Disclosure of Invention
The invention provides an internet financial data protection method and a server based on artificial intelligence, and adopts the following technical scheme in order to achieve the technical purpose.
A first aspect is a method for artificial intelligence based internet financial data protection, the method being implemented by a financial data server, the method comprising: identifying quantitative statistical results and relative distribution labels which are respectively matched with a plurality of types of attack event behavior descriptions which are in contact with financial service information attack events in the acquired target digital financial security inspection big data, and comparison characteristics between the attack event behavior descriptions which point to the same financial service information attack events in the plurality of types of attack event behavior descriptions; determining quantitative statistical results of attack event behavior description binary groups pointing to the same financial service information attack events in the attack event behavior descriptions according to the comparison characteristics and the relative distribution labels respectively matched with the attack event behavior descriptions; and determining the quantitative statistical result of the attack event covered in the target digital financial security check big data according to the quantitative statistical result of the attack event behavior description binary group and the quantitative statistical results respectively matched with the attack event behavior descriptions of the plurality of types.
For an independently implementable embodiment, the plurality of types of attack event behavior descriptions carry at least a first attack event behavior description and a second attack event behavior description which respectively reflect different abnormal session behavior links of a financial service information attack event; the method for identifying the quantitative statistical result and the relative distribution label which are respectively matched with a plurality of types of attack event behavior descriptions which are associated with the financial service information attack events in the collected target digital financial security inspection big data and the comparison characteristics between the attack event behavior descriptions which point to the same financial service information attack events in the plurality of types of attack event behavior descriptions comprises the following steps:
and loading the target digital financial security check big data to a digital financial big data analysis network generated according to artificial intelligence, obtaining a first quantitative statistical result and a first relative distribution label matched with a first attack event behavior description contained in the target digital financial security check big data, obtaining a second quantitative statistical result and a second relative distribution label matched with a second attack event behavior description contained in the target digital financial security check big data, and obtaining a target comparison characteristic between the first attack event behavior description and the second attack event behavior description pointing to the same financial service information attack event.
For an independently implementable embodiment, the determining, through the comparison features and the relative distribution labels respectively matched with the plurality of classes of attack event behavior descriptions, a quantitative statistical result of attack event behavior description duplets pointing to the same financial service information attack event in the plurality of classes of attack event behavior descriptions includes:
and determining a quantitative statistical result of an attack event behavior description binary group obtained by splicing the first attack event behavior description and the second attack event behavior description pointing to the same financial service information attack event through the target comparison characteristic, the first relative distribution label and the second relative distribution label.
For an independently implementable embodiment, the determining, according to the quantitative statistical result of the attack event behavior description binary group and the quantitative statistical results that the attack event behavior descriptions of the several classes are respectively matched, the quantitative statistical result of the attack event included in the target digital financial security inspection big data includes:
and determining the quantitative statistical result of the attack event covered in the target digital financial security inspection big data according to the first quantitative statistical result, the second quantitative statistical result and the quantitative statistical result of the attack event behavior description binary group.
For an independently implementable embodiment, the determining the quantitative statistics of the attack event covered in the target digital financial security inspection big data according to the first quantitative statistics, the second quantitative statistics and the quantitative statistics of the attack event behavior description binary comprises:
determining a third quantitative statistical result which is matched with the first attack event behavior description not spliced into the attack event behavior description binary group in the first attack event behavior description covered by the obtained target digital financial security check big data according to the first quantitative statistical result and the quantitative statistical result of the attack event behavior description binary group;
according to the second quantitative statistical result and the quantitative statistical result of the attack event behavior description binary group, determining a fourth quantitative statistical result which is not matched with the second attack event behavior description spliced into the attack event behavior description binary group in the second attack event behavior description covered by the obtained target digital financial security inspection big data;
and determining the third quantitative statistical result, the fourth quantitative statistical result and the summary value of the quantitative statistical results of the attack event behavior description binary group as the quantitative statistical results of the attack events covered in the target digital financial security inspection big data.
For an independently implementable embodiment, the loading the target digital financial security check big data into a digital financial big data analysis network generated according to artificial intelligence, and obtaining a first quantitative statistical result and a first relative distribution tag matched with a first attack event behavior description contained in the target digital financial security check big data comprises:
performing behavior description mining processing on the target digital financial security inspection big data to obtain a corresponding first visual attack behavior description expression matched with the first attack event behavior description;
traversing the mining unit configured in advance on the first visual attack behavior description expression, and determining target attack behavior description knowledge covered in the mining unit configured in advance after traversal and a relative distribution label corresponding to the target attack behavior description knowledge;
after multiple rounds of traversal operations are completed to obtain multiple target attack behavior description knowledge, determining a quantitative statistical result corresponding to the multiple target attack behavior description knowledge as a first quantitative statistical result of the first attack event behavior description, and determining a relative distribution label corresponding to the multiple target attack behavior description knowledge as a first relative distribution label of the first attack event behavior description; the target attack behavior description knowledge comprises attack behavior description knowledge with the highest characteristic value in the mining units configured in advance or attack behavior description knowledge with the characteristic value exceeding a first judgment value.
For an independently implementable embodiment, the determining, through the target alignment feature, the first relative distribution tag, and the second relative distribution tag, a quantitative statistical result of an attack event behavior description binary obtained by splicing a first attack event behavior description and a second attack event behavior description pointing to the same financial service information attack event includes:
taking any one first attack event behavior description in a plurality of first attack event behavior descriptions of the target digital financial security inspection big data as a target first attack event behavior description, and adjusting a first relative distribution label matched with the target first attack event behavior description through a target comparison characteristic matched with the target first attack event behavior description to obtain a relative distribution label estimation result;
determining a target security check data set according to the relative distribution label estimation result, and determining whether a second attack event behavior description exists in the target security check data set;
on the premise that a second attack event behavior description exists in the target security check data set, determining the second attack event behavior description with the minimum difference with the relative distribution tag estimation result as a second attack event behavior description pointing to the same financial service information attack event as the target first attack event behavior description, and optimizing the quantitative statistical result of the recorded attack event behavior description binary group; wherein the first attack event behavior description or the second attack event behavior description comprises a behavior description of a payment information theft event; the first attack event behavior description comprises a behavior description of a payment information stealing event, and the second attack event behavior description comprises a behavior description of a privacy excessive mining event; or the first attack event behavior description comprises a behavior description of an excessive privacy mining event, and the second attack event behavior description comprises a behavior description of a payment information stealing event.
