CN-121093338-B - Mobile safety protection method and system based on AI dialogue and context awareness

Abstract

The invention discloses a mobile safety protection method and a system based on AI dialogue and context awareness, wherein the method comprises the steps of receiving a natural language request of a user, generating a structured context object for context information of equipment through a rule engine, analyzing user intention and at least one entity to be detected based on the natural language request and the context object to generate a structured safety instruction, calling a corresponding threat analysis engine to conduct deep analysis and generate a threat analysis result, generating a composite response containing natural language interpretation and one-key execution operation options according to the threat analysis result, calling a system interface to execute protection actions corresponding to the threat analysis result, collecting feedback data of the user on the composite response, and continuously optimizing analysis and threat analysis capability. According to the invention, the equipment state, the network environment and the user behavior are analyzed in real time, the system can dynamically evaluate the security risk, not only respond to the active inquiry of the user, but also actively push the protection suggestion when the high-risk environment is detected.

Inventors

• YANG LIANGZHI
• BAI LIN
• WANG ZHIXIN
• Fang Yuehan
• LIU LEI
• ZHOU GUANGHUI

Assignees

• 彩讯科技股份有限公司

Dates

Publication Date

20260512

Application Date

20251107

Claims (10)

1. 1.A mobile security method based on AI conversation and context awareness, the method comprising: Receiving a natural language request of a user, collecting context information of equipment in parallel, and generating a structured context object through a rule engine, wherein the natural language request is a security consultation or operation request actively input by the user, the context information comprises equipment state information, network environment information and communication meta information, and the structured context object comprises a comprehensive risk level and a risk factor label set which are calculated based on the context information; resolving a user intention and at least one entity to be detected based on the natural language request and the context object to generate a structured security instruction; According to the security instruction, a corresponding threat analysis engine is called to carry out deep analysis on the entity to be detected, and a threat analysis result is generated, wherein the threat analysis result comprises a risk level, a confidence coefficient and evidence aiming at the entity to be detected; Generating a composite response containing natural language explanation and one-key execution operation options according to the threat analysis result, and calling a system interface to execute a protection action corresponding to the threat analysis result in response to the selection of the one-key execution operation options by a user, wherein the protection action comprises shielding network resources, intercepting communication numbers and unloading application programs; And collecting feedback data of the user on the composite response, and continuously optimizing analysis and threat analysis capacity by utilizing the feedback data.
2. 2. The mobile security protection method based on AI conversation and context awareness as recited in claim 1, wherein the structured context object comprises an integrated risk level, a risk factor tag set, a focused entity set, a timestamp, an original data digest.
3. 3. The AI-dialogue and context-aware-based mobile security method of claim 2, wherein the generating, by the rules engine, the structured context object comprises: Packaging the collected context information into a standardized data exchange format object; Executing a predefined rule, wherein the rule is formed as IF < condition > THEN < action >, wherein a condition part is a logic judgment on a field in the data exchange format object, and an action part comprises assignment, calculation, addition of a risk factor label or triggering of a new event; Assigning a weight coefficient to each of the identified risk factors; calculating a comprehensive risk value based on the risk factor tag set and the corresponding weight coefficient thereof; And comparing the comprehensive risk value with a preset threshold interval, and mapping to generate the comprehensive risk level.
4. 4. The AI-dialogue and context-aware-based mobile security method of claim 1, wherein invoking the corresponding threat analysis engine comprises at least one of: Calling a URL phishing detection engine, and judging the phishing risk level of the target URL by inquiring a real-time blacklist library, analyzing the static characteristics of the URL and using an AI classification model; Invoking a short message fraud detection engine, and identifying fraud features by checking a sender number credit library and performing natural language semantic analysis on short message contents; Invoking an application risk scanning engine, and judging application maliciousness by statically analyzing application program authority and code signature and/or monitoring operation behaviors of the application risk scanning engine through a dynamic sandbox; And calling a device configuration detection engine, and detecting the device override state and the security patch update state by checking the system file and the API response.
5. 5. The AI-dialogue and context-aware-based mobile security protection method of claim 1, wherein generating threat analysis results further comprises: Aggregating risk levels and confidence levels output by the threat analysis engines; based on a predefined risk aggregation strategy, comprehensively calculating risk levels and confidence degrees output by a plurality of threat analysis engines to generate a final overall risk level; the analytical evidence from the threat analysis engines is integrated to form a multi-dimensional support description for the overall risk level.
6. 6. The mobile security protection method based on AI conversation and context awareness as claimed in claim 1, wherein generating the composite response comprises generating the natural language interpretation through template matching or a large language model based on the threat analysis result, mapping executable action suggestions in the threat analysis result to system API call instructions, and generating corresponding graphical operation elements in a user interface as the one-touch execution operation options.
7. 7. The AI-dialogue and context-aware-based mobile security method of claim 1, wherein said utilizing the feedback data for continuous optimization comprises: Associating the feedback data with a corresponding historical interaction session to form a standardized training sample; an optimized path is adopted, wherein at least one of the following steps is adopted: For a machine learning model, adopting an incremental learning algorithm, and continuously fine-tuning an intention recognition model, an entity extraction model and a threat detection model by utilizing the feedback data; for large language models, the promt build strategy is dynamically adjusted based on the feedback data.
8. 8. The mobile safety protection method based on AI dialogue and context awareness as claimed in claim 7, wherein the feedback data includes explicit feedback data and implicit feedback data, the explicit feedback data is a false report mark, a positive report mark and a satisfaction score suggested by a user to the system, and the implicit feedback data is an acceptance or rejection action of the user to the one-key execution operation option and a reverse operation record of the executed protection action.
9. 9. The mobile safety protection system based on AI dialogue and context awareness is characterized by comprising a user interaction interface module, a context awareness module, a semantic understanding module, a threat analysis module, a response generation and execution module and a self-learning module; the user interaction interface module is used for receiving a natural language request input by a user and presenting a composite response containing natural language explanation and at least one-key execution operation option; The context awareness module is in communication connection with the user interaction interface module and is used for acquiring context information of equipment, processing the context information based on a predefined rule and generating a structured context object, wherein the context object comprises a comprehensive risk level and a risk factor label set; The semantic understanding module is in communication connection with the user interaction interface module and the context awareness module, analyzes user intention and at least one entity to be detected based on the natural language request and the structured context object, and generates a structured security instruction; The threat analysis module is in communication connection with the semantic understanding module and is used for calling at least one threat analysis engine to analyze the entity to be detected according to the security instruction; the system comprises a user interaction interface module, a threat analysis module, a response generation and execution module, a protection action generation and execution module, a response generation and execution module and a protection action generation and execution module, wherein the user interaction interface module is in communication connection with the threat analysis module; The self-learning module is in communication connection with the user interaction interface module, the semantic understanding module and the threat analysis module, and is used for collecting feedback data of the user on the composite response and optimizing the performance of the semantic understanding module and/or the threat analysis module by utilizing the feedback data.
10. 10. The AI-dialogue and context-aware-based mobile security system of claim 9, wherein the context awareness module processes the context information via a rules engine comprising: The method comprises the steps of collecting context information, packaging the context information into a standardized data exchange format object, defining rule formalization as IF (condition) THEN (action), wherein the condition part is logic judgment of fields in the data exchange format object, the action part comprises assignment, calculation and addition of risk factor labels or triggering of new events, assigning a weight coefficient to each identified risk factor, calculating a comprehensive risk value based on the risk factor label set and the weight coefficient corresponding to the risk factor label set, comparing the comprehensive risk value with a preset threshold interval, and mapping to generate the comprehensive risk grade.

