection report corresponding to the set requirement item (step S20), which may include the following contents.
S21: and determining key requirement constraint information corresponding to the set requirement items.
Based on the above related embodiments, the set requirement items obtained in the embodiments of the present application may be information in different recording manners, such as visual sensory recording manner, auditory sensory recording manner, and mixed sensory recording manner, after the set requirement items in different recording manners are obtained, an analysis and identification operation may be performed to obtain corresponding set requirements, and further, key requirement constraint information (such as requirement characteristics or condition characteristics) corresponding to the set requirement items may be determined according to each obtained set requirement. According to the embodiment of the application, the quantitative processing of the set requirement items can be realized by converting the set requirement items into the recording mode of the key requirement constraint information, so that the corresponding operation processing of the artificial intelligence server is facilitated, and the operation processing efficiency is improved. The key requirement constraint information of the embodiment of the application can be in a characteristic diagram or distribution list recording mode, and each element in the key requirement constraint information indicates whether corresponding limitation requirements exist.
S22: and executing the protection intention mining processing on the key requirement constraint information to obtain the visual description of the detection report corresponding to the set requirement item.
After the key requirement constraint information is obtained, protection intention mining processing can be performed on the key requirement constraint information, wherein the key requirement constraint information can be in a feature map or distribution list recording mode, the corresponding obtained protection intention mining processing result can also be in a distribution list or feature map recording mode, and the detection report obtained by protection intention mining visually describes item content information of each detection item of the detection report. Wherein, the protection intention mining process can comprise at least one round of moving average processing and at least one round of information dimension reduction processing.
Through the above embodiment, it is possible to obtain a corresponding visual description of the detection report through the set requirement items, and the steps of step S20 are further described below. The following is a further implementation manner of step S21 in the data processing method for big data information protection according to the embodiment of the present application, wherein, under some design considerations that can be implemented independently, the determining of the key requirement constraint information corresponding to the set requirement item (step S21) may include the following.
S211: searching for a first demand item matched with the set demand item in a demand information database.
In the embodiment of the present application, a requirement information database may be deployed in advance, where the requirement information database may include various categories of requirement items, for example, may include different online service environment information, security detection target category information, interest information, operation state information, and the like, where the online service environment information is used to represent distribution information or service field information corresponding to the detection report, and may include: the detection method comprises the steps of block chain finance field, digital office field, intelligent education field, VR intelligent entertainment field, digital factory field and the like, wherein the category information of the security detection target can represent the category of the security detection target contained in the detection report, and the category information can comprise a client, an off-line user terminal, an on-line user terminal, gateway equipment, a handheld terminal and a business client identity, or can also be more specific security detection target information, such as a 'XXX client', correspondingly. The interest information may include: the operation state information may include "information upload", "data download", "interaction authority adjustment", and the like, so as to represent an operation state of a security detection target in a detection report, or may also include information such as "fast login", "account switching", "sleep", and the like under other design considerations, which are only exemplary to illustrate requirement items included in the requirement information database, and the requirement items included in the requirement information database may be adjusted based on actual requirements, and may also include other types or numbers of requirement items under other design considerations, which is not specifically limited in this application.
Since the requirement information database is deployed in advance, after the set requirement items are obtained, the set requirement in the set requirement items can be matched with each requirement item in the requirement information database, and a first requirement item adapted to the set requirement item in the requirement information database is searched (searched), where the adapting/matching is that the searched first requirement item is a requirement item identical to the set requirement item, for example, the set requirement item is right verification and behavior detection, and the first requirement item is right verification and behavior event. In the embodiment of the present application, each requirement item in the requirement information database may be divided into two types, where one type is a first requirement item, and the other type is a second requirement item, the first requirement item is a requirement that is adapted to each set requirement in the set requirement items, and the second requirement item is a requirement that is not adapted to each set requirement in the set requirement items.
S212: a first distinctive key is distributed for the first requirement item, and a second distinctive key is distributed for each second requirement item other than the first requirement item in the requirement information database.
It can be understood that, after looking for the first requirement item that is adapted to the set requirement items, a first distinct key (for example, a corresponding identifier is configured for the first requirement item) may be distributed for each first requirement item, where the first distinct key is used to represent that the corresponding requirement item is each set requirement in the set requirement items. And distributing a second differential key word for a second requirement item except the first requirement item in the requirement information database, wherein the second differential key word is used for representing that the corresponding requirement item is not any set requirement in the set requirement items. The first and second distinctive keywords may be different distinctive keywords, for example, the first distinctive keyword may be "W", the second distinctive keyword may be "P", in other embodiments, the first and second distinctive keywords may also be other distinctive keywords, and as long as the first and second requirement items can be distinguished, the embodiment of the present application may be implemented.
S213: and integrating the first and second differential keywords to obtain the key demand constraint information.
