TWM674713U - Data Query System - Google Patents
Data Query SystemInfo
- Publication number
- TWM674713U TWM674713U TW114205073U TW114205073U TWM674713U TW M674713 U TWM674713 U TW M674713U TW 114205073 U TW114205073 U TW 114205073U TW 114205073 U TW114205073 U TW 114205073U TW M674713 U TWM674713 U TW M674713U
- Authority
- TW
- Taiwan
- Prior art keywords
- query
- module
- user
- attack behavior
- client device
- Prior art date
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
一種資料查詢系統,包括與用戶端裝置建立通訊管道的通訊單元、內建一資料庫的儲存單元和處理單元,處理單元透過通訊單元接收用戶端裝置輸入之關於一用戶的一登入資訊和一查詢請求,並根據該登入資訊從儲存單元的該資料庫取得該用戶的一近期查詢歷史,且分析該查詢請求的內容和該近期查詢歷史,以預測該用戶的一查詢模式和一風險等級並產生一攻擊行為判斷結果,且處理單元根據該查詢模式決定是否調整與該登入資訊相關且用以存取該資料庫的一存取權限,並根據該風險等級和該攻擊行為判斷結果決定是否對用戶端裝置採取相對應的一防護措施以及是否產生相對應的一策略性回應訊息,並透過通訊單元傳送該策略性回應訊息給用戶端裝置。A data query system includes a communication unit that establishes a communication channel with a client device, a storage unit with a built-in database, and a processing unit. The processing unit receives login information and a query request about a user input by the client device through the communication unit, obtains a recent query history of the user from the database of the storage unit based on the login information, and analyzes the content of the query request and the recent query history to predict a query request of the user. A query pattern and a risk level are calculated and an attack behavior determination result is generated. The processing unit determines, based on the query pattern, whether to adjust access permissions associated with the login information and used to access the database. The processing unit also determines, based on the risk level and the attack behavior determination result, whether to take corresponding protective measures for the client device and whether to generate a corresponding strategic response message. The processing unit then transmits the strategic response message to the client device via the communication unit.
Description
本新型是有關於一種查詢系統,特別是指一種根據使用者的操作行為彈性調整存取權限的資料查詢系統。 This invention relates to a query system, and in particular to a data query system that flexibly adjusts access permissions based on user operating behavior.
傳統資料庫系統的存取控制和安全監控機制通常採用靜態規則和預定義的異常模式來判別異常存取行為,但此做法難以應對日益複雜和多變的安全威脅。因為上述現有技術並不會去深度理解使用者行為,以彈性地對應調整安全存取策略,也因此無法在保證安全的同時優化使用者體驗,且容易對正常操作的使用者造成不必要的干擾。 Traditional database system access control and security monitoring mechanisms typically use static rules and predefined anomaly patterns to identify unusual access behaviors. However, this approach is inadequate to address increasingly complex and dynamic security threats. This is because existing technologies lack a deep understanding of user behavior to flexibly adjust security access policies. Consequently, they fail to optimize the user experience while ensuring security, and can easily cause unnecessary disruption to users engaged in normal operations.
因此,本新型之目的,即在提供一種資料查詢系統,其能分析使用者的操作行為並根據分析結果生成安全策略以動態地調整使用者對資料庫的存取權限,藉此防止使用者竊取資料庫中的敏感資訊,並避免對正常操作的使用者造成不必要的干擾。 Therefore, the purpose of this invention is to provide a data query system that can analyze user behavior and generate security policies based on the analysis results to dynamically adjust user access rights to the database. This prevents users from stealing sensitive information in the database and avoids unnecessary interference with normal user operations.
於是,本新型一種資料查詢系統,其能與一用戶端裝置通訊,並包括一通訊單元、一儲存單元及一處理單元;該通訊 單元與該用戶端裝置建立通訊管道;該儲存單元中內建一資料庫;該處理單元與該通訊單元及該儲存單元電連接,以透過該通訊單元與該用戶端裝置通訊,並存取該儲存單元,且該處理單元包含一聊天機器人及一生成式自適應安全策略產生系統,該生成式自適應安全策略產生系統包括一用戶行為及意圖分析模型及一安全策略產生模型。 Therefore, the present invention provides a novel data query system capable of communicating with a client device and comprising a communication unit, a storage unit, and a processing unit. The communication unit establishes a communication channel with the client device; the storage unit has a built-in database; the processing unit is electrically connected to the communication unit and the storage unit to communicate with the client device via the communication unit and access the storage unit. The processing unit also includes a chatbot and a generative adaptive security policy generation system. The generative adaptive security policy generation system includes a user behavior and intent analysis model and a security policy generation model.
該用戶行為及意圖分析模型與該聊天機器人通訊,並接收該聊天機器人傳來的該用戶端裝置輸入之關於一用戶的一登入資訊和一查詢請求,且該用戶行為及意圖分析模型根據該登入資訊從該資料庫取得該用戶的一近期查詢歷史,並分析該查詢請求的內容和該近期查詢歷史,以預測該用戶的一查詢模式和一風險等級並產生一攻擊行為判斷結果。 The user behavior and intent analysis model communicates with the chatbot and receives login information and a query request regarding a user input from the client device from the chatbot. The user behavior and intent analysis model retrieves the user's recent query history from the database based on the login information and analyzes the content of the query request and the recent query history to predict a query pattern and a risk level for the user and generate an attack behavior determination result.
