CN118101324A - Network service safety protection method and system based on artificial intelligence - Google Patents
Network service safety protection method and system based on artificial intelligence Download PDFInfo
- Publication number
- CN118101324A CN118101324A CN202410453895.8A CN202410453895A CN118101324A CN 118101324 A CN118101324 A CN 118101324A CN 202410453895 A CN202410453895 A CN 202410453895A CN 118101324 A CN118101324 A CN 118101324A
- Authority
- CN
- China
- Prior art keywords
- network
- intrusion
- sample data
- network intrusion
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000013473 artificial intelligence Methods 0.000 title claims abstract description 38
- 238000001212 derivatisation Methods 0.000 claims abstract description 20
- 238000003062 neural network model Methods 0.000 claims abstract description 19
- 238000012545 processing Methods 0.000 claims abstract description 7
- 238000012360 testing method Methods 0.000 claims description 21
- 238000009795 derivation Methods 0.000 claims description 19
- 238000011056 performance test Methods 0.000 claims description 18
- 238000005457 optimization Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 description 16
- 238000012549 training Methods 0.000 description 13
- 238000001514 detection method Methods 0.000 description 7
- 238000004590 computer program Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000013527 convolutional neural network Methods 0.000 description 2
- 230000001131 transforming effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000016571 aggressive behavior Effects 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000000306 recurrent effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/16—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Medical Informatics (AREA)
- Evolutionary Computation (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Artificial Intelligence (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the application provides a network service safety protection method and system based on artificial intelligence, which are characterized in that positive network intrusion sample data are obtained, feature derivatization is carried out on the positive network intrusion sample data based on a plurality of feature derivatization strategies to generate initial negative network intrusion sample data, and then parameter learning is carried out on a neural network model by utilizing the positive network intrusion sample data and the initial negative network intrusion sample data to generate a first intrusion path prediction network. Further, target negative network intrusion sample data is generated based on the plurality of feature derived policies, the initial negative network intrusion sample data, and the first intrusion path prediction network. Finally, parameter learning is carried out on the neural network model by utilizing the positive network intrusion sample data and the target negative network intrusion sample data to generate a second intrusion path prediction network, and intrusion path prediction and safety protection processing are carried out on any target network intrusion data based on the second intrusion path prediction network.
Description
Technical Field
The application relates to the technical field of information security, in particular to a network service security protection method and system based on artificial intelligence.
Background
With rapid development and wide application of network technology, network services have become an integral part of people's daily life and work. However, the popularity of network services has also created an increasing network security problem. Particularly, the leakage of sensitive data and illegal invasion events frequently occur, and huge losses and risks are brought to individuals, enterprises and countries.
The traditional network service security protection method mainly depends on technical means such as rule matching and signature detection. Although these methods are capable of detecting and defending, to some extent, known network intrusion behavior, they are often forensic to unknown or variant network attacks. In addition, the traditional method has the problems of high false alarm rate, high missing report rate and the like, and is difficult to meet the safety protection requirement under complex and changeable network environments.
Disclosure of Invention
In view of the above, the present application aims to provide a network service security protection method and system based on artificial intelligence.
With reference to the first aspect of the present application, there is provided an artificial intelligence based network service security protection method applied to an artificial intelligence based network service security protection system, the method comprising:
Acquiring positive network intrusion sample data, performing feature derivatization on the positive network intrusion sample data based on a plurality of feature derivatization strategies, and generating initial negative network intrusion sample data, wherein the positive network intrusion sample data is a sensitive data intrusion event;
based on the positive network intrusion sample data and the initial negative network intrusion sample data, performing parameter learning on a neural network model to generate a first intrusion path prediction network;
Generating target negative network intrusion sample data based on the plurality of feature derived policies, the initial negative network intrusion sample data, and the first intrusion path prediction network;
And based on the positive network intrusion sample data and the target negative network intrusion sample data, performing parameter learning on a neural network model to generate a second intrusion path prediction network, performing intrusion path prediction on any target network intrusion data based on the second intrusion path prediction network, and performing network service security protection processing according to the intrusion path data obtained by prediction.
In a possible implementation manner of the first aspect, the generating the target negative network intrusion sample data based on the plurality of feature derived policies, the initial negative network intrusion sample data, and the first intrusion path prediction network includes:
determining initial negative network intrusion sample data corresponding to each feature derived policy in the feature derived policies;
Inputting the initial negative network intrusion sample data corresponding to each characteristic derivative strategy into the first intrusion path prediction network, and generating intrusion path identification results of the initial negative network intrusion sample data corresponding to each characteristic derivative strategy;
And generating target negative network intrusion sample data based on intrusion path identification results of the initial negative network intrusion sample data corresponding to each characteristic derivative strategy.