Based on step S212, a distinct keyword, such as a first distinct keyword or a second distinct keyword, distributed for each requirement item in the requirement information database may be obtained, and in the embodiment of the present application, each first distinct keyword and each second distinct keyword may be integrated according to a set rule to obtain a key requirement constraint information feature map (key requirement constraint information). In the embodiment of the application, each requirement item contained in the requirement information database has a certain ordering relationship, and after the differential type key words of each requirement item are obtained, the corresponding first differential type key words and the corresponding second differential type key words can be integrated according to the ordering relationship of each requirement item in the requirement information database, so that the corresponding key requirement constraint information is obtained.
In the embodiment of the application, the key requirement constraint information can be quantized values of the different keywords corresponding to the requirement items in the requirement information database, so that the set requirement items are quantized, and the subsequent protection intention mining processing operation is facilitated.
In the embodiment, different differential keywords are marked for the first requirement which is matched with the set requirement items and the second requirement which is not matched with the set requirement items in the requirement information database, so that the determination process of the key requirement constraint information is realized. In other possible implementation manners, the set requirement items may include an operation state requirement item related to an operation state of a security detection target in the detection report, and in the embodiment of the application, a corresponding differentiated keyword may be distributed for the operation state requirement item, and key requirement constraint information is correspondingly obtained. The following describes different embodiments.
In other embodiments of the present application, the set requirement item may include set operation state information, that is, the set requirement item gives a set operation state requirement regarding the security detection target in the detection report, and at this time, the set operation state information may be directly used as the third different type keyword of the operation state requirement item in the requirement information database. According to another implementation manner of the step S21 in the data processing method for big data information protection according to the embodiment of the present application, wherein, under some design considerations that can be implemented independently, the determining key requirement constraint information corresponding to the set requirement item (step S21) may further include the following.
S2111: configuring a third type keyword of the operation state requirement item as the set operation state information in response to a premise that the set operation state information is included in the set requirement item.
It is to be understood that the set operation state information included in the set requirement item may be directly determined as the third differential type keyword of the operation state requirement item in the requirement information database. For example. In the embodiment of the application, the set operation state information included in the set operation state information may be any value from "F" to "W" (F and W are selected according to an actual situation, where the value corresponding to F is smaller than the value corresponding to W), and represents a distribution situation of the significant behavior feature of the security detection target in the detection report. The transformation of the value corresponding to the set operation state information may be obtained through a process of analyzing and identifying the set requirement item, for example, mapping an initial quantization value representing the operation state requirement in the set requirement item to obtain a corresponding value, and using the value or a value obtained by optimizing the value as the third differentiation-type keyword.
S2112: searching for a first requirement adapted to a set requirement item other than the set operation state information in a requirement information database.
It can be understood that, in the embodiment of the present application, each requirement item in the requirement information database may be divided into two types, one type is a requirement adapted to the set requirement item, where the requirement item may include an operation state requirement item adapted to the set operation state information, and the remaining first requirements adapted to the set requirement item except the operation state requirement item, and the second type is a second requirement not adapted to the set requirement item.
S2113: labeling a first distinctive key for the first requirement item, and distributing a second distinctive key for each second requirement item other than the first requirement item and the operation state requirement item in the requirement information database.
Based on the above, after looking for the first requirement item adapted to the set requirement items, a first distinct keyword may be distributed for each first requirement item, where the first distinct keyword is used to represent that the corresponding requirement item is each set requirement in the set requirement items. And distributing a second differential key word for a second requirement item which is not matched with the set requirement item in the requirement information database, wherein the second differential key word is used for representing that the corresponding requirement item is not any set requirement in the set requirement item. The first and second distinctive keywords may be different distinctive keywords, for example, the first distinctive keyword may be "W", the second distinctive keyword may be "P", in other embodiments, the first and second distinctive keywords may also be other distinctive keywords, and as long as the first and second requirement items can be distinguished, the embodiment of the present application may be implemented.
Based on the embodiment, the distribution of the first requirement item, the second requirement item and the differentiated key words of the operation state requirement item in the requirement information database can be completed, so that the first requirement item, the second requirement item and the operation state requirement item can be accurately distinguished.
S2114: and integrating the first differential type keywords, the second differential type keywords and the third differential type keywords to obtain the key demand constraint information.
Through the above embodiment, the distinct type keywords distributed for each requirement item in the requirement information database, such as the first distinct type keyword, the second distinct type keyword, or the third distinct type keyword, can be obtained, and in the embodiment of the present application, each of the first distinct type keyword, the second distinct type keyword, and the third distinct type keyword can be integrated (for example, arranged and combined) according to a set rule, so as to obtain the key requirement constraint information feature map (key requirement constraint feature vector). In the embodiment of the application, the various requirement items contained in the requirement information database have a certain ordering relationship, and after the differential type keywords of the various requirement items are obtained, the corresponding first differential type keywords, second differential type keywords and third differential type keywords can be integrated according to the ordering relationship of the various requirement items in the requirement information database to obtain the corresponding key requirement constraint information, so that the integrity and the accuracy of the key requirement constraint information are ensured.
In other possible implementations, the set operation state information may not be included in the set requirement item, and at this time, the fourth distinctive key may be distributed to the operation state requirement item in the requirement information database. The following is another implementation manner of step S21 in the data processing method for big data information protection according to the embodiment of the present application, wherein, under some design considerations that can be implemented independently, the determining key requirement constraint information corresponding to the set requirement item (step S21) may further include the following.
