Search

CN-120934860-B - Platform security intelligent supervision method and system based on data management

CN120934860BCN 120934860 BCN120934860 BCN 120934860BCN-120934860-B

Abstract

The invention discloses a platform security intelligent supervision method and system based on data management, comprising the following steps of preprocessing a platform user access path, an operation request and a data transfer log, extracting characteristics and generating a behavior coding vector; the method comprises the steps of inputting a behavior coding vector into a replicator neural network for compression and reconstruction to obtain a reconstructed behavior coding vector and calculating a reconstruction error, inputting the behavior coding vector into a Hopfie ld network for state evolution to judge whether the behavior coding vector converges to a compliance steady state and calculate an attraction state offset, generating a behavior compliance label according to the reconstruction error and the attraction state offset, constructing a behavior trace back chain graph based on the label, the coding vector and characteristics thereof, calculating a comprehensive risk score by utilizing node attributes and dependency relations in the graph, mapping a result to a visual supervision interface, and assisting a platform to realize compliance examination and risk identification.

Inventors

  • LIU XIONG
  • HONG ZHI

Assignees

  • 江苏达科数智技术有限公司

Dates

Publication Date
20260512
Application Date
20250821

Claims (7)

  1. 1. The platform safety intelligent supervision method based on data management is characterized by comprising the following steps of: Preprocessing an access path, an operation request and a data stream transfer log of a user in the acquisition platform, extracting sequence characteristics and generating a behavior coding vector; Compressing and reconstructing the behavior coding vector by using a replicator neural network, outputting a reconstructed behavior coding vector, and calculating a reconstruction error between the behavior coding vector and the reconstructed behavior coding vector; inputting the behavior coding vector into a Hopfield network for state evolution, judging whether the behavior coding vector converges to a stored compliance steady state, and calculating the current convergence state and attraction state offset; inputting the behavior coding vector into a Hopfield net complex rule memory module to serve as an initial state vector; Constructing a connection weight matrix of the Hopfield network complex rule memory module according to a plurality of calibrated compliance steady state vectors, wherein the connection weight matrix is constructed by adopting a symmetric weight updating rule, and the plurality of compliance steady state vectors are used for representing the identified compliance steady behavior patterns in the platform historical behavior sequence; based on the connection weight matrix, executing an asynchronous iteration state evolution process of the Hopfield network complex rule memory module, and updating states of all neurons in the initial state vector according to a random sequence to form a state vector sequence; In each iteration, judging whether element difference values between the current state vector and the previous state vector are all lower than a set convergence threshold value, if the condition is met, judging the current state vector as a convergence state vector, and ending evolution of the Hopfield network complex rule memory module; vector distance measurement is respectively carried out on the convergence state vector and all the compliance steady state vectors, when the vector distance between any one of the compliance steady state vectors and the convergence state vector is smaller than the attraction judgment threshold value, the corresponding behavior coding vector is considered to be converged to the compliance steady state vector, and the corresponding compliance steady state vector is determined to be the attraction state vector; Element level difference values between the convergence state vector and the attraction state vector are calculated, an attraction state offset is generated, a reconstruction error and the attraction state offset are input into a judging module, and a behavior compliance label is generated according to a preset fusion rule; Based on the compliance label, extracting corresponding behavior coding vectors, reconstruction errors and attraction state offset, constructing a behavior backtracking chain graph, and tracking the dependency relationship between the front and rear associated behavior nodes and the time sequence; inputting node weights, a reconstruction error accumulated value and an offset evolution path in a behavior backtracking chain into a risk modeling module, and calculating a comprehensive risk score; And mapping the compliance label, the behavior backtracking chain graph and the comprehensive risk score to a platform visual supervision interface in a combined way to generate a dynamic view.
  2. 2. The method for intelligently supervising platform security based on data governance according to claim 1, wherein the preprocessing includes access path standardization, operation request semantic parsing, data flow log structure restoration and behavior sequence fusion modeling.
  3. 3. The intelligent platform security monitoring method based on data governance of claim 1, wherein the step of calculating the reconstruction error comprises: the behavior-encoded vectors are input into a replicator neural network, which performs a compression reconstruction operation, Converting the behavior coding vector into a potential expression vector with a dimension lower than that of the behavior coding vector through a compression mapping path, wherein the potential expression vector is used for representing the behavior characteristics of the behavior coding vector in a compression characteristic space; Converting the potential expression vector into a reconstructed behavior coding vector with the same dimension as the behavior coding vector through a reconstructed mapping path; performing difference extraction on the behavior coding vector and the reconstructed behavior coding vector according to element positions to form an error vector; And carrying out normalized quantization processing on the error vector to generate a reconstruction error.
  4. 4. The intelligent platform security supervision method based on data governance of claim 3, wherein the replicator neural network comprises a feature encoding module, a path discrimination guiding module, a path selection module, a reconstruction module and an error calculation module, and comprises: The path discrimination guide module receives the potential expression vector, extracts a reference vector set from a preset historical high-risk behavior feature vector set, calculates feature similarity between the potential expression vector and the set, and constructs a behavior historical risk response function The risk response function is used for measuring the projection response degree of the potential expression vector in the high-risk behavior space; the path discrimination guiding module is used for judging the matching score value between the plurality of preset path guiding vectors and the potential expression vector Performing risk adjustment by combining the behavior history risk response function; scoring the matching of all paths Comparing, selecting the path number corresponding to the path with the largest score The corresponding path number is used as a path discrimination tag to be input into a path selection module; The path selection module guides the potential expression vector to a target reconstruction module branch according to the path discrimination label, and the reconstruction module restores the potential expression vector to generate a reconstruction behavior coding vector with the dimension consistent with that of the original behavior coding vector.