該安全策略產生模型從該用戶行為及意圖分析模型取得該登入資訊、該查詢模式、該風險等級和該攻擊行為判斷結果,並根據該查詢模式決定是否調整與該登入資訊相關且用以存取該資料庫的一存取權限,並根據該風險等級和該攻擊行為判斷結果決定是否對該用戶端裝置採取相對應的一防護措施以及是否產生相對應的一策略性回應訊息,且透過該聊天機器人將該策略性回應訊息提供給該用戶端裝置。 The security policy generation model obtains the login information, the query pattern, the risk level, and the attack behavior judgment result from the user behavior and intent analysis model. Based on the query pattern, the model determines whether to adjust access permissions associated with the login information and used to access the database. Based on the risk level and the attack behavior judgment result, the model determines whether to take corresponding protective measures for the client device and whether to generate a corresponding strategic response message. The model then provides the strategic response message to the client device via the chatbot.
在本新型的一些實施態樣中,該用戶行為及意圖分析 模型包含一用戶行為分析模組、一即時意圖分析模組、一異常操作偵測模組及一攻擊行為判斷模組;該用戶行為分析模組分析該近期查詢歷史,以根據該近期查詢歷史包含的查詢操作頻率、查詢內容相關性和查詢時間特徵評估用戶行為以預測該用戶的該查詢模式,並提供與該近期查詢歷史相關的一操作特徵給該異常操作偵測模組;該即時意圖分析模組分析該查詢請求的內容以預測該用戶的一即時意圖及潛在風險;該異常操作偵測模組根據該操作特徵判斷是否為異常操作並產生該風險等級,該操作特徵包括操作時間、該用戶端裝置的網際網路協定位址、操作頻率及該查詢模式;該攻擊行為判斷模組根據該即時意圖分析模組預測的該即時意圖及潛在風險產生該攻擊行為判斷結果。 In some embodiments of the present invention, the user behavior and intent analysis model includes a user behavior analysis module, a real-time intent analysis module, an abnormal operation detection module, and an attack behavior judgment module. The user behavior analysis module analyzes the recent query history to evaluate user behavior based on the query operation frequency, query content relevance, and query time characteristics contained in the recent query history to predict the user's query pattern, and provides an operation feature related to the recent query history to the abnormal operation detection module. The normal operation detection module includes a real-time intent analysis module that analyzes the query request content to predict the user's real-time intent and potential risk. The abnormal operation detection module determines whether the operation is abnormal based on the operation characteristics, including the operation time, the Internet protocol address of the client device, the operation frequency, and the query mode, and generates the risk level. The attack behavior judgment module generates the attack behavior judgment result based on the real-time intent and potential risk predicted by the real-time intent analysis module.
在本新型的一些實施態樣中,該安全策略產生模型包含一動態存取控制模組、一智慧阻擋模組及一嚴格回應控制模組;該動態存取控制模組根據該查詢模式產生相對應的一存取策略並根據該存取策略調整該存取權限;該智慧阻擋模組根據該風險等級和該攻擊行為判斷模組產生的該攻擊行為判斷結果決定是否對該用戶端裝置採取相對應的該防護措施;該嚴格回應控制模組根據該攻擊行為判斷結果決定是否產生相對應的該策略性回應訊息。 In some embodiments of the present invention, the security policy generation model includes a dynamic access control module, an intelligent blocking module, and a strict response control module. The dynamic access control module generates a corresponding access policy based on the query pattern and adjusts the access rights based on the access policy. The intelligent blocking module determines whether to take the corresponding protective measures for the client device based on the risk level and the attack behavior determination result generated by the attack behavior determination module. The strict response control module determines whether to generate the corresponding strategic response message based on the attack behavior determination result.
在本新型的一些實施態樣中,該用戶行為分析模組和該即時意圖分析模組各別應用一經過預先訓練的機器學習引擎, 各該機器學習引擎預先根據複數筆用戶操作行為資料進行機器學習以完成訓練;該異常操作偵測模組及該攻擊行為判斷模組各別應用一經過預先訓練的機器學習引擎,該異常操作偵測模組的該機器學習引擎根據複數筆預設的操作特徵數據進行機器學習以完成訓練;該攻擊行為判斷模組的該機器學習引擎根據複數筆查詢意圖及其潛在風險數據進行機器學習以完成訓練。 In some embodiments of the present invention, the user behavior analysis module and the real-time intent analysis module each utilize a pre-trained machine learning engine. Each machine learning engine is pre-trained based on a plurality of user operation behavior data. The abnormal operation detection module and the attack behavior judgment module each utilize a pre-trained machine learning engine. The machine learning engine of the abnormal operation detection module is pre-trained based on a plurality of preset operation feature data. The machine learning engine of the attack behavior judgment module is pre-trained based on a plurality of query intent and potential risk data.
在本新型的一些實施態樣中,該動態存取控制模組、該智慧阻擋模組及該嚴格回應控制模組各別應用一規則引擎,該動態存取控制模組的該規則引擎根據一存取控制規則決定該查詢模式對應的該存取權限;該智慧阻擋模組的該規則引擎根據一阻擋規則決定該風險等級和該攻擊行為判斷結果對應的該防護措施;該嚴格回應控制模組的該規則引擎根據一回應規則決定是否產生與該攻擊行為判斷結果對應的該策略性回應訊息。 In some embodiments of the present invention, the dynamic access control module, the intelligent blocking module, and the strict response control module each utilize a rule engine. The rule engine of the dynamic access control module determines the access rights corresponding to the query pattern based on an access control rule; the rule engine of the intelligent blocking module determines the risk level and the protective measures corresponding to the attack behavior determination result based on a blocking rule; and the rule engine of the strict response control module determines whether to generate the strategic response message corresponding to the attack behavior determination result based on a response rule.
