CN114168743A - Network defense intention recognition and analysis method, equipment and medium based on knowledge graph - Google Patents

Network defense intention recognition and analysis method, equipment and medium based on knowledge graph Download PDF

Info

Publication number
CN114168743A
CN114168743A CN202111399441.XA CN202111399441A CN114168743A CN 114168743 A CN114168743 A CN 114168743A CN 202111399441 A CN202111399441 A CN 202111399441A CN 114168743 A CN114168743 A CN 114168743A
Authority
CN
China
Prior art keywords
intention
network
defense
network defense
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111399441.XA
Other languages
Chinese (zh)
Inventor
冯中华
秦晓娜
滕鹏国
谭平嶂
黄兴
许光利
王梦寒
臧立成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN202111399441.XA priority Critical patent/CN114168743A/en
Publication of CN114168743A publication Critical patent/CN114168743A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/36Creation of semantic tools, e.g. ontology or thesauri
    • G06F16/367Ontology
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/205Parsing
    • G06F40/216Parsing using statistical methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/237Lexical tools
    • G06F40/242Dictionaries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/268Morphological analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/279Recognition of textual entities
    • G06F40/284Lexical analysis, e.g. tokenisation or collocates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/279Recognition of textual entities
    • G06F40/289Phrasal analysis, e.g. finite state techniques or chunking
    • G06F40/295Named entity recognition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/047Probabilistic or stochastic networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2216/00Indexing scheme relating to additional aspects of information retrieval not explicitly covered by G06F16/00 and subgroups
    • G06F2216/03Data mining

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computational Linguistics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Computing Systems (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Biophysics (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Molecular Biology (AREA)
  • Evolutionary Computation (AREA)
  • Biomedical Technology (AREA)
  • Probability & Statistics with Applications (AREA)
  • Virology (AREA)
  • Animal Behavior & Ethology (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a method, equipment and a medium for identifying and analyzing network defense intentions based on a knowledge graph, wherein the method comprises the following steps: text mining: mining entities and relations in the network defense intention through text word segmentation and named entity recognition; correlation analysis: mapping different phrases in the network defense intention to corresponding entities in the security configuration knowledge graph by means of the security configuration knowledge graph, and selecting associated attributes in noun entities according to the capability requirements in the entities; resolving and rectifying deviation: and performing combined traversal according to the relevant attributes in each entity to form the configuration intention facing the equipment. The invention not only can realize the automatic conversion of the network configuration intention to the network defense strategy, assist the intelligent generation of the network defense strategy and improve the quick response to the network threat, but also can provide better technical support for the construction of an intelligent defense system of an information system and improve the defense efficiency of the system.