For an independently implementable embodiment, the digital financial big data analysis network comprises a first data analysis subnet, a second data analysis subnet and a comparison characteristic data analysis subnet; the first data analysis subnet is used for analyzing a first quantitative statistical result and a first relative distribution label matched with a first attack event behavior description contained in the target digital financial security inspection big data; the second data analysis sub-network is used for analyzing a second quantitative statistical result and a second relative distribution tag matched with a second attack event behavior description contained in the target digital financial security check big data; the comparison characteristic data analysis subnet is used for analyzing a target comparison characteristic between the first attack event behavior description and the second attack event behavior description which point to the same financial service information attack event.
For one independently implementable embodiment, the debugging step of the digital financial big data analysis network comprises:
collecting a plurality of debugging paradigms carrying authenticated labels; wherein the authenticated tag comprises a first example attack event behavior description, a second example attack event behavior description and a comparison feature between the first example attack event behavior description and the second example attack event behavior description pointing to the same financial transaction information attack event;
analyzing network quality evaluation corresponding to each subnet covered by the network according to the digital financial big data, and determining global network quality evaluation;
and performing cooperative debugging on each subnet covered by the digital financial big data analysis network according to the global network quality evaluation and the debugging paradigm until each subnet meets specified conditions.
A second aspect is a financial data server comprising a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; wherein the computer instructions, when executed by the processor, cause the financial data server to perform the method of the first aspect.
According to an embodiment of the invention, the financial data server may determine, by carpet-type identification of the target digital financial security inspection big data, a quantitative statistical result matched with a plurality of types of attack event behavior descriptions associated with financial service information attack events and a quantitative statistical result of an attack event behavior description binary group pointing to the same financial service information attack event in the plurality of types of attack event behavior descriptions, and may determine, by the financial data server, a quantitative statistical result of an attack event included in the target digital financial security inspection big data according to the quantitative statistical result of the attack event behavior description binary group and the quantitative statistical result matched with the plurality of types of attack event behavior descriptions. Therefore, when the quantitative statistical result of the attack event is determined, the financial data server can record the quantitative statistical result of the financial service information attack events covered in the target digital financial security inspection big data respectively by taking a plurality of types of attack event behavior descriptions as the reference, can also clean the multi-recorded quantitative statistical result of the attack event, can identify the quantity of the financial service information attack events by means of the plurality of types of attack event behavior descriptions linked with the financial service information attack events, and avoids the quantity identification error of the financial service information attack events caused by intermittent deficiency of part of attack event behavior descriptions; the quantity identification of the financial service information attack events can be carried out by means of the integrity and richness of the target digital financial security check big data, and the quantity identification accuracy and reliability of the financial service information attack events are ensured.
Detailed Description
In the following, the terms "first", "second" and "third", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or to imply that the number of indicated technical features is significant. Thus, a feature defined as "first," "second," or "third," etc., may explicitly or implicitly include one or more of that feature.
Fig. 1 is a schematic flowchart illustrating an artificial intelligence-based internet financial data protection method according to an embodiment of the present invention, where the artificial intelligence-based internet financial data protection method may be implemented by a financial data server, and the financial data server may include a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; wherein the computer instructions, when executed by the processor, cause the financial data server to perform the steps described below.
Step 102, identifying quantitative statistical results and relative distribution labels which are respectively matched with a plurality of types of attack event behavior descriptions which are in contact with financial service information attack events in the collected target digital financial security inspection big data, and comparison characteristics between attack event behavior descriptions which point to the same financial service information attack events in the plurality of types of attack event behavior descriptions. And step 104, determining quantitative statistical results of attack event behavior description binary groups pointing to the same financial service information attack events in the attack event behavior descriptions according to the comparison characteristics and the relative distribution labels respectively matched with the attack event behavior descriptions. And step 106, determining the quantitative statistical result of the attack event covered in the target digital financial security check big data according to the quantitative statistical result of the attack event behavior description binary group and the quantitative statistical results respectively matched with the attack event behavior descriptions of the plurality of types.
For the embodiment of the present invention, the financial data server may first implement step 102, and identify a quantitative statistical result and a relative distribution tag that are respectively matched with a plurality of types of attack event behavior descriptions associated with financial service information attack events in the collected target digital financial security inspection big data, and a comparison characteristic between attack event behavior descriptions pointing to the same financial service information attack event in the plurality of types of attack event behavior descriptions.
In the embodiment of the invention, the target digital financial security inspection big data can be understood as digital financial security inspection big data acquired by combining a digital financial security inspection big data identification thread. Generally, the target digital financial security inspection big data covers a plurality of financial business information attack events. Such as: the target digital financial security inspection big data can be information security records or digital financial security inspection big data acquired by a valid data crawler configured in a financial service scene. The information security record is composed of a plurality of continuous digital financial security inspection big data, and the obtaining idea of the quantitative statistical result of the attack event in the information security record can refer to the obtaining idea of the quantitative statistical result of the attack event in the digital financial security inspection big data. The following explains the concept of obtaining quantitative statistical results of attack events in the digital financial security inspection big data as an example.
When the target digital financial security check big data is collected, the financial data server can be in communication connection with the financial client side so as to load the target digital financial security check big data. Such as: the financial data server can provide a channel for uploading the target digital financial security check big data to be processed for the financial client through a preset interactive interface, so that the financial client can upload the digital financial security check big data. The financial client can finish uploading the target digital financial security check big data according to the channel. After the financial data server collects the target digital financial security check big data, the digital financial security check big data can be loaded into a digital financial big data analysis network for processing. The financial data server may also directly collect the digital financial security inspection big data from the digital financial security inspection big data identification thread, which is not limited in the embodiment of the present invention.
