基于人工智能的云服务漏洞修复方法及大数据分析系统

Cloud service vulnerability repairing method based on artificial intelligence and big data analysis system

文档序号：7953 发布日期：2021-09-17 浏览：36次中文

1. A cloud service vulnerability fixing method based on artificial intelligence is characterized by being applied to a big data analysis system, wherein the big data analysis system is in communication connection with a plurality of cloud service business systems, and the method comprises the following steps:

acquiring a vulnerability optimization configuration flow of the cloud service business system aiming at the distributed vulnerability repair configuration information;

when the configuration information calling behavior of the vulnerability repairing configuration information by the vulnerability optimization configuration flow is analyzed, performing optimization execution field tracking on the vulnerability optimization configuration flow to obtain a corresponding optimization execution field tracking result;

if the optimized execution field tracking result is that the execution field is abnormal, detecting whether the vulnerability optimization configuration flow belongs to an error vulnerability optimization configuration flow, wherein the error vulnerability optimization configuration flow is used for representing an error vulnerability optimization process;

and if the vulnerability optimization configuration flow belongs to an error vulnerability optimization configuration flow, migrating the calling vulnerability repair firmware information of the configuration information calling behavior from the vulnerability repair configuration information to linkage vulnerability repair firmware information of the linkage vulnerability optimization configuration flow, wherein at least part of data information of the same repair attribute field exists between the linkage vulnerability repair firmware information and the vulnerability repair configuration information.

2. The artificial intelligence based cloud service vulnerability discovery method according to claim 1, wherein the step of detecting whether the vulnerability optimization configuration flow belongs to a wrong vulnerability optimization configuration flow if the optimized execution field tracking result is that the execution field is abnormal comprises:

if the tracking result of the optimized execution field is that the execution field is abnormal, acquiring a pre-collected error vulnerability optimized configuration flow set from a target optimized configuration record library, and acquiring field operation information of the vulnerability optimized configuration flow;

judging whether the error vulnerability optimization configuration flow set comprises field operation information of the vulnerability optimization configuration flow, and determining that the vulnerability optimization configuration flow belongs to the error vulnerability optimization configuration flow when the error vulnerability optimization configuration flow set comprises the field operation information of the vulnerability optimization configuration flow.

3. The artificial intelligence based cloud service vulnerability discovery method according to claim 2, wherein the step of detecting whether the vulnerability optimization configuration flow belongs to a wrong vulnerability optimization configuration flow if the optimized execution field tracking result is that the execution field is abnormal, further comprises:

if the error vulnerability optimization configuration flow set does not include field operation information of the vulnerability optimization configuration flow, determining that the vulnerability optimization configuration flow does not belong to the error vulnerability optimization configuration flow; or

If the error vulnerability optimization configuration flow set does not include field operation information of the vulnerability optimization configuration flow, calculating the feature matching degree between each error vulnerability optimization configuration flow in the error vulnerability optimization configuration flow set and the vulnerability optimization configuration flow, and determining whether the vulnerability optimization configuration flow belongs to the error vulnerability optimization configuration flow or not based on the feature matching degree between each error vulnerability optimization configuration flow in the error vulnerability optimization configuration flow set and the vulnerability optimization configuration flow.

4. The artificial intelligence based cloud service vulnerability remediation method of any of claims 1-3, further comprising the step of generating the linkage vulnerability remediation firmware information for the vulnerability remediation configuration information, the step comprising:

extracting vulnerability repair tasks from the vulnerability repair configuration information to obtain corresponding vulnerability repair task extraction information;

acquiring at least one vulnerability repair task related data from the vulnerability repair configuration information based on the vulnerability repair task extraction information, wherein the vulnerability repair configuration information is formed by the at least one vulnerability repair task related data, and the correlation degree between different vulnerability repair task related data is smaller than the preset correlation degree;

respectively determining a task priority coefficient of each vulnerability repair task related data in the at least one vulnerability repair task related data based on the vulnerability repair task extraction information to obtain a task priority coefficient of each vulnerability repair task related data;

based on the task priority coefficient and a predetermined task priority coefficient threshold, clustering the at least one vulnerability repairing task related data to obtain at least one first type vulnerability repairing task related data, or obtaining at least one first type vulnerability repairing task related data and at least one second type vulnerability repairing task related data, wherein the task priority coefficient of each first type vulnerability repairing task related data is greater than or equal to the task priority coefficient threshold, and the task priority coefficient of each second type vulnerability repairing task related data is smaller than the task priority coefficient threshold;

performing other task related data expansion on each first type of bug fixing task related data to obtain extended bug fixing task related data corresponding to each first type of bug fixing task related data;

and constructing and forming the linkage vulnerability repair firmware information corresponding to the vulnerability repair configuration information based on the relevant data of each extended vulnerability repair task and the relevant data of each second type vulnerability repair task.

5. The artificial intelligence based cloud service vulnerability remediation method of any one of claims 1-4, wherein the method further comprises:

acquiring vulnerability repair scheme information of each piece of relevant vulnerability attribute information in the corresponding target vulnerability repair application service according to the cloud service vulnerability analysis information of the cloud service business system;

acquiring a vulnerability repair knowledge network of each piece of relevant vulnerability attribute information according to vulnerability repair scheme information of each piece of relevant vulnerability attribute information;

splicing the vulnerability repair knowledge networks of the relevant vulnerability attribute information to obtain a target vulnerability repair knowledge network of the target vulnerability repair application service;

distributing bug repair firmware information to the target bug repair application service according to the target bug repair knowledge network to obtain at least one bug repair firmware information of the target bug repair application service;

and performing corresponding bug fixing configuration for the cloud service business system according to at least one bug fixing firmware information of the target bug fixing application service.

6. The artificial intelligence based cloud service vulnerability discovery method according to claim 5, wherein the step of obtaining a vulnerability discovery knowledge network of each of the related vulnerability attribute information according to vulnerability discovery plan information of each of the related vulnerability attribute information comprises:

extracting vulnerability repair knowledge point information of the vulnerability repair scheme information of the relevant vulnerability attribute information aiming at the vulnerability repair scheme information of each piece of relevant vulnerability attribute information to obtain vulnerability repair knowledge point information corresponding to the vulnerability repair scheme information of the relevant vulnerability attribute information;

performing vulnerability repair knowledge relationship feature identification on vulnerability repair knowledge point information of vulnerability repair scheme information of the related vulnerability attribute information, and determining at least one vulnerability repair knowledge relationship feature of the vulnerability repair knowledge point information of the vulnerability repair scheme information of the related vulnerability attribute information;

performing directed graph feature extraction on each vulnerability repair knowledge relationship feature in vulnerability repair knowledge point information of vulnerability repair scheme information of the related vulnerability attribute information to obtain a directed graph feature of each vulnerability repair knowledge relationship feature of the vulnerability repair scheme information of the related vulnerability attribute information;

and fusing vulnerability repair knowledge point information of the vulnerability repair scheme information of the related vulnerability attribute information and directed graph features of the vulnerability repair knowledge relation features according to weight coefficient information of the influence result of each vulnerability repair knowledge relation feature of the vulnerability repair scheme information of the related vulnerability attribute information on the target vulnerability repair application service to obtain a vulnerability repair knowledge network of the related vulnerability attribute information.

7. The artificial intelligence based cloud service vulnerability discovery method according to claim 6, wherein the obtaining of the vulnerability discovery knowledge network of the relevant vulnerability attribute information by fusing vulnerability discovery knowledge point information of the vulnerability discovery scheme information of the relevant vulnerability attribute information and directed graph features of the vulnerability discovery knowledge relationship features according to the weight coefficient information of the influence result of each vulnerability discovery knowledge relationship feature of the vulnerability discovery scheme information of the relevant vulnerability attribute information on the target vulnerability discovery application service comprises:

determining a relational parameter corresponding to each vulnerability repair knowledge relational feature of the vulnerability repair scheme information of the related vulnerability attribute information according to the weight coefficient information of the influence result of each vulnerability repair knowledge relational feature of the vulnerability repair scheme information of the related vulnerability attribute information on the target vulnerability repair application service;

and according to the relational parameters, performing relational connection on the vulnerability repair knowledge point information of the vulnerability repair scheme information of the related vulnerability attribute information and the directed graph characteristics of the relational characteristics of the vulnerability repair knowledge to obtain a vulnerability repair knowledge network of the related vulnerability attribute information.