S21111: and distributing a fourth differential key word for the operation state requirement item in the requirement information database in response to the premise that the set operation state information is not included in the set requirement item.
In the embodiment of the present application, on the premise that the set requirement item does not include the set operation state information, the fourth differentiated keyword may be distributed to the operation state requirement item in the requirement information database according to a set rule.
Under some possible design considerations, a fourth distinct keyword may be distributed for the operating state requirement without limitation; for example, like the third distinctive type keyword, the fourth distinctive type keyword may be any value from "F" to "W" and represents the distribution of the distinctive behavior characteristics of the security detection target in the detection report. In the process of obtaining the key requirement constraint information, the embodiment of the application can distribute the fourth differential keyword to the operation state requirement items in the requirement information database without limitation.
Or, in another possible implementation manner, operation state information adapted to the set requirement item may also be obtained according to a behavior safety detection thread, and the obtained operation state information is configured as the fourth distinctive type keyword. That is, in the embodiment of the present application, the operation state information adapted to the set requirement item may be obtained through a trained behavior safety detection thread. The behavior safety detection thread can be a behavior safety detection thread based on a moving average thought, and the behavior safety detection thread can receive the set operation state information and output the operation state information matched with the set requirement items. The combination of the operation state information and the set requirement items can lead the obtained detection report to have a better operation state initial quantization value.
According to the embodiment of the application, the operation state information adaptive to the set requirement item can be obtained through the trained behavior safety detection thread, and the obtained operation state information can be used as the fourth distinguishing type keyword of the operation state requirement item in the requirement information database.
S21112: searching for a first demand item matched with the set demand item in the demand information database.
It can be understood that, in the embodiment of the present application, each requirement item in the requirement information database may be divided into three types, one type is a first requirement item adapted to a set requirement item, the second type is an operation state requirement item, and the third type is a second requirement item which is not adapted to the set requirement item and is not an operation state requirement item.
S21113: a first distinctive key is distributed for the first requirement item, and a second distinctive key is distributed for each second requirement item other than the first requirement item and the operation state requirement item in the requirement information database.
Accordingly, after searching for the first requirement item adapted to the set requirement items, a first distinct keyword may be distributed for each first requirement item, where the first distinct keyword is used to represent that the corresponding requirement item is each set requirement in the set requirement items. And distributing a second difference type key word for a second requirement item which is not matched with the set requirement item except the operation state requirement item in the requirement information database, wherein the second difference type key word is used for representing that the corresponding requirement item is not any set requirement in the set requirement item. The first and second distinctive keywords may be different distinctive keywords, for example, the first distinctive keyword may be "W", the second distinctive keyword may be "P", in other embodiments, the first and second distinctive keywords may also be other distinctive keywords, and as long as the first and second requirement items can be distinguished, the embodiment of the present application may be implemented.
Based on the above-described embodiment, the distribution of the distinctive keywords of the first requirement item, the second requirement item, and the operation state requirement item in the requirement information database is completed.
S21114: and integrating the first differential type keywords, the second differential type keywords and the fourth differential type keywords to obtain the key demand constraint information.
Through the above embodiment, the distinct type keywords distributed for each requirement item in the requirement information database, such as the first distinct type keyword, the second distinct type keyword, or the fourth distinct type keyword, can be obtained, and in the embodiment of the present application, each of the first distinct type keyword, the second distinct type keyword, and the fourth distinct type keyword can be integrated according to the set rule, so as to obtain the key requirement constraint information feature map (key requirement constraint information). In the embodiment of the application, each requirement item contained in the requirement information database has a certain ordering relationship, and after the differential type key word of each requirement item is obtained, the corresponding first differential type key word, the corresponding second differential type key word and the corresponding fourth differential type key word can be integrated according to the ordering relationship of each requirement item in the requirement information database, so that the corresponding key requirement constraint information is obtained.
By applying the embodiment, the key requirement constraint information corresponding to the set requirement item can be obtained, and after the key requirement constraint information is obtained, protection intention mining processing can be performed on the key requirement constraint information so as to obtain the visual description of the detection report corresponding to the set requirement item. The protection intention mining process may include at least one round of sliding average process and at least one round of information dimension reduction process, where the sliding average units (convolution kernels) used in each round of information dimension reduction process may be the same or different, for example, h × h sliding average unit may be used, or 3h × 3h sliding average unit may be used, and may be specifically adjusted based on actual requirements. In addition, the information dimension reduction processing may also use the same thread variable or may also use different thread variables, which is not specifically limited in this application. Through the moving average processing and the information dimension reduction processing, each feature information in the key requirement constraint information can be further extracted, and meanwhile, the size of the key requirement constraint information can be modified to be the same as that of the detection report, or the size of the key requirement constraint information can be modified to be distributed preset size, so that the detection report visual description with the preset size is converted into a corresponding detection report.