The attack event behavior descriptions of the plurality of types can be understood as the attack event behavior descriptions which are related to the financial service information attack events in the target digital financial security inspection big data. And determining an attack event quantitative statistical result summarized by taking the attack event behavior description as a reference in the target digital financial security inspection big data through any attack event behavior description. Wherein, the attack event behavior description can be understood as an attack event characteristic point.
In specific implementation, the attack event behavior descriptions of the several types can be generally understood as attack event behavior descriptions in financial service items. Such as: the behavior descriptions of the attack events of the several types can include behavior descriptions of payment information stealing events, behavior descriptions of privacy excessive mining events, behavior descriptions of malicious software attack events and the like. Taking the behavior description of the payment information stealing event as an example, by determining the quantitative statistical result (number) of the behavior description of the payment information stealing event covered in the target digital financial security inspection big data, the quantitative statistical result of the attack event summarized based on the behavior description of the payment information stealing event in the target digital financial security inspection big data can be determined.
Viewed from an exemplary perspective, the target digital financial security inspection big data can be loaded into a digital financial big data analysis network with reference debugging to determine attack event behavior description in the target digital financial security inspection big data and record quantitative statistical results. The digital financial big data analysis network can be obtained by means of debugging a plurality of annotation results bound with attack event behavior description. When the debugging paradigm is generated, attack event behavior descriptions contained in the basic digital financial security inspection big data can be bound to obtain an annotation result. Such as: after the basic digital financial security check big data are collected, whether attack behavior description knowledge corresponding to the basic digital financial security check big data is attack event behavior description or not can be respectively determined, if the attack behavior description knowledge is the attack event behavior description, the annotation u can be bound through the binding component, and if not, the annotation v can be bound. The relative distribution labels matched with the attack event behavior descriptions can be relative distribution labels of the attack event behavior descriptions in target digital financial security check big data or visual attack behavior description expressions corresponding to the target digital financial security check big data (the visual attack behavior description expressions are digital financial security check big data obtained by performing multi-round behavior description mining on the target digital financial security check big data). For example, the relative distribution tag may be understood as a relative area relationship, and the comparison characteristic may be understood as a relative distribution tag comparison characteristic between attack event behavior descriptions pointing to the same financial service information attack event in the plurality of types of attack event behavior descriptions. By the comparison feature (which can be understood as an offset), the relative distribution label of the existing attack event behavior description can be adjusted to obtain the relative distribution label matched with the attack event behavior description pointing to the same financial service information attack event.
It is understood that the alignment features can be an alignment array. In other words, attack event behavior directed to the same financial transaction information attack event describes the relative distribution label differences under different levels of attention. When the comparison features contained in the target digital financial security check big data are determined, the target digital financial security check big data can be loaded into a digital financial big data analysis network with reference debugging for processing. The digital financial big data analysis network is obtained by debugging a plurality of debugging paradigms bound with comparison feature annotations among attack event behavior descriptions.
After identifying the quantitative statistical result and the relative distribution label respectively matched with a plurality of types of attack event behavior descriptions related to financial service information attack events in the collected target digital financial security inspection big data and the comparison characteristic between the attack event behavior descriptions pointing to the same financial service information attack events in the plurality of types of attack event behavior descriptions, the financial data server may implement step 104, and determine the quantitative statistical result of the attack event behavior description binary group pointing to the same financial service information attack events in the plurality of types of attack event behavior descriptions through the comparison characteristic and the relative distribution label respectively matched with the plurality of types of attack event behavior descriptions.
It is understood that the attack event behavior description duplet can be understood as a result of integration of attack event behavior descriptions pointing to the same financial service information attack event. In specific implementation, when the comparison characteristic corresponding to the Attack event behavior description _ a is described and another Attack event behavior description _ B does exist in the relative distribution tag obtained by adjusting the relative distribution tag corresponding to the Attack event behavior description _ a, it is indicated that the Attack event behavior description _ a and the Attack event behavior description _ B are a pair of Attack event behavior description binary groups.
For example, the Attack event behavior description _ a, the Attack event behavior description _ B, and the Attack event behavior description _ C point to the same financial service information Attack event, and the relative distribution tag obtained by adjusting the relative distribution tag of the Attack event behavior description _ a does have the Attack event behavior description _ B and the Attack event behavior description _ C by using the corresponding comparison characteristic of the Attack event behavior description _ a, so that the Attack event behavior description _ a and the Attack event behavior description _ B form an Attack event behavior description binary group, and the Attack event behavior description _ a and the Attack event behavior description _ C also form an Attack event behavior description binary group. According to deducing one by one, the Attack event behavior description Attack description _ B and the Attack event behavior description Attack description _ C can also form an Attack event behavior description binary group, and the Attack event behavior description Attack description _ A, the Attack event behavior description Attack description _ B and the Attack event behavior description Attack description _ C also form an Attack event behavior description binary group.
The quantitative statistical result of the attack event behavior description binary group can be understood as the quantitative statistical result of the attack event behavior description binary group obtained after the attack event behavior descriptions pointing to the same financial service information attack event are integrated. Furthermore, the quantitative statistical result of the attack event behavior description binary can represent the quantitative statistical result of the attack event which is recorded more after the quantitative statistical result of the attack event which is summarized by taking each attack event behavior description in a plurality of types of attack event behavior descriptions as the reference is integrated (for example, added).
After determining the quantitative statistical result of the attack event behavior description binary, the financial data server may implement step 106, and determine the quantitative statistical result of the attack event covered in the target digital financial security inspection big data according to the quantitative statistical result of the attack event behavior description binary and the quantitative statistical results respectively matched with the attack event behavior descriptions of the plurality of types.