Description

Network defense intention recognition and analysis method, equipment and medium based on knowledge graph
Technical Field
The invention relates to the technical field of network security intelligent defense, in particular to a knowledge graph-based network defense intention identification and analysis method, equipment and medium.
Background
With the continuous development and evolution of information technology, a series of new problems are met by the current network information system under the promotion of the trend of new technology revolution: on one hand, the network scale of the current information system is gradually enlarged along with the informatization construction, the types and the quantity of information system equipment are also continuously increased, and great pressure is brought to the development of system configuration operation and maintenance work; on the other hand, in view of the current situation of information system security management, the conventional security configuration process is usually event-driven, that is, configuration updating of a system defense strategy is performed after a threat attack event occurs, which has a certain hysteresis and is difficult to block the threat attack in time. Meanwhile, the security configuration process is mainly completed through manual configuration, and the manual configuration mode not only has higher technical requirements on security protection personnel, but also enables the security protection personnel to be tired of dealing with complicated equipment configuration tasks, ignores understanding of network defense intentions, causes low configuration efficiency and high error rate, and thus limits the exertion of network defense efficiency.
In addition, the development and evolution of advanced information technologies such as artificial intelligence, machine learning, neural network and the like promote the development of a network information system towards the trend of networking and intellectualization, and the development of a network security defense system towards the direction of intellectualization is also driven. Therefore, by combining the current security situation, the subjective initiative of people is utilized to analyze and predict the threat attack trend, and by utilizing technologies such as natural language processing and machine learning, defense tasks in different forms are intelligently identified and analyzed and are quickly converted into security equipment configuration requirements executable by a machine, so that advance defense is realized, and the security risk of the system is managed and controlled as soon as possible, which is inevitable.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention focuses more on the comprehension and interpretation of the defense intention of the information system, and provides a network defense intention identification and analysis method, equipment and medium based on a knowledge graph.
The technical scheme adopted by the invention is as follows:
a network defense intention recognition and analysis method based on a knowledge graph comprises the following steps:
text mining: mining entities and relations in the network defense intention through text word segmentation and named entity recognition, wherein the text word segmentation comprises the step of segmenting input network defense intention sentences, and different tokens are generated in different word segmentation modes; the named entity recognition comprises the steps of obtaining word embedding representation through a pre-trained BERT model, then embedding the word into an input part-of-speech tagging model to obtain word segmentation results and part-of-speech tagging, and accordingly decomposing a network defense intention text into a word group with basic meaning; the part-of-speech tagging model is based on a BI-LSTM-CRF (bidirectional long-short term memory network) and a conditional random field;
correlation analysis: mapping different phrases in the network defense intention to corresponding entities in the security configuration knowledge graph by means of the security configuration knowledge graph, and selecting associated attributes in noun entities according to the capability requirements in the entities;
resolving and rectifying deviation: and performing combined traversal according to the relevant attributes in each entity to form the configuration intention facing the equipment.
Further, embedding the words into the input part-of-speech tagging model in the text mining to obtain word segmentation results and part-of-speech tagging comprises: inputting the processed single character sequence data into the part-of-speech tagging model for training, and learning the relationship between the character and the output label; the BI-LSTM in the part of speech tagging model records context information, and a new vector representation of the current word is calculated according to the co-training of the context information, wherein the vector dimension of the output word or word is related to the number of neural units in the neural network.
Further, the correlation analysis includes: and performing association analysis by means of the relationship between the security configuration knowledge graph and the network defense intention context, performing association matching on the identified network defense intention action and the capability of equipment in the security configuration knowledge graph, automatically combing out equipment information required by the network defense intention, realizing deep association between the entity in the network defense intention and the network environment and the security knowledge, and finally realizing detailed decomposition of the network defense intention.
Further, the entity of the text mining output is 'full network', and the action is 'security check'; and the association analysis is based on the identified entities and actions, safety configuration knowledge map query and dictionary query are carried out, action sets and entity sets of the next level are obtained, wherein the entity sets of the whole network comprise a user subnet 1, a user subnet 2, a user subnet 3, a user subnet n, and action sets of safety check comprise vulnerability scanning and virus killing, each action is positioned to equipment for executing the operation in a certain area, and finally, a network defense intention clause set is generated by adding a plurality of connecting words.
Further, the equipment for executing vulnerability scanning comprises a vulnerability scanning system, and the equipment for executing virus checking and killing comprises a virus difference lying system.