Further, after the visual description of the inspection report is obtained, step S30 may be executed to obtain a corresponding inspection report according to the visual description of the inspection report.
Under some possible design ideas, the corresponding detection report can be obtained directly according to the item content of each detection item represented in the visual description of the detection report.
Under some possible design ideas, the detection report can be obtained through the visual description of the detection report by using a first behavior safety detection thread, and the first behavior safety detection thread can be a behavior safety detection thread which can be trained to convert the visual description of the detection report into the detection report with higher accuracy, such as a behavior safety detection thread based on a sliding average idea.
In other implementations, the first behavior security detection thread may also be a behavior security detection thread capable of performing a content feature extraction and content feature translation process, where the content feature extraction and content feature translation process includes: a content feature extraction process to obtain a visual description of an inspection report corresponding to a feedstock-type inspection report based on the feedstock-type inspection report, and a feature translation process to obtain an inspection report corresponding to an incoming visual description of an inspection report based on the incoming visual description of the inspection report.
In the embodiment of the application, the visual description of the detection report may be imported into the first behavior security detection thread, and the visual description of the detection report may be converted into a corresponding detection report through feature translation processing of the first behavior security detection thread, where the feature translation processing may include: feature reduction processing, bidirectional moving average processing, state equalization processing (channel equalization), normalization processing (regularization), and redundancy removal processing (weight reduction processing). The bidirectional moving average processing, the state equalization processing and the standardization processing can be repeated for multiple times, so that the integrity, the richness and the accuracy of the obtained detection report are improved.
In order to more clearly embody the specific procedures of the embodiments of the present application, the following description is given by way of example. The following is a related embodiment of a data information protection process of the data processing method for performing big data information protection according to the embodiment of the present application, that is, a first behavior security detection thread for performing content feature extraction and content feature translation processing. The network _ a may be a first behavior safety detection thread that obtains a detection report corresponding to the obtained visual description of the detection report, for example, the first behavior safety detection thread may be a dynamic-based dual-path activation model. Network _ B is a second behavior safety detection thread that determines key demand constraint information based on the set demand items, e.g., the second behavior safety detection thread may be a self-protection intent mining behavior safety detection thread. The technical effect of obtaining a corresponding detection report according to the set requirement items can be realized through the Networks _ A and the Networks _ B. The specific process is as follows: the set requirement item received by the embodiment of the application may include a "cross-border payment client that does not need behavior detection", where the set requirement in the set requirement item may be obtained as follows: and cross-border is not needed to perform behavior detection and pay client side (the distinct keyword Identity document of the security detection target in the detection report), so that when the set requirement item is imported into the second behavior security detection thread, the first distinct keyword corresponding to the cross-border and pay client side in the requirement information database can be configured as 'W', and the distinct keyword corresponding to behavior detection can be configured as 'P', so as to obtain the key requirement constraint information of the part C1. Further, a distinctive key C2 (fourth distinctive key) of the operation status information, which may be set to "0.69", for example, may be distributed to the operation status requirement item in the requirement information database, and the distinctive keys of the C1 and C2 portions are linked to constitute the key requirement constraint information. The key requirement constraint information is imported into a protection intention mining unit (such as an encoding unit) to execute protection intention mining processing, wherein a protection intention mining thread variable of the protection intention mining processing is determined through training, the protection intention mining thread variable is not specifically limited in the application, and a corresponding detection report visual description report can be obtained through the protection intention mining processing.
After the detection report visual description report is obtained, the detection report visual description report can be imported into the first behavior security detection thread, and a detection report corresponding to the detection report visual description report can be obtained according to feature translation processing of the first behavior security detection thread.
The foregoing is merely an illustration of embodiments of the present application and is not intended to be a specific limitation of the embodiments of the present application.
The following specifically describes a training process of the first behavior safety detection thread and the second behavior safety detection thread in the embodiment of the present application. For example, the first training example may include a first detection reporting example and a first feature example corresponding to the first detection reporting example. The following is an implementation of training a first behavior security detection thread according to an embodiment of the present application. The training of the first behavior safety detection thread may include the following contents that can be implemented independently.
S41: obtaining a first training example, the first training example comprising: a plurality of first inspection reporting instances and a first inspection report visual description corresponding to the first inspection reporting instances.
Wherein the first inspection report is an exemplary inspection report, and the first visual inspection report description is a visual inspection report description corresponding to the exemplary inspection report. In the content feature extraction process, the first inspection report paradigm may be used as an input of the model, the first inspection report visual description may be used as a supervision paradigm, and in the feature translation process, the first inspection report visual description may be used as an input of the model, and the first inspection report paradigm may be used as a supervision paradigm.
S42: and respectively importing the first detection report example and the first detection report visual description into a first behavior security detection thread to execute the content feature extraction and content feature translation processing, so as to obtain an estimated detection report visual description corresponding to the first detection report example and an estimated detection report corresponding to the first detection report visual description.
According to the embodiment of the application, the pre-estimated inspection report visual description corresponding to the first inspection report example can be obtained by extracting and processing the content features of the first behavior security inspection thread; and obtaining an estimated detection report corresponding to the first detection report visual description according to the feature translation processing of the first behavior safety detection thread.