In the embodiment of the invention, the quantitative statistical results of the attack events summarized by taking each attack event behavior description in a plurality of types of attack event behavior descriptions as a reference can be integrated to obtain an integrated result. And then removing the multi-recorded quantitative statistical result of the attack event to obtain the quantitative statistical result of the attack event covered in the target digital financial security inspection big data. In other words, the quantitative statistical result of the attack event included in the target digital financial security inspection big data can be obtained by removing the quantitative statistical result of the attack event behavior description binary from the integration result.
It can be understood that the financial data server may determine the quantitative statistical result matched with the several types of attack event behavior descriptions associated with the financial service information attack event and the quantitative statistical result of the attack event behavior description binary group pointing to the same financial service information attack event in the several types of attack event behavior descriptions by carpet-identifying the target digital financial security inspection big data. And the financial data server can also determine the quantitative statistical result of the attack event covered in the target digital financial security inspection big data according to the quantitative statistical result of the attack event behavior description binary and the quantitative statistical result matched with the attack event behavior descriptions of the plurality of types. Therefore, when the quantitative statistical result of the attack event is determined, the financial data server can record the quantitative statistical result of the financial service information attack events covered in the target digital financial security inspection big data respectively by taking a plurality of types of attack event behavior descriptions as the reference, can also clean the multi-recorded quantitative statistical result of the attack event, can identify the quantity of the financial service information attack events by means of the plurality of types of attack event behavior descriptions linked with the financial service information attack events, and avoids the quantity identification error of the financial service information attack events caused by intermittent deficiency of part of attack event behavior descriptions; the quantity identification of the financial service information attack events can be carried out by means of the integrity and richness of the target digital financial security check big data, and the quantity identification accuracy and reliability of the financial service information attack events are ensured.
Viewed from an exemplary perspective, the plurality of types of attack event behavior descriptions may carry at least a first attack event behavior description and a second attack event behavior description that respectively reflect different abnormal session behavior links of the financial service information attack event. The first attack event behavior description and the second attack event behavior description are attack event behavior descriptions which are connected with the financial service information attack event. In an exemplary view, considering that the behavior of the payment information stealing event in the acquired target digital financial security inspection big data is relatively prominent to a certain extent, the first attack event behavior description or the second attack event behavior description may be set as the behavior description of the payment information stealing event. In view of the fact that the behavior description of the payment information stealing event is combined to be used as one of the attack event behavior descriptions, the behavior description of the payment information stealing event is relatively prominent in the corresponding behavior description in the target digital financial security inspection big data to a certain extent, and therefore more comprehensive identification of the number of the financial service information attack events can be carried out. Considering as an example, in view of the fact that the privacy excessive mining event behavior in the acquired target digital financial security inspection big data is also relatively prominent to some extent, the first attack event behavior description includes a behavior description of a payment information stealing event, and the second attack event behavior description includes a behavior description of a privacy excessive mining event; or the first attack event behavior description comprises a behavior description of an excessive privacy mining event, and the second attack event behavior description comprises a behavior description of a payment information stealing event. In view of combining the behavior description of the payment information stealing event and the behavior description of the privacy excessive mining event as one of the attack event behavior descriptions, the behavior description of the payment information stealing event and the behavior description of the privacy excessive mining event are relatively prominent in the corresponding behavior description of the target digital financial security inspection big data to a certain extent, so that more comprehensive identification of the number of the financial business information attack events can be performed.
For an independently implementable technical solution, the method for protecting internet financial data based on artificial intelligence shown in the present invention can be implemented as follows.
When the step 102 is implemented, the financial data server may implement S302, load the target digital financial security inspection big data into a digital financial big data analysis network generated according to artificial intelligence, obtain a first quantitative statistical result and a first relative distribution label matched with a first attack event behavior description included in the target digital financial security inspection big data, obtain a second quantitative statistical result and a second relative distribution label matched with a second attack event behavior description included in the target digital financial security inspection big data, and obtain a target comparison characteristic between the first attack event behavior description and the second attack event behavior description pointing to the same financial transaction information attack event. The first quantitative statistical result can be understood as a quantitative statistical result of the first attack event behavior description contained in the target digital financial security inspection big data. When the first quantitative statistical result is determined, a first attack event behavior description can be mined from the target digital financial security inspection big data, and then the duel-tuple of the first attack event behavior description is the first quantitative statistical result. The first relative distribution label can be understood as a target visual attack behavior description expression of a first attack event behavior description corresponding to the target digital financial security inspection big data or the target digital financial security inspection big data (wherein, the target visual attack behavior description expression is a visual attack behavior description expression obtained after the target digital financial security inspection big data is processed through a functional subnet). When determining the first relative distribution label, a first attack event behavior description may be mined from the target digital financial security inspection big data, and then the relative distribution label of the mined first attack event behavior description in the target visual type attack behavior description expression may be determined as the first relative distribution label. It is understood that the second quantitative statistics and the second relative distribution label may be explained by referring to the first quantitative statistics and the first relative distribution label, and the invention is not described herein. The digital financial big data analysis network may be a network generated according to a machine learning algorithm.
It can be understood that the invention shows an implementation process for carrying out digital financial security check big data processing on target digital financial security check big data. The digital financial big data analysis network may include three functional layers, and the three functional layers may share the same functional subnet. The first functional layer may be configured to analyze a first quantitative statistical result and a first relative distribution tag that are matched with the first attack event behavior description, the second functional layer may be configured to analyze a second quantitative statistical result and a second relative distribution tag that are matched with the second attack event behavior description, and the third functional layer may be configured to analyze a target comparison characteristic between the first attack event behavior description and the second attack event behavior description that point to the same financial transaction information attack event.
The digital financial big data analysis network can be obtained by debugging according to a plurality of debugging paradigms bound with a priori. The prior may include a first attack event behavior description, a second attack event behavior description, and a target comparison feature between the first attack event behavior description and the second attack event behavior description pointing to the same financial service information attack event.
And the functional subnet is used for representing the behavior event description analysis of the target digital financial security check big data. Such as: the functional sub-network may be a behavior description mining processing network such as a residual error network, and the invention is not limited herein. After the target visual attack behavior description expression corresponding to the target digital financial security check big data is analyzed through the functional subnet, the target visual attack behavior description expression can be respectively imported into the three functional layers for further analysis. The first functional layer may derive the first quantitative statistics and the first relative distribution label.