8. The artificial intelligence based cloud service vulnerability discovery method according to claim 6, wherein the splicing of vulnerability discovery knowledge networks of each of the relevant vulnerability attribute information to obtain the target vulnerability discovery knowledge network of the target vulnerability discovery application service comprises:

clustering the vulnerability repair knowledge network of each piece of relevant vulnerability attribute information to obtain at least one cluster, and determining the pivot repair knowledge point characteristics serving as a cluster pivot in each cluster;

calculating vulnerability repair knowledge entity characteristics of non-central repair knowledge point characteristics and central repair knowledge point characteristics in the clusters aiming at each cluster to obtain vulnerability repair knowledge entity characteristic sets of the clusters;

fusing vulnerability repair knowledge entity feature sets of each cluster to obtain a target vulnerability repair knowledge network of the target vulnerability repair application service;

clustering the vulnerability repair knowledge networks of the relevant vulnerability attribute information to obtain at least one cluster, and determining the pivot repair knowledge point characteristics serving as a cluster pivot in each cluster, wherein the clustering comprises the following steps:

determining the number N of clusters, wherein N is a positive integer greater than or equal to 2;

selecting N vulnerability repair knowledge networks from the vulnerability repair knowledge networks of the related vulnerability attribute information as central repair knowledge point characteristics of N clusters respectively;

calculating the relative measurement values of the vulnerability repair knowledge network of each piece of relative vulnerability attribute information and the characteristics of each pivot repair knowledge point;

adding each vulnerability repair knowledge network to a cluster to which a pivot repair knowledge point feature with the maximum correlation metric value of the vulnerability repair knowledge network belongs to obtain N clusters;

and aiming at each cluster, selecting a vulnerability repair knowledge network which meets the cluster pivot condition from the clusters as a new pivot repair knowledge point characteristic, returning to execute the step of calculating the relative measurement values of the vulnerability repair knowledge network of the relative vulnerability attribute information and the pivot repair knowledge point characteristic until the pivot repair knowledge point characteristic of each cluster meets the cluster ending condition, obtaining N clusters, and obtaining the pivot repair knowledge point characteristic which is used as the cluster pivot in each cluster.

9. The cloud service vulnerability discovery method based on artificial intelligence of claim 7, wherein the extracting vulnerability discovery knowledge point information from the vulnerability discovery solution information of the relevant vulnerability attribute information to obtain vulnerability discovery knowledge point information corresponding to the vulnerability discovery solution information of the relevant vulnerability attribute information comprises:

extracting vulnerability repair knowledge point information from the vulnerability repair scheme information of the relevant vulnerability attribute information through an AI training model to obtain vulnerability repair knowledge point information corresponding to the vulnerability repair scheme information of the relevant vulnerability attribute information;

the vulnerability repair knowledge relationship feature recognition is carried out on vulnerability repair knowledge point information of vulnerability repair scheme information of the related vulnerability attribute information, and at least one vulnerability repair knowledge relationship feature of the vulnerability repair knowledge point information of the vulnerability repair scheme information of the related vulnerability attribute information is determined, wherein the vulnerability repair knowledge relationship feature recognition comprises the following steps:

performing vulnerability repair knowledge relationship feature recognition on vulnerability repair knowledge point information of vulnerability repair scheme information of the relevant vulnerability attribute information through the AI training model, and determining at least one vulnerability repair knowledge relationship feature of the vulnerability repair knowledge point information of the vulnerability repair scheme information of the relevant vulnerability attribute information;

the distributing vulnerability repair firmware information to the target vulnerability repair application service according to the target vulnerability repair knowledge network to obtain at least one vulnerability repair firmware information of the target vulnerability repair application service includes:

and distributing vulnerability repair firmware information to the target vulnerability repair application service according to the target vulnerability repair knowledge network through the AI training model to obtain at least one vulnerability repair firmware information of the target vulnerability repair application service.

10. A big data analytics system, comprising at least one storage medium and at least one processor, the at least one storage medium for storing computer instructions; the at least one processor is configured to execute the computer instructions to perform the artificial intelligence based cloud service vulnerability remediation method of any of claims 1-9.

Background

A vulnerability is a flaw in the hardware, software, protocol implementation, or system security policy that may allow an attacker to access or destroy the system without authorization. At present, vulnerability analysis is generally performed based on big data and artificial intelligence so as to allocate relevant vulnerability repair configuration information for vulnerability repair in a targeted manner.

At present, for a cloud service business system, a relevant vulnerability optimization configuration flow is generally generated according to allocated vulnerability repair configuration information, however, some vulnerability optimization configuration flows may belong to a wrong vulnerability optimization configuration flow, and if the vulnerability optimization flow is not continuously performed through tracking analysis, the vulnerability optimization efficiency and the reliability of vulnerability repair configuration are affected, so that optimization consideration needs to be performed according to business push experience in such a situation.

Disclosure of Invention

In order to overcome at least the above defects in the prior art, the present application aims to provide a cloud service vulnerability fixing method and a big data analysis system based on artificial intelligence.

In a first aspect, the present application provides a cloud service vulnerability fixing method based on artificial intelligence, which is applied to a big data analysis system, wherein the big data analysis system is in communication connection with a plurality of cloud service business systems, and the method includes:

acquiring a vulnerability optimization configuration flow of the cloud service business system aiming at the distributed vulnerability repair configuration information;

For example, an embodiment of the present application further provides a medical information model training method based on deep learning, including the following steps:

obtaining typical cloud service attack log data, wherein the typical cloud service attack log data comprise vulnerability repair scheme information of each piece of relevant vulnerability attribute information in corresponding target vulnerability repair application services obtained according to different cloud service vulnerability analysis information and actual vulnerability repair firmware information corresponding to the target vulnerability repair application services;

extracting vulnerability repair knowledge point information from vulnerability repair scheme information of the target vulnerability repair application service through an AI (artificial intelligence) training model to obtain vulnerability repair knowledge point information corresponding to the vulnerability repair scheme information of the target vulnerability repair application service, performing vulnerability repair knowledge relational feature recognition on the vulnerability repair knowledge point information of the vulnerability repair scheme information of the target vulnerability repair application service, and determining at least one predicted vulnerability repair knowledge relational feature of the vulnerability repair knowledge point information of the vulnerability repair scheme information of the target vulnerability repair application service;

and training at least one predicted vulnerability repair knowledge relation characteristic of vulnerability repair knowledge point information based on the vulnerability repair scheme information of the target vulnerability repair application service to obtain an AI training model.