Further, the resolving the deviation comprises: and recombining the identified and analyzed network defense intents to form an equipment-oriented configuration intention in the form of 'XX operation executed by XX equipment of the XX network', wherein the configuration intention can be audited and rectified through a human-computer interaction interface.
Further, the method also comprises a text processing which is arranged before the text mining and comprises the step of converting various forms of network defense intention data into texts, wherein the various forms of network defense intention data comprise languages, words and actions.
Further, the method for segmenting the input network defense intention sentences in the text mining comprises word segmentation.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the above-described method for network defense intent recognition resolution based on knowledge-graph when the computer program is executed.
A computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the above-described method for network defense intent recognition resolution based on a knowledge-graph.
The invention has the beneficial effects that:
according to the method, the network defense intention is intelligently identified and decomposed by relying on the knowledge graph containing relevant information such as network environment, security equipment, defense capability and deployment characteristics and by utilizing the deep association relation of data in the knowledge graph, and finally the network defense intention can be identified and decomposed into a plurality of sub-intents facing the equipment configuration requirement. The invention can realize the identification and characterization of the security defense task and achieve the human-computer comprehensible and operable degree on one hand, and can assist the intelligent generation of the information system equipment defense strategy on the other hand, thereby improving the quick response capability of the information system to the network threat, providing better technical support for the construction of the information system intelligent defense system and improving the system defense efficiency.
The method can accurately analyze the configuration intention expressed by the natural language into the semantic expression in the network security configuration field, can realize the automatic conversion of the network configuration intention into the network defense strategy, assists the intelligent generation of the network defense strategy, improves the quick response to the network threat, and simultaneously can provide better technical support for the construction of an information system intelligent defense system and improve the system defense efficiency.
Drawings
FIG. 1 is a decomposition model of network defense intent recognition.
FIG. 2 shows a Bi-LSTM-CRF model.
FIG. 3 is a technical architecture of knowledge-graph-based network defense intention recognition decomposition.
Fig. 4 is a network defense intention association analysis process.
FIG. 5 is a diagram of a network defense intention simulation test verification environment.
FIG. 6 is a diagram of an example of network defense intention text mining.
Fig. 7 is a diagram illustrating an example of network defense intention association analysis.
Fig. 8 is a schematic diagram of an example of analyzing and rectifying network defense intentions.
Detailed Description
In order to more clearly understand the technical features, objects, and effects of the present invention, specific embodiments of the present invention will now be described. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The embodiment provides a knowledge graph-based network defense intention recognition and analysis method, which is used for forming a network defense intention aiming at defense requirements of an information system, and realizing the purpose of converting the defense intention into a configuration sub-intention set capable of being specifically operated and executed through the processes of intention intelligent recognition decomposition, conversion and the like. In order to ensure the accuracy of safety configuration, the sub-intentions after identification and decomposition can be rectified. As shown in fig. 1, the network defense intention recognition and analysis method includes:
text mining: and mining entities and relations in the network defense intention through text word segmentation and named entity recognition, wherein the text word segmentation comprises the step of segmenting input network defense intention sentences, and different tokens are generated in different word segmentation modes. As shown in FIG. 2, named entity recognition includes obtaining a word embedding representation through a pre-trained BERT model, and then embedding the word into a part-of-speech tagging model based on BI-LSTM-CRF (bidirectional Long-short term memory network and conditional random field) to obtain word segmentation results and part-of-speech tags, thereby decomposing the network defense intention text into phrases with basic meanings.
Correlation analysis: different phrases in the network defense intention are mapped to corresponding entities in the security configuration knowledge graph by means of the security configuration knowledge graph, and associated attributes in noun entities are selected according to capability requirements in the entities.
Resolving and rectifying deviation: and according to the related attributes in each entity, performing combined traversal to form an equipment-oriented configuration intention in a mode of executing XX operation by XX network XX equipment, realizing the decomposition and refinement of the network defense intention, and forming a corresponding defense sub-intention, wherein the defense sub-intention can be submitted to a safety protection professional for verification.
Preferably, as shown in fig. 3, the network defense intention identifying and parsing method specifically includes the following steps:
text processing: and converting various forms of network defense intention data into texts, wherein the various forms of network defense intention data comprise languages, words and actions.