After the predictive type inspection report visual description and the predictive type inspection report are obtained, the optimization of the first behavioral security inspection thread may be performed according to the obtained predictive type result.
S43: and determining the first model quality quantitative evaluation of the first behavior safety detection thread based on the obtained prediction type detection report visual description and the prediction type detection report, and improving the first behavior safety detection thread in a feedback manner according to the first model quality quantitative evaluation until the first training completion index is met.
In this embodiment, a first model quality quantitative evaluation (model loss) of the first behavioral security inspection thread may be determined according to first quality evaluation data (loss value) between the predictive inspection report and the incoming first inspection report instance and second quality evaluation data between the predictive inspection report visual description and the incoming first inspection report visual description, and a thread variable (such as weight and/or bias) of the first behavioral security inspection thread may be modified according to the first model quality quantitative evaluation until a first training completion indicator is met, that is, the first model quality quantitative evaluation is not greater than the first quantitative evaluation value.
The following is a further implementation manner of step S43 in the method for training the first behavior security detection thread according to the embodiment of the present application. For some independently implementable technical solutions, the determining a first model quantitative quality evaluation of the first behavioral safety detection thread based on the obtained predictive detection report visual description and the predictive detection report, and improving the first behavioral safety detection thread according to the first model quantitative quality evaluation feedback until the first training completion index is met may include the following.
S431: first quality assessment data between a first exam reporting paradigm and a predictive exam report is obtained, and second quality assessment data between a first exam report visual description and the predictive exam report visual description is obtained.
Wherein the first quality-assessment data may represent a quantified difference (e.g., a difference) between the first inspection-report paradigm and the predictive-type inspection report, and the second quality-assessment data may represent a quantified difference between the first inspection-report visual description and the predictive-type inspection-report visual description.
S432: and determining the quality quantitative evaluation of the first model according to the first quality evaluation data and the second quality evaluation data.
In this embodiment of the present application, the quantitative quality evaluation of the first model may be equal to a weighted result of the first quality evaluation data and the second quality evaluation data, and the influence factor (weight) of each quality evaluation data may be set in advance, for example, may be 0.7 and 0.3, respectively, but this application is not limited thereto.
S433: and in response to the premise that the first model quality quantitative evaluation is greater than a first quantitative evaluation value, improving the thread variable of the first behavior safety detection thread in a feedback mode until the first model quality quantitative evaluation is not greater than the first quantitative evaluation value and the first model quality quantitative evaluation is determined to meet the first training completion index.
According to the embodiment of the application, when the obtained first model quality quantitative evaluation value is less than or equal to the first quantitative evaluation value, the first model quality quantitative evaluation value can be determined to meet the training requirement, the training of the first behavior safety detection thread can be completed at the moment, the obtained first behavior safety detection thread can obtain the corresponding characteristics completely and accurately through the transmitted detection report, and the corresponding detection report can be obtained according to the obtained characteristic feedback analysis (reverse). Conversely, when the first model quantitative evaluation value is greater than the first quantitative evaluation value, the thread variable of the first behavioral security detection thread, such as an improved running average thread variable, a normalized (normalized) thread variable, and the like, may be modified, specifically determined according to the actual model structure of the behavioral security detection thread, until the first model quantitative evaluation value is not greater than the first quantitative evaluation value, and determined to meet the first training completion indicator.
For the training of the second behavior safety detection thread, an auxiliary model (such as a supervision model) may be introduced to train the second behavior safety detection thread. The following is a model architecture diagram for training a second behavioral security detection thread through an aiding model according to an embodiment of the present application. The following is a technical solution for training a second behavior safety detection thread in a detection report processing method according to an embodiment of the present application, and in some independently implementable technical solutions, the step of training the second behavior safety detection thread through an auxiliary model may include the following contents.
S51: a second training example is obtained, the second training example including a plurality of second inspection reporting examples and a requirement example corresponding to each of the second inspection reporting examples.
S52: and executing the content feature extraction processing on the inspection report example according to the first behavior security inspection thread to obtain a second inspection report visual description corresponding to the inspection report example.
S53: and carrying out protection intention mining processing on the requirement example according to a second behavior safety detection thread to obtain a third detection report visual description corresponding to the requirement example.
S54: and improving the thread variable of the second behavior safety detection thread according to the quality evaluation data corresponding to the auxiliary model based on the second detection report visual description and the third detection report visual description until a second training completion index is met.
When the second behavior safety detection thread is trained, the detection report of the embodiment of the application can be executed and processed through the trained first behavior safety detection thread, and the optimization training of the second behavior safety detection thread is executed according to the obtained detection report.
The training paradigm employed in training the second behavioral security inspection thread may include an inspection reporting paradigm and a requirement paradigm corresponding to the inspection reporting paradigm, which may include all of the requirement considerations of the corresponding inspection reporting paradigm.
The second inspection report example may be imported to the first behavior safety inspection thread, and the content feature extraction processing is executed by the first behavior safety inspection thread to obtain a second inspection report visual description corresponding to the second inspection report example, where the second inspection report visual description may be used as an actual feature of the supervisory process.