  5. 5. The method for intelligently monitoring platform security based on data governance of claim 1, wherein the generating of the behavior compliance tag comprises: extracting a reconstruction error and an attraction state offset corresponding to the target behavior coding vector, and inputting the reconstruction error and the attraction state offset to a behavior compliance label generation module together; the behavior compliance tag generation module carries out joint judgment on the reconstruction error and the attraction state offset based on a preset fusion rule and outputs a behavior compliance tag; The preset fusion rule comprises a reconstruction error judgment rule, an attraction state offset judgment rule and a label decision logic rule, and specifically comprises the following steps: Judging whether the reconstruction error is larger than a reconstruction error threshold value, if so, marking the reconstruction error as abnormal; the attraction state offset judgment rule is used for judging whether the attraction state offset is larger than an offset threshold value, and if so, marking that the attraction state offset is abnormal; And the label decision logic rule is that a behavior compliance label is generated through a Boolean logic structure according to the joint judgment result of the reconstruction abnormality and the deviation attraction state abnormality, and the label category comprises compliance behavior, deviation behavior and abnormal behavior.
  6. 6. The intelligent platform security supervision method based on data governance of claim 1, wherein the constructing of the behavior backtracking chain graph comprises: Extracting a behavior compliance label, a reconstruction error and an attraction state offset corresponding to the target behavior coding vector, and setting the target behavior coding vector as a starting node of a behavior trace-back chain graph; In a preset time window, retrieving historical behavior coding vectors which have access path coincidence, data object interaction and operation upstream and downstream dependency relationship with the target behavior coding vectors from a platform behavior log, and constructing a candidate behavior coding vector set; identifying a time sequence dependency path between a predecessor behavior coding vector and a successor behavior coding vector based on a time stamp sequence of each behavior coding vector in the candidate behavior coding vector set, a data object reference relationship, and an operation cause and effect chain; Constructing the identified behavior coding vectors and time sequence dependency paths between the identified behavior coding vectors into a directed graph structure, defining each node in the graph as the behavior coding vectors, and each side as a dependency connection path in the time advancing direction, wherein the side weight represents the time sequence dependency strength; and adding a corresponding behavior compliance label, a reconstruction error value and an attraction state offset value on each behavior coding vector node of the directed graph structure to form a behavior trace-back chain graph containing attribute labels.
  7. 7. The utility model provides a platform safety intelligence supervisory systems based on data administration which characterized in that includes: the behavior vector generation module is used for preprocessing the access path, the operation request and the data transfer log of the user, extracting sequence characteristics and generating a behavior coding vector; The replicator neural network reconstruction module is used for compressing and reconstructing the behavior coding vector, outputting a reconstructed behavior coding vector and generating a reconstruction error based on the difference between the behavior coding vector and the reconstructed behavior coding vector; The Hopfield network complex rule memory module is used for receiving the behavior coding vector as an initial state vector, constructing a connection weight matrix based on a plurality of compliance behavior steady state vectors, executing asynchronous iteration state evolution, judging a convergence state vector and calculating an attraction state offset; inputting the behavior coding vector into a Hopfield net complex rule memory module to serve as an initial state vector; Constructing a connection weight matrix of the Hopfield network complex rule memory module according to a plurality of calibrated compliance steady state vectors, wherein the connection weight matrix is constructed by adopting a symmetric weight updating rule, and the plurality of compliance steady state vectors are used for representing the identified compliance steady behavior patterns in the platform historical behavior sequence; based on the connection weight matrix, executing an asynchronous iteration state evolution process of the Hopfield network complex rule memory module, and updating states of all neurons in the initial state vector according to a random sequence to form a state vector sequence; In each iteration, judging whether element difference values between the current state vector and the previous state vector are all lower than a set convergence threshold value, if the condition is met, judging the current state vector as a convergence state vector, and ending evolution of the Hopfield network complex rule memory module; vector distance measurement is respectively carried out on the convergence state vector and all the compliance steady state vectors, when the vector distance between any one of the compliance steady state vectors and the convergence state vector is smaller than the attraction judgment threshold value, the corresponding behavior coding vector is considered to be converged to the compliance steady state vector, and the corresponding compliance steady state vector is determined to be the attraction state vector; The system comprises an element level difference value between a convergence state vector and an attraction state vector, an attraction state offset generation module and a behavior compliance label generation module, wherein the element level difference value is used for receiving a reconstruction error and the attraction state offset and generating a behavior compliance label according to a preset fusion rule; The behavior backtracking chain construction module is used for constructing a candidate behavior coding vector set based on the target behavior coding vector, the access path coincidence of the historical behavior coding vector and the data object interaction or operation dependency relationship, constructing a behavior backtracking chain diagram containing a time sequence dependency path, and labeling the behavior compliance labels, the reconstruction error values and the attraction state offset values of all nodes; the risk score modeling module is used for receiving node weights and reconstruction error accumulated values in the behavior backtracking chain graph And an attraction state offset evolution path to generate a comprehensive risk score; And the visual supervision interface module is used for receiving the behavior compliance labels, the behavior backtracking chain graphs and the comprehensive risk scores and carrying out combined display in the platform interface.

