CN-121996276-A - Automatic deployment method and system oriented to human-computer cooperation risk operation knowledge graph driving

Abstract

The application provides an automated deployment method and system driven by a human-computer collaboration oriented risk operation knowledge graph, which relate to the technical field of artificial intelligence, and comprise the steps of firstly acquiring a risk operation knowledge graph in an enterprise risk operation system, generating a plurality of risk disposal action chains according to the risk operation knowledge graph and a security protection strategy to be deployed, and calling a risk operation knowledge graph to perform conflict resolution on the action chain, performing conflict resolution and recombination on the action chain according to the resolution result, generating an automatic deployment instruction set based on the recombined action chain, and sending the automatic deployment instruction set to a plurality of safety protection nodes in an enterprise risk operation system, so that automatic deployment of a safety protection strategy is realized, and the enterprise risk prevention and control capability is improved.

Inventors

• PU LIANG

Assignees

• 云纷(上海)信息科技有限公司

Dates

Publication Date

20260508

Application Date

20260410

Claims (10)

1. 1. An automated deployment method driven by a risk operation knowledge graph oriented to man-machine cooperation is characterized by comprising the following steps: acquiring a risk operation knowledge graph in an enterprise risk operation system, wherein the risk operation knowledge graph comprises risk entity nodes and risk association relationship edges between the risk entity nodes; Generating a plurality of risk disposal action chains according to the risk operation knowledge graph and a plurality of security protection strategies to be deployed in the enterprise risk operation system, wherein the risk disposal action chains are formed by arranging a plurality of risk disposal actions according to a preset logic sequence; invoking a risk operation knowledge graph to perform action chain conflict analysis processing on the multiple risk handling action chains to obtain action chain conflict analysis results of each risk handling action chain; Performing conflict resolution and recombination processing on the multiple risk handling action chains according to the action chain conflict resolution result to generate multiple risk handling action chains after conflict resolution and recombination; And generating an automatic deployment instruction set based on the risk treatment action chains after the conflict resolution and recombination, and sending the automatic deployment instruction set to a plurality of safety protection nodes in an enterprise risk operation system.
2. 2. The automated deployment method of human-computer collaboration oriented risk operation knowledge graph driving of claim 1, wherein the obtaining the risk operation knowledge graph in the enterprise risk operation system comprises: Extracting an original human factor risk event description information set in parallel from a plurality of safety operation databases of an enterprise risk operation system, wherein the original human factor risk event description information set comprises a human factor risk entity name, human factor risk entity attribute parameters and service operation environment context information of the human factor risk entity; Inputting the original human factor risk event description information set into a pre-constructed human factor risk entity alignment network, generating a human factor risk entity alignment mapping relation table crossing data sources by comparing semantic similarity of human factor risk entity names and numerical distribution difference of human factor risk entity attribute parameters, and carrying out merging processing on the original human factor risk event description information set according to the human factor risk entity alignment mapping relation table to generate a standardized human factor risk entity description information set containing unique human factor risk entity identifiers; Performing human factor risk entity type classification processing on each human factor risk entity in the standardized human factor risk entity description information set, dividing each human factor risk entity into a target type level in a plurality of preset human factor risk entity type levels according to human factor risk mode characteristics in human factor risk entity attribute parameters, performing intra-level human factor risk entity aggregation processing on the human factor risk entities belonging to the same target type level, and generating a tree human factor risk entity structure taking the human factor risk entity type level as an upper node, wherein each human factor risk entity node in the tree human factor risk entity structure inherits common attribute parameters of the human factor risk entity type level to which the human factor risk entity node belongs; Mining the human factor risk association relation of any two human factor risk entity nodes in the tree human factor risk entity structure, determining human factor risk association relation types and human factor risk association relation weight values between the two human factor risk entity nodes by analyzing co-occurrence frequency, time sequence dependence degree and human factor risk conduction path characteristics of the two human factor risk entity nodes in context information of a business operation environment, and adding human factor risk association relation edges in the tree human factor risk entity structure according to the human factor risk association relation types and the human factor risk association relation weight values to generate a human factor risk knowledge graph initial structure comprising human factor risk