In a possible implementation manner of the first aspect, the generating the target negative network intrusion sample data based on the intrusion path identification result of the initial negative network intrusion sample data corresponding to each feature derivative policy includes:
Determining a target feature derived policy from the feature derived policies based on intrusion path recognition results of the initial negative network intrusion sample data corresponding to each feature derived policy;
And performing feature derivation on the positive network intrusion sample data based on the target feature derivation strategy to generate target negative network intrusion sample data.
In a possible implementation manner of the first aspect, the determining, based on an intrusion path identification result of initial negative network intrusion sample data corresponding to each feature derivation policy, a target feature derivation policy from the plurality of feature derivation policies includes:
Determining an intrusion path identification result of initial negative network intrusion sample data corresponding to each characteristic derivative strategy as a duty ratio parameter of a first target intrusion path identification result;
And when the duty ratio parameter is not smaller than the threshold duty ratio parameter, determining each characteristic deriving strategy as a target characteristic deriving strategy.
In a possible implementation manner of the first aspect, the generating the target negative network intrusion sample data based on the intrusion path identification result of the initial negative network intrusion sample data corresponding to each feature derivative policy includes:
and determining target negative network intrusion sample data from the initial negative network intrusion sample data based on intrusion path identification results of the initial negative network intrusion sample data corresponding to each characteristic derivative strategy.
In a possible implementation manner of the first aspect, the determining, based on an intrusion path identification result of initial negative network intrusion sample data corresponding to each feature derivation policy, target negative network intrusion sample data from the initial negative network intrusion sample data includes:
Determining an intrusion path identification result of initial negative network intrusion sample data corresponding to each characteristic derivative strategy, and initial negative network intrusion sample data matched with a second target intrusion path identification result;
Deleting the initial negative network intrusion sample data matched with the second target intrusion path identification result from the initial negative network intrusion sample data, and taking the rest initial negative network intrusion sample data as target negative network intrusion sample data.
In a possible implementation manner of the first aspect, the acquiring positive network intrusion sample data includes:
acquiring network intrusion sample data with intrusion knowledge labels set as positive network intrusion sample data; or alternatively
And acquiring network intrusion sample data with intrusion knowledge labels set from a target database as positive network intrusion sample data.
In a possible implementation manner of the first aspect, after the generating the second intrusion path prediction network by performing parameter learning on the neural network model, the method further includes:
acquiring positive network intrusion test data, performing feature derivatization on the positive network intrusion test data based on the feature derivatization strategies, and generating initial negative network intrusion test data;
Generating target negative network intrusion test data based on the plurality of feature derived policies, the initial negative network intrusion test data, and the first intrusion path prediction network;
Performing performance test on the second intrusion path prediction network based on the positive network intrusion test data and the target negative network intrusion test data to generate a performance test result;
when the performance test result does not meet the set requirement, optimizing the second intrusion path prediction network based on the performance test result, and iteratively executing the steps; and
When the performance test result meets the set requirement, deploying the second intrusion path prediction network to a target platform; and
And when the performance test result does not meet the set requirement and the number of the optimization rounds of the second intrusion path prediction network is not smaller than the set number of rounds, acquiring the fed back appointed positive network intrusion sample data and negative network intrusion sample data, and optimizing the second intrusion path prediction network based on the appointed positive network intrusion sample data and the negative network intrusion sample data.
In combination with the second aspect of the present application, an artificial intelligence based network service security protection system is provided, which includes a machine-readable storage medium storing machine executable instructions and a processor, where the processor implements the aforementioned artificial intelligence based network service security protection method when executing the machine executable instructions.
In combination with the third aspect of the present application, there is provided a computer readable storage medium having stored therein computer executable instructions that, when executed, implement the aforementioned artificial intelligence based network service security protection method.