It will be appreciated that the structure of the first functional layer may be optimised for specific implementation by practical requirements.
In one example, S502 may be implemented, and a behavior description mining process is performed on the target digital financial security inspection big data to obtain a corresponding first visual attack behavior description expression matched with the first attack event behavior description. In order to ensure that the first functional layer can derive the first visual attack behavior description expression matched with the first attack event behavior description, the prior digital financial security inspection big data bound with the first attack event behavior description can be used as a debugging paradigm for debugging when the digital financial big data analysis network is debugged. In the implementation of the invention, the target visual attack behavior description expression corresponding to the target digital financial security inspection big data can be loaded into the behavior description mining processing network for processing, and the first visual attack behavior description expression matched with the first attack event behavior description is obtained.
As an exemplary view, after obtaining the first visual attack behavior description expression, in order to perform pairing processing on the attack behavior description knowledge included in the first visual attack behavior description expression, S504 may be implemented to perform a normalization operation on the first visual attack behavior description expression to obtain a normalized first visual attack behavior description expression. In the implementation of the present invention, the first visual attack behavior description expression may be uploaded to a standardized operation sub-network to perform a standardized operation, so as to obtain a standardized first visual attack behavior description expression. Further, the standardized operator sub-network may be an operator sub-network comprising a normalization function.
After obtaining the first visual attack behavior description expression, S506 may be implemented, where the mining unit configured in advance is traversed on the first visual attack behavior description expression after the normalization is completed, and target attack behavior description knowledge covered in the mining unit configured in advance after the traversal and a relative distribution tag corresponding to the target attack behavior description knowledge are determined.
Viewed from an exemplary perspective, the target attack behavior description knowledge may include attack behavior description knowledge that the feature value in the previously configured mining unit is greater than the first decision value. Viewed from an exemplary perspective, in order to ensure the recording accuracy of the quantitative statistics, the target attack behavior description knowledge may include the attack behavior description knowledge with the highest feature value in the previously configured mining unit.
It can be understood that the standardized first visual attack behavior description expression may be loaded to the target attack behavior description knowledge processing subnetwork to be processed to obtain a plurality of target attack behavior description knowledge and relative distribution tags corresponding to each target attack behavior description knowledge. Wherein the target attack behavior description knowledge processing sub-network may comprise down-sampling. Wherein the down-sampling can be processed by means of a previously configured mining unit.
It is understood that, in order to ensure the accuracy of identifying the number of financial transaction information attack events, the interval of traversal by the previously configured mining unit on the first visual attack behavior description expression after completion of normalization is t, which is viewed from an exemplary perspective. In view of the fact that the interval corresponding to the traversal processing is t, the first visual type attack behavior description expression can be processed without dead angles, in other words, the first quantitative statistical result is determined through the global data in the first visual type attack behavior description expression, so that the accuracy of the determined first quantitative statistical result can be guaranteed, and the quantity identification accuracy of the financial service information attack events is further guaranteed. For example, a visual-type attack behavior description expression may be recorded in the form of a feature map.
After completing the multiple rounds of traversal processing to obtain multiple target attack behavior description knowledge, S508 may be implemented, where a quantitative statistical result corresponding to the multiple target attack behavior description knowledge is determined as a first quantitative statistical result of the first attack event behavior description, and a relative distribution tag corresponding to the multiple target attack behavior description knowledge is determined as a first relative distribution tag of the first attack event behavior description.
In the embodiment of the present invention, the knowledge of the target attack behavior descriptions may be imported into a classifier for processing, so as to obtain a plurality of first attack event behavior descriptions. The classifier may include a division function that cleans target attack behavior description knowledge whose feature value matches a second determination value among the plurality of target attack behavior description knowledge, to obtain a plurality of first attack event behavior descriptions. Since there may only be a single first attack event behavior description in the same relative distribution tag, the classifier may combine the target attack behavior description knowledge in the same relative distribution tag from the plurality of target attack behavior description knowledge before performing the partitioning, and record only a single target attack behavior description knowledge. After obtaining the plurality of first attack event behavior descriptions, a first quantitative statistical result matched with the summarized first attack event behavior descriptions can be derived through the quantitative statistical result processing sub-network, and a first relative distribution label matched with each first attack event behavior description can be derived through the relative distribution label processing sub-network. The relative distribution tag processing subnetwork may maintain a mapping list of the first attack event behavior description to the first relative distribution tag. Such as: after each first attack event behavior description is determined, the relative distribution tag processing sub-network may bind and store the identifier matched with the first attack event behavior description and the relative distribution tag of the target attack behavior description knowledge matched with the first attack event behavior description. And after the judgment on the knowledge of the target attack behavior description is finished, the relative distribution label processing sub-network can obtain the first relative distribution label matched with each first attack event behavior description.
The second functional layer may derive the second quantized statistics and the second relative distribution tag. It will be appreciated that the structure of the second functional layer may be optimised for specific implementation by practical requirements. In one example, S602 may be implemented, and a behavior description mining process is performed on the target digital financial security inspection big data to obtain a corresponding second visual attack behavior description expression matched with the second attack event behavior description. Further, in order to ensure that the second function layer can derive a second visual attack behavior description expression matched with the second attack event behavior description, when the digital financial big data analysis network is debugged, the prior digital financial security inspection big data bound with the second attack event behavior description can be used as a debugging paradigm for debugging. In the embodiment of the invention, the target visual attack behavior description expression corresponding to the target digital financial security inspection big data can be loaded into the behavior description mining processing network for processing, and the second visual attack behavior description expression matched with the second attack event behavior description is obtained.