In addition, the requirement example can be guided into the second behavior safety detection thread, the key requirement constraint information of the requirement example can be obtained through the second behavior safety detection thread, the protection intention mining processing of the key requirement constraint information is further executed, and then the third detection report visual description corresponding to the requirement example is obtained.
And importing a second detection report visual description output by the first behavior safety detection thread and a third detection report visual description output by the second behavior safety detection thread into an auxiliary model, and improving the thread variable of the second behavior safety detection thread through the auxiliary model based on quality evaluation data between the second detection report visual description and the third detection report visual description until the training requirement is met.
In some possible embodiments, the auxiliary model may include three units, respectively a decision unit N1 (discriminant unit), a difference analysis unit N2 (classification unit), and a demand quadratic adjustment unit N3 (reconstruction unit). The decision unit N1 may generate a countermeasure model, which may be used to decide the authenticity of the second detection report visual description and the third detection report visual description, and when the optimization of the second behavior security detection thread is completed, the decision unit cannot distinguish the authenticity between the second detection report visual description and the third detection report visual description, which indicates that the third detection report visual description obtained by the second behavior security detection thread approaches or reaches the authentic second detection report visual description. The decision unit N1 is a thread-variable and modifiable decision unit behavior security detection thread, whose input is a third detection report visual description and output is 0 or 1, respectively indicating whether the third detection report visual description and the second detection report visual description can be decided, and first quality evaluation data based on the third detection report visual description and the second detection report visual description of the decision unit can be obtained through decision processing of the decision unit.
Furthermore, the second visual description and the third visual description of the inspection report may be imported to the variance analysis unit N2, and the full-link processing performed by the variance analysis unit may obtain a classification result of the second visual description and the third visual description of the inspection report, and correspondingly, the second quality evaluation data between the second visual description and the third visual description of the inspection report may be determined based on the classification result obtained by the variance analysis unit.
Further, the embodiment of the present application may further import the obtained visual description of the third inspection report into a requirement secondary adjustment unit N3, where the requirement secondary adjustment unit may be configured to reconstruct the operation state requirement C2 in the second behavior safety inspection thread. The obtained visual description of the third inspection report may include a first operation state requirement, the requirement example may include a real second operation state requirement, and the requirement secondary adjustment unit may obtain third quality evaluation data corresponding to the first operation state requirement and the second operation state requirement.
After the quality evaluation data of the network is obtained, when the second model quality quantitative evaluation of the second behavior safety detection thread is smaller than the second quantitative evaluation value, the second model quality quantitative evaluation of the second behavior safety detection thread is determined to be in accordance with the second training completion index, otherwise, on the premise that the second model quality quantitative evaluation of the second behavior safety detection thread is not in accordance with the second training completion index, the thread variable of the second behavior safety detection thread is fed back and improved. And then the optimized second behavior safety detection thread can be obtained.
Based on the above, the training of the first behavior safety detection thread and the second behavior safety detection thread may be completed, and the obtaining process of the detection report may be executed through each network completed by the training.
Under other independently implementable design ideas, after a behavior safety detection report matched with the set requirement item is obtained, behavior risk analysis can be performed on the behavior safety detection report, so that whether data information safety risk exists in the business behavior corresponding to the behavior safety detection report is judged based on the set requirement item. Based on this, the method further comprises the following: and calling a set AI intelligent network to perform behavior risk analysis on the behavior safety detection report to obtain a safety risk detection result corresponding to the behavior safety detection report.
Based on the above contents, under some design ideas that can be implemented independently, an AI intelligent network is called and set to perform behavior risk analysis on the behavior safety detection report, so as to obtain a safety risk detection result corresponding to the behavior safety detection report, which may include the following contents.
Step 100: and acquiring a security risk detection item queue corresponding to the behavior security detection report, wherein the security risk detection item queue comprises z security risk detection items with time sequence association, and z is an integer not less than 1.
In the embodiment of the application, the security risk detection item can be matched with the set requirement item.
Step 200: and acquiring a redundant detection item queue according to the safety risk detection item queue, wherein the redundant detection item queue comprises z redundant detection items with time sequence correlation.
In the embodiment of the present application, the redundant detection item may be understood as a noise detection item.
Step 300: and mining the subnet to acquire a security risk visual description queue through first key information included in the AI intelligent subnet based on the security risk detection project queue, wherein the security risk visual description queue comprises z security risk visual descriptions.
Step 400: and mining the subnet to acquire a redundant visual description queue through second key information included in the AI intelligent subnet based on the redundant detection item queue, wherein the redundant visual description queue comprises z redundant visual descriptions.
Step 500: and acquiring the quantitative classification possibility corresponding to the safety risk detection item through the item classification subnet included by the AI intelligent subnet based on the safety risk visual description queue and the redundant visual description queue.
Step 600: and determining the safety risk detection result of the safety risk detection item queue according to the quantitative classification possibility.