在本新型的一些實施態樣中,該攻擊行為判斷結果判定該查詢請求是一攻擊行為時,該生成式自適應安全策略產生系統的一持續優化模組根據該查詢請求及其相關的該查詢模式、該操作特徵、該風險等級、該即時意圖及潛在風險,以及該攻擊行為應用一生成對抗網絡(GAN)生成一類似該查詢請求之攻擊情境的模擬查詢請求,並提供該模擬查詢請求給該用戶行為及意圖分析模型以持續訓練並優化該用戶行為及意圖分析模型和該安全策 略產生模型。 In some embodiments of the present invention, when the attack behavior determination result determines that the query request is an attack behavior, a continuous optimization module of the generative adaptive security policy generation system applies a generative adversarial network (GAN) to generate a simulated query request with an attack scenario similar to the query request based on the query request and its associated query pattern, operational characteristics, risk level, immediate intent, potential risk, and attack behavior. The module then provides the simulated query request to the user behavior and intent analysis model to continuously train and optimize the user behavior and intent analysis model and the security policy generation model.
在本新型的一些實施態樣中,該動態存取控制模組、該智慧阻擋模組及該嚴格回應控制模組會根據該用戶行為及意圖分析模型提供的該查詢模式、該風險等級和該攻擊行為判斷結果,產生分級的該存取策略、該防護措施和該策略性回應訊息,並採取同一等級的該存取策略、該防護措施和該策略性回應訊息;且該動態存取控制模組、該智慧阻擋模組及該嚴格回應控制模組根據該用戶行為及意圖分析模型提供的該查詢模式、該風險等級和該攻擊行為判斷結果的威脅程度,漸進式地逐級採取同一等級的該存取策略、該防護措施和該策略性回應訊息。 In some embodiments of the present invention, the dynamic access control module, the intelligent blocking module, and the strict response control module generate graded access policies, protective measures, and strategic response messages based on the query pattern, risk level, and attack behavior judgment result provided by the user behavior and intent analysis model, and adopt the access policies, protective measures, and strategic response messages of the same grade. Furthermore, the dynamic access control module, the intelligent blocking module, and the strict response control module progressively adopt the access policies, protective measures, and strategic response messages of the same grade based on the query pattern, risk level, and threat level of the attack behavior judgment result provided by the user behavior and intent analysis model.
本新型之功效在於:通過深度學習精確識別複雜和長期的異常操作模式,增強內部威脅防禦,並利用自然語言處理技術深度理解使用者查詢的潛在意圖,以減少對正常操作的干擾,且使用多模態AI全方位分析和預測潛在攻擊行為,提升攻擊預防能力,以及利用生成式AI動態生成和優化安全防護措施,提高系統安全智能性,並且持續優化系統而不斷增強系統的整體防禦能力,實現自適應防禦。 This new technology enhances internal threat defenses by accurately identifying complex and long-term abnormal operating patterns through deep learning. It also leverages natural language processing technology to deeply understand the underlying intent of user queries, minimizing disruption to normal operations. It also uses multimodal AI to comprehensively analyze and predict potential attack behaviors, enhancing attack prevention capabilities. Furthermore, it leverages generative AI to dynamically generate and optimize security measures, increasing system security intelligence. Furthermore, it continuously optimizes the system to continuously enhance its overall defense capabilities, achieving adaptive defense.
1:用戶端裝置 1: Client device
2:資料查詢系統 2: Data Query System
21:通訊單元 21: Communication unit
22:儲存單元 22: Storage unit
23:處理單元 23: Processing unit
24:資料庫 24:Database
25:聊天機器人 25: Chatbot
3:生成式自適應安全策略產生系統 3: Generative Adaptive Security Policy Generation System
31:用戶行為及意圖分析模型 31: User Behavior and Intention Analysis Model
311:用戶行為分析模組 311: User Behavior Analysis Module
312:即時意圖分析模組 312: Real-time Intent Analysis Module
313:異常操作偵測模組 313: Abnormal Operation Detection Module
314:攻擊行為判斷模組 314: Attack Behavior Judgment Module
32:安全策略產生模型 32: Security Policy Generation Model
321:動態存取控制模組 321: Dynamic Access Control Module
322:智慧阻擋模組 322: Intelligent Blocking Module
323:嚴格回應控制模組 323: Strict Response Control Module
33:持續優化模組 33: Continuous Optimization Module
S1~S3:步驟 S1~S3: Steps
本新型之其他的特徵及功效,將於參照圖式的實施方式中清楚地顯示,其中: 圖1是本新型資料查詢系統的一實施例的主要元件方塊圖;圖2本實施例的主要流程步驟;及圖3是本實施例的各個模組之間的關係示意圖。 Other features and functions of this novel system are clearly illustrated in the accompanying drawings, including: Figure 1 is a block diagram of the main components of one embodiment of this novel data query system; Figure 2 illustrates the main process steps of this embodiment; and Figure 3 is a schematic diagram illustrating the relationships between the various modules of this embodiment.
在本新型被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。 Before the present invention is described in detail, it should be noted that similar components are represented by the same reference numerals in the following description.