For example, in an independently implementable embodiment, the obtaining of the AI training model based on at least one predicted vulnerability repair knowledge relationship feature training of vulnerability repair knowledge point information of vulnerability repair solution information of the target vulnerability repair application service includes the following steps:

performing description component extraction on each predicted vulnerability repair knowledge relationship characteristic in vulnerability repair knowledge point information of vulnerability repair scheme information of the target vulnerability repair application service to obtain a directed graph characteristic of each predicted vulnerability repair knowledge relationship characteristic of the vulnerability repair scheme information of the target vulnerability repair application service, and according to the weight coefficient information of the influence result of each predicted vulnerability repair knowledge relationship characteristic of the vulnerability repair scheme information of the target vulnerability repair application service on the target vulnerability repair application service, fusing vulnerability repair knowledge point information of vulnerability repair scheme information of the target vulnerability repair application service and directed graph features of each predicted vulnerability repair knowledge relationship feature to obtain a vulnerability repair knowledge network of the vulnerability repair scheme information of the target vulnerability repair application service;

splicing vulnerability repair knowledge networks of vulnerability repair scheme information of each target vulnerability repair application service to obtain a target vulnerability repair knowledge network of the target vulnerability repair application service;

determining the adaptation confidence of the target vulnerability repair application service on each preset vulnerability repair firmware information according to the target vulnerability repair knowledge network;

calculating a first risk estimation index between the adaptation confidence and actual bug fix firmware information of the target bug fix application service;

calculating a gradient descending value of the first risk estimation index to a target vulnerability repair knowledge network of the target vulnerability repair application service, and calculating probability value distribution corresponding to vulnerability repair knowledge point information of vulnerability repair scheme information of the target vulnerability repair application service according to the gradient descending value;

determining vulnerability repair firmware information of the target vulnerability repair application service according to the adaptation confidence of the target vulnerability repair application service;

when the bug repair firmware information of the target bug repair application service is consistent with the actual bug repair firmware information, acquiring the bug repair knowledge relationship characteristic of the bug repair knowledge point information of the bug repair scheme information of the target bug repair application service according to the probability value distribution, and setting the acquired bug repair knowledge relationship characteristic as the actual bug repair knowledge relationship characteristic of the bug repair scheme information of the target bug repair application service;

when the bug repair firmware information of the target bug repair application service is not matched with the actual bug repair firmware information, acquiring the non-bug repair knowledge relationship characteristic of the bug repair knowledge point information of the bug repair scheme information of the target bug repair application service according to the probability value distribution, and setting the acquired non-bug repair knowledge relationship characteristic as the non-actual bug repair knowledge relationship characteristic of the bug repair scheme information of the target bug repair application service;

calculating a second risk estimation index of the predicted vulnerability repair knowledge relationship characteristics of the vulnerability repair scheme information of the target vulnerability repair application service according to the actual vulnerability repair knowledge relationship characteristics and the non-actual vulnerability repair knowledge relationship characteristics;

and adjusting the model configuration information of the AI training model according to the first risk estimation index and the second risk estimation index to obtain the AI training model meeting the conditions.

For example, the calculating a second risk estimation index of the predicted vulnerability repair knowledge relationship characteristics of the vulnerability repair solution information of the target vulnerability repair application service according to the actual vulnerability repair knowledge relationship characteristics and the non-actual vulnerability repair knowledge relationship characteristics includes:

determining actual vulnerability repair knowledge relationship characteristic probability of the predicted vulnerability repair knowledge relationship characteristic according to behavior similarity of the predicted vulnerability repair knowledge relationship characteristic and the actual vulnerability repair knowledge relationship characteristic of the vulnerability repair scheme information of the target vulnerability repair application service and behavior similarity of the predicted vulnerability repair knowledge relationship characteristic and the non-actual vulnerability repair knowledge relationship characteristic of the vulnerability repair scheme information of the target vulnerability repair application service;

determining the adaptation confidence coefficient of the predicted vulnerability repair knowledge relationship characteristic as the actual vulnerability repair knowledge relationship characteristic according to the directed graph characteristic of the predicted vulnerability repair knowledge relationship characteristic through an AI training model;

calculating distribution risk evaluation index parameters of the predicted vulnerability repair knowledge relationship characteristics according to the adaptation confidence coefficient of the predicted vulnerability repair knowledge relationship characteristics and the corresponding actual vulnerability repair knowledge relationship characteristic probability;

calculating regression risk assessment index parameters of the predicted vulnerability repair knowledge relationship characteristics according to predicted vulnerability repair knowledge relationship characteristics of which the actual vulnerability repair knowledge relationship characteristic probability is not lower than a preset probability threshold value, the relationship network units in the vulnerability repair knowledge point information of the vulnerability repair scheme information of the target vulnerability repair application service and the relationship network units of the actual vulnerability repair knowledge relationship characteristics in the vulnerability repair knowledge point information of the vulnerability repair scheme information of the target vulnerability repair application service;

and fusing the distributed risk assessment index parameters and the regression risk assessment index parameters to obtain a second risk estimation index of the predicted vulnerability repair knowledge relationship characteristics of the vulnerability repair scheme information of the target vulnerability repair application service.

In a second aspect, an embodiment of the present application further provides an artificial intelligence-based cloud service vulnerability repair system, where the artificial intelligence-based cloud service vulnerability repair system includes a big data analysis system and a plurality of cloud service business systems in communication connection with the big data analysis system;

the big data analysis system is configured to:

acquiring a vulnerability optimization configuration flow of the cloud service business system aiming at the distributed vulnerability repair configuration information;

According to any one of the aspects, in the embodiment provided by the application, when a configuration information calling behavior of the vulnerability repair configuration information by the vulnerability optimization configuration flow is received, optimized execution field tracking is performed first, and whether the vulnerability optimization configuration flow belongs to an error vulnerability optimization configuration flow or not is detected when the execution field is abnormal, so that when the vulnerability optimization configuration flow belongs to the error vulnerability optimization configuration flow, the calling vulnerability repair firmware information of the configuration information calling behavior is migrated from the vulnerability repair configuration information to the linkage vulnerability repair firmware information of the linkage vulnerability optimization configuration flow. Based on the method, the vulnerability optimization efficiency can be prevented from being influenced by continuously performing the vulnerability optimization flow when the vulnerability optimization configuration flow is determined to belong to the error vulnerability optimization configuration flow, and the reliability of vulnerability repair configuration is improved.

Drawings

Fig. 1 is a schematic view of an application scenario of a cloud service vulnerability fixing system based on artificial intelligence according to an embodiment of the present application;

fig. 2 is a schematic flowchart of a cloud service vulnerability fixing method based on artificial intelligence according to an embodiment of the present application;

fig. 3 is a block diagram illustrating a structure of a big data analysis system for implementing the cloud service vulnerability fixing method based on artificial intelligence according to the embodiment of the present application.

Detailed Description

Fig. 1 is a scene schematic diagram of an artificial intelligence based cloud service vulnerability fixing system 10 according to an embodiment of the present application. The artificial intelligence based cloud service vulnerability remediation system 10 may include a big data analysis system 100 and a cloud service business system 200 communicatively connected with the big data analysis system 100. The artificial intelligence based cloud service vulnerability repair system 10 shown in fig. 1 is only one possible example, and in other possible embodiments, the artificial intelligence based cloud service vulnerability repair system 10 may also include only at least some of the components shown in fig. 1 or may also include other components.

In this embodiment, the big data analysis system 100 and the cloud service business system 200 in the artificial intelligence based cloud service vulnerability repair system 10 may execute the artificial intelligence based cloud service vulnerability repair method described in the following method embodiment in a matching manner, and the detailed description of the following method embodiment may be referred to in the execution steps of the big data analysis system 100 and the cloud service business system 200.

Fig. 2 is a schematic flow diagram of an artificial intelligence based cloud service vulnerability repair method provided in an embodiment of the present application, where the artificial intelligence based cloud service vulnerability repair method provided in this embodiment may be executed by the big data analysis system 100 shown in fig. 1, and the artificial intelligence based cloud service vulnerability repair method is described in detail below.

Step S110, when a configuration information calling behavior of the vulnerability repair configuration information by the vulnerability optimization configuration flow is received, performing optimization execution field tracking on the vulnerability optimization configuration flow to obtain a corresponding optimization execution field tracking result.

In an embodiment that can be implemented independently, when receiving a configuration information calling behavior of a vulnerability optimization configuration flow to vulnerability repair configuration information, the big data analysis system 100 may perform optimized execution field tracking on the vulnerability optimization configuration flow, so that a corresponding optimized execution field tracking result may be obtained.

If the result of tracking the optimized execution field is that the execution field is abnormal, step S120 may be executed.