As an exemplary view, after obtaining the second visual attack behavior description expression, in order to perform pairing processing on the attack behavior description knowledge included in the second visual attack behavior description expression, S604 may be implemented to perform a normalization operation on the second visual attack behavior description expression to obtain a normalized second visual attack behavior description expression. The second visual attack behavior description expression can be loaded to a standardized operation sub-network to be subjected to standardized operation, so that the second visual attack behavior description expression after the standardization is completed can be obtained. After obtaining the second visual attack behavior description expression, S606 may be implemented, where the mining unit configured in advance is traversed on the second visual attack behavior description expression after the normalization is completed, and target attack behavior description knowledge covered in the mining unit configured in advance after the traversal and a relative distribution tag corresponding to the target attack behavior description knowledge are determined. Viewed from an exemplary perspective, the target attack behavior description knowledge may include attack behavior description knowledge in which the feature value in the previously configured mining unit is greater than a third decision value. Viewed from an exemplary perspective, in order to ensure the recording accuracy of the quantitative statistics, the target attack behavior description knowledge may include the attack behavior description knowledge with the highest feature value in the previously configured mining unit. In the embodiment of the present invention, the standardized second visual attack behavior description expression may be uploaded to a target attack behavior description knowledge processing sub-network to be processed, so as to obtain a plurality of target attack behavior description knowledge and a relative distribution tag corresponding to each target attack behavior description knowledge.
It can be understood that, in order to ensure the accuracy of identifying the number of financial service information attack events, in an exemplary view, the interval of traversal performed by the mining unit configured in advance on the normalized second visual attack behavior description expression is t, so that the accuracy of the determined second quantitative statistical result can be ensured, and the accuracy of identifying the number of financial service information attack events can be ensured. After completing the multiple rounds of traversal operations to obtain multiple target attack behavior description knowledge, S608 may be implemented, where a quantitative statistical result corresponding to the multiple target attack behavior description knowledge is determined as a second quantitative statistical result of the second attack event behavior description, and a relative distribution tag corresponding to the multiple target attack behavior description knowledge is determined as a second relative distribution tag of the second attack event behavior description. In the embodiment of the present invention, the knowledge of the multiple target attack behavior descriptions may be imported into a classifier for processing, so as to obtain multiple second attack event behavior descriptions. The classifier may include a division function that cleans target attack behavior description knowledge whose feature value reaches a fourth determination value among the plurality of target attack behavior description knowledge, to obtain a plurality of second attack event behavior descriptions. Since only a single second attack event behavior description may exist in the same relative distribution tag, the classifier may first concatenate the target attack behavior description knowledge in the same relative distribution tag among the plurality of target attack behavior description knowledge before performing the partitioning, and record only a single target attack behavior description knowledge. After obtaining the plurality of second attack event behavior descriptions, a second quantitative statistical result matched with the summarized second attack event behavior descriptions may be derived by the quantitative statistical result processing sub-network, and a second relative distribution label matched with each second attack event behavior description may be derived by the relative distribution label processing sub-network.
The relative distribution tag processing sub-network may maintain a correspondence of the second attack event behavior description to the second relative distribution tag. Such as: after determining two second attack event behavior descriptions, the relative distribution tag processing sub-network may bind and store the identifier matched with the second attack event behavior description and the relative distribution tag of the target attack behavior description knowledge matched with the second attack event behavior description. And after the judgment on the target attack behavior description knowledge is finished, acquiring second relative distribution labels matched with the second attack event behavior descriptions through the relative distribution label processing sub-network.
The third functional layer can be understood as analyzing the target comparison characteristics between the first attack event behavior description and the second attack event behavior description which point to the same financial service information attack event. Through the target comparison characteristics, the relative distribution label of the first attack event behavior description can be adjusted, and a relative distribution label matched with a second attack event behavior description pointing to the same financial service information attack event as the attack event behavior description is obtained. Furthermore, in order to ensure that the third functional layer can derive the comparison characteristics, when the digital financial big data analysis network is debugged, the prior digital financial security check big data bound with the comparison characteristics can be used as a debugging paradigm for debugging. After obtaining the first relative distribution label, the first quantitative statistical result, the second relative distribution label, the second quantitative statistical result, and the target comparison characteristic, S304 may be implemented to determine a quantitative statistical result of an attack event behavior description binary obtained by splicing a first attack event behavior description and a second attack event behavior description pointing to the same financial service information attack event through the target comparison characteristic, the first relative distribution label, and the second relative distribution label. For example, the first attack event behavior descriptions determined in S508 and S608 may be connected to the second attack event behavior descriptions, and it is determined whether the comparison feature corresponding to each connection data is paired with the target comparison feature determined in S302. If yes, determining the first attack event behavior description and the second attack event behavior description of the connection data as attack event behavior description connection pointing to the same financial service information attack event, and adjusting the quantitative statistical result of the attack event behavior description. After the above operations are completed, a quantitative statistical result of an attack event behavior description binary group obtained by splicing the first attack event behavior description and the second attack event behavior description pointing to the same financial service information attack event can be determined.
In an exemplary view, in order to accurately determine the quantitative statistical result of the attack event behavior description binary group, the determination may be performed by using a summary idea. The idea analyzes a relative distribution label estimation result of a second attack event behavior description pointing to the same financial service information attack event as the first attack event behavior description by detecting each first attack event behavior description and aiming at the target comparison characteristics matched with the detected first attack event behavior description. And then determining that the relative distribution label estimation result indeed carries a second attack event behavior description, and when the relative distribution label estimation result indeed carries the second attack event behavior description, determining the second attack event behavior description which is actually carried as a second attack event behavior description which points to the same financial service information attack event as the first attack event behavior description, and optimizing the quantitative statistical result of the recorded attack event behavior description binary group, so that the accuracy of the statistical result can be improved. Furthermore, each second attack event behavior description may also be detected in the summary idea, and the relative distribution tag estimation result of the first attack event behavior description is analyzed through the behavior event description compared with the target matched with the second attack event behavior description, so as to determine the first attack event behavior description pointing to the same financial service information attack event as the second attack event behavior description and to quantify the statistical result.
For an independently implementable technical solution, the method for determining the binary quantitative statistical result of the attack event behavior description shown in the present invention can be implemented as follows.