In combination with any one of the aspects, the application generates the initial negative network intrusion sample data by acquiring the positive network intrusion sample data and carrying out feature derivatization on the positive network intrusion sample data based on a plurality of feature derivatization strategies, so that the data set is enriched, the model can learn more diversified data, the complexity and the authenticity of the data are enhanced through the feature derivatization strategies, and the generalization capability of the model is improved. And secondly, performing parameter learning on the neural network model by utilizing positive network intrusion sample data and initial negative network intrusion sample data to generate a first intrusion path prediction network, so that the characteristics of network intrusion behaviors can be effectively learned, and a foundation is provided for subsequent network intrusion detection and protection. Further, target negative network intrusion sample data is generated based on the plurality of feature derived policies, the initial negative network intrusion sample data, and the first intrusion path prediction network. The target negative network intrusion sample data is closer to a real network intrusion scene, so that higher-quality training data is provided for the model, and the prediction accuracy of the model is further improved. Finally, parameter learning is carried out on the neural network model by utilizing the positive network intrusion sample data and the target negative network intrusion sample data again, and a second intrusion path prediction network is generated. The network optimizes and promotes the training data with higher quality on the basis of inheriting the learning capability of the first intrusion path prediction network, and can more accurately predict the path of network intrusion. Based on the prediction result of the network, the accurate safety protection treatment of the network service can be realized, and the safety and stability of the network system are effectively improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that other related drawings may be obtained by those skilled in the art without the inventive effort in combination with these drawings.
Fig. 1 is a schematic flow chart of an artificial intelligence-based network service security protection method according to an embodiment of the present application.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the invention, are within the scope of the invention in light of the embodiments of the present invention.
The terms first, second and the like in the description and in the claims and in the above-described figures are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, apparatus, article, or article that comprises a list of steps or elements is not limited to only those listed steps or elements but may alternatively include other steps or elements not listed or may alternatively include other steps or elements inherent to such process, method, article, or article.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
Fig. 1 is a flow chart illustrating an artificial intelligence based network service security protection method according to an embodiment of the present application, and it should be understood that, in other embodiments, the order of part of the steps in the artificial intelligence based network service security protection method according to the present application may be shared with each other according to actual needs, or part of the steps may be omitted or maintained. The network service safety protection method based on artificial intelligence comprises the following steps:
Step S110, positive network intrusion sample data are obtained, feature derivatization is carried out on the positive network intrusion sample data based on a plurality of feature derivatization strategies, and initial negative network intrusion sample data are generated, wherein the positive network intrusion sample data are sensitive data intrusion events.
In detail, the positive network intrusion sample data refer to those data samples that have been confirmed to contain network intrusion behavior. The positive network intrusion sample data generally contains information such as network traffic, system logs, behavior patterns and the like when an attacker executes malicious activities, and is key data for analyzing network intrusion behaviors and training a security model. For example, a network security team of an enterprise may have captured from its network monitoring system a series of abnormal network packets that indicate unauthorized remote access attempts, the spread of malware, or the illegal exportation of sensitive data. These packets, which are identified as network intrusion behavior, constitute positive network intrusion sample data.
The feature deriving strategy is a data processing method, and the expression capability of the data set is enhanced by transforming, combining or generating new features in the original data to extract more useful information. In the field of network intrusion detection, feature derived strategies can help models better identify intrusion behavior hidden in complex network traffic. For example, assume that there is a positive network intrusion pattern data that includes a source IP address for use by an attacker. One feature derivation strategy might be to transform this IP address, such as to translate it into the network segment to which it belongs, or to generate new features based on the geographic location information of the IP address. In this way, even if an attacker replaces a specific IP address, the attack belonging to the same network segment or geographic location can still be effectively identified by the model.
Feature derivation is the process of processing the original data based on feature derivation strategies, by transforming, combining or generating new features from features in the data, a richer and discriminative dataset is obtained. This process aims to improve the performance of the machine learning model, enabling it to better learn and identify potential patterns in the data. For example, in the context of network intrusion detection, feature derivation may include processing features such as time stamps, source/destination IP addresses, port numbers, etc. in network traffic data. For example, the time stamp may be converted to a time period of day (e.g., morning, afternoon, evening), or the geographic distance between two IP addresses may be calculated as a new feature. These derived features help the model more accurately identify network intrusion behavior.
The initial negative network intrusion sample data refer to data samples which are similar to normal or benign network behaviors in appearance and are generated from positive network intrusion sample data after feature derivation processing. These initial negative network intrusion sample data are similar in character to positive data, but do not actually contain actual intrusion behavior and are therefore labeled "negative". They play an important role in the training process of the network intrusion detection model, and can help the model learn to distinguish real intrusion behavior from normal network activities. For example, assume that there is a set of positive network intrusion sample data that contains a particular network attack pattern. By applying the feature derived policy, a set of data samples that are similar in characteristics to such attack patterns, but in fact normal network behavior, can be generated as initial negative network intrusion sample data. These negative data are used along with the positive data during the training process to help the model learn to recognize the true aggression and ignore those network activities that appear suspicious but are in fact normal.