entity type hierarchy nodes and human factor risk entity nodes; Executing human factor risk evolution track tracing processing on each human factor risk entity node in the human factor risk knowledge graph initial structure, extracting a state transition sequence of the human factor risk entity node on a time axis according to the time sequence dependence degree corresponding to the human factor risk entity node, and connecting different time state versions of the same human factor risk entity node in the human factor risk knowledge graph initial structure by a time dimension; Executing business operation environment semantic labeling processing on each human factor risk entity node in the human factor risk knowledge graph initial structure, extracting core business scene elements in business operation environment context information of the human factor risk entity node as an environment semantic label set of the human factor risk entity node, associating the environment semantic label set to the human factor risk entity node in an attribute form, and storing the processed human factor risk knowledge graph initial structure in a distributed graph database to generate a risk operation knowledge graph.
3. 3. The automated deployment method driven by a human-computer collaboration oriented risk operation knowledge graph according to claim 1, wherein the generating a plurality of risk disposition action chains according to the risk operation knowledge graph and a plurality of security protection policies to be deployed in the enterprise risk operation system comprises: Reading a plurality of security protection strategies to be deployed from the enterprise risk operation system, wherein each security protection strategy comprises a human factor risk triggering condition description set and a security strategy execution action sequence description set; Analyzing the human factor risk triggering condition description set of each safety protection strategy, extracting human factor risk entity node reference marks and human factor risk association relation edge reference marks between human factor risk entity nodes in the human factor risk triggering condition description set, and generating triggering condition human factor risk feature sets corresponding to each safety protection strategy; Positioning a target human factor risk entity node set matched with the human factor risk entity node reference identifier in the triggering condition human factor risk feature set in the risk operation knowledge graph, and positioning a target human factor risk association relationship side set matched with the human factor risk association relationship side reference identifier; Performing trigger condition coverage analysis processing on each safety protection strategy, calculating coverage percentage parameters of a trigger condition human factor risk feature set corresponding to the safety protection strategy, which are covered by a target human factor risk entity node set and a target human factor risk association relation side set in the risk operation knowledge graph, screening the safety protection strategy with the coverage percentage parameters exceeding a preset coverage threshold value as a candidate safety protection strategy set of the risk operation knowledge graph to be accessed, marking the safety protection strategy which does not exceed the preset coverage threshold value as an inaccessible state, and generating an inaccessible state report; Performing association mapping processing of a security policy execution action sequence and a risk operation knowledge graph on each candidate security protection policy in the candidate security protection policy set, generating a binding relation mapping table of security policy execution actions corresponding to each candidate security protection policy and human factor risk disposal capacity, and converting the security policy execution action sequence description set of the candidate security protection policy into a human factor risk disposal action initial sequence consisting of human factor risk disposal capacity nodes in the risk operation knowledge graph according to the binding relation mapping table of the security policy execution actions corresponding to each candidate security protection policy and the human factor risk disposal capacity; Determining whether the sequence of two adjacent human factor risk treatment actions meets the execution constraint condition of the human factor risk treatment capacity node or not by analyzing the front dependency relationship and the rear influence relationship of the human factor risk treatment capacity node corresponding to the two adjacent human factor risk treatment actions in the human factor risk treatment action initial sequence, carrying out sequence adjustment processing on the adjacent human factor risk treatment actions which do not meet the execution constraint condition, rearranging the human factor risk treatment action sequence in the human factor risk treatment action initial sequence according to the front dependency relationship of the human factor risk treatment capacity node, and generating a human factor risk treatment action adjustment sequence which meets all the execution constraint conditions; And generating a corresponding human factor risk treatment action chain according to the human factor risk treatment action adjustment sequence corresponding to each safety protection strategy, and storing each human factor risk treatment action chain in association with the human factor risk triggering condition description set of the corresponding safety protection strategy.