When the quantitative statistical result of the attack event behavior description binary group is summarized, S702 may be implemented first, and for each target first attack event behavior description covered by the target digital financial security inspection big data, the first relative distribution label matched with the target first attack event behavior description is adjusted through the target comparison feature matched with the target first attack event behavior description, so as to obtain the relative distribution label estimation result. The relative distribution tag estimation result may be understood as a relative distribution tag estimation result of a second attack event behavior description that is determined by summarizing the target comparison characteristics matched with the first attack event behavior description and is directed to the same financial service information attack event as the first attack event behavior description, which is parsed by the first attack event behavior description coordinates and the target comparison characteristics matched with the first attack event behavior description and determined by S302. The relative distribution label may be understood as a relative distribution label of the second attack event behavior description that may exist. Whether the relative distribution label estimation result actually carries a second attack event behavior description or not is determined in the second visual attack behavior description expression derived in S602, that is, whether a second attack event behavior description pointing to the same financial service information attack event as the first attack event behavior description is actually carried in the target digital financial security inspection big data or not can be determined, and the quantitative statistical result of the recorded attack event behavior description binary group is optimized when the second attack event behavior description is actually carried.
In the embodiment of the invention, the relative distribution label described by the first attack event behavior can be adjusted by thinking such as feature conversion, and the estimation result of the relative distribution label is obtained. After obtaining the relative distribution label estimation result, S704 may be implemented to determine a target security check data set according to the relative distribution label estimation result, and determine whether a second attack event behavior description exists in the target security check data set. After determining the target security check data set, it may be determined whether a second attack event behavioral description exists within the target security check data set. In this embodiment of the present invention, it may be determined whether the relative distribution tag matched with each detected second attack event behavior description is located in the target security inspection data set according to each second attack event behavior description determined in the detecting S608, and if so, the second attack event behavior description may be considered to belong to the target security inspection data set.
Viewed from an exemplary perspective, there may be multiple second attack event behavior descriptions within the target screening dataset. In this case, S706 may be implemented to determine a second attack event behavior description most similar to the relative distribution tag estimation result as a second attack event behavior description pointing to the same financial transaction information attack event as the target first attack event behavior description, and optimize a quantitative statistical result of the recorded attack event behavior description binary.
In the embodiment of the present invention, based on a quantitative difference between a second attack event behavior description and a target first attack event behavior description, the multiple second attack event behavior descriptions may be reconstructed, the second attack event behavior description with the smallest quantitative difference is determined as the second attack event behavior description pointing to the same financial transaction information attack event as the target first attack event behavior description, and a quantitative statistical result of the recorded attack event behavior description binary group is optimized.
Further, in order to avoid the situation that the same second attack event behavior description is associated with multiple target first attack event behavior descriptions, it may be considered from an exemplary perspective that, after a pair of attack event behavior description duplets is determined, the second attack event behavior description in the attack event behavior description duplet is marked or cleaned so as to no longer participate in the remaining attack event behavior description duplet association. After determining the quantitative statistical result of the target attack event behavior description binary, S306 may be implemented to determine the quantitative statistical result of the attack event included in the target digital financial security inspection big data according to the first quantitative statistical result, the second quantitative statistical result, and the quantitative statistical result of the attack event behavior description binary. It can be understood that after the quantitative statistical results of the financial service information attack events covered in the target digital financial security inspection big data are recorded respectively by taking the first attack event behavior description and the second attack event behavior description as references, the multi-recorded quantitative statistical results of the attack events are cleaned, so that the quantitative statistical results of the attack events covered in the target digital financial security inspection big data are accurately counted. Therefore, when determining the quantitative statistical result of the attack event covered in the target digital financial security inspection big data according to the first quantitative statistical result, the second quantitative statistical result and the quantitative statistical result of the attack event behavior description binary group, the following contents can be exemplarily implemented.
And S3062, determining a third quantitative statistical result which is matched with the first attack event behavior description not spliced into the attack event behavior description binary group in the first attack event behavior description covered by the target digital financial security inspection big data according to the first quantitative statistical result and the quantitative statistical result of the attack event behavior description binary group. And S3064, determining a fourth quantitative statistical result matched with the second attack event behavior description which is not spliced into the attack event behavior description binary group in the second attack event behavior description covered by the target digital financial security inspection big data according to the second quantitative statistical result and the quantitative statistical result of the attack event behavior description binary group. And S3066, determining the third quantitative statistical result, the fourth quantitative statistical result and the summary value of the quantitative statistical results of the attack event behavior description binary group as the quantitative statistical results of the attack event covered in the target digital financial security inspection big data.
When implementing S3062-S3066, the first quantitative statistical result and the second quantitative statistical result may be processed globally, and then the quantitative statistical result of the attack event behavior description binary group is removed to obtain the attack event quantitative statistical result. Or, the first quantitative statistical result and the second quantitative statistical result are respectively removed from the quantitative statistical result of the attack event behavior description binary group, and the obtained results are integrated, and then the quantitative statistical result of the attack event behavior description binary group is added to obtain the quantitative statistical result of the attack event. It can be understood that the financial data server may determine the quantitative statistical result matched with the several types of attack event behavior descriptions associated with the financial service information attack event and the quantitative statistical result of the attack event behavior description binary group pointing to the same financial service information attack event in the several types of attack event behavior descriptions by carpet-identifying the target digital financial security inspection big data. And the financial data server can also determine the quantitative statistical result of the attack event covered in the target digital financial security inspection big data according to the quantitative statistical result of the attack event behavior description binary and the quantitative statistical result matched with the attack event behavior descriptions of the plurality of types. Therefore, when the quantitative statistical result of the attack event is determined, the financial data server can record the quantitative statistical result of the financial service information attack events covered in the target digital financial security inspection big data respectively by taking a plurality of types of attack event behavior descriptions as the reference, can also clean the multi-recorded quantitative statistical result of the attack event, can identify the quantity of the financial service information attack events by means of a plurality of types of attack event behavior descriptions which are linked with the financial service information attack events, and avoids quantity identification errors of the financial service information attack events caused by intermittent deficiency of part of attack event behavior descriptions; and the quantity identification of the financial service information attack events can be carried out by means of the integrity and richness of the target digital financial security check big data, so that the quantity identification accuracy and reliability of the financial service information attack events are ensured.