The sensitive data intrusion events refer to those network attack events directed to sensitive information within an enterprise or organization (e.g., customer profiles, financial data, business secrets, etc.). Such events are often highly risky and potentially lossy, as once sensitive data is compromised or tampered with, serious financial loss, legal liability, and reputation damage may be inflicted on the business. For example, a database of a home electronics sub-business company is subject to hacking, resulting in leakage of credit card information for a large number of customers. This is a typical sensitive data intrusion event because it involves the illegal acquisition of sensitive information, such as customer privacy and financial security. In this example, the network traffic, system log, etc. data generated during hacking can be analyzed and model trained as positive network intrusion sample data.
Thus, in this embodiment, the network service security protection system based on artificial intelligence acts as a server to receive a batch of historical positive network intrusion sample data from the enterprise network, which records past sensitive data leakage events. In order to expand the set of historical positive network intrusion samples and to enhance the generalization ability of the model, the server needs to generate initial negative network intrusion sample data from these historical positive network intrusion sample data.
For example, the server extracts positive network intrusion sample data from a Security Information Event Management (SIEM) system or similar security log repository. And, based on knowledge and experience of the network expert, the server determines a plurality of feature-derived policies that may include changing the source IP address, destination port number, type of attack payload, etc. of the intrusion to simulate different intrusion scenarios.
The server then applies these feature derived policies to each positive network intrusion sample data, generating initial negative network intrusion sample data by changing specific attributes (e.g., IP address, port, protocol type, etc.) in the positive network intrusion sample data. These initial negative network intrusion sample data appear similar to legitimate or benign behavior in network traffic, but are actually marked as potential intrusion behavior.
Step S120, performing parameter learning on the neural network model based on the positive network intrusion sample data and the initial negative network intrusion sample data to generate a first intrusion path prediction network.
In this embodiment, the server already has a set of positive network intrusion sample data and initial negative network intrusion sample data, and now needs to train a neural network model to identify network intrusion behavior.
For example, the server integrates the positive network intrusion sample data and the initial negative network intrusion sample data into one training dataset and ensures that the data is correctly marked (positive or negative).
The server selects an appropriate neural network model structure, such as a Convolutional Neural Network (CNN) or a Recurrent Neural Network (RNN), to process the time-series characteristics or complex patterns of network traffic data. The server then trains the neural network model using the training data set, adjusts model parameters via a back propagation algorithm to minimize the difference between model predictions and real tags, generating a first intrusion path prediction network.
Step S130, generating target negative network intrusion sample data based on the plurality of feature derived policies, the initial negative network intrusion sample data, and the first intrusion path prediction network.
After the initial training is completed, the server may wish to further enhance the performance of the model by improving the quality of the negative network intrusion sample data.
For example, the server fine-tunes the initial negative network intrusion sample data using the plurality of feature-derived policies defined in step S110 and the prediction results of the first intrusion path prediction network to generate target negative network intrusion sample data that is more realistic and more difficult to distinguish by the current model.
The generated target negative network intrusion sample data is ensured to be not similar to the positive data too, and the hidden intrusion mode possibly occurring in the actual network environment can be reflected through a certain verification flow.
Step S140, based on the positive network intrusion sample data and the target negative network intrusion sample data, performing parameter learning on a neural network model to generate a second intrusion path prediction network, performing intrusion path prediction on any target network intrusion data based on the second intrusion path prediction network, and performing network service security protection processing according to the intrusion path data obtained by prediction.
The server now has optimized positive network intrusion sample data and target negative network intrusion sample data ready to train the final intrusion path prediction network.
The server combines the new target negative network intrusion sample data with the positive network intrusion sample data to create a more comprehensive, representative training data set. The server retrains the neural network model using the updated training data set, adjusts parameters to learn the new data distribution and intrusion pattern, and generates a second intrusion path prediction network.
After training is completed, the server can use the second intrusion path prediction network to monitor and predict the intrusion path in real time for any input network traffic data. Upon detection of a potential intrusion, the system will trigger corresponding security safeguards such as quarantining suspicious traffic, raising an alarm to notify a network administrator, etc.