4. 4. The automated deployment method of human-computer collaboration oriented risk operation knowledge graph driving according to claim 1, wherein the invoking the risk operation knowledge graph to perform an action chain conflict resolution process on the plurality of risk handling action chains to obtain an action chain conflict resolution result of each risk handling action chain comprises: extracting resource occupation type information and resource occupation duration information of human factor risk handling capacity nodes corresponding to each risk handling action contained in each human factor risk handling action chain from a risk operation knowledge graph; Judging whether a resource competition conflict event exists according to the time window overlapping condition of risk disposal actions in each risk disposal action chain and the resource occupation type information of the same human factor risk disposal capability node simultaneously requested by a plurality of risk disposal actions, classifying conflict types of the human factor risk disposal action chains with the resource competition conflict event, and dividing the resource competition conflict event into a resource exclusive conflict event and a resource sharing conflict event according to the resource sharability characteristic of the human factor risk disposal capability node; for a resource exclusive conflict event, extracting priority weight parameters of a plurality of personnel cause risk disposal action chains related to the resource exclusive conflict event from a risk operation knowledge graph, wherein the priority weight parameters are determined according to policy priority levels of security protection policies corresponding to the risk disposal action chains; For a resource sharing type conflict event, extracting resource parallelism tolerance parameters of a plurality of human factor risk handling action chains related to the resource sharing type conflict event from a risk operation knowledge graph, wherein the resource parallelism tolerance parameters are determined according to the upper limit of the number of the resource parallel accesses of human factor risk handling capacity nodes; Performing intra-action chain dependency conflict detection processing on each human factor risk handling action chain, extracting time sequence dependency constraint conditions between adjacent risk handling actions in the risk handling action chain, judging whether the time sequence dependency constraint conditions of the adjacent risk handling actions are violated according to the execution time window characteristics of corresponding human factor risk handling capability nodes in a risk operation knowledge graph, performing dependency conflict marking processing on the risk handling action chain with the violated time sequence dependency constraint conditions, and generating dependency conflict description information containing the violated time sequence dependency constraint conditions; Executing inter-action chain causal conflict detection processing on each human factor risk handling action chain, judging whether the execution of the human factor risk handling action in one risk handling action chain leads to the state failure of the human factor risk entity node on which the risk handling action depends in the other risk handling action chain by analyzing the state change influence range of the human factor risk entity node in the risk operation knowledge graph of different risk handling actions in the multiple human factor risk handling action chains, executing causal conflict association analysis processing on causal conflict events which lead to the state failure, and generating a state influence propagation chain from the cause risk handling action to the result risk handling action according to the state transition path of the human factor risk entity node in the risk operation knowledge graph; And integrating the resource competition conflict event, the dependence conflict event and the causal conflict event to generate an action chain conflict analysis result of each person due to the risk disposal action chain, wherein the action chain conflict analysis result comprises a conflict type identifier, a risk disposal action identifier related to the conflict and conflict resolution suggestion information.
5. 5. The automated deployment method driven by a human-computer collaboration oriented risk operation knowledge graph according to claim 4, wherein the performing conflict resolution and recombination processing on the plurality of risk handling action chains according to the action chain conflict resolution result to generate a plurality of risk handling action chains after conflict resolution and recombination includes: Grouping a plurality of personnel cause risk handling action chains according to conflict types according to conflict type identifiers in action chain conflict analysis results to generate a resource exclusive conflict group, a resource sharing conflict group, a dependent conflict group and a cause and effect conflict group; For a plurality of human factor risk disposal action chains in the resource exclusive conflict group, performing descending order processing on the risk disposal action chains in the resource exclusive conflict group according to the priority weight parameter of each human factor risk disposal action chain, generating an action chain execution sequence of the resource exclusive conflict group, performing time window dislocation adjustment processing on the risk disposal actions related to the resource exclusive conflict event in each risk disposal action chain in the resource exclusive conflict group according to the action chain execution sequence, and deferring the execution starting time stamp of the corresponding risk disposal action in the later-executed risk disposal action chain to the execution ending time stamp of the corresponding risk disposal action in the earlier-executed risk disposal action chain; Extracting resource parallelism tolerance parameters of risk handling actions related to the resource sharing type conflict events