Step S120, detecting whether the vulnerability optimization configuration process belongs to an error vulnerability optimization configuration process.

In an embodiment that can be implemented independently, when the optimized execution field tracking result for the execution field exception is obtained based on step S110, the big data analysis system 100 may detect whether the vulnerability optimized configuration flow belongs to a wrong vulnerability optimized configuration flow, that is, determine whether the vulnerability optimized configuration flow is affected by the exception of the vulnerability optimized configuration flow.

And the error vulnerability optimization configuration flow is used for representing an error vulnerability optimization process. And, if the vulnerability optimal configuration flow belongs to an error vulnerability optimal configuration flow, step S130 may be executed.

Step S130, transferring the calling bug fixing firmware information of the configuration information calling behavior from the bug fixing configuration information to linkage bug fixing firmware information of a linkage bug optimization configuration flow.

In an embodiment that can be implemented independently, when it is detected based on step S120 that the vulnerability optimization configuration flow belongs to an error vulnerability optimization configuration flow, the big data analysis system 100 may migrate the calling vulnerability repair firmware information of the configuration information calling behavior from the vulnerability repair configuration information to the linkage vulnerability repair firmware information of the linkage vulnerability optimization configuration flow.

And data information of part of the same repairing attribute fields at least exists between the linkage vulnerability repairing firmware information and the vulnerability repairing configuration information.

Based on the method, when the configuration information calling behavior of the vulnerability repair configuration information by the vulnerability optimization configuration flow is received, the optimization execution field tracking is firstly carried out, whether the vulnerability optimization configuration flow belongs to the error vulnerability optimization configuration flow or not is detected when the execution field is abnormal, and the calling vulnerability repair firmware information of the configuration information calling behavior is migrated from the vulnerability repair configuration information to the linkage vulnerability repair firmware information of the linkage vulnerability optimization configuration flow when the vulnerability optimization configuration flow belongs to the error vulnerability optimization configuration flow. Based on the method, the vulnerability optimization efficiency can be prevented from being influenced by continuously performing the vulnerability optimization flow when the vulnerability optimization configuration flow is determined to belong to the error vulnerability optimization configuration flow, and the reliability of vulnerability repair configuration is improved.

For example, in an embodiment that can be implemented independently, the vulnerability optimization configuration process can be detected based on the following steps:

firstly, if the tracking result of the optimized execution field is that the execution field is abnormal, a pre-collected error vulnerability optimized configuration flow set can be obtained from a target optimized configuration record library, and field operation information of the vulnerability optimized configuration flow is obtained. Secondly, judging whether the error vulnerability optimization configuration flow set comprises field operation information of the vulnerability optimization configuration flow, and determining that the vulnerability optimization configuration flow belongs to the error vulnerability optimization configuration flow when the error vulnerability optimization configuration flow set comprises the field operation information of the vulnerability optimization configuration flow. Based on this, by directly comparing the field operation information of the vulnerability optimization configuration flow with the error vulnerability optimization configuration flow set, the data processing efficiency can be improved.

Optionally, on the basis of the above example, if the error vulnerability optimization configuration flow set does not include the field operation information of the vulnerability optimization configuration flow, in an embodiment that can be implemented independently, if the error vulnerability optimization configuration flow set does not include the field operation information of the vulnerability optimization configuration flow, it may be determined that the vulnerability optimization configuration flow does not belong to the error vulnerability optimization configuration flow.

For another example, in another embodiment that can be implemented independently, if the error vulnerability optimization configuration flow set does not include the field operation information of the vulnerability optimization configuration flow set, a feature matching degree between each error vulnerability optimization configuration flow in the error vulnerability optimization configuration flow set and the vulnerability optimization configuration flow may be calculated first, and then, based on the feature matching degree between each error vulnerability optimization configuration flow in the error vulnerability optimization configuration flow set and the vulnerability optimization configuration flow, whether the vulnerability optimization configuration flow belongs to the error vulnerability optimization configuration flow is determined.

On the basis of the above example, since the linkage bug fixing firmware information needs to be used in step S130, the linkage bug fixing firmware information needs to be generated first, wherein a specific manner for generating the linkage bug fixing firmware information is not limited, and may be selected according to actual application requirements.

For example, in an embodiment that can be implemented independently, any piece of common bug fix firmware information that is related to the bug fix configuration information and has been disclosed may be obtained as the linkage bug fix firmware information.

For another example, in another embodiment that can be implemented independently, the linkage bug fix firmware information may be generated based on the following steps:

firstly, extracting vulnerability repair tasks from the vulnerability repair configuration information to obtain corresponding vulnerability repair task extraction information;

secondly, dividing the vulnerability repair configuration information based on the similarity between the vulnerability repair task extraction information and the data content to obtain at least one vulnerability repair task related data, wherein the vulnerability repair configuration information is formed by the at least one vulnerability repair task related data, and the correlation degree between different vulnerability repair task related data is smaller than the preset correlation degree;

thirdly, respectively determining a task priority coefficient of each data related to the bug fixing task in the data related to the at least one bug fixing task based on the bug fixing task extraction information to obtain the task priority coefficient of each data related to the bug fixing task;

fourthly, based on the task priority coefficient and a predetermined task priority coefficient threshold, clustering the at least one vulnerability repair task related data to obtain at least one first type vulnerability repair task related data, or obtaining at least one first type vulnerability repair task related data and at least one second type vulnerability repair task related data, wherein the task priority coefficient of each first type vulnerability repair task related data is greater than or equal to the task priority coefficient threshold, and the task priority coefficient of each second type vulnerability repair task related data is smaller than the task priority coefficient threshold (for example, each vulnerability repair task related data with the task priority coefficient greater than the task priority coefficient threshold can be determined as the first type vulnerability repair task related data, and each vulnerability repair task with the task priority coefficient smaller than or equal to the task priority coefficient threshold can be determined as any vulnerability repair task related data The service-related data is determined as second-class vulnerability repairing task-related data, wherein if no vulnerability repairing task-related data with a task priority coefficient larger than a task priority coefficient threshold exists, any number of vulnerability repairing task-related data can be determined as first-class vulnerability repairing task-related data; and, the task priority coefficient threshold may be generated based on configuration operations performed by a user according to an actual application scenario);

fifthly, performing other task related data expansion on each first type of bug fixing task related data to obtain extended bug fixing task related data corresponding to each first type of bug fixing task related data;

and sixthly, constructing and forming the linkage bug fixing firmware information corresponding to the bug fixing configuration information based on the relevant data of each extended bug fixing task and the relevant data of each second type bug fixing task.

In a separately implementable embodiment, the above method may further comprise the following steps.

Step a110, obtaining vulnerability repair scheme information of each relevant vulnerability attribute information in the corresponding target vulnerability repair application service according to the cloud service vulnerability analysis information of the cloud service business system 200.

In an embodiment that can be implemented independently, the bug fix scheme information of each piece of related bug attribute information may be obtained by a bug fix solution service provider of each piece of related bug attribute information. The bug fixing scheme information may include bug fixing upgrade information, bug fixing replacement information, and the like.

Step A120, obtaining a vulnerability repair knowledge network of each relevant vulnerability attribute information according to the vulnerability repair scheme information of each relevant vulnerability attribute information.

In an independently implementable embodiment, the vulnerability fix knowledge network may be obtained through a knowledge-graph algorithm.

Step A130, splicing the vulnerability repair knowledge networks of the related vulnerability attribute information to obtain a target vulnerability repair knowledge network of the target vulnerability repair application service.

In an embodiment that can be implemented independently, a target vulnerability repair knowledge network of the whole target vulnerability repair application service is obtained by splicing the vulnerability repair knowledge networks of the relevant vulnerability attribute information, so that the target vulnerability repair knowledge network can reflect the relationship information of vulnerability repair knowledge points of vulnerability repair scheme information of the relevant vulnerability attribute information in the vulnerability repair application service, and can accurately express vulnerability repair logic information of the target vulnerability repair application service.