Based on the design idea, the confidence of the quantitative classification possibility corresponding to the safety risk detection item can be ensured through additionally considering and analyzing the redundant detection item, so that the integrity and the accuracy of the safety risk detection result of the safety risk detection item queue are ensured.
Under some design ideas that can be implemented independently, the obtaining, through an item classification subnet included in the AI intelligent subnet, a quantitative classification possibility corresponding to the security risk detection item queue based on the security risk visual description queue and the redundant visual description queue includes: acquiring z first key descriptions through a first state focus subnet included in the AI intelligent subnet based on the security risk visual description queue, wherein each first key description corresponds to one security risk visual description; acquiring z second key descriptions through a second state focus subnet included in the AI intelligent subnet based on the redundant visual description queue, wherein each second key description corresponds to one redundant visual description; combining the z first key descriptions and the z second key descriptions to obtain z target key descriptions, wherein each target key description comprises a first key description and a second key description; and acquiring the quantitative classification possibility corresponding to the safety risk detection item queue through the item classification subnet included by the AI intelligent subnet based on the z target key descriptions.
In a related example, the state-focused sub-network may be understood as a spatial attention network, so that the quantitative classification possibility corresponding to the security risk detection item queue can be determined as accurately as possible.
Under some independently implementable design considerations, said obtaining z first key descriptions through a first state-focused subnet comprised by said AI intelligent subnet based on said security risk visual description queue comprises: for each security risk visual description in the security risk visual description queue, obtaining a first polarity dimension reduction visual description through a polarity dimension reduction unit included in the first state focus subnet, wherein the first state focus subnet belongs to the AI intelligent subnet; for each security risk visual description in the security risk visual description queue, acquiring a first depolarizing dimension-reducing visual description through a depolarizing dimension-reducing unit included in the first state focus subnet; for each security risk visual description in the security risk visual description queue, based on the first polarity dimension reduction visual description and the first depolarization dimension reduction visual description, obtaining a first merged visual description through a moving average unit included in the first state focus subnet; for each security risk visual description in the security risk visual description queue, based on the first merged visual description and the security risk visual description, a first key description is obtained through a first depolarizing dimension reduction unit included in the first state focus subnet.
In the related example, the polarity dimension reduction unit may be understood as a maximum pooling layer, and the depolarization dimension reduction unit may be understood as an average pooling layer, and thus by performing description processing on the polarity dimension reduction unit and the depolarization dimension reduction unit, an accurate key description can be obtained.
Under some design considerations that can be independently implemented, the obtaining z second key descriptions through a second state-focused subnet included in the AI intelligent subnet based on the redundant visual description queue includes: for each redundant visual description in the redundant visual description queue, obtaining a second polarity dimension reduction visual description through a polarity dimension reduction unit included in the second state focus subnet, wherein the second state focus subnet belongs to the AI intelligent subnet; for each redundant visual description in the redundant visual description queue, acquiring a second depolarizing dimension-reducing visual description through a depolarizing dimension-reducing unit included in the second state focus subnet; for each redundant visual description in the redundant visual description queue, obtaining a second merged visual description through a moving average unit included in the second state focus subnet based on the second polarity dimension reduction visual description and the second depolarizing dimension reduction visual description; for each redundant visual description in the redundant visual description queue, based on the second merged visual description and the redundant visual description, obtaining a second key description through a second depolarization dimension reduction unit included in the second state focus subnet. Thus, an accurate and complete key description can be obtained.
Under some independently implementable design considerations, z is an integer greater than 1; the obtaining, based on the z target key descriptions, a quantitative classification likelihood corresponding to the security risk detection item queue through the item classification subnet included in the AI intelligent subnet includes: acquiring a global key description through a time sequence focusing subnet included by the AI intelligent subnet based on the z target key descriptions, wherein the global key description is determined according to the z target key descriptions and z streaming influence factors, and each target key description corresponds to one streaming influence factor; and acquiring the quantitative classification possibility corresponding to the safety risk detection item queue through the item classification subnet included by the AI intelligent subnet based on the global key description. The streaming influencing factor can be understood as a timing weight. Therefore, the quantitative classification possibility corresponding to the security risk detection item queue can be accurately determined through the time sequence layer.
Under some design considerations that can be implemented independently, the obtaining, based on the z target key descriptions, a global key description through a time-series focused subnet included in the AI intelligent subnet includes: based on the z target key descriptions, acquiring z first local key descriptions through a first local network layer included in the time sequence focus subnet, wherein the time sequence focus subnet belongs to the AI intelligent subnet; acquiring z second local key descriptions through a second local network layer included in the time-series focus subnet based on the z first local key descriptions; determining z streaming impact factors according to the z second local key descriptions, wherein each streaming impact factor corresponds to a target key description; and determining the global key description according to the z target key descriptions and the z streaming influence factors. By the design, the global key description can be completely and accurately determined.