參閱圖1所示,是本新型資料查詢系統的一實施例,其能與一用戶端裝置1通訊,以根據該用戶端裝置1的查詢請求實施圖2所示的流程步驟,並自動生成自適應安全策略以防止使用者竊取敏感資訊。該資料查詢系統2是一資料庫伺服器,其主要包括一通訊單元21、一儲存單元22及一處理單元23;該通訊單元21是一通訊介面(例如網路卡)而能透過例如網際網路與該用戶端裝置1連線以建立通訊管道。該儲存單元22是用以儲存資料的一電腦可讀取的記錄媒體(例如記憶體模組)的統稱,其中具有一資料庫24,該資料庫24儲存可供查詢的特定資料(視資料庫的用途而定)。 Referring to Figure 1, an embodiment of the novel data query system is shown. It can communicate with a client device 1, implement the process steps shown in Figure 2 based on query requests from the client device 1, and automatically generate adaptive security policies to prevent users from stealing sensitive information. The data query system 2 is a database server, primarily comprising a communication unit 21, a storage unit 22, and a processing unit 23. The communication unit 21 is a communication interface (e.g., a network card) that can connect to the client device 1 via, for example, the internet to establish a communication channel. The storage unit 22 is a general term for a computer-readable recording medium (such as a memory module) for storing data, which contains a database 24 that stores specific data that can be queried (depending on the purpose of the database).
該處理單元23例如是一中央處理器或類似功能的處理器,其與該通訊單元21和該儲存單元22電連接,以透過該通訊單元21與該用戶端裝置1通訊,並對該儲存單元22存取資料。且該處理單元23從一電腦可讀取的記錄媒體(例如該儲存單元22) 讀取一軟體程式並在其中安裝該軟體程式包含的一生成式自適應安全策略產生系統3,以執行該生成式自適應安全策略產生系統3。該生成式自適應安全策略產生系統3會與該處理單元23中執行的一聊天機器人(或稱客服機器人)25互動以交換及提供資訊。該聊天機器人25主要透過該通訊單元21接收該用戶端裝置1輸入的一查詢請求並回應該查詢請求。 The processing unit 23, for example, a central processing unit (CPU) or a processor with similar functionality, is electrically connected to the communication unit 21 and the storage unit 22 to communicate with the client device 1 via the communication unit 21 and access data from the storage unit 22. Furthermore, the processing unit 23 reads a software program from a computer-readable recording medium (e.g., the storage unit 22) and installs a generative adaptive security policy generation system 3 included in the software program into the storage unit 22 to execute the generative adaptive security policy generation system 3. The generative adaptive security policy generation system 3 interacts with a chatbot (or customer service robot) 25 executed in the processing unit 23 to exchange and provide information. The chat robot 25 mainly receives a query request input by the client device 1 through the communication unit 21 and responds to the query request.
且如圖1所示,該生成式自適應安全策略產生系統3主要包括一用戶行為及意圖分析模型31及一安全策略產生模型32。當一用戶透過該用戶端裝置1輸入一登入資訊登入該資料查詢系統2後,該聊天機器人25會詢問用戶要查詢什麼資訊並接受用戶透過該用戶端裝置1輸入的一查詢請求(可以是語音或文字內容),然後如圖2的步驟S1,該聊天機器人25將該登入資訊及該查詢請求提供給該用戶行為及意圖分析模型31。 As shown in Figure 1, the generative adaptive security policy generation system 3 primarily includes a user behavior and intent analysis model 31 and a security policy generation model 32. When a user logs into the data query system 2 via the client device 1 by entering login information, the chatbot 25 asks the user what information they wish to query and accepts a query request (which may be voice or text) entered by the user via the client device 1. Then, as shown in step S1 of Figure 2, the chatbot 25 provides the login information and query request to the user behavior and intent analysis model 31.
接著,如圖2的步驟S2,該用戶行為及意圖分析模型31根據該登入資訊從該資料庫24取得該用戶的一近期查詢歷史(例如一天、一星期或一個月內的查詢記錄),並分析該查詢請求的內容和該近期查詢歷史,以預測該用戶的一查詢模式和一風險等級並產生一攻擊行為判斷結果,且提供該登入資訊、該查詢模式、該風險等級和該攻擊行為判斷結果給該安全策略產生模型32。 Next, as shown in step S2 of Figure 2 , the user behavior and intent analysis model 31 retrieves the user's recent query history (e.g., query records within a day, week, or month) from the database 24 based on the login information. The model analyzes the query request content and the recent query history to predict the user's query pattern and risk level, generating an attack behavior judgment result. The model then provides the login information, query pattern, risk level, and attack behavior judgment result to the security policy generation model 32.
具體而言,如圖1和圖3所示,該用戶行為及意圖分 析模型31包含已預先進行機器學習訓練的一用戶行為分析模組311、一即時意圖分析模組312、一異常操作偵測模組313及一攻擊行為判斷模組314;在本實施例中,該用戶行為分析模組311和該即時意圖分析模組312各別採用一機器學習引擎(例如應用大語言模型的生成式AI和應用自然語言處理(NLP)模型的生成式AI),且各該機器學習引擎預先根據複數筆用戶操作行為資料(存在該資料庫24)進行機器學習而完成預訓練;該異常操作偵測模組313及該攻擊行為判斷模組314亦各別採用一機器學習引擎(例如深度學習人工智慧(AI)模型和多模態人工智慧(AI)模型),其中該異常操作偵測模組313的該機器學習引擎根據複數筆預設的操作特徵數據(存在該資料庫24)進行機器學習以完成預訓練;該攻擊行為判斷模組314的該機器學習引擎根據複數筆查詢意圖及其潛在風險數據進行機器學習以完成預訓練。 Specifically, as shown in Figures 1 and 3, the user behavior and intention analysis model 31 includes a user behavior analysis module 311, a real-time intention analysis module 312, an abnormal operation detection module 313, and an attack behavior judgment module 314, which have been pre-trained through machine learning. In this embodiment, the user behavior analysis module 311 and the real-time intention analysis module 312 each utilize a machine learning engine (e.g., a generative AI using a large language model or a generative AI using a natural language processing (NLP) model), and each machine learning engine pre-trains the model based on a plurality of user operation behavior data. (stored in the database 24) to complete pre-training through machine learning; the abnormal operation detection module 313 and the attack behavior judgment module 314 also each employ a machine learning engine (e.g., a deep learning artificial intelligence (AI) model and a multimodal artificial intelligence (AI) model). The machine learning engine of the abnormal operation detection module 313 performs machine learning based on a plurality of preset operation feature data (stored in the database 24) to complete pre-training; the machine learning engine of the attack behavior judgment module 314 performs machine learning based on a plurality of query intent and potential risk data to complete pre-training.