Step A140, performing vulnerability repair firmware information distribution on the target vulnerability repair application service according to the target vulnerability repair knowledge network to obtain at least one vulnerability repair firmware information of the target vulnerability repair application service.

Step A150, performing corresponding bug fix configuration for the cloud service business system 200 according to at least one bug fix firmware information of the target bug fix application service.

In an embodiment, which may be implemented independently, in step a140, the bug fixing firmware information distribution to the target bug fixing application service may be implemented by, for example, a long memory cycle neural network.

In an embodiment that can be implemented independently, since the target vulnerability repair knowledge network is obtained by fusion of vulnerability repair knowledge networks according to the relevant vulnerability attribute information, vulnerability repair firmware information of a target vulnerability repair application service executed according to the target vulnerability repair knowledge network can be distributed more accurately.

In a separately implementable embodiment, step a120 may include the following substeps.

Step A210, extracting vulnerability repair knowledge point information of the vulnerability repair scheme information of the relevant vulnerability attribute information aiming at the vulnerability repair scheme information of each piece of relevant vulnerability attribute information to obtain vulnerability repair knowledge point information corresponding to the vulnerability repair scheme information of the relevant vulnerability attribute information.

In an embodiment that can be implemented independently, vulnerability repair scheme information of each piece of relevant vulnerability attribute information is input into a deep learning network for completing training, and one or more times of convolution feature extraction is performed through the deep learning network so as to extract description components of the vulnerability repair scheme information, and vulnerability repair knowledge point information corresponding to the vulnerability repair scheme information of the relevant vulnerability attribute information is obtained.

Step A220, vulnerability repair knowledge relationship feature recognition is carried out on vulnerability repair knowledge point information of vulnerability repair scheme information of the related vulnerability attribute information, and at least one vulnerability repair knowledge relationship feature of the vulnerability repair knowledge point information of the vulnerability repair scheme information of the related vulnerability attribute information is determined.

Some noise features may exist in the bug fix scheme information of a single piece of related bug attribute information; or have some behavior that is too biased to characterize the vulnerability fix validity characteristics of the vulnerability fix application service. Therefore, in an independently implementable embodiment, vulnerability repair knowledge relationship features with verification effectiveness need to be identified from vulnerability repair knowledge point information of single related vulnerability attribute information, and features corresponding to the vulnerability repair knowledge relationship features will affect the subsequent feature extraction fusion process.

Step A230, performing directed graph feature extraction on each vulnerability repair knowledge relationship feature in vulnerability repair knowledge point information of vulnerability repair scheme information of the related vulnerability attribute information to obtain a directed graph feature of each vulnerability repair knowledge relationship feature of the vulnerability repair scheme information of the related vulnerability attribute information.

In an embodiment that can be implemented independently, after the vulnerability repair knowledge relationship features are identified, specific features corresponding to the vulnerability repair knowledge relationship features in the vulnerability repair knowledge point information can be extracted and directed graph features are extracted, so that directed graph features corresponding to the vulnerability repair knowledge relationship features are obtained.

Step A240, according to the weight coefficient information of the influence result of each vulnerability repair knowledge relationship characteristic of the vulnerability repair scheme information of the related vulnerability attribute information on the target vulnerability repair application service, fusing vulnerability repair knowledge point information of the vulnerability repair scheme information of the related vulnerability attribute information and the directed graph characteristic of each vulnerability repair knowledge relationship characteristic to obtain a vulnerability repair knowledge network of the related vulnerability attribute information.

In an embodiment that can be implemented independently, after the digraph feature is determined, the digraph feature and the vulnerability repair knowledge point information can be mapped and fused according to influence information of the digraph feature on vulnerability repair firmware information distribution of vulnerability repair application services. Therefore, the obtained vulnerability repair knowledge network comprises the global repair knowledge point characteristics and the local repair knowledge point characteristics of the related vulnerability attribute information, and the directed repair knowledge point characteristics of the related vulnerability attribute information can be more accurately reflected.

In a separately implementable embodiment, step a240 may include the following substeps.

Step A241, determining a relational parameter corresponding to each vulnerability repair knowledge relational feature of the vulnerability repair scheme information of the related vulnerability attribute information according to the weight coefficient information of the influence result of each vulnerability repair knowledge relational feature of the vulnerability repair scheme information of the related vulnerability attribute information on the target vulnerability repair application service.

In an embodiment that can be implemented independently, different vulnerability repair knowledge relationship characteristics may have different weight coefficient information, and the relationship type parameter may be determined by an influence degree of vulnerability repair firmware information distribution on target vulnerability repair application service classification according to the vulnerability repair knowledge relationship characteristics.

And A242, performing relational connection on vulnerability repair knowledge point information of vulnerability repair scheme information of the related vulnerability attribute information and directed graph characteristics of the relational characteristics of the vulnerability repair knowledge according to the relational parameters to obtain a vulnerability repair knowledge network of the related vulnerability attribute information.

In an embodiment that can be implemented independently, the relationship connection is performed on the vulnerability repair knowledge point information of the vulnerability repair scheme information of the related vulnerability attribute information and the directed graph features of the vulnerability repair knowledge relationship features, so that the obtained vulnerability repair knowledge network has vulnerability repair knowledge point information representing the global features of the related vulnerability attribute information and directed graph features with the characteristic directed repair knowledge point features, and the directed graph features are connected through the relationship, so that the influence information of some vulnerability repair knowledge relationship features can be reflected. Therefore, the obtained vulnerability repair knowledge network can more accurately reflect the directed repair knowledge point characteristics of the vulnerability attribute information related to the related vulnerability attribute information, which can generate effective behaviors on the vulnerability repair application flow.

In a separately implementable embodiment, step a130 may include the following sub-steps.

Step A131, clustering the vulnerability repair knowledge networks of the related vulnerability attribute information to obtain at least one cluster, and determining the pivot repair knowledge point characteristics serving as the pivot of the cluster in each cluster.

Step A132, calculating vulnerability repair knowledge entity characteristics of the non-central repair knowledge point characteristics and the central repair knowledge point characteristics in each cluster to obtain a vulnerability repair knowledge entity characteristic set of the clusters.

And step A133, fusing vulnerability repair knowledge entity feature sets of each cluster to obtain a target vulnerability repair knowledge network of the target vulnerability repair application service.

In an independently implementable embodiment, the clustering calculation may be performed using a K-means (K-means) clustering algorithm.

In a separately implementable embodiment, step a131 may include the following substeps.

Step 1311, determining the number N of the clusters, wherein N is a positive integer greater than or equal to 2.

And 1312, selecting N vulnerability repair knowledge networks from the vulnerability repair knowledge networks of the related vulnerability attribute information as central repair knowledge point characteristics of the N clusters respectively.

And 1313, calculating the relevant metric values of the vulnerability repair knowledge network of each piece of relevant vulnerability attribute information and the characteristics of each pivot repair knowledge point.

In an independently implementable embodiment, the correlation metric between the vulnerability repair knowledge network and the pivot repair knowledge point features may represent a degree of match therebetween. The larger the correlation metric value, the greater the degree of match. The way of calculating the correlation metric value between the vulnerability repair knowledge network and the characteristics of the pivot repair knowledge points can be calculated by cosine distance or Euclidean distance and the like.

Step 1314, adding each vulnerability repair knowledge network to the cluster to which the central repair knowledge point feature with the maximum correlation metric value of the vulnerability repair knowledge network belongs to obtain N clusters.

And 1315, selecting the vulnerability repair knowledge networks meeting the central repairing conditions of the clusters from the clusters as new central repairing knowledge point characteristics for each cluster, returning to the step of calculating the relevant metric values of the vulnerability repair knowledge networks of the relevant vulnerability attribute information and the central repairing knowledge point characteristics until the central repairing knowledge point characteristics of each cluster meet the cluster finishing conditions, obtaining N clusters, and obtaining the central repairing knowledge point characteristics serving as the central repairing knowledge points of the clusters in each cluster.