Description

Platform security intelligent supervision method and system based on data management Technical Field The invention relates to the technical field of data security, in particular to a platform security intelligent supervision method and system based on data management. Background With the development of data-driven platform economy, the access path, operation behaviors and data flow of users in the platform are increasingly complex, and the safety supervision, behavior compliance identification and risk prevention and control in the platform operation process become key links in the platform management. The existing data security supervision technology is difficult to deal with the nonlinear changes of potential high-dimensional interaction characteristics and compliance behavior patterns in dynamic behavior sequences by means of multi-dependency rule base matching, static audit or abnormality detection mechanisms based on statistical thresholds. On one hand, the traditional anomaly detection method cannot effectively capture the deep expression consistency relation between the user behavior and the platform specification, often ignores the context dependence characteristics of the behavior in the sequence structure, so that the misjudgment rate is high, and a behavior chain with tracking capability is difficult to generate. Therefore, how to provide a platform security intelligent supervision method and system based on data management is a problem to be solved by those skilled in the art. Disclosure of Invention The invention aims to provide a platform safety intelligent supervision method and system based on data management, which comprehensively utilize behavior coding vector modeling, replicator neural network compression reconstruction, hopfield network state evolution, graph structure behavior backtracking and fusion type risk modeling technologies, describe the compliance recognition and risk scoring process oriented to a platform user behavior sequence in detail and have the advantages of high modeling precision, accurate anomaly recognition, strong chain type backtracking and outstanding supervision visualization capability. According to the embodiment of the invention, the platform safety intelligent supervision method and system based on data management comprise the following steps: Preprocessing an access path, an operation request and a data stream transfer log of a user in the acquisition platform, extracting sequence characteristics and generating a behavior coding vector; Compressing and reconstructing the behavior coding vector by using a replicator neural network, outputting a reconstructed behavior coding vector, and calculating a reconstruction error between the behavior coding vector and the reconstructed behavior coding vector; inputting the behavior coding vector into a Hopfield network for state evolution, judging whether the behavior coding vector converges to a stored compliance steady state, and calculating the current convergence state and attraction state offset; inputting the reconstruction error and the attraction state offset into a judging module, and generating a behavior compliance label according to a preset fusion rule; Based on the compliance label, extracting corresponding behavior coding vectors, reconstruction errors and attraction state offset, constructing a behavior backtracking chain graph, and tracking the dependency relationship between the front and rear associated behavior nodes and the time sequence; inputting node weights, a reconstruction error accumulated value and an offset evolution path in a behavior backtracking chain into a risk modeling module, and calculating a comprehensive risk score; And mapping the compliance label, the behavior backtracking chain graph and the comprehensive risk score to a platform visual supervision interface in a combined way to generate a dynamic view. Optionally, the preprocessing includes access path standardization, operation request semantic parsing, data flow log structure restoration and behavior sequence fusion modeling. Optionally, the step of calculating the reconstruction error includes: the behavior-encoded vectors are input into a replicator neural network, which performs a compression reconstruction operation, Converting the behavior coding vector into a potential expression vector with a dimension lower than that of the behavior coding vector through a compression mapping path, wherein the potential expression vector is used for representing the behavior characteristics of the behavior coding vector in a compression characteristic space; Converting the potential expression vector into a reconstructed behavior coding vector with the same dimension as the behavior coding vector through a reconstructed mapping path; performing difference extraction on the behavior coding vector and the reconstructed behavior coding vector according to element positions to form an error vector; And carrying out normalized quantizat