in each of multiple human factor risk handling action chains in the resource sharing type conflict group, calculating the maximum concurrency quantity of the risk handling actions which can be simultaneously executed in the resource sharing type conflict group according to the resource parallelism tolerance parameters, and performing concurrency execution grouping processing on the risk handling actions related to the resource sharing type conflict events in the resource sharing type conflict group according to the maximum concurrency quantity to generate multiple concurrency execution groups, wherein the quantity of the risk handling actions contained in each concurrency execution group does not exceed the maximum concurrency quantity; Analyzing the violated time sequence dependency constraint condition in the dependency conflict description information corresponding to each human factor risk handling action chain in the dependency conflict group, and recalculating a target execution time window meeting the time sequence dependency constraint condition according to the execution time window characteristics of the corresponding human factor risk handling capability node in the risk operation knowledge graph; Adjusting an execution time window of a risk handling action in a risk handling action chain in a dependent conflict group, which violates a time sequence dependent constraint condition, to be within the target execution time window, and synchronously adjusting an execution time window offset of a subsequent risk handling action in the risk handling action chain; Analyzing a state influence propagation chain corresponding to each causal conflict event for a plurality of causal risk handling action chains in the causal conflict group, extracting a reason risk handling action identifier and a result risk handling action identifier from the state influence propagation chain, adjusting the execution sequence of the risk handling actions corresponding to the reason risk handling action identifier in the causal conflict group to be before the risk handling actions corresponding to the result risk handling action identifier, and inserting a waiting time window between the two risk handling actions according to state stability time parameters recorded in a state transition path of a causal risk entity node in a risk operation knowledge graph; And performing action chain reconstruction processing on a plurality of human-caused risk treatment action chains subjected to time window dislocation adjustment processing, concurrent execution grouping processing, target execution time window adjustment processing and waiting time window insertion processing, rearranging the execution time stamp and the execution sequence of each risk treatment action in each human-caused risk treatment action chain, and generating a plurality of conflict resolution and recombination risk treatment action chains.
6. 6. The automated deployment method of human-computer collaboration oriented risk operation knowledge graph driving according to claim 5, wherein the performing an action chain reconstruction process on the multiple human risk treatment action chains after the time window dislocation adjustment process, the concurrent execution grouping process, the target execution time window adjustment process and the waiting time window insertion process, rearranging the execution time stamp and the execution sequence of each risk treatment action in each human risk treatment action chain, and generating multiple risk treatment action chains after conflict resolution and recombination comprises: Extracting policy execution validity period parameters of security protection policies corresponding to each personal risk treatment action chain from the risk operation knowledge graph, and determining an overall execution cut-off timestamp of each personal risk treatment action chain according to the policy execution validity period parameters; Performing compliance verification processing on execution time stamps of all risk treatment actions after time window dislocation adjustment processing, target execution time window adjustment processing and waiting time window insertion processing in each human factor risk treatment action chain, marking the risk treatment actions with execution time stamps later than the whole execution cut-off time stamp as out-of-date risk treatment actions, and extracting execution acceleration mode parameters of human factor risk treatment capability nodes of the out-of-date risk treatment actions in a risk operation knowledge graph; Performing acceleration processing on the out-of-date risk treatment action according to the execution acceleration mode parameter, and adjusting an execution ending time stamp of the risk treatment action to be earlier than an overall execution ending time stamp by shortening the resource occupation time length information of the risk treatment action on the human-caused risk treatment capacity node; Performing inter-group sequence dependency relationship analysis processing on a plurality of concurrent execution groups formed by concurrent execution grouping processing in each human factor risk treatment action chain, and determining the execution sequence among the plurality of concurrent execution groups according to the data flow direction dependency relationship among different human factor risk treatment capability nodes in a risk operation knowledge graph; according to the execution sequence among the concurrent execution groups, carrying out rearrangement sequencing treatment on the concurrent execution groups in each human factor risk treatment action chain to generate a concurrent execution group sequence, wherein each concurrent execution group in the concurrent execution group sequence comprises a plurality of risk treatment actions which can be executed in parallel; performing resource