In an embodiment, in an independently implemented embodiment, for each cluster, whether the latest central repair knowledge point feature of the cluster is consistent with the central repair knowledge point feature adopted at the maximum time in the clustering process is calculated, that is, whether the correlation metric value between the two is 0 is calculated. If the clustering centers of the clusters are consistent, the clustering centers of the clusters can be considered to be converged, if the clustering centers of all the clusters are converged, the clustering process is completed, N clusters are obtained, and the center repairing knowledge point characteristics serving as the clustering centers in all the clusters are obtained; if the clustering centers of all the clusters do not converge, the method returns to step A1313 until the clustering centers of each cluster converge.

In an embodiment that can be implemented independently, in step a220, vulnerability repair knowledge point information extraction is performed on vulnerability repair scheme information of the relevant vulnerability attribute information, and when vulnerability repair knowledge point information corresponding to the vulnerability repair scheme information of the relevant vulnerability attribute information is obtained, vulnerability repair knowledge point information extraction is performed on the vulnerability repair scheme information of the relevant vulnerability attribute information through an AI training model, so that vulnerability repair knowledge point information corresponding to the vulnerability repair scheme information of the relevant vulnerability attribute information is obtained.

In step a220, vulnerability repair knowledge relationship feature recognition is performed on vulnerability repair knowledge point information of vulnerability repair scheme information of the relevant vulnerability attribute information, when at least one vulnerability repair knowledge relationship feature of the vulnerability repair knowledge point information of the vulnerability repair scheme information of the relevant vulnerability attribute information is determined, vulnerability repair knowledge relationship feature recognition is performed on vulnerability repair knowledge point information of the vulnerability repair scheme information of the relevant vulnerability attribute information through the AI training model, and at least one vulnerability repair knowledge relationship feature of the vulnerability repair knowledge point information of the vulnerability repair scheme information of the relevant vulnerability attribute information is determined.

In step a140, when bug fix firmware information is distributed to the target bug fix application service according to the target bug fix knowledge network to obtain at least one bug fix firmware information of the target bug fix application service, bug fix firmware information can be distributed to the target bug fix application service according to the target bug fix knowledge network through the AI training model to obtain at least one bug fix firmware information of the target bug fix application service.

In an independently implementable embodiment, the AI training model may be a residual network, a densely connected convolutional network, or the like.

For example, in an embodiment that can be implemented independently, the present application further provides a deep learning-based medical information model training method, including the following steps.

Step A401, obtaining typical cloud service attack log data, where the typical cloud service attack log data includes vulnerability repair scheme information of a target vulnerability repair application service of the target vulnerability repair application service and actual vulnerability repair firmware information corresponding to the target vulnerability repair application service.

Step A402, extracting vulnerability repair knowledge point information of vulnerability repair scheme information of the target vulnerability repair application service through an AI training model to obtain vulnerability repair knowledge point information corresponding to the vulnerability repair scheme information of the target vulnerability repair application service, performing vulnerability repair knowledge relationship feature identification on the vulnerability repair knowledge point information of the vulnerability repair scheme information of the target vulnerability repair application service, and determining at least one prediction vulnerability repair knowledge relationship feature of the vulnerability repair knowledge point information of the vulnerability repair scheme information of the target vulnerability repair application service.

Step A403, training and obtaining an AI training model based on at least one predicted vulnerability repair knowledge relationship characteristic of vulnerability repair knowledge point information of vulnerability repair scheme information of the target vulnerability repair application service.

For example, in an embodiment that can be implemented independently, step a403 can be implemented as follows.

Step A4031, performing description component extraction on each predicted vulnerability repair knowledge relationship characteristic in vulnerability repair knowledge point information of vulnerability repair scheme information of the target vulnerability repair application service to obtain a directed graph characteristic of each predicted vulnerability repair knowledge relationship characteristic of the vulnerability repair scheme information of the target vulnerability repair application service, and according to the weight coefficient information of the influence result of each predicted vulnerability repair knowledge relationship characteristic of the vulnerability repair scheme information of the target vulnerability repair application service on the target vulnerability repair application service, and fusing vulnerability repair knowledge point information of vulnerability repair scheme information of the target vulnerability repair application service and directed graph characteristics of each predicted vulnerability repair knowledge relation characteristic to obtain a vulnerability repair knowledge network of the vulnerability repair scheme information of the target vulnerability repair application service.

Step A4032, the vulnerability repair knowledge networks of the vulnerability repair scheme information of each target vulnerability repair application service are spliced to obtain the target vulnerability repair knowledge network of the target vulnerability repair application service.

Step A4033, determining the adaptation confidence of the target vulnerability repair application service on each preset vulnerability repair firmware information according to the target vulnerability repair knowledge network.

Step A4034, calculating a first risk estimation index between the adaptation confidence and actual vulnerability fix firmware information of the target vulnerability fix application service.

Step A4035, a gradient descending value of the first risk estimation index to a target vulnerability repair knowledge network of the target vulnerability repair application service is calculated, and probability value distribution corresponding to vulnerability repair knowledge point information of vulnerability repair scheme information of the target vulnerability repair application service is calculated according to the gradient descending value.

Step A4036, determining vulnerability repair firmware information of the target vulnerability repair application service according to the adaptation confidence of the target vulnerability repair application service.

Step A4037, when the bug fixing firmware information of the target bug fixing application service is consistent with the actual bug fixing firmware information, acquiring the bug fixing knowledge relationship characteristic of the bug fixing knowledge point information of the bug fixing scheme information of the target bug fixing application service according to the probability value distribution, and setting the acquired bug fixing knowledge relationship characteristic as the actual bug fixing knowledge relationship characteristic of the bug fixing scheme information of the target bug fixing application service.

Step A438, when the bug repair firmware information of the target bug repair application service is not matched with the actual bug repair firmware information, acquiring the non-bug repair knowledge relationship characteristic of the bug repair knowledge point information of the bug repair scheme information of the target bug repair application service according to the probability value distribution, and setting the acquired non-bug repair knowledge relationship characteristic as the non-actual bug repair knowledge relationship characteristic of the bug repair scheme information of the target bug repair application service.

Step A439, calculating a second risk estimation index of the predicted vulnerability repair knowledge relationship characteristic of the vulnerability repair scheme information of the target vulnerability repair application service according to the actual vulnerability repair knowledge relationship characteristic and the non-actual vulnerability repair knowledge relationship characteristic, and adjusting the model configuration information of the AI training model according to the first risk estimation index and the second risk estimation index to obtain the AI training model meeting the conditions.

In an independently implementable embodiment, a back propagation algorithm may be used to adjust model configuration information of an AI training model, so that a first risk estimation index between an adaptation confidence obtained by the AI training model and actual vulnerability fix firmware information is smaller than a target estimation index, where the target estimation index may be set as small as possible to improve performance of the AI training model.

Generally, if the adaptation confidence of the AI training model on a certain preset bug fixing firmware information exceeds a threshold, the target bug fixing application service may be considered as the bug fixing application service on the preset bug fixing firmware information. In the training process of the AI training model, if the bug repair firmware information decided by the AI training model is consistent with the actual bug repair firmware information, namely the allocation is correct, the probability value distribution can be obtained through analysis according to the parameters involved in the allocation process, the bug repair knowledge relation characteristic can be identified according to the probability value distribution, and the actual bug repair knowledge relation characteristic of the bug repair scheme information of the target bug repair application service is obtained.

In the training process of the AI training model, if the bug fixing firmware information decided by the AI training model is not matched with the actual bug fixing firmware information, namely, the bug fixing firmware information of the target bug fixing application service is wrongly distributed through the AI training model, the probability value distribution can be obtained through analysis according to the parameters related in the distribution process, and the non-actual bug fixing knowledge relation characteristic of the bug fixing scheme information of the target bug fixing application service is obtained according to the probability value distribution.