Based on the steps, the positive network intrusion sample data is obtained, and is subjected to feature derivatization based on a plurality of feature derivatization strategies, so that initial negative network intrusion sample data is generated, a data set is enriched, a model can learn more diversified data, the complexity and the authenticity of the data are enhanced through the feature derivatization strategies, and the generalization capability of the model is improved. And secondly, performing parameter learning on the neural network model by utilizing positive network intrusion sample data and initial negative network intrusion sample data to generate a first intrusion path prediction network, so that the characteristics of network intrusion behaviors can be effectively learned, and a foundation is provided for subsequent network intrusion detection and protection. Further, target negative network intrusion sample data is generated based on the plurality of feature derived policies, the initial negative network intrusion sample data, and the first intrusion path prediction network. The target negative network intrusion sample data is closer to a real network intrusion scene, so that higher-quality training data is provided for the model, and the prediction accuracy of the model is further improved. Finally, parameter learning is carried out on the neural network model by utilizing the positive network intrusion sample data and the target negative network intrusion sample data again, and a second intrusion path prediction network is generated. The network optimizes and promotes the training data with higher quality on the basis of inheriting the learning capability of the first intrusion path prediction network, and can more accurately predict the path of network intrusion. Based on the prediction result of the network, the accurate safety protection treatment of the network service can be realized, and the safety and stability of the network system are effectively improved.
In one possible implementation manner, the generating target negative network intrusion sample data based on the plurality of feature derived policies, the initial negative network intrusion sample data, and the first intrusion path prediction network includes:
and determining initial negative network intrusion sample data corresponding to each feature derived policy in the feature derived policies.
And inputting the initial negative network intrusion sample data corresponding to each characteristic derivative strategy into the first intrusion path prediction network, and generating an intrusion path identification result of the initial negative network intrusion sample data corresponding to each characteristic derivative strategy.
And generating target negative network intrusion sample data based on intrusion path identification results of the initial negative network intrusion sample data corresponding to each characteristic derivative strategy.
In one possible implementation manner, the generating the target negative network intrusion sample data based on the intrusion path identification result of the initial negative network intrusion sample data corresponding to each feature derivative policy includes:
And determining a target feature derived policy from the feature derived policies based on intrusion path identification results of the initial negative network intrusion sample data corresponding to each feature derived policy.
And performing feature derivation on the positive network intrusion sample data based on the target feature derivation strategy to generate target negative network intrusion sample data.
In one possible implementation manner, the determining, based on the intrusion path identification result of the initial negative network intrusion sample data corresponding to each feature derivation policy, a target feature derivation policy from the plurality of feature derivation policies includes:
and determining the intrusion path recognition result of the initial negative network intrusion sample data corresponding to each characteristic derivative strategy as the duty ratio parameter of the first target intrusion path recognition result.
And when the duty ratio parameter is not smaller than the threshold duty ratio parameter, determining each characteristic deriving strategy as a target characteristic deriving strategy.
In one possible implementation manner, the generating the target negative network intrusion sample data based on the intrusion path identification result of the initial negative network intrusion sample data corresponding to each feature derivative policy includes:
and determining target negative network intrusion sample data from the initial negative network intrusion sample data based on intrusion path identification results of the initial negative network intrusion sample data corresponding to each characteristic derivative strategy.
In one possible implementation manner, the determining, based on the intrusion path identification result of the initial negative network intrusion sample data corresponding to each feature derivation policy, target negative network intrusion sample data from the initial negative network intrusion sample data includes:
And determining an intrusion path identification result of the initial negative network intrusion sample data corresponding to each characteristic derivative strategy, and the initial negative network intrusion sample data matched with the second target intrusion path identification result.
Deleting the initial negative network intrusion sample data matched with the second target intrusion path identification result from the initial negative network intrusion sample data, and taking the rest initial negative network intrusion sample data as target negative network intrusion sample data.
In one possible implementation manner, the acquiring positive network intrusion sample data includes:
and acquiring network intrusion sample data with the intrusion knowledge labels set as positive network intrusion sample data. Or alternatively
And acquiring network intrusion sample data with intrusion knowledge labels set from a target database as positive network intrusion sample data.
In one possible implementation manner, after the parameter learning of the neural network model generates the second intrusion path prediction network, the method further includes:
And acquiring positive network intrusion test data, performing feature derivatization on the positive network intrusion test data based on the feature derivatization strategies, and generating initial negative network intrusion test data.
Generating target negative network intrusion test data based on the plurality of feature derived policies, the initial negative network intrusion test data, and the first intrusion path prediction network.
And performing performance test on the second intrusion path prediction network based on the positive network intrusion test data and the target negative network intrusion test data to generate a performance test result.
And when the performance test result does not meet the set requirement, optimizing the second intrusion path prediction network based on the performance test result, and iteratively executing the steps. And
And when the performance test result meets the set requirement, deploying the second intrusion path prediction network to a target platform. And
And when the performance test result does not meet the set requirement and the number of the optimization rounds of the second intrusion path prediction network is not smaller than the set number of rounds, acquiring the fed back appointed positive network intrusion sample data and negative network intrusion sample data, and optimizing the second intrusion path prediction network based on the appointed positive network intrusion sample data and the negative network intrusion sample data.