competition re-detection processing on a plurality of parallel executable risk disposal actions in each concurrent execution group, and re-confirming whether resource competition conflicts exist in the plurality of risk disposal actions in the concurrent execution groups according to the resource monopolization marks of the corresponding human risk disposal capacity nodes in the risk operation knowledge graph; Performing time window fine adjustment processing on risk treatment actions with resource competition conflicts in the concurrent execution group for new resource competition conflict events detected in the resource competition re-detection processing, eliminating the resource competition conflicts in a mode of staggering execution starting time stamps of the conflict risk treatment actions by a preset time offset, integrating the risk treatment actions in the processed risk treatment action chains according to the arrangement sequence of the concurrent execution group sequences and the parallel relation of the risk treatment actions in each concurrent execution group, and generating a complete execution time table of each person due to the risk treatment action chains; generating a plurality of conflict resolution restructured risk disposal action chains according to the complete execution schedule of each human factor risk disposal action chain, wherein each conflict resolution restructured risk disposal action chain comprises a risk disposal action sequence arranged according to the complete execution schedule, and an execution starting time stamp and an execution ending time stamp corresponding to each risk disposal action.
7. 7. The automated deployment method driven by a human-computer collaboration oriented risk operation knowledge graph according to claim 1, wherein the generating an automated deployment instruction set based on the risk handling action chain after the conflict resolution and recombination, and sending the automated deployment instruction set to a plurality of security protection nodes in an enterprise risk operation system, comprises: Extracting policy identification information of a security protection policy corresponding to the risk disposal action chain and a risk disposal action sequence contained in the risk disposal action chain from each conflict resolution reorganized risk disposal action chain; performing action chain decomposition processing on each conflict resolved and recombined risk disposal action chain, grouping processing is performed on a risk disposal action sequence in the risk disposal action chain according to a target security protection node identifier corresponding to each risk disposal action, and a node action grouping mapping table taking the target security protection node identifier as a key is generated; generating a node exclusive risk treatment action sequence corresponding to each target safety protection node identifier according to a plurality of risk treatment actions corresponding to each target safety protection node identifier in the node action group mapping table; Performing action format conversion processing on the node exclusive risk treatment action sequence corresponding to each target safety protection node identifier, and converting each risk treatment action in the node exclusive risk treatment action sequence into a standard deployment instruction unit conforming to the target safety protection node interface specification; Carrying out aggregation treatment on a plurality of standard deployment instruction units corresponding to the same target security protection node identifier according to the sequence in the node exclusive risk disposal action sequence to generate a node deployment instruction packet corresponding to each target security protection node identifier, wherein the node deployment instruction packet comprises an instruction packet serial number identifier and instruction packet integrity verification information; Executing deployment instruction packet encryption processing on each node deployment instruction packet, acquiring a corresponding node communication encryption key from key management service according to a target security protection node identifier, performing encryption operation on the node deployment instruction packet by using the node communication encryption key to generate an encryption node deployment instruction packet, packaging the encryption node deployment instruction packet into a network transmission message conforming to an enterprise risk operation system message bus protocol, and transmitting the network transmission message to the security protection node pointed by the corresponding target security protection node identifier in parallel, wherein the network transmission message comprises the target security protection node identifier, a message generation timestamp and a message priority identifier; And receiving a deployment confirmation response message fed back by each security protection node from the enterprise risk operation system, updating a deployment state record of an automatic deployment instruction set according to the received deployment confirmation response message, and generating an automatic deployment execution report containing successful deployment instruction identifiers and failure deployment instruction identifiers, wherein the deployment confirmation response message contains node deployment instruction packet receiving state identifiers and execution result state identifiers.