The design idea of the debugging step of the digital financial big data analysis network is as follows, the digital financial big data analysis network may include a first data analysis subnet, a second data analysis subnet and a comparison characteristic data analysis subnet; the first data analysis subnet is used for analyzing a first quantitative statistical result and a first relative distribution label matched with a first attack event behavior description contained in the target digital financial security inspection big data; the second data analysis subnet is used for analyzing a second quantitative statistical result and a second relative distribution label matched with a second attack event behavior description contained in the target digital financial security inspection big data; the comparison characteristic data analysis subnet is used for analyzing a target comparison characteristic between the first attack event behavior description and the second attack event behavior description which point to the same financial service information attack event. Regarding as an exemplary view, in order to expand reference data during network debugging of digital financial big data analysis and improve the analysis precision of the digital financial big data analysis network, the annotation result of the first attack event behavior description, the annotation result of the second attack event behavior description, and the knowledge of the annotation result dimension of the comparison characteristic between the first attack event behavior description and the second attack event behavior description which point to the same financial service information attack event can be bound in a combined manner. Based on this, the digital financial big data analysis network debugging step shown in the present invention may include the following steps.
S802, collecting a plurality of debugging paradigms carrying authenticated labels; the authenticated tag comprises a first example attack event behavior description, a second example attack event behavior description and a comparison characteristic between the first example attack event behavior description and the second example attack event behavior description pointing to the same financial service information attack event. In implementing S802, the underlying digital financial security big data may be bound a priori. Such as: after the basic digital financial security check big data is collected, the digital financial security check big data binding component can be used for binding knowledge of each attack behavior description covered by the basic digital financial security check big data to the first example attack event behavior description and the second example attack event behavior description, and can also be used for binding comparison characteristics matched with the second example attack event behavior description of the same financial service information attack event to which the first example attack event behavior description points at the first example attack event behavior description. A plurality of the debugging paradigms may be obtained after the binding process is completed for the underlying digital financial security big data.
S804, analyzing the network quality evaluation corresponding to each sub-network covered by the network according to the digital financial big data, and determining the global network quality evaluation. In S804, a network quality evaluation matching each sub-network may be determined. In order to improve the accuracy of subnet analysis, in the embodiment of the present invention, the network quality evaluation corresponding to each subnet is a set network quality evaluation (e.g., various loss functions). After the network quality evaluation respectively matched with each subnet is determined, the network quality evaluation respectively corresponding to each subnet covered by the network can be analyzed according to the digital financial big data, and the global network quality evaluation is determined. Such as: the global network quality evaluation can be obtained by adding the network quality evaluations respectively matched with each subnet.
After determining the global network quality evaluation and the debugging paradigm, S806 may be implemented to perform cooperative debugging on each subnet covered by the digital financial big data analysis network according to the global network quality evaluation and the debugging paradigm until each subnet meets a specified condition.
When the network is debugged, various network debugging variables can be specified in advance, and after the network debugging variables are determined, the digital financial big data analysis network can be debugged with reference according to a plurality of debugging paradigms carrying authenticated labels. In the process of reference debugging, after feedback iteration is carried out on the digital financial big data analysis network to obtain output data, the deviation between the authenticated tag and the output data can be evaluated according to the determined global network quality evaluation. After obtaining the deviation, the optimization result can be determined by means of the SPGD algorithm. After the optimization result is determined, the network configuration variables corresponding to the digital financial big data analysis network can be improved according to the feedback. The above process is repeatedly carried out until each of the subnets satisfies a specified condition (e.g., tends to be stable). When the digital financial big data analysis network is debugged, the number identification accuracy and reliability of financial business information attack events can be ensured in view of combining a reference type cooperative debugging step.
Based on the same inventive concept, fig. 2 illustrates a block diagram of an artificial intelligence based internet financial data protection device according to an embodiment of the present invention, and an artificial intelligence based internet financial data protection device may include the following modules to implement the related method steps illustrated in fig. 1.
The data identification module 210 is configured to identify a quantitative statistical result and a relative distribution tag that are respectively matched with a plurality of types of attack event behavior descriptions associated with financial service information attack events in the collected target digital financial security inspection big data, and a comparison characteristic between attack event behavior descriptions pointing to the same financial service information attack event in the plurality of types of attack event behavior descriptions.
The result determining module 220 is configured to determine a quantitative statistical result of the attack event behavior description binary group pointing to the same financial service information attack event in the attack event behavior descriptions according to the comparison features and the relative distribution labels respectively matched with the attack event behavior descriptions.
And an event statistics module 230, configured to determine, according to the quantitative statistics result of the attack event behavior description binary group and the quantitative statistics results that are respectively matched with the attack event behavior descriptions of the multiple classes, the quantitative statistics result of the attack event included in the target digital financial security inspection big data.
The related embodiment applied to the invention can achieve the following technical effects: when the quantitative statistical result of the attack event is determined, the financial data server can record the quantitative statistical result of the financial service information attack events covered in the target digital financial security inspection big data respectively by taking a plurality of types of attack event behavior descriptions as the reference, can also clean the multi-recorded quantitative statistical result of the attack event, can identify the number of the financial service information attack events by means of a plurality of types of attack event behavior descriptions which are linked with the financial service information attack events, and avoids the number identification error of the financial service information attack events caused by intermittent deficiency of partial attack event behavior descriptions; the quantity identification of the financial service information attack events can be carried out by means of the integrity and richness of the target digital financial security check big data, and the quantity identification accuracy and reliability of the financial service information attack events are ensured.
The foregoing is only illustrative of the present invention. Those skilled in the art can conceive of changes or substitutions based on the specific embodiments provided by the present invention, and all such changes or substitutions are intended to be included within the scope of the present invention.