In the above embodiments, an artificial intelligence based network service security guard system for performing the above method embodiments has at least one processor, a control module (chipset) coupled to at least one of the (at least one) processors, memory coupled to the control module, non-volatile memory (NVM)/storage coupled to the control module, at least one input/output device coupled to the control module, and a network interface coupled to the control module.
The processor may include at least one single-core or multi-core processor, which may include any combination of general-purpose processors or special-purpose processors (e.g., graphics processors, application processors, baseband processors, etc.). For some alternative implementations, an artificial intelligence based network service security protection system can be used as an artificial intelligence based network service security protection system device such as a gateway as described in embodiments of the present application.
For some alternative embodiments, an artificial intelligence based network service security guard system may include at least one computer-readable medium (e.g., memory or NVM/storage) having instructions and at least one processor, in conjunction with the at least one computer-readable medium, configured to execute the instructions to implement the modules to perform the actions described in this disclosure.
For one embodiment, the control module may include any suitable interface controller to provide any suitable interface to at least one of the (at least one) processor and/or any suitable device or component in communication with the control module.
The control module may include a memory controller module to provide an interface to the memory. The memory controller modules may be hardware modules, software modules, and/or firmware modules.
The memory may be used to load and store data and/or instructions for, for example, an artificial intelligence based network services security protection system. For one embodiment, the memory may comprise any suitable volatile memory, such as a suitable DRAM.
For one embodiment, the control module may include at least one input/output controller to provide an interface to the NVM/storage device and the (at least one) input/output device.
For example, NVM/storage may be used to store data and/or instructions. The NVM/storage may include any suitable non-volatile memory (e.g., flash memory) and/or may include any suitable (at least one) non-volatile storage (e.g., at least one Hard Disk Drive (HDD), at least one Compact Disc (CD) drive, and/or at least one Digital Versatile Disc (DVD) drive).
The NVM/storage may include a storage resource that is physically part of the device on which the artificial intelligence-based network services security protection system is installed, or it may be accessible by the device, but may not be necessary as part of the device. For example, the NVM/storage may be accessed via (at least one) input/output device(s) depending on the network.
The (at least one) input/output device may provide an interface for an artificial intelligence based network service security protection system to communicate with any other suitable device, which may include a communication component, pinyin component, sensor component, and the like. The network interface may provide an interface for the artificial intelligence based network services security protection system to communicate in accordance with at least one network, and the artificial intelligence based network services security protection system may communicate wirelessly with at least one component of the wireless network in accordance with any of at least one wireless network standard and/or protocol, such as accessing the wireless network in accordance with the communication standard.
For one embodiment, at least one of the (at least one) processor(s) may be loaded with logic of at least one controller of the control module (e.g., a memory controller module). For one embodiment, at least one of the (at least one) processor may be loaded together with logic of at least one controller of the control module to form a system level load. For one embodiment, at least one of the (at least one) processor may be integrated on the same die as logic of at least one controller of the control module. For one embodiment, at least one of the (at least one) processor may be integrated on the same die with logic of at least one controller of the control module to form a system on chip (SoC).
The foregoing has outlined rather broadly the more detailed description of embodiments of the application, wherein the principles and embodiments of the application are explained in detail using specific examples, the above examples being provided solely to facilitate the understanding of the method and core concepts of the application; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.
The embodiment of the invention discloses a computer-readable storage medium storing a computer program for electronic data exchange, wherein the computer program causes a computer to execute the steps in the network service security protection method based on artificial intelligence.
Embodiments of the present invention disclose a computer program product comprising a non-transitory computer readable storage medium storing a computer program, and the computer program is operable to cause a computer to perform the steps of the artificial intelligence based network service security protection method described in the previous embodiments.
The apparatus embodiments described above are merely illustrative, wherein the modules illustrated as separate components may or may not be physically separate, and the components shown as modules may or may not be physical, i.e., may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above detailed description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course by means of hardware. Based on such understanding, the foregoing technical solutions may be embodied essentially or in part in the form of a software product that may be stored in a computer-readable storage medium including Read-Only Memory (ROM), random-access Memory (RandomAccess Memory, RAM), programmable-Only Memory (Programmable Read-Only Memory, PROM), erasable programmable-Read-Only Memory (ErasableProgrammable Read Only Memory, EPROM), one-time-programmable-Read-Only Memory (OTPROM), electrically erasable programmable-Read-Only Memory (EEPROM), compact disc Read-Only Memory (CD-ROM) or other optical disc Memory, magnetic disk Memory, tape Memory, or any other medium that can be used for carrying or storing data that is readable by a computer.