Text mining: the method realizes the mining of the entities and the relations in the intentions and mainly comprises two parts, namely text word segmentation and named entity identification. The text word segmentation is to segment an input intention sentence, and different tokens are generated in different word segmentation modes. In the embodiment, single word segmentation is adopted, for example, after the word segmentation is carried out on the whole network today, a single word sequence is obtained, and the word sequence is obtained. And the named entity recognition is to input the processed word sequence data into a Bi-LSTM-CRF model for training and to learn the relationship between the word and the output label. The positive and negative bidirectional LSTM in the model records context information, and a new vector representation of the current word is trained and calculated together according to the context information, and the vector dimension of the output word or word is related to the number of neural units in the neural network. The bidirectional LSTM has more advantages and higher accuracy than the traditional recurrent neural network. The entity output by the process is 'whole network', and acts as 'safety check'.
Correlation analysis: and developing association analysis by means of the relation between the security configuration knowledge graph and the defense intention context, associating and matching the identified intention action with the capability of the equipment in the knowledge graph, automatically combing the equipment information required by the network defense intention, realizing deep association between the entity in the intention and the network environment and the security knowledge, and finally realizing detailed decomposition of the network defense intention. As shown in fig. 4, based on the identified entities and actions, a knowledge graph query and a dictionary query are performed to obtain an action set and an entity set of a next level, where the entity set of the "whole network" is "user subnet 1, user subnet 2, user subnet 3, user subnet n", and the action set of the "security check" is "vulnerability scanning, virus killing", and then each action is located to a device in a certain area to perform the operation, and finally an intention clause set is generated by adding some connecting words. Preferably, the device for executing the vulnerability scanning is a vulnerability scanning system, the device for executing the virus searching and killing is a virus difference lying system,
resolving and rectifying deviation: and realizing the generation of the equipment configuration intention and the audit correction. The identification is analyzed to the defense intention to be recombined to form the safety configuration requirement facing the equipment, and the equipment configuration intention after the identification and the decomposition can be audited and corrected manually through a human-computer interaction interface to ensure the correct identification and the decomposition of the input defense.
In order to more clearly understand the identification and decomposition process of the network defense intention, the network defense intention process is shown by constructing 'XX information system virus infection event response handling', and the following requirements are specifically required:
in order to prevent the virus propagation of the user subnet 1 as soon as possible, please take virus infection treatment measures immediately and preferentially perform virus infection treatment on the security target, wherein the treatment steps comprise the following aspects:
carrying out virus blocking on XXX units;
(II) carrying out virus elimination on XXX units;
and (III) carrying out system upgrading on XXX units.
For the above example, a simulated test environment was constructed, as shown in FIG. 5. The whole network defense intention identification parsing process is described as follows:
1. text mining
For the above example of network defense intention, text mining is performed to obtain entity and relationship information, as shown in fig. 6, where:
entity: the user subnet 1, the target is restored, and immediately, virus infection treatment, virus removal, network plugging and system upgrading are carried out;
the relationship is as follows: comprising an apparatus comprising a means;
and (3) excavating results: the user subnet 1 immediately takes virus infection treatment measures; preferentially treating the virus infection of the heavy-protection target; the virus infection treatment measures comprise network plugging, virus removal and system upgrading.
2. Association analysis
According to the network information and the security knowledge relationship in the security configuration knowledge graph, deep association analysis is performed from multiple dimensions such as network relationship, equipment attributes, equipment capabilities and the like, the defense intention is associated to the configuration requirement of the equipment, and for the network defense intention example, the specific process of the network defense intention association analysis is shown in fig. 7.
3. Analytic deviation rectification
According to the network defense intention text mining and correlation analysis results, the network defense intention recognition is decomposed into safety configuration requirements facing each device and listed one by one, and aiming at the network defense intention example, the network defense intention analyzing and correcting process is shown in fig. 8.
It should be noted that, for the sake of simplicity, the present embodiment is described as a series of acts, but those skilled in the art should understand that the present application is not limited by the described order of acts, because some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
Example 2
This example is based on example 1:
the present embodiment provides a computer device including a memory storing a computer program and a processor implementing the steps of the method for knowledge-graph-based network defense intention recognition parsing of embodiment 1 when the processor executes the computer program. The computer program may be in the form of source code, object code, an executable file or some intermediate form, among others.
Example 3
This example is based on example 1:
the present embodiment provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the method for knowledge-graph-based network defense intention recognition parsing of embodiment 1. The computer program may be in the form of source code, object code, an executable file or some intermediate form, among others. The storage medium includes: any entity or device capable of carrying computer program code, recording medium, computer memory, Read Only Memory (ROM), Random Access Memory (RAM), electrical carrier signals, telecommunications signals, software distribution medium, and the like. It should be noted that the storage medium may include contents that are appropriately increased or decreased according to the requirements of legislation and patent practice in the jurisdiction, for example, in some jurisdictions, the storage medium does not include electrical carrier signals and telecommunication signals according to legislation and patent practice.