且訓練上述模組的過程中,會針對不同模組設計不同的提示詞(prompt)以使不同模組實現不同的功能。舉例如下。 During the training process for these modules, different prompts will be designed for each module to enable them to achieve different functions. An example is shown below.
針對該用戶行為分析模組311會給予下列提示詞:分析角色:安全審計員 The following prompt will be given for this user behavior analysis module 311: Analysis Role: Security Auditor
任務:分析以下用戶行為序列,判斷是否存在異常模式 Task: Analyze the following user behavior sequence to determine whether there are any abnormal patterns.
評估維度:操作頻率、內容相關性、時間特徵 Evaluation dimensions: operation frequency, content relevance, and time characteristics
輸出要求:給出異常風險評級(查詢模式)和具體理由 Output requirements: Provide abnormal risk rating (query mode) and specific reasons
針對該即時意圖分析模組312會給予下列提示詞:分析角色:資安專家 The following prompt will be given for the real-time intent analysis module 312: Analysis Role: Information Security Expert
任務:深入分析此查詢的潛在意圖 Task: Deeply analyze the underlying intent of this query
評估維度:敏感度、目的性、潛在風險 Evaluation dimensions: sensitivity, purposefulness, potential risk
輸出要求:提供意圖評估報告(即時意圖)和風險等級(潛在風險) Output requirements: Provide intention assessment report (real-time intention) and risk level (potential risk)
藉此,該用戶行為分析模組311分析該用戶的該近期查詢歷史,以根據該近期查詢歷史中包含的查詢操作頻率、查詢內容相關性和查詢時間特徵評估用戶行為,以預測該用戶的該查詢模式,並提供與該近期查詢歷史相關的一操作特徵給該異常操作偵測模組313。例如該近期查詢歷史包含"如何查詢員工資料?"、"人資部門的資料存在哪裡?"、"資料庫存取權限怎麼申請?"等內容時,該用戶行為分析模組311會判定其查詢模式是一個系統性的資訊探測行為,因為查詢模式顯示用戶在嘗試理解系統架構和資料存取方式。 In this way, the user behavior analysis module 311 analyzes the user's recent query history to assess user behavior based on the query operation frequency, query content relevance, and query time characteristics contained in the recent query history, thereby predicting the user's query pattern and providing an operation characteristic related to the recent query history to the abnormal operation detection module 313. For example, if the recent query history includes content such as "How to query employee data?", "Where is the HR department's data stored?", or "How to apply for database access rights?", the user behavior analysis module 311 will determine that the query pattern is a systematic information detection behavior because the query pattern indicates that the user is trying to understand the system architecture and data access methods.
該即時意圖分析模組312分析該查詢請求的內容以預測該用戶的一即時意圖及潛在風險;例如若該查詢請求的內容是"請幫我找出所有薪資超過100萬的員工名單,包含他們的部門和 職位"時,該即時意圖分析模組312將對該查詢請求的內容進行深度語意分析而從中識別出”薪資、員工名單、部門、職位”等關鍵詞,並判斷其查詢目的(即時意圖)為”試圖獲取敏感的員工薪資資訊”,以及評估其潛在風險為”可能涉及隱私洩露和內部威脅”。 The real-time intent analysis module 312 analyzes the query request to predict the user's real-time intent and potential risk. For example, if the query request is "Please help me find a list of all employees with a salary exceeding 1 million, including their departments and positions," the real-time intent analysis module 312 will perform deep semantic analysis on the query request to identify keywords such as "salary, employee list, department, position," and determine the query purpose (real-time intent) as "attempting to obtain sensitive employee salary information" and assess the potential risk as "possible privacy breach and insider threat."
同理,該異常操作偵測模組313和該攻擊行為判斷模組314也會被以類似上述舉例方式進行預訓練並自行根據接收的資訊進行微調和判斷。 Similarly, the abnormal operation detection module 313 and the attack behavior judgment module 314 will also be pre-trained in a similar manner to the above examples and will independently fine-tune and judge based on the information received.
藉此,該異常操作偵測模組313即能根據該用戶行為分析模組311提供的該操作特徵(包括操作時間、該用戶端裝置1的網際網路協定(IP)位址、操作頻率及該查詢模式)判斷是否為異常操作並產生該風險等級;例如當操作時間並非工作時段(比如晚上11點),IP位置並非常用IP位址,操作頻率過於頻繁(比如過去1小時內10次相關查詢),且查詢模式顯示為系統性探測敏感資訊時,該異常操作偵測模組313即判定這是一個高風險的異常操作模式,並產生標示為高風險的該風險等級。 Thus, the abnormal operation detection module 313 can determine whether the operation is abnormal and generate the risk level based on the operation characteristics provided by the user behavior analysis module 311 (including the operation time, the Internet Protocol (IP) address of the client device 1, the operation frequency, and the query pattern). For example, if the operation time is outside working hours (such as 11 pm), the IP address is not a common IP address, the operation frequency is too frequent (such as 10 related queries in the past hour), and the query pattern indicates systematic detection of sensitive information, the abnormal operation detection module 313 will determine that this is a high-risk abnormal operation pattern and generate a high risk level.