Finally, it should be noted that: the above disclosure is only illustrative of the preferred embodiments of the present invention, and is not to be construed as limiting the scope of the invention; although the invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that; the technical scheme recorded in the various embodiments can be modified or part of technical features in the technical scheme can be replaced equivalently; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.
Claims (10)
1. An artificial intelligence based network service security protection method, which is applied to an artificial intelligence based network service security protection system, the method comprising:
Acquiring positive network intrusion sample data, performing feature derivatization on the positive network intrusion sample data based on a plurality of feature derivatization strategies, and generating initial negative network intrusion sample data, wherein the positive network intrusion sample data is a sensitive data intrusion event;
based on the positive network intrusion sample data and the initial negative network intrusion sample data, performing parameter learning on a neural network model to generate a first intrusion path prediction network;
Generating target negative network intrusion sample data based on the plurality of feature derived policies, the initial negative network intrusion sample data, and the first intrusion path prediction network;
And based on the positive network intrusion sample data and the target negative network intrusion sample data, performing parameter learning on a neural network model to generate a second intrusion path prediction network, performing intrusion path prediction on any target network intrusion data based on the second intrusion path prediction network, and performing network service security protection processing according to the intrusion path data obtained by prediction.
2. The artificial intelligence based network service security protection method of claim 1, the generating target negative network intrusion sample data based on the plurality of feature derived policies, the initial negative network intrusion sample data, and the first intrusion path prediction network, comprising:
determining initial negative network intrusion sample data corresponding to each feature derived policy in the feature derived policies;
Inputting the initial negative network intrusion sample data corresponding to each characteristic derivative strategy into the first intrusion path prediction network, and generating intrusion path identification results of the initial negative network intrusion sample data corresponding to each characteristic derivative strategy;
And generating target negative network intrusion sample data based on intrusion path identification results of the initial negative network intrusion sample data corresponding to each characteristic derivative strategy.
3. The network service security protection method based on artificial intelligence according to claim 2, wherein the generating the target negative network intrusion sample data based on the intrusion path recognition result of the initial negative network intrusion sample data corresponding to each feature derived policy includes:
Determining a target feature derived policy from the feature derived policies based on intrusion path recognition results of the initial negative network intrusion sample data corresponding to each feature derived policy;
And performing feature derivation on the positive network intrusion sample data based on the target feature derivation strategy to generate target negative network intrusion sample data.
4. The network service security protection method based on artificial intelligence according to claim 3, wherein the determining a target feature derived policy from the plurality of feature derived policies based on the intrusion path recognition result of the initial negative network intrusion sample data corresponding to each feature derived policy comprises:
Determining an intrusion path identification result of initial negative network intrusion sample data corresponding to each characteristic derivative strategy as a duty ratio parameter of a first target intrusion path identification result;
And when the duty ratio parameter is not smaller than the threshold duty ratio parameter, determining each characteristic deriving strategy as a target characteristic deriving strategy.
5. The network service security protection method based on artificial intelligence according to claim 2, wherein the generating the target negative network intrusion sample data based on the intrusion path recognition result of the initial negative network intrusion sample data corresponding to each feature derived policy includes:
and determining target negative network intrusion sample data from the initial negative network intrusion sample data based on intrusion path identification results of the initial negative network intrusion sample data corresponding to each characteristic derivative strategy.
6. The network service security protection method based on artificial intelligence according to claim 5, wherein the determining target negative network intrusion sample data from the initial negative network intrusion sample data based on the intrusion path identification result of the initial negative network intrusion sample data corresponding to each feature derivative policy comprises:
Determining an intrusion path identification result of initial negative network intrusion sample data corresponding to each characteristic derivative strategy, and initial negative network intrusion sample data matched with a second target intrusion path identification result;
Deleting the initial negative network intrusion sample data matched with the second target intrusion path identification result from the initial negative network intrusion sample data, and taking the rest initial negative network intrusion sample data as target negative network intrusion sample data.
7. The artificial intelligence based network service security protection method of claim 1, wherein the acquiring positive network intrusion sample data comprises:
acquiring network intrusion sample data with intrusion knowledge labels set as positive network intrusion sample data; or alternatively
And acquiring network intrusion sample data with intrusion knowledge labels set from a target database as positive network intrusion sample data.