Description

Mobile safety protection method and system based on AI dialogue and context awareness Technical Field The invention relates to the technical field of information security and artificial intelligence, in particular to a mobile security protection method and system based on AI dialogue and context awareness. Background Mobile devices are increasingly important in processing and storing user-sensitive data and critical services, which puts higher technical demands on their security capabilities. Traditional safety software depends on menu clicking and button operation, a user needs to have certain safety knowledge to correctly use, and when the novel safety risk is faced, the user is difficult to obtain accurate safety guidance through simple interaction. Most of the existing schemes are used for isolated detection, and cannot be combined with multidimensional context information such as equipment real-time state, network environment, user behavior and the like to perform comprehensive risk assessment. Most of the existing schemes only provide risk alarms, but do not provide direct and convenient treatment means, and after receiving the alarms, users still need to manually execute complex protection operations, such as searching shielding settings, unloading applications and the like, so that response delay and even misoperation are caused. Disclosure of Invention The invention aims to provide a mobile safety protection method and system based on AI dialogue and context awareness, which are used for solving the problems of single interaction mode, lack of context awareness capability, detection and protection disconnection and the like in the prior art. In order to achieve the above purpose, the present invention adopts the following technical scheme: according to one aspect of the present invention, there is provided a mobile security protection method based on AI dialogs and context awareness, the method comprising: receiving a natural language request of a user, collecting context information of equipment in parallel, and generating a structured context object through a rule engine; resolving a user intention and at least one entity to be detected based on the natural language request and the context object to generate a structured security instruction; According to the security instruction, a corresponding threat analysis engine is called to carry out deep analysis on the entity to be detected, and a threat analysis result is generated, wherein the threat analysis result comprises a risk level, a confidence coefficient and evidence aiming at the entity to be detected; Generating a composite response containing natural language explanation and one-key execution operation options according to the threat analysis result, and calling a system interface to execute a protection action corresponding to the threat analysis result in response to the selection of the one-key execution operation options by a user; And collecting feedback data of the user on the composite response, and continuously optimizing analysis and threat analysis capacity by utilizing the feedback data. Based on the scheme, the structured context object comprises a comprehensive risk level, a risk factor label set, a focus entity set, a time stamp and an original data abstract. Based on the foregoing, the generating, by the rules engine, the structured context object includes: packaging the collected context information into a standardized data exchange format object; Executing a predefined business rule, wherein the rule is formed as IF < condition > THEN < action >, and the condition part is logic judgment on a field in the data exchange format object, and the action part comprises assignment, calculation, addition of a risk factor label or triggering of a new event; Assigning a weight coefficient to each of the identified risk factors; calculating a comprehensive risk value based on the risk factor tag set and the corresponding weight coefficient thereof; And comparing the comprehensive risk value with a preset threshold interval, and mapping to generate the comprehensive risk level. Based on the foregoing, the invoking the corresponding threat analysis engine includes at least one of: Calling a URL phishing detection engine, and judging the phishing risk level of the target URL by inquiring a real-time blacklist library, analyzing the static characteristics of the URL and using an AI classification model; Invoking a short message fraud detection engine, and identifying fraud features by checking a sender number credit library and performing natural language semantic analysis on short message contents; Invoking an application risk scanning engine, and judging application maliciousness by statically analyzing application program authority and code signature and/or monitoring operation behaviors of the application risk scanning engine through a dynamic sandbox; And calling a device configuration detection engine, and detecting the device over