該攻擊行為判斷模組314則根據該即時意圖分析模組312預測的該即時意圖及潛在風險產生該攻擊行為判斷結果。亦即,例如若該即時意圖及潛在風險反應出用戶近期行為模式異常、查詢內容涉及敏感資訊、操作時間和位置異常、顯示出典型的資訊探測特徵等時,該攻擊行為判斷結果即判定為極有可能是資訊 竊取企圖的攻擊行為。 The attack behavior determination module 314 generates the attack behavior determination result based on the real-time intent and potential risk predicted by the real-time intent analysis module 312. For example, if the real-time intent and potential risk indicate abnormal recent user behavior patterns, the query content involves sensitive information, the operation time and location are unusual, or typical information detection characteristics are displayed, the attack behavior determination result indicates that the attack behavior is highly likely to be an information theft attempt.
接著,如圖2的步驟S3,該安全策略產生模型32根據該查詢模式決定是否調整該用戶之與該登入資訊相關且用以存取該資料庫24的一存取權限,並根據該風險等級和該攻擊行為判斷結果決定是否對該用戶端裝置1採取相對應的一防護措施以及是否產生相對應的一策略性回應訊息,且透過該聊天機器人25將該策略性回應訊息提供給該用戶端裝置1。 Next, as shown in step S3 of Figure 2 , the security policy generation model 32 determines, based on the query pattern, whether to adjust the user's access rights associated with the login information and used to access the database 24 . Furthermore, based on the risk level and the attack behavior assessment result, it determines whether to take corresponding protective measures for the client device 1 and whether to generate a corresponding strategic response message. The strategic response message is then provided to the client device 1 via the chatbot 25 .
具體而言,如圖1和圖3所示,本實施例的該安全策略產生模型32包含經過預訓練的一動態存取控制模組321、一智慧阻擋模組322及一嚴格回應控制模組323,該動態存取控制模組321、該智慧阻擋模組322及該嚴格回應控制模組323各別包含一規則引擎(Rules Engine),該動態存取控制模組321的該規則引擎(例如生成式AI(Generative AI)模型)被預先以一存取控制規則訓練而能根據該存取控制規則產生與該查詢模式對應的一存取策略,並根據該存取策略調整該存取權限;該智慧阻擋模組322的該規則引擎(例如自適應AI(Adaptive AI)模型)被預先以一阻擋規則訓練而能根據該阻擋規則生成與該風險等級和該攻擊行為判斷結果對應的該防護措施;該嚴格回應控制模組323的該規則引擎(例如生成式AI模型)被預先以一回應規則訓練而能根據該回應規則決定是否產生與該攻擊行為判斷結果對應的該策略性 回應訊息。 Specifically, as shown in FIG1 and FIG3, the security policy generation model 32 of this embodiment includes a pre-trained dynamic access control module 321, an intelligent blocking module 322, and a strict response control module 323. The dynamic access control module 321, the intelligent blocking module 322, and the strict response control module 323 each include a rules engine. The rules engine (e.g., a generative AI model) of the dynamic access control module 321 is pre-trained with an access control rule and can generate an access policy corresponding to the query pattern based on the access control rule and adjust the access rights according to the access policy; the rules engine (e.g., an adaptive AI model) of the intelligent blocking module 322 is pre-trained with an access control rule. The AI model is pre-trained with a blocking rule and can generate the protective measures corresponding to the risk level and the attack behavior judgment result based on the blocking rule. The rule engine (e.g., a generative AI model) of the strict response control module 323 is pre-trained with a response rule and can determine whether to generate the strategic response message corresponding to the attack behavior judgment result based on the response rule.
舉例而言,該動態存取控制模組321會先根據該登入資訊檢查該用戶的權限資訊如下:用戶角色:管理階層 For example, the dynamic access control module 321 will first check the user's permission information based on the login information as follows: User role: Administrator
部門:業務部 Department: Sales Department
標準權限:可查詢所屬部門員工資訊 Standard permissions: Can query employee information of the department to which you belong
然後,該動態存取控制模組321根據該存取策略生成新的存取控制規則,例如:臨時降低該用戶查詢該資料庫24的權限;增加該用戶查詢該資料庫24之敏感資訊的存取限制。 The dynamic access control module 321 then generates new access control rules based on the access policy, such as temporarily reducing the user's access permissions to the database 24 or increasing access restrictions on the user's access to sensitive information in the database 24.
且該智慧阻擋模組322可根據該風險等級和該攻擊行為判斷結果(例如判定為極有可能是資訊竊取企圖的攻擊行為)生成分級的防護措施,例如分成第一級防護措施、第二級防護措施和第三級防護措施,其中: The intelligent blocking module 322 can generate graded protective measures based on the risk level and the attack behavior judgment result (for example, if the attack behavior is determined to be highly likely an information theft attempt), such as first-level protective measures, second-level protective measures, and third-level protective measures, where:
第一級防護措施:提供一模糊化資訊給該聊天機器人25,使回覆該模糊化資訊給該用戶端裝置1。 First level protection measure: Provide obfuscated information to the chatbot 25, which then responds with the obfuscated information to the client device 1.
第二級防護措施:透過該聊天機器人25要求該用戶端裝置1的該用戶進行額外的身份驗證,例如增加OTP驗證等。 Second level protection measures: The chat robot 25 requires the user of the client device 1 to perform additional identity verification, such as adding OTP verification.
第三級防護措施:暫時凍結該用戶的查詢權限。 Third-level protection measure: Temporarily freeze the user's query permissions.