8. The network service security protection method based on artificial intelligence according to claim 1, wherein after the parameter learning of the neural network model to generate the second intrusion path prediction network, the method further comprises:
acquiring positive network intrusion test data, performing feature derivatization on the positive network intrusion test data based on the feature derivatization strategies, and generating initial negative network intrusion test data;
Generating target negative network intrusion test data based on the plurality of feature derived policies, the initial negative network intrusion test data, and the first intrusion path prediction network;
Performing performance test on the second intrusion path prediction network based on the positive network intrusion test data and the target negative network intrusion test data to generate a performance test result;
when the performance test result does not meet the set requirement, optimizing the second intrusion path prediction network based on the performance test result, and iteratively executing the steps; and
When the performance test result meets the set requirement, deploying the second intrusion path prediction network to a target platform; and
And when the performance test result does not meet the set requirement and the number of the optimization rounds of the second intrusion path prediction network is not smaller than the set number of rounds, acquiring the fed back appointed positive network intrusion sample data and negative network intrusion sample data, and optimizing the second intrusion path prediction network based on the appointed positive network intrusion sample data and the negative network intrusion sample data.
9. An artificial intelligence based network service security protection system comprising a processor and a computer readable storage medium having stored therein machine executable instructions that when executed by a computer implement the artificial intelligence based network service security protection method of any one of claims 1-8.
10. A computer readable storage medium having stored therein machine executable instructions which when executed by a computer implement the artificial intelligence based network service security protection method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410453895.8A CN118101324A (en) | 2024-04-16 | 2024-04-16 | Network service safety protection method and system based on artificial intelligence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410453895.8A CN118101324A (en) | 2024-04-16 | 2024-04-16 | Network service safety protection method and system based on artificial intelligence |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118101324A true CN118101324A (en) | 2024-05-28 |
Family
ID=91156493
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410453895.8A Withdrawn CN118101324A (en) | 2024-04-16 | 2024-04-16 | Network service safety protection method and system based on artificial intelligence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118101324A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119066506A (en) * | 2024-09-03 | 2024-12-03 | 广州天成网络技术有限公司 | Data processing method and system for data center construction |
-
2024
- 2024-04-16 CN CN202410453895.8A patent/CN118101324A/en not_active Withdrawn
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119066506A (en) * | 2024-09-03 | 2024-12-03 | 广州天成网络技术有限公司 | Data processing method and system for data center construction |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110399925B (en) | Account risk identification method, device and storage medium | |
| CN111931166B (en) | Application anti-attack method and system based on code injection and behavior analysis | |
| CN107888554B (en) | Method and device for detecting server attack | |
| CN118536093B (en) | Data security tracing method, system and device based on artificial intelligence | |
| Ussath et al. | Identifying suspicious user behavior with neural networks | |
| CN107169499A (en) | A kind of Risk Identification Method and device | |
| CN110162958B (en) | Method, apparatus and recording medium for calculating comprehensive credit score of device | |
| CN118101324A (en) | Network service safety protection method and system based on artificial intelligence | |
| Mihailescu et al. | Unveiling threats: Leveraging user behavior analysis for enhanced cybersecurity | |
| CN119449475A (en) | Industrial control intrusion detection method and system based on ATT & CK framework | |
| CN106375303A (en) | Attack defense method and apparatus | |
| CN114978474B (en) | A method and system for automatically handling user chat risk levels | |
| CN119094152B (en) | Privacy access control method and system in Internet of things environment | |
| US12028376B2 (en) | Systems and methods for creation, management, and storage of honeyrecords | |
| CN119047836A (en) | Asset risk assessment method and device for power monitoring system, terminal equipment and storage medium | |
| KR102471731B1 (en) | A method of managing network security for users | |
| CN110958236A (en) | Dynamic authorization method of operation and maintenance auditing system based on risk factor insight | |
| CN116963072A (en) | Fraud user early warning method and device, electronic equipment and storage medium | |
| CN117118658A (en) | Data processing method, device, equipment, medium and program product | |
| CN118200022B (en) | Data encryption method and system based on malicious attacks on big data networks | |
| CN119652667B (en) | Network information threat countermeasure method and system | |
| CN118939622B (en) | Knowledge base cloud sharing method for enterprises based on AI large model | |
| Rahal et al. | Fuse and Federate: Enhancing EV Charging Station Security with Multimodal Fusion and Federated Learning | |
| CN119496640A (en) | A data detection and processing method and system for network security of a ticketing platform | |
| HK40016958A (en) | Two-dimensional code risk identification method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20240528 |