In summary, in the embodiment of the present application, because the training process of the second behavior security detection thread is implemented based on the second detection report visual description and the third detection report visual description, the adaptability and the response capability of the second behavior security detection thread to new input information can be improved, and then the protection intention mining processing can be performed on the set requirement items to obtain corresponding detection report visual descriptions, and corresponding detection reports can be obtained according to the detection report visual descriptions, so that the technical effect of obtaining corresponding detection reports according to actual data information protection requirements is achieved, and the present application can also ensure high adaptability and strong association between the obtained detection reports and the set requirement items. The behavior safety detection report obtained by the embodiment of the application can reflect the report content related to the set requirement items as comprehensively and abundantly as possible, thereby providing accurate and reliable analysis basis for data information protection processing.
Based on the same inventive concept, a data processing device 20 for big data information protection is also provided, which is applied to the artificial intelligence server 10 and comprises a requirement acquisition module 21, an intention mining module 22 and a report acquisition module 23 for implementing the method shown in fig. 2. It is understood that the requirement acquisition module 21, the intention mining module 22 and the report acquisition module 23 implement the relevant steps of fig. 2 correspondingly.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, an artificial intelligence server 10, or a network device) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110877998.3A CN113536303A (en) | 2021-08-02 | 2021-08-02 | A data processing method and artificial intelligence server for big data information protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110877998.3A CN113536303A (en) | 2021-08-02 | 2021-08-02 | A data processing method and artificial intelligence server for big data information protection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113536303A true CN113536303A (en) | 2021-10-22 |
Family
ID=78121760
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110877998.3A Withdrawn CN113536303A (en) | 2021-08-02 | 2021-08-02 | A data processing method and artificial intelligence server for big data information protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113536303A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114140127A (en) * | 2022-01-27 | 2022-03-04 | 广州卓远虚拟现实科技有限公司 | Payment processing method and system based on block chain |
| CN114417805A (en) * | 2021-12-31 | 2022-04-29 | 旭昇智能科技(常熟)有限公司 | Safety data analysis method and server based on automation plant |
| CN114448717A (en) * | 2022-03-02 | 2022-05-06 | 深圳酷宅科技有限公司 | Communication state detection and analysis method and system based on smart home and cloud platform |
-
2021
- 2021-08-02 CN CN202110877998.3A patent/CN113536303A/en not_active Withdrawn
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114417805A (en) * | 2021-12-31 | 2022-04-29 | 旭昇智能科技(常熟)有限公司 | Safety data analysis method and server based on automation plant |
| CN114140127A (en) * | 2022-01-27 | 2022-03-04 | 广州卓远虚拟现实科技有限公司 | Payment processing method and system based on block chain |
| CN114448717A (en) * | 2022-03-02 | 2022-05-06 | 深圳酷宅科技有限公司 | Communication state detection and analysis method and system based on smart home and cloud platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Nassar et al. | Blockchain for explainable and trustworthy artificial intelligence | |
| Mehmood et al. | A novel approach to improve software defect prediction accuracy using machine learning | |
| US12223063B2 (en) | End-to-end measurement, grading and evaluation of pretrained artificial intelligence models via a graphical user interface (GUI) systems and methods | |
| CN113221747B (en) | A privacy data processing method, device and device based on privacy protection | |
| CN111695674A (en) | Federal learning method and device, computer equipment and readable storage medium | |
| US12165424B2 (en) | Image forgery detection via pixel-metadata consistency analysis | |
| CN113536303A (en) | A data processing method and artificial intelligence server for big data information protection | |
| US20170364825A1 (en) | Adaptive augmented decision engine | |
| CN113535825A (en) | An intelligent data information risk control processing method and system based on cloud computing | |
| US20220207353A1 (en) | Methods and systems for generating recommendations for counterfactual explanations of computer alerts that are automatically detected by a machine learning algorithm | |
| KR20210086817A (en) | Method and system for investment indicators related with stock item based on artificial intelligence | |
| KR102409019B1 (en) | System and method for risk assessment of financial transactions and computer program for the same | |
| CN115081641A (en) | Model training method, prediction method of evaluation result, equipment and storage medium | |
| Descampe et al. | Automated news recommendation in front of adversarial examples and the technical limits of transparency in algorithmic accountability | |
| US20240185090A1 (en) | Assessment of artificial intelligence errors using machine learning | |
| CN113313479A (en) | Payment service big data processing method and system based on artificial intelligence | |
| CN114118779A (en) | An enterprise risk identification method for Internet public opinion events based on KGANN | |
| CN113901817A (en) | Document classification method and device, computer equipment and storage medium | |
| Khademolqorani et al. | A hybrid analysis approach to improve financial distress forecasting: Empirical evidence from Iran | |
| CN113282421A (en) | Business analysis method based on artificial intelligence and cloud computing and artificial intelligence server | |
| KR102513420B1 (en) | Method, device and system for providing artificial intelligence model recommendation platform based on user intention analysis | |
| US20240185369A1 (en) | Biasing machine learning model outputs | |
| CN116992373B (en) | Data processing method, apparatus, device, storage medium and computer program product | |
| US12052230B2 (en) | Machine learning techniques for object authentication | |
| CN114596612B (en) | Configuration method, identification system, computer equipment and medium of face recognition model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20211022 |