然後,該智慧阻擋模組322根據與該登入資訊相關的相關查詢請求的次數,決定採用其中一級防護措施,例如若是第 一次提出該查詢請求則採用第一級防護措施,若是再次(第二次)提出類似的查詢請求則採用第二級防護措施,依此類推。藉此,逐級增強系統的整體防禦能力。 The intelligent blocking module 322 then determines which level of protection to adopt based on the number of related query requests associated with the login information. For example, if the query request is the first time, the first level of protection is adopted. If a similar query request is made a second time, the second level of protection is adopted, and so on. In this way, the overall defense capabilities of the system are gradually enhanced.
同時,該嚴格回應控制模組323根據該攻擊行為判斷結果生成相對應的該策略性回應訊息,例如若該攻擊行為判斷結果判定為極有可能是資訊竊取企圖的攻擊行為時,該策略性回應訊息的內容可以是例如"基於資訊安全政策,此類敏感資訊查詢需要額外的授權。請通過人資部門正式申請存取權限。為保護個人隱私,系統無法直接提供詳細薪資資訊。如果你需要了解薪資區間資訊,可以諮詢你的直屬主管。" At the same time, the strict response control module 323 generates a corresponding strategic response message based on the attack behavior judgment result. For example, if the attack behavior judgment result determines that it is highly likely an attack behavior that attempts information theft, the content of the strategic response message may be, for example, "Based on information security policies, this type of sensitive information query requires additional authorization. Please formally apply for access rights through the human resources department. To protect personal privacy, the system cannot directly provide detailed salary information. If you need to know the salary range information, you can consult your direct supervisor."
此外,本實施例於下述情境:假設一用戶在短時間內多次嘗試查詢不同層級的敏感資訊時,該動態存取控制模組321、該智慧阻擋模組322及該嚴格回應控制模組323會根據查詢內容的威脅程度,同步連動並進行漸進式的防護響應如下。 Furthermore, in this embodiment, in the following scenario, if a user attempts to query sensitive information of different levels multiple times within a short period of time, the dynamic access control module 321, the intelligent blocking module 322, and the strict response control module 323 will synchronize and implement a progressive protection response based on the threat level of the query content, as follows.
當用戶第一次提出查詢請求(較低敏感度查詢):"請列出所有部門主管的郵件地址"時,該動態存取控制模組321、該智慧阻擋模組322及該嚴格回應控制模組323根據該用戶行為及意圖分析模型31提供的該查詢模式、該風險等級和該攻擊行為判斷結果,各別同步採取下列措施其中之一:
當同一用戶第二次提出查詢請求(中度敏感查詢):"需要財務部所有報表的存取權限"時,該動態存取控制模組321、該智慧阻擋模組322及該嚴格回應控制模組323根據該用戶行為及意圖分析模型31提供的該查詢模式、該風險等級和該攻擊行為判斷結果,各別同步採取下列措施其中之一:
當同一用戶第三次提出查詢請求(高度敏感查詢):"請提供所有加密金鑰的存取權限"時,該動態存取控制模組321、該智慧阻擋模組322及該嚴格回應控制模組323根據該用戶行為及意圖分析模型31提供的該查詢模式、該風險等級和該攻擊行為判斷結果,各別同步採取下列措施其中之一:
由此可知,上述連動機制的設計原則如下: From this, we can see that the design principles of the above linkage mechanism are as follows:
1、階段性升級: 1. Phased upgrade:
三個模組同時提升響應等級。 All three modules increase the response level simultaneously.
保持防護措施的一致性。 Maintain consistency in protective measures.
避免防護強度的衝突。 Avoid conflicts in protection strength.
2、情境感知: 2. Situational Awareness:
三個模組共享威脅評估結果。 The three modules share threat assessment results.
三個模組統一判斷標準。 The three modules use unified judgment criteria.
三個模組協調響應策略。 The three modules coordinate the response strategy.
再者,當該攻擊行為判斷結果判定該查詢請求是一攻擊行為時,該生成式自適應安全策略產生系統3的一持續優化模組33記錄該查詢請求及其相關的該查詢模式、該操作特徵、該風險等級、該即時意圖及潛在風險,以及該攻擊行為;且該持續優化模組33應用一生成對抗網絡(GAN)根據該查詢請求及其相關的該查詢模式、該操作特徵、該風險等級、該即時意圖及潛在風險,以及該攻擊行為,生成一或多個類似該查詢請求之攻擊情境的模擬查詢請求,並提供該或該等模擬查詢請求給該用戶行為及意圖 分析模型31以持續訓練並優化該用戶行為及意圖分析模型31和該安全策略產生模型32。 Furthermore, when the attack behavior judgment result determines that the query request is an attack behavior, a continuous optimization module 33 of the generative adaptive security policy generation system 3 records the query request and its related query mode, the operation characteristics, the risk level, the immediate intention and potential risk, and the attack behavior; and the continuous optimization module 33 applies a generative adversarial network (GAN) according to the query request. The system generates one or more simulated query requests for attack scenarios similar to the query request and provides the simulated query request(s) to the user behavior and intent analysis model 31 to continuously train and optimize the user behavior and intent analysis model 31 and the security policy generation model 32.