For example, in an independently implementable embodiment, step a439 may comprise the following sub-steps.

Step A501, determining the probability of the non-actual vulnerability repair knowledge relationship characteristic of the predicted vulnerability repair knowledge relationship characteristic according to the behavior similarity of the predicted vulnerability repair knowledge relationship characteristic and the actual vulnerability repair knowledge relationship characteristic of the vulnerability repair scheme information of the target vulnerability repair application service and the behavior similarity of the predicted vulnerability repair knowledge relationship characteristic and the non-actual vulnerability repair knowledge relationship characteristic of the vulnerability repair scheme information of the target vulnerability repair application service.

Optionally, in an embodiment that can be implemented independently, the probability of the actual vulnerability repair knowledge relationship characteristic of the predicted vulnerability repair knowledge relationship characteristic, in which the feature matching degree with the actual vulnerability repair knowledge relationship characteristic is greater than the first target estimation index, may be set to 1; setting the probability of the actual vulnerability repair knowledge relationship characteristic of the predicted vulnerability repair knowledge relationship characteristic with the characteristic matching degree of the non-actual vulnerability repair knowledge relationship characteristic larger than the second target estimation index to be 0; the first target estimation index and the second target estimation index may be set according to actual conditions.

Step A502, determining the adaptation confidence coefficient of the predicted vulnerability repair knowledge relationship characteristic as the actual vulnerability repair knowledge relationship characteristic according to the directed graph characteristic of the predicted vulnerability repair knowledge relationship characteristic through an AI training model.

Step A503, calculating the distribution risk assessment index parameters of the predicted vulnerability repair knowledge relationship characteristics according to the adaptation confidence of the predicted vulnerability repair knowledge relationship characteristics and the corresponding actual vulnerability repair knowledge relationship characteristic probability.

Step A504, according to the predicted vulnerability repair knowledge relationship characteristic of which the actual vulnerability repair knowledge relationship characteristic probability is not lower than the preset probability threshold value, calculating regression risk assessment index parameters of the predicted vulnerability repair knowledge relationship characteristic in the relationship network units in the vulnerability repair knowledge point information of the vulnerability repair scheme information of the target vulnerability repair application service and the relationship network units of the actual vulnerability repair knowledge relationship characteristic in the vulnerability repair knowledge point information of the vulnerability repair scheme information of the target vulnerability repair application service.

And step A505, fusing the distributed risk assessment index parameters and the regression risk assessment index parameters to obtain a second risk estimation index of the predicted vulnerability repair knowledge relationship characteristics of the vulnerability repair scheme information of the target vulnerability repair application service.

In an embodiment that can be implemented independently, the probability value distribution can be obtained through analysis of a class activation graph weighted by a gradient descending value, the gradient descending value of a first risk estimation index to a target vulnerability repair knowledge network of a target vulnerability repair application service is calculated, a weighting coefficient corresponding to each vulnerability repair knowledge point in vulnerability repair knowledge point information of vulnerability repair scheme information of the target vulnerability repair application service is calculated by using the global average of the gradient descending value, and the probability value distribution corresponding to the vulnerability repair knowledge point information can be described according to the weighting coefficient of each vulnerability repair knowledge point in the vulnerability repair knowledge point information. The target vulnerability repair knowledge network of the target vulnerability repair application service may be specifically obtained by splicing vulnerability repair knowledge networks corresponding to vulnerability repair scheme information of each piece of relevant vulnerability attribute information of the target vulnerability repair application service.

Therefore, vulnerability repair scheme information of each piece of relevant vulnerability attribute information in the target vulnerability repair application service is extracted, vulnerability repair knowledge relation characteristics are identified from the vulnerability repair scheme information of the single piece of relevant vulnerability attribute information, vulnerability repair knowledge networks of the relevant vulnerability attribute information are determined according to the vulnerability repair knowledge relation characteristics, then the vulnerability repair knowledge networks of the relevant vulnerability attribute information are spliced to obtain a target vulnerability repair knowledge network of the whole target vulnerability repair application service, and vulnerability repair firmware information distribution is carried out on the target vulnerability repair application service according to the target vulnerability repair knowledge network. The determined target vulnerability repair knowledge network can more accurately reflect the influence of relevant vulnerability attribute information on the vulnerability repair application service, so that the characteristics of the whole vulnerability repair application service are more accurately reflected, and the vulnerability repair firmware information distribution of the vulnerability repair application service based on the target vulnerability repair knowledge network is more accurate.

For example, in an embodiment that can be implemented independently, the above method can further include the following steps.

And step B110, obtaining cloud service attack log data of products on the target cloud service line.

In an embodiment that can be implemented independently, the target cloud service online product may refer to a software product that is online by a cloud service, such as, but not limited to, an e-commerce live broadcast software product, an e-commerce promotion software product, an e-commerce social software product, and the like. The cloud service attack log data may refer to attack log data generated by some attack behaviors under a target cloud service online product, for example, for an e-commerce social network service software product, the cloud service attack log data may refer to attack log data generated by social interaction stealing attack behaviors, social malicious drainage attack behaviors and the like.

And step B120, processing the cloud service attack log data to obtain a service operation crash information group of the cloud service attack log data.

The service operation crash information group comprises crash node information of a session operation crash object of the target cloud service session application in the cloud service attack log data. And the service operation collapse information group specifically comprises an active operation collapse point characteristic and a passive operation collapse point characteristic, wherein the active operation collapse point characteristic comprises a plurality of collapse description segments, and each collapse description segment represents a classification metric value of a collapse frequent item of a session operation collapse object of the target cloud service session application, wherein an attack operation log in cloud service attack log data corresponding to the collapse description segment represents the classification metric value of the collapse frequent item of the session operation collapse object of the target cloud service session application. The dimension of the passive operation crash point feature is 2, that is, the passive operation crash point feature is specifically composed of an operation crash point feature describing the attribute of the data interval and an operation crash point feature describing the attribute of the data service layer, and the crash reason ranges of the operation crash point feature describing the attribute of the data interval and the operation crash point feature describing the attribute of the data service layer are consistent. In addition, the breakdown cause range of the active operation breakdown point feature is the same as the breakdown cause range of the passive operation breakdown point feature. For example, the breakdown cause range of the active operation breakdown point feature and the breakdown cause range of the passive operation breakdown point feature are both (w 1, w 2...... wn.). The operation crash point characteristics for describing the data interval attributes comprise a plurality of crash description fragments, and each crash description fragment represents a prediction description data interval corresponding to an attack operation log in cloud service attack log data corresponding to the crash description fragment; similarly, the operation crash point feature describing the attribute of the data service layer includes a plurality of crash description segments, and each crash description segment represents a prediction description data service layer corresponding to an attack operation log in the cloud service attack log data corresponding to the crash description segment.

By way of example, the expression of the embodiment of the present application to the operation crash point is in the form of active type + passive type. The service operation crash information group classifies the service operation crash information group and the service operation crash information group respectively, namely the active operation crash point characteristic and the passive operation crash point characteristic. The active type operation crash point is characterized by a dimension (w 1, w 2...... wn.) R, and the passive type crash describes a dimension (w 1, w 2...... wn.) 2, wherein R is the specific number of target cloud service session applications to be decided. And each crash description segment on the running crash point characteristic respectively expresses a classification metric value of a crash frequent item of a session running crash object of the target cloud service session application and a classification metric value of a description data interval description data service layer at the crash point.

Step B130, determining cloud service vulnerability analysis information of the cloud service attack log data according to the service operation crash information group, wherein the cloud service vulnerability analysis information comprises vulnerability attribute information of a session operation crash object of the target cloud service session application in the cloud service attack log data.

In an embodiment, which may be implemented independently, the vulnerability attribute information may include a crash node, and the vulnerability attribute information may include, for example: the cloud service attack log data are classification measurement values of collapse frequent items of a session running collapse object of the target cloud service session application, and the cloud service attack log data are description data intervals and description data service layers of collapse nodes corresponding to the session running collapse object of the target cloud service session application.

In an embodiment, which can be implemented independently, the service operation crash information group includes an active operation crash point feature and a passive operation crash point feature. The active operation crash point characteristics comprise a classification measurement value of a crash frequent item of a session operation crash object of the target cloud service session application, wherein each attack operation log in the cloud service attack log data is, and the passive operation crash point characteristics comprise a description data interval and a description data service layer data corresponding to each attack operation log in the cloud service attack log data.

In an embodiment that can be implemented independently, first, the big data analysis system 100 determines, according to the active operation crash point feature, a crash frequent item of a session operation crash object of a target cloud service session application in the cloud service attack log data. Then, the big data analysis system 100 determines a collapse node of a session operation collapse object of the target cloud service session application in the cloud service attack log data according to the frequent collapse items and the description data interval and the description data service layer data corresponding to the attack operation log at the frequent collapse items. Finally, the big data analysis system 100 takes the crash node of the session running crash object of the target cloud service session application as the vulnerability attribute information of the session running crash object of the target cloud service session application.

As an example, each attack operation log in the cloud service attack log data corresponds to one crash description fragment in the service operation crash information group. Therefore, cloud service vulnerability analysis information of the cloud service attack log data can be determined, wherein the cloud service vulnerability analysis information comprises vulnerability attribute information of a session running crash object of a target cloud service session application in the cloud service attack log data.

By the cloud service attack log data processing method provided by the embodiment of the application, the cloud service attack log data of a product on a target cloud service line can be processed, and therefore a service operation collapse information group of the cloud service attack log data is obtained. The service operation crash information group comprises crash node information of a session operation crash object of the target cloud service session application in the cloud service attack log data, and cloud service vulnerability analysis information of the cloud service attack log data is determined according to the service operation crash information group. By the design, the second typical cloud service attack log data of the product on the target cloud service line can be trained to obtain the service operation crash recognition network without marking, the service operation crash recognition network can directly process the cloud service attack log data of the product on the target cloud service line, so that cloud service vulnerability analysis information is obtained, the tag cost of the cloud service attack log data of the product on the target cloud service line can be saved, and the real-time performance and the accuracy of cloud service vulnerability analysis are improved.

In an embodiment that can be implemented independently, the big data analysis system 100 may invoke a service operation crash recognition network to process the cloud service attack log data, so as to obtain a service operation crash information group of the cloud service attack log data. The service operation crash recognition network is obtained by performing feature deep learning on typical cloud service attack log data of products on a target cloud service line. For example, the service operation crash recognition network is obtained by training based on first typical cloud service attack log data of a product on an original cloud service line, typical crash node information of a session operation crash object of a target cloud service session application in the first typical cloud service attack log data, and second typical cloud service attack log data of a product on a target cloud service line.

Compared with the prior art, the design is that the second typical cloud service attack log data of the product on the target cloud service line can be trained to obtain the service operation crash recognition network without marking, and the service operation crash recognition network is obtained by performing feature deep learning training by using the effectiveness description quantity of the typical cloud service attack log data of the product on the target cloud service line. Finally, the deep learning network obtained through training can directly process the cloud service attack log data of the products on the target cloud service line, so that cloud service vulnerability analysis information is obtained, the label cost of the cloud service attack log data of the products on the target cloud service line can be saved, and the real-time performance and the accuracy of cloud service vulnerability analysis are improved.

In an embodiment, which can be implemented independently, the service operation crash recognition network includes an operation crash point extraction structure and an operation crash point fusion structure. For example, the deep learning network includes a run crash point extraction structure and a run crash point fusion structure. An example design of the big data analysis system 100 invoking a service operation crash recognition network to process cloud service attack log data to obtain a service operation crash information group of the cloud service attack log data may include: the big data analysis system 100 calls an operation crash point extraction structure to extract description components of the cloud service attack log data so as to obtain initial operation crash point characteristics of the cloud service attack log data; and calling an operation crash point fusion structure to perform feature fusion on the cloud service attack log data and the initial operation crash point features so as to obtain a service operation crash information group of the cloud service attack log data. The operation collapse point extraction structure comprises a convolution layer, batch regularization, nonlinear activation, a pooling layer and the like. The operation crash point extraction structure can effectively extract a description data service layer dimension feature expression (namely initial operation crash point features) of input cloud service attack log data (cloud service attack log data).

In an embodiment that can be implemented independently, first, the big data analysis system 100 calls an operation crash point fusion structure to perform convolution feature extraction and sampling processing on cloud service attack log data and initial operation crash point features to obtain first operation crash point features; then, the big data analysis system 100 calls an operation crash point fusion structure to perform compression processing and excitation processing on the cloud service attack log data and the initial operation crash point characteristics to obtain a training coefficient corresponding to the initial operation crash point characteristics, and performs relational connection on the initial operation crash point characteristics according to the training coefficient to obtain second operation crash point characteristics; finally, the big data analysis system 100 fuses the first to-be-fused operation crash point feature and the second to-be-fused operation crash point feature to obtain a service operation crash information group of the cloud service attack log data.

As an example, the runtime crash point fusion structure may include a first branching unit, which may be, for example, an FPN, and a second branching unit. The FPN is a low-layer of initial operation crash point characteristics of the cloud service attack log data and operation crash point characteristic representation of a description data service layer by layer, and therefore first operation crash point characteristics are obtained. The basic operational unit of the FPN is also a meta-operation of the convolutional layer, batch regularization, nonlinear activation, pooling layer. The second branch unit may be a compression-excitation module, for example, the initial operation crash point features may be pooled globally and processed in an excitation manner to obtain the training coefficients. Finally, the big data analysis system 100 performs comprehensive weighted fusion on the training coefficient and the initial operation crash point feature to obtain a second operation crash point feature.

Finally, the big data analysis system 100 fuses the first operation crash point feature and the second operation crash point feature, so as to obtain a service operation crash information group of the cloud service attack log data. Of course, after the initial operation crash point feature of the cloud service attack log data is processed through the FPN, the obtained first operation crash point feature is used as the input of the compression-excitation module, and then the second operation crash point feature is obtained. And finally, the compression-excitation module is used for processing the second operation crash point characteristic obtained by the first operation crash point characteristic as a service operation crash information group of the cloud service attack log data.

Fig. 3 illustrates a hardware structure diagram of a big data analysis system 100 for implementing the artificial intelligence based cloud service vulnerability fixing method, provided by an embodiment of the present application, and as shown in fig. 3, the big data analysis system 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a communication unit 140.

In a specific implementation process, at least one processor 110 executes computer-executable instructions stored in the machine-readable storage medium 120, so that the processor 110 may execute the artificial intelligence based cloud service vulnerability fixing method according to the above method embodiment, the processor 110, the machine-readable storage medium 120, and the communication unit 140 are connected through the bus 130, and the processor 110 may be configured to control the transceiving action of the communication unit 140, so as to perform data transceiving with the cloud service business system 200.

For a specific implementation process of the processor 110, reference may be made to the above-mentioned method embodiments executed by the big data analysis system 100, and implementation principles and technical effects thereof are similar, and details of this embodiment are not described herein again.

In addition, an embodiment of the present application further provides a readable storage medium, where a computer execution instruction is preset in the readable storage medium, and when a processor executes the computer execution instruction, the cloud service vulnerability repair method based on artificial intelligence is implemented.

While the present invention has been described with reference to particular embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

完整详细技术资料下载

上一篇：石墨接头机器人自动装卡簧、装栓机

下一篇：将捕获的媒体关联到参与者

Cloud service vulnerability repairing method based on artificial intelligence and big data analysis system

相关技术

网友询问留言