8. 8. The automated human-machine collaboration oriented risk operation knowledge graph driven deployment method of claim 1, further comprising: collecting deployment state monitoring data sent by an automatic deployment instruction set from an enterprise risk operation system, wherein the deployment state monitoring data comprises instruction execution progress information and instruction execution result information reported by each security protection node; Generating a real-time deployment progress view according to the instruction execution progress information reported by each safety protection node, wherein each safety protection node in the real-time deployment progress view corresponds to an independent progress bar component; Classifying the instruction execution result information reported by each security protection node, and dividing the instruction execution result information into a successful execution instruction result set and a failed execution instruction result set according to the execution status code in the instruction execution result information; For each successful execution instruction result in the successful execution instruction result set, locating a human factor risk entity node associated with a risk disposal action corresponding to the successful execution instruction result from a risk operation knowledge graph, and updating a human factor risk disposal state attribute of the human factor risk entity node to be a disposed state; For each failure execution instruction result in the failure execution instruction result set, extracting failure reason description information from the failure execution instruction result, and inquiring matched human-caused risk fault repairing action suggestions in a risk operation knowledge graph according to the failure reason description information; Converting the inquired human factor risk fault repairing action suggestion into a repairing deployment instruction, sending the repairing deployment instruction to a safety protection node corresponding to a failure execution instruction result, after receiving a repairing success confirmation message returned by the safety protection node aiming at the repairing deployment instruction, re-acquiring an original risk disposal action chain corresponding to the safety protection node from a risk operation knowledge graph, and re-generating a supplemental deployment instruction from unexecuted risk disposal actions in the original risk disposal action chain to be sent to the safety protection node; And continuously monitoring the instruction execution progress information of all the safety protection nodes until all the risk treatment actions in the risk treatment action chain after conflict resolution and recombination are marked as an executed completion state, and after all the risk treatment actions in the risk treatment action chain after conflict resolution and recombination are marked as the executed completion state, generating an automatic deployment completion report and storing the automatic deployment completion report into an audit log of an enterprise risk operation system.
9. 9. The automated human-machine collaboration oriented risk operation knowledge graph driven deployment method of claim 1, further comprising: Acquiring human factor risk operation feedback data generated by a plurality of safety protection nodes in the process of executing an automatic deployment instruction set from an enterprise risk operation system, wherein the human factor risk operation feedback data comprises a snapshot of human factor risk entity node state change acquired by each safety protection node before and after executing a risk treatment action; generating a state change time sequence diagram of each human factor risk entity node according to the state change snapshot of the human factor risk entity node, wherein attribute parameter value sequences of the human factor risk entity node under different time stamps are recorded in the state change time sequence diagram; Extracting an artificial risk state transition path sequence in a state change time sequence diagram of each artificial risk entity node, carrying out path matching processing on the artificial risk state transition path sequence and a historical artificial risk evolution path library stored in advance in a risk operation knowledge graph, and calculating path similarity parameters of each historical artificial risk evolution path in the artificial risk state transition path sequence and the historical artificial risk evolution path library; Screening a plurality of historical human factor risk evolution paths with path similarity parameters exceeding a preset similarity threshold value as a candidate risk evolution path set, and extracting follow-up human factor risk evolution trend information corresponding to each candidate risk evolution path from the candidate risk evolution path set; Generating a human factor risk prediction state sequence of each human factor risk entity node according to the extracted subsequent human factor risk evolution trend information, adding the human factor risk prediction state sequence to the corresponding human factor risk entity nodes in the risk operation knowledge graph in a prediction edge mode, then executing graph structure updating processing, generating an updated risk operation knowledge graph, and storing the updated risk operation knowledge graph in a knowledge base of an enterprise risk operation system; And reading the updated risk operation knowledge graph from the knowledge base of the enterprise risk operation system, and re-executing the operation of generating a plurality of human factor risk disposal action chains according to the updated risk operation knowledge graph.
10. 10. An automated deployment system driven by a risk operation knowledge graph facing human-computer cooperation, which is characterized by comprising a processor and a computer readable storage medium, wherein the computer readable storage medium stores machine executable instructions, and the machine executable instructions realize the automated deployment method driven by the risk operation knowledge graph facing human-computer cooperation according to any one of claims 1-9 when being executed by the processor.