Claims (10)

1. A network defense intention recognition and analysis method based on a knowledge graph is characterized by comprising the following steps:
text mining: mining entities and relations in the network defense intention through text word segmentation and named entity recognition, wherein the text word segmentation comprises the step of segmenting input network defense intention sentences, and different tokens are generated in different word segmentation modes; the named entity recognition comprises the steps of obtaining word embedding representation through a pre-trained BERT model, then embedding the word into an input part-of-speech tagging model to obtain word segmentation results and part-of-speech tagging, and accordingly decomposing a network defense intention text into a word group with basic meaning; the part-of-speech tagging model is based on a BI-LSTM-CRF (bidirectional long-short term memory network) and a conditional random field;
correlation analysis: mapping different phrases in the network defense intention to corresponding entities in the security configuration knowledge graph by means of the security configuration knowledge graph, and selecting associated attributes in noun entities according to the capability requirements in the entities;
resolving and rectifying deviation: and performing combined traversal according to the relevant attributes in each entity to form the configuration intention facing the equipment.
2. The method for network defense intention recognition and analysis based on knowledge graph as claimed in claim 1, wherein the embedding of words into the input part-of-speech tagging model in the text mining to obtain word segmentation results and part-of-speech tagging comprises: inputting the processed single character sequence data into the part-of-speech tagging model for training, and learning the relationship between the character and the output label; the BI-LSTM in the part of speech tagging model records context information, and a new vector representation of the current word is calculated according to the co-training of the context information, wherein the vector dimension of the output word or word is related to the number of neural units in the neural network.
3. The method of claim 1, wherein the correlation analysis comprises: and performing association analysis by means of the relationship between the security configuration knowledge graph and the network defense intention context, performing association matching on the identified network defense intention action and the capability of equipment in the security configuration knowledge graph, automatically combing out equipment information required by the network defense intention, realizing deep association between the entity in the network defense intention and the network environment and the security knowledge, and finally realizing detailed decomposition of the network defense intention.
4. The method for network defense intention recognition and parsing based on knowledge graph of claim 1, wherein the entity of the text mining output is 'full network' and the action is 'security check'; and the association analysis is based on the identified entities and actions, safety configuration knowledge map query and dictionary query are carried out, action sets and entity sets of the next level are obtained, wherein the entity sets of the whole network comprise a user subnet 1, a user subnet 2, a user subnet 3, a user subnet n, and action sets of safety check comprise vulnerability scanning and virus killing, each action is positioned to equipment for executing the operation in a certain area, and finally, a network defense intention clause set is generated by adding a plurality of connecting words.
5. The knowledge-graph-based network defense intention recognition and analysis method according to claim 4, characterized in that the device for executing vulnerability scanning comprises a vulnerability scanning system, and the device for executing virus antivirus comprises a virus difference lying system.
6. The knowledge-graph-based network defense intention recognition parsing method according to claim 1, wherein the parsing rectification comprises: and recombining the identified and analyzed network defense intents to form an equipment-oriented configuration intention in the form of 'XX operation executed by XX equipment of the XX network', wherein the configuration intention can be audited and rectified through a human-computer interaction interface.
7. The method for knowledge-graph-based network defense intention recognition parsing of claim 1, further comprising a textual process arranged before the text mining, wherein the textual process comprises converting various forms of network defense intention data into text, wherein the various forms of network defense intention data comprise language, words and actions.
8. The knowledge-graph-based network defense intention recognition and parsing method according to claim 1, wherein the manner of segmenting the input network defense intention sentences in the text mining comprises word segmentation.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor when executing the computer program implements the steps of the method of intellectual graph based network defense intent recognition resolution of any of claims 1-8.
10. A computer-readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the method for knowledgegraph-based network defense intent recognition resolution of any of claims 1-8.
CN202111399441.XA 2021-11-19 2021-11-19 Network defense intention recognition and analysis method, equipment and medium based on knowledge graph Pending CN114168743A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111399441.XA CN114168743A (en) 2021-11-19 2021-11-19 Network defense intention recognition and analysis method, equipment and medium based on knowledge graph