綜上說明可知,本實施例的該用戶行為及意圖分析模型31通過深度學習精確識別複雜和長期的異常操作模式,增強內部威脅防禦,並利用自然語言處理技術深度理解使用者查詢的潛在意圖,以減少對正常操作的干擾,優化使用者體驗,以及使用多模態AI全方位分析和預測潛在攻擊行為,提升攻擊預防能力;且該安全策略產生模型32利用生成式AI動態生成和優化安全防護措施(策略),提高系統安全智能性;並且該持續優化模組33藉由持續生成和提供模擬攻擊情境的查詢請求給該用戶行為及意圖分析模型31,以持續訓練及優化該用戶行為及意圖分析模型31和該安全策略產生模型32,而不斷增強系統的整體防禦能力,並實現自適應防禦,確實達到本新型的功效與目的。 From the above description, it can be seen that the user behavior and intention analysis model 31 of this embodiment accurately identifies complex and long-term abnormal operation patterns through deep learning, enhances internal threat defense, and uses natural language processing technology to deeply understand the potential intention of user queries to reduce interference with normal operations and optimize user experience. It also uses multimodal AI to comprehensively analyze and predict potential attack behaviors and enhance attack prevention capabilities; and the security policy generation model 32 uses natural language processing technology to accurately identify complex and long-term abnormal operation patterns, enhance internal threat defense, and enhance internal threat defense capabilities. Formulated AI dynamically generates and optimizes security protection measures (strategies), improving the system's security intelligence. Furthermore, the continuous optimization module 33 continuously generates and provides query requests for simulated attack scenarios to the user behavior and intent analysis model 31, thereby continuously training and optimizing the user behavior and intent analysis model 31 and the security strategy generation model 32. This continuously enhances the system's overall defense capabilities and implements adaptive defense, effectively achieving the efficacy and purpose of this novel technology.
惟以上所述者,僅為本新型之實施例而已,當不能以此限定本新型實施之範圍,凡是依本新型申請專利範圍及專利說明書內容所作之簡單的等效變化與修飾,皆仍屬本新型專利涵蓋之範圍內。 However, the above descriptions are merely examples of embodiments of this new invention and should not be construed as limiting the scope of implementation of this new invention. All simple equivalent variations and modifications made within the scope of this patent application and the contents of the patent specification are still covered by this new patent.
1:用戶端裝置 1: Client device
2:資料查詢系統 2: Data Query System
21:通訊單元 21: Communication unit
22:儲存單元 22: Storage unit
23:處理單元 23: Processing unit
24:資料庫 24:Database
25:聊天機器人 25: Chatbot
3:生成式自適應安全策略產生系統 3: Generative Adaptive Security Policy Generation System
31:用戶行為及意圖分析模型 31: User Behavior and Intention Analysis Model
311:用戶行為分析模組 311: User Behavior Analysis Module
312:即時意圖分析模組 312: Real-time Intent Analysis Module
313:異常操作偵測模組 313: Abnormal Operation Detection Module
314:攻擊行為判斷模組 314: Attack Behavior Judgment Module
32:安全策略產生模型 32: Security Policy Generation Model
321:動態存取控制模組 321: Dynamic Access Control Module
322:智慧阻擋模組 322: Intelligent Blocking Module
323:嚴格回應控制模組 323: Strict Response Control Module
33:持續優化模組 33: Continuous Optimization Module
Claims (7)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW114205073U TWM674713U (en) | 2025-05-20 | 2025-05-20 | Data Query System |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW114205073U TWM674713U (en) | 2025-05-20 | 2025-05-20 | Data Query System |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TWM674713U true TWM674713U (en) | 2025-09-11 |
Family
ID=97830214
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW114205073U TWM674713U (en) | 2025-05-20 | 2025-05-20 | Data Query System |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWM674713U (en) |
-
2025
- 2025-05-20 TW TW114205073U patent/TWM674713U/en unknown
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102542720B1 (en) | System for providing internet of behavior based intelligent data security platform service for zero trust security | |
| US11799893B2 (en) | Cybersecurity detection and mitigation system using machine learning and advanced data correlation | |
| EP3756124B1 (en) | Data-defined architecture for network data management | |
| US20130227712A1 (en) | Method and system for resource management based on adaptive risk-based access controls | |
| CN118611948A (en) | A multi-cloud data processing control method and system | |
| US9954865B2 (en) | Sensors for a resource | |
| US11381587B2 (en) | Data segmentation | |
| CN117708880A (en) | An intelligent and safe processing method and system for banking business data | |
| EP3679504B1 (en) | Adaptive online data activity protection | |
| US12242651B1 (en) | Dynamic enforcement of management rules associated with artificial intelligence pipeline object selections | |
| US20250363200A1 (en) | Dynamic enforcement of management rules associated with artificial intelligence pipeline model routing | |
| CN118504002A (en) | Data security protection method and device for identity security | |
| CN115879156A (en) | Dynamic desensitization method, device, electronic equipment and storage medium | |
| US20210051170A1 (en) | Method and apparatus for determining a threat using distributed trust across a network | |
| US12028376B2 (en) | Systems and methods for creation, management, and storage of honeyrecords | |
| US12218954B2 (en) | Systems and methods for contextually securing remote function calls | |
| TWM674713U (en) | Data Query System | |
| US12346468B1 (en) | Systems and methods for controlling user access to data via user activity models | |
| Metoui | Privacy-aware risk-based access control systems | |
| US20250348563A1 (en) | Systems and Methods for Preventing Unauthorized Access to Computing Systems | |
| US20250238342A1 (en) | Determination of user operations at a data processing system | |
| Duarte et al. | On the Prospect of using Cognitive Systems to Enforce Data Access Control | |
| Maguire et al. | A review of behavioural research on data security | |
| Adhikari et al. | Addressing Insider Threats in Organizational Networks: Applying Access Control, Monitoring, and Policy Enforcement to Improve Information Assurance | |
| CN120979791A (en) | Access request security assessment method, device, resource server, storage medium and program product |