Description

Automatic deployment method and system oriented to human-computer cooperation risk operation knowledge graph driving Technical Field The application relates to the technical field of artificial intelligence, in particular to an automatic deployment method and system driven by a risk operation knowledge graph for man-machine cooperation. Background With the continuous expansion of business and the deepening of digitalization, enterprises face increasingly complex and diversified risk challenges. To effectively cope with the risks, enterprises generally construct a risk operation system and deploy various security protection strategies. However, existing risk operation systems have a number of problems in the deployment of security protection policies. On one hand, conventional security policy deployment approaches often lack systematicness and relevance. The security protection strategies are relatively independent, and the inherent relation and interaction between risks are not fully considered. For example, different security protection strategies may protect against different aspects of the same risk, but not co-planned at deployment, resulting in poor protection effects and even possible protection vulnerabilities. On the other hand, when the security protection policy is deployed, it is difficult to accurately judge whether a conflict exists between different policies. Because the security protection strategies in the enterprise risk operation system are numerous, and a plurality of business links and system modules are involved, different strategies can interfere with each other in the execution process, and the normal operation and risk prevention and control effects of the system are affected. Moreover, once policy conflict occurs, the manual checking and resolving efficiency is low, the cost is high, and the requirement of quick response risk change of enterprises cannot be met. Disclosure of Invention Therefore, the application aims to provide an automated deployment method and system driven by a risk operation knowledge graph for human-computer cooperation. According to a first aspect of the present application, there is provided an automated deployment method driven by a risk operation knowledge graph for human-computer collaboration, the method comprising: acquiring a risk operation knowledge graph in an enterprise risk operation system, wherein the risk operation knowledge graph comprises risk entity nodes and risk association relationship edges between the risk entity nodes; Generating a plurality of risk disposal action chains according to the risk operation knowledge graph and a plurality of security protection strategies to be deployed in the enterprise risk operation system, wherein the risk disposal action chains are formed by arranging a plurality of risk disposal actions according to a preset logic sequence; invoking a risk operation knowledge graph to perform action chain conflict analysis processing on the multiple risk handling action chains to obtain action chain conflict analysis results of each risk handling action chain; Performing conflict resolution and recombination processing on the multiple risk handling action chains according to the action chain conflict resolution result to generate multiple risk handling action chains after conflict resolution and recombination; And generating an automatic deployment instruction set based on the risk treatment action chains after the conflict resolution and recombination, and sending the automatic deployment instruction set to a plurality of safety protection nodes in an enterprise risk operation system. According to a second aspect of the present application, there is provided an automated deployment system driven by a risk operation knowledge graph oriented to human-computer cooperation, the automated deployment system driven by a risk operation knowledge graph oriented to human-computer cooperation includes a machine-readable storage medium and a processor, the machine-readable storage medium stores machine executable instructions, and the processor implements the automated deployment method driven by a risk operation knowledge graph oriented to human-computer cooperation when executing the machine executable instructions. According to any one of the aspects, the application has the technical effects that: the risk operation knowledge graph in the enterprise risk operation system is acquired, the risk operation knowledge graph comprises risk entity nodes and risk association relationship edges, a plurality of risk disposal action chains are generated according to the risk operation knowledge graph and a to-be-deployed safety protection strategy, the safety protection strategy is arranged according to a preset logic sequence, the rationality and the effectiveness of strategy deployment are improved, the risk operation knowledge graph is called to conduct conflict resolution processing on the risk disposal action chains, conflicts exist