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111399441.XA CN114168743A (en) 2021-11-19 2021-11-19 Network defense intention recognition and analysis method, equipment and medium based on knowledge graph

Publications (1)

Publication Number Publication Date
CN114168743A true CN114168743A (en) 2022-03-11

Family

ID=80480201

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111399441.XA Pending CN114168743A (en) 2021-11-19 2021-11-19 Network defense intention recognition and analysis method, equipment and medium based on knowledge graph

Country Status (1)

Country Link
CN (1) CN114168743A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116208514A (en) * 2023-03-21 2023-06-02 西安电子科技大学 Multi-stage attack defending trend prediction method, system, equipment and medium
CN117874755A (en) * 2024-03-13 2024-04-12 中国电子科技集团公司第三十研究所 System and method for identifying hidden network threat users

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116208514A (en) * 2023-03-21 2023-06-02 西安电子科技大学 Multi-stage attack defending trend prediction method, system, equipment and medium
CN116208514B (en) * 2023-03-21 2024-07-16 西安电子科技大学 Multi-stage attack defending trend prediction method, system, equipment and medium
CN117874755A (en) * 2024-03-13 2024-04-12 中国电子科技集团公司第三十研究所 System and method for identifying hidden network threat users
CN117874755B (en) * 2024-03-13 2024-05-10 中国电子科技集团公司第三十研究所 System and method for identifying hidden network threat users

Similar Documents

Publication Publication Date Title
CN110909137A (en) Information pushing method and device based on man-machine interaction and computer equipment
CN108287820A (en) A kind of generation method and device of text representation
CN110705255B (en) Method and device for detecting association relation between sentences
EP3979098A1 (en) Data processing method and apparatus, storage medium, and electronic apparatus
CN114168743A (en) Network defense intention recognition and analysis method, equipment and medium based on knowledge graph
CN111858878B (en) Method, system and storage medium for automatically extracting answer from natural language text
CN116561538A (en) Question-answer scoring method, question-answer scoring device, electronic equipment and storage medium
CN112016300B (en) Pre-training model processing method, pre-training model processing device, downstream task processing device and storage medium
CN111694937A (en) Interviewing method and device based on artificial intelligence, computer equipment and storage medium
CN116737908A (en) Knowledge question-answering method, device, equipment and storage medium
CN113448843B (en) Image recognition software test data enhancement method and device based on defect analysis
CN110717021A (en) Input text and related device for obtaining artificial intelligence interview
CN113742733A (en) Reading understanding vulnerability event trigger word extraction and vulnerability type identification method and device
CN110826325B (en) Language model pre-training method and system based on countermeasure training and electronic equipment
CN111597807B (en) Word segmentation data set generation method, device, equipment and storage medium thereof
JP2019144706A (en) Device, method and program for learning relationship estimation model
CN110765241A (en) Super-outline detection method and device for recommendation questions, electronic equipment and storage medium
CN117251559B (en) Engineering standard specification acquisition method and system based on natural language big model
CN110442858B (en) Question entity identification method and device, computer equipment and storage medium
CN115858776B (en) Variant text classification recognition method, system, storage medium and electronic equipment
CN116483314A (en) Automatic intelligent activity diagram generation method
CN113377962B (en) Intelligent process simulation method based on image recognition and natural language processing
CN115618355A (en) Injection attack result judgment method, device, equipment and storage medium
EP3889802A1 (en) Method and apparatus for image processing, electronic device, computer readable storage medium, and computer program product
CN114358579A (en) Evaluation method, evaluation device, electronic device, and computer-readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination