Search

CN-119276570-B - Computer network safety dynamic protection method and system based on fusion factors

CN119276570BCN 119276570 BCN119276570 BCN 119276570BCN-119276570-B

Abstract

The invention discloses a computer network safety dynamic protection method and system based on fusion factors, which relate to the field of computer network safety and comprise the steps of setting a safety dynamic protection detection mode aiming at different computer network application environments; setting a corresponding safety dynamic protection scheme based on the detection content of the safety dynamic protection mode, constructing a decision mode of computer network safety dynamic protection based on a deep reinforcement learning model, adopting a corresponding protection scheme to solve network risks according to the decision result of the deep reinforcement learning model, establishing a network abnormal behavior feature library, and adjusting parameters of the model and optimizing the network abnormal behavior feature library by comparing with the decision result of the model. The invention has the advantages that the deep reinforcement learning model is utilized, the advanced computer network safety dynamic protection model learning is utilized, the capability of computer network safety dynamic autonomous protection and early warning under different environments is effectively improved, and the network risk is reduced.

Inventors

  • WAN XIAOLI
  • CHEN BO
  • WANG JIANGWEI

Assignees

  • 浙江省国际贸易集团有限公司

Dates

Publication Date
20260512
Application Date
20241008

Claims (8)

  1. 1. A method for dynamically protecting computer network security based on fusion factors, comprising the steps of: Setting a safety dynamic protection detection mode aiming at different computer network application environments; setting a corresponding safety dynamic protection scheme based on the detection content of the safety dynamic protection mode; Based on the deep reinforcement learning model, constructing a decision mode of computer network safety dynamic protection; According to the decision result of the deep reinforcement learning model, adopting a corresponding protection scheme to solve the network risk; establishing a network abnormal behavior feature library, and adjusting parameters of the model and optimizing the network abnormal behavior feature library by comparing the network abnormal behavior feature library with a decision result of the model; the setting of the security dynamic protection mode specifically includes: For an application environment in which the security requirement of a computer network is not high and information needs to be kept secret, a port number detection single mode is adopted; for the application environment with high computer network security requirement and no need of accurately identifying the flow behavior, adopting a deep packet inspection single mode; For an application environment needing to accurately identify flow behaviors and improve the processing speed of a computer network, adopting a deep flow detection single mode; The decision mode for constructing the computer network safety dynamic protection based on the deep reinforcement learning model specifically comprises the following steps: According to the abnormal behavior standardized processing list, confirming the probability of strategy selection among different processing schemes; based on a Markov chain algorithm, confirming a state probability value at a future moment according to the computer network when identifying different detection content characteristic items; calculating a cumulative rewards feedback value corresponding to a decision based on the abnormal behavior standardized processing list; based on the deep reinforcement learning model, according to the Monte Carlo algorithm, confirming that the computer network completes a decision corresponding in the state Is not limited to the desired one; Based on a deep reinforcement learning model according to Confirming that the computer network selected the processing scheme to complete a decision corresponds to Is not limited to the desired one; according to the decision result of the deep reinforcement learning model, adopting a corresponding protection scheme to solve the network risk specifically comprises the following steps: dividing the mode for processing the network abnormal behavior characteristics according to the network operation influence caused by the network abnormal behavior characteristics and the simplicity of the processing mode; Based on the learning and training results of the deep reinforcement learning model, carrying out automatic decision processing on the common, simple and slightly influenced network abnormal behavior characteristics; Based on the learning and training results of the deep reinforcement learning model, aiming at network abnormal behavior characteristics which are complex, novel, have large influence degree and overload the model, an early warning and alarming mode is set, and the network abnormal behavior characteristics are recorded.
  2. 2. The method for dynamically protecting the security of the computer network based on the fusion factor according to claim 1, wherein the setting the dynamic security protection mode specific to different computer network application environments comprises: aiming at the advantages and disadvantages of port number detection, deep packet detection and deep stream detection, setting a safety dynamic protection detection mode according to different computer network application environments; For other requirements of computer network security, the advantages and disadvantages of port number detection, deep packet detection and deep stream detection modes are combined, a joint detection mode is set, and the detection result is regulated by setting the weight of each detection mode; Based on the D-S evidence theory, calculating the proportion of the port number detection, the deep packet detection and the deep stream detection in the joint detection mode; the weight expression of each detection is as follows: Wherein, the As a linear relationship of several detection modes, In order to use the port number detection, In order to employ deep packet inspection, In order to employ the deep flow detection, In order to use the weights of the port number detection, In order to employ the weights of deep packet inspection, Weights for detection using depth streams; the D-S evidence theory expression is: Wherein, the To adopt the first The degree of certainty of the manner of detection, For the normalization constant(s), To adopt the first Detection mode number The probability of the individual feature term(s), To adopt the first Number of feature items of each detection mode.
  3. 3. The method for dynamically protecting computer network security based on fusion factors according to claim 2, wherein the detecting content based on the dynamically protecting mode comprises the steps of: Determining detection content feature items of each detection mode based on historical data of network abnormal behaviors; setting a standardized processing scheme of network abnormal behavior characteristics aiming at the detection content characteristic items of each detection mode; And establishing an abnormal behavior standardized processing list according to the detected content characteristic items and the standardized processing scheme.
  4. 4. A method for dynamically protecting security of a computer network based on a fusion factor according to claim 3, wherein the probability expression for confirming the selection strategy between different processing schemes is: Wherein, the In-state for computer networks Lower selection of the first The probability of the individual processing schemes is determined, To deal with the set of scenarios of unusual behavior characteristics of a computer network, A set of current states for the computer network; the Markov chain algorithm is as follows: Wherein, the In the first place for computer network In the next state The probability of a single state is determined, Future for computer network The status of the individual states is that, Is the current first of computer network A personal status; the cumulative rewards feedback value expression corresponding to the calculation completion decision is as follows: Wherein, the Completing a decision for a computer network The cumulative prize feedback values corresponding to the respective states, For future discounting factors on the current impact of the computer network, Completing a decision for a computer network The cumulative prize feedback values corresponding to the respective states, Completing a decision for a computer network The corresponding reward feedback value of each state; the computer network completes a decision corresponding to the state The desired expression of (2) is: Wherein, the In the policy for computer network Corresponding under individual states Is used to update the desired value of (a), In the policy for computer network Corresponding under individual states Is used as a reference to the desired value of (a), In order for the rate of learning to be high, In the policy for computer network Corresponding under individual states Is a desired value of (2); The computer network selecting the processing scheme to complete a decision The desired expression of (2) is: Wherein, the Selecting the processing scheme for the computer network to complete a decision Corresponding under individual states Is used to update the desired value of (a), Selecting the processing scheme for the computer network to complete a decision Corresponding under individual states Is used as a reference to the desired value of (a), In order for the rate of learning to be high, Selecting the processing scheme for the computer network to complete a decision Corresponding under individual states Is a desired value of (2).
  5. 5. The method for dynamically protecting computer network security based on fusion factors according to claim 4, wherein the step of establishing a network abnormal behavior feature library, and the step of adjusting parameters of a model and optimizing the network abnormal behavior feature library by comparing the parameters with decision results of the model specifically comprises the steps of: establishing a network abnormal behavior feature library based on the abnormal behavior standardized processing list and the decision processing result of the model; Comparing the recorded processing result of the network abnormal behavior feature library with the decision result of the model, preferentially screening the most suitable processing mode, and adjusting the parameters of the model and optimizing the network abnormal behavior feature library according to the comparison result; And judging whether the decision result of the model is better than the processing result of the feature library, if so, optimizing the processing result recorded by the feature library, and if not, adjusting the parameters of the model.
  6. 6. A fusion factor-based computer network security dynamic protection system for implementing a fusion factor-based computer network security dynamic protection method as claimed in any of claims 1-5, comprising: The system comprises a detection and scheme module, a safety dynamic protection detection module and a safety dynamic protection control module, wherein the detection and scheme module is used for setting a safety dynamic protection detection mode aiming at different computer network application environments; The protection and feedback module is used for constructing a decision mode of computer network safety dynamic protection based on the deep reinforcement learning model, adopting a corresponding protection scheme to solve the safety risk according to the decision result of the deep reinforcement learning model, establishing a network abnormal behavior feature library, and adjusting the parameters of the model and optimizing the network abnormal behavior feature library by comparing with the decision result of the model.
  7. 7. The dynamic security protection system for computer network based on fusion factors according to claim 6, wherein the detection and scheme module specifically comprises: the system comprises a detection mode setting unit, a dynamic security protection detection mode setting unit and a dynamic security protection detection mode setting unit, wherein the detection mode setting unit is used for setting security dynamic protection detection modes aiming at different computer network application environments; the device comprises a safety dynamic protection scheme setting unit, wherein the safety dynamic protection scheme setting unit is used for setting a corresponding safety dynamic protection scheme based on detection content of a safety dynamic protection mode.
  8. 8. The dynamic security protection system for computer network based on fusion factors according to claim 7, the protection and feedback module is characterized by comprising: The protection decision unit is used for constructing a decision mode of computer network safety dynamic protection based on the deep reinforcement learning model; The protection scheme unit is used for adopting a corresponding protection scheme to solve the safety risk according to the decision result of the deep reinforcement learning model; the feature library feedback unit is used for establishing a network abnormal behavior feature library, and adjusting parameters of the model and optimizing the network abnormal behavior feature library by comparing the network abnormal behavior feature library with a decision result of the model.

Description

Computer network safety dynamic protection method and system based on fusion factors Technical Field The invention relates to the field of computer network security, in particular to a dynamic computer network security protection method and system based on fusion factors. Background With the rapid development of the information age, the computer network technology is applied to various industries, so that the security of a computer network is important to protecting personal information, maintaining the normal operation of enterprise operation and ensuring the stability of the enterprise, and the influence of various factors needs to be considered for a complex and changeable computer network environment, so that the defensive capability to unknown advanced network threats and the decision capability for automatically processing risks are improved by combining various factors with dynamic protection technology and method. Existing computer network security protection strategies mainly rely on traditional static security measures, such as firewalls and intrusion detection systems, face complex computer network environments, lack coping capability for different environments and the capability of actively handling risks of abnormal behaviors, and lead to low efficiency of computer network security protection and increase of the load level of computer processors. Disclosure of Invention In order to solve the technical problems, the technical scheme provides a computer network safety dynamic protection method and system based on fusion factors, and solves the problems that the computer network safety protection efficiency is low and the load degree of a computer processor is increased due to the lack of coping capability and active processing of abnormal behavior risks for different environments in the background technology. In order to achieve the above purpose, the invention adopts the following technical scheme: a dynamic protection method for computer network security based on fusion factors, comprising: Setting a safety dynamic protection detection mode aiming at different computer network application environments; setting a corresponding safety dynamic protection scheme based on the detection content of the safety dynamic protection mode; Based on the deep reinforcement learning model, constructing a decision mode of computer network safety dynamic protection; According to the decision result of the deep reinforcement learning model, adopting a corresponding protection scheme to solve the network risk; And (3) establishing a network abnormal behavior feature library, and adjusting parameters of the model and optimizing the network abnormal behavior feature library by comparing the network abnormal behavior feature library with a decision result of the model. Preferably, the setting a secure dynamic protection mode for different computer network application environments specifically includes: aiming at the advantages and disadvantages of port number detection, deep packet detection and deep stream detection, setting a safety dynamic protection detection mode according to different computer network application environments; For an application environment in which the security requirement of a computer network is not high and information needs to be kept secret, a port number detection single mode is adopted; for the application environment with high computer network security requirement and no need of accurately identifying the flow behavior, adopting a deep packet inspection single mode; for the safe application environment of the computer network, which needs to accurately identify and process the flow behavior, a deep flow detection single mode is adopted; For other requirements of computer network security, the advantages and disadvantages of port number detection, deep packet detection and deep stream detection modes are combined, a joint detection mode is set, and the detection result is regulated by setting the weight of each detection mode; Based on the D-S evidence theory, calculating the proportion of the port number detection, the deep packet detection and the deep stream detection in the joint detection mode; the weight expression of each detection is as follows: Wherein y is a linear relation of several detection modes, x 1 is port number detection, x 2 is deep packet detection, x 3 is deep stream detection, epsilon 1 is port number detection weight, epsilon 2 is deep packet detection weight, epsilon 3 is deep stream detection weight; the D-S evidence theory expression is: Wherein m (A) is the reliability of the A-th detection mode, K is a normalization constant, m i(Ai) is the probability of the i-th feature item of the A-th detection mode, and n is the number of the feature items of the A-th detection mode. Preferably, the setting the corresponding safety dynamic protection scheme specifically includes: Determining detection content feature items of each detection mode based on historical data