CN-122027327-A - Network data packet intelligent analysis method based on man-machine cooperation and analysis element driving

Abstract

The invention discloses a network data packet intelligent analysis method based on man-machine cooperation and analysis element driving, which belongs to the technical field of computer network data processing and comprises six steps of data uploading and initialization analysis, automatic analysis element combing and construction, manual analysis element mining, analysis element management, context fusion and association analysis, analysis element precipitation and report generation. According to the invention, through man-machine cooperation, the analysis accuracy and the reliability can be improved by combining the automation capability of the AI and the experience of a human analyst, the analysis direction is allowed to be dynamically adjusted through the fusion of the analysis elements and the context, when the AI falls into the dead office, the user can manually intervene, switch the analysis direction, ensure the analysis progress and avoid the AI dead office, the complex investigation scene is supported in the invention, the adjacency relationship of the analysis elements is suitable for the complex characteristics of network evidence obtaining, and the multi-stage attack chain is convenient to reproduce.

Inventors

• LIN KANG
• WU YONG
• JIANG SHILONG

Assignees

• 科来网络技术股份有限公司

Dates

Publication Date

20260512

Application Date

20260317

Claims (10)

1. 1.A network data packet intelligent analysis method based on man-machine cooperation and analysis element driving is characterized by comprising the following steps: Setting an analysis target, analyzing the data packet, and extracting and structuring the decoding information of the stored data packet; the automatic analysis engine automatically analyzes the data packet decoding information based on the analysis target, acquires initial analysis element insertion and generates an analysis element list; Performing manual analysis element mining on the outside of the initial analysis elements to acquire new analysis elements to be inserted into an analysis element list; performing association on a plurality of analysis elements based on the analysis element list to perform interactive analysis, and adjusting an analysis path through context fusion; Based on the final analysis element list, a structured forensic report is automatically generated.
2. 2. The intelligent analysis method of network data packets based on man-machine cooperation and analysis element driving according to claim 1, wherein the data packet decoding information is unfiltered raw data for persistent storage in a data persistence layer.
3. 3. The intelligent network data packet analysis method based on man-machine cooperation and analysis element driving of claim 1, wherein the automatic analysis engine judges whether to call a corresponding analysis tool for analysis through a preset analysis strategy to obtain a preliminary analysis conclusion, and the automatic analysis engine automatically carries out analysis element carding from the preliminary analysis conclusion and inserts the analysis element obtained by carding into an analysis element list as an initial analysis element.
4. 4. The intelligent network data packet analysis method based on man-machine cooperation and analysis element driving according to claim 3, wherein the automatic analysis engine judges whether an analysis tool needs to be called according to an analysis target; When the analysis tool is needed, the automatic analysis engine calls the corresponding analysis tool to obtain the analysis result of the analysis tool, Packaging packet decoding information of the data packet and an analysis result of an analysis tool into a prompt word together, and automatically extracting an analysis element by an automatic analysis engine according to the prompt word; When the analysis tool is not needed, the data packet decoding information is directly used for packaging the prompt words, and then the automatic analysis engine extracts analysis elements according to the prompt words.
5. 5. The intelligent network data packet analysis method based on man-machine cooperation and analysis element driving according to claim 1, wherein the artificial analysis element mining comprises: in the content generated by the automatic analysis engine, the selected content is marked as an analysis element, or, Marking the selected content as an analysis element in the content of the data packet decoding information; confidence is set for the analysis elements, and new analysis elements are generated and inserted into the analysis element table.
6. 6. The intelligent network data packet analysis method based on man-machine cooperation and analysis element driving according to claim 5, wherein the assignment rule of the ID list of the new analysis element generated by mining the manual analysis element is: When the selected content is generated by the automatic analysis engine, the father analysis element ID list of the new analysis element is all analysis element IDs quoted in the current dialogue context; when the selected content is the content of the packet decoding information, the parent analysis element ID list of the new analysis element is empty.
7. 7. The intelligent analysis method for network data packets based on human-computer collaboration and analysis element driving according to claim 1, wherein the interactive analysis comprises: analyzing the natural language problem input manually, and reading all cited analysis elements; Splicing and integrating the associated information of all analysis elements to form a temporary and fused enhancement context which is used for limiting the data range and logic premise of the analysis; An automatic analysis engine analyzes based on the context and the defined range of natural language questions, generates relevance conclusions, The relevance conclusion is added to the analysis element list as a brand new, independent analysis element, which can be referenced by other analyses.
8. 8. The intelligent network data packet analysis method based on man-machine cooperation and analysis element driving according to claim 7, wherein when natural language problems are manually input, analysis elements which are already in an enabled state are automatically identified and analyzed, a plurality of analysis elements which need to be subjected to association analysis are manually selected, and the association analysis is performed by an automatic analysis engine.
9. 9. The intelligent network data packet analysis method based on man-machine cooperation and analysis element driving according to claim 1, wherein authority management is performed on analysis elements in the analysis element list through analysis element management of a business logic layer.
10. 10. The intelligent network data packet analysis system based on man-machine cooperation and analysis element driving is characterized by comprising: the data analysis module is used for setting an analysis target for a user uploading a network data packet through the system, analyzing the data packet, and extracting and structuring and storing data packet decoding information; The automatic analysis module is used for automatically analyzing the data packet decoding information by the analysis target, acquiring initial analysis element insertion and generating an analysis element list; the manual analysis module is used for carrying out manual analysis element mining outside the initial analysis elements to acquire new analysis elements to be inserted into the analysis element list; The association analysis module is used for carrying out interactive analysis on the association of a plurality of analysis elements by the analysis element list and adjusting an analysis path through context fusion; and the production module is used for automatically generating a structured evidence collection report for the final analysis element list.

Description

Network data packet intelligent analysis method based on man-machine cooperation and analysis element driving Technical Field The invention relates to the technical field of computer network data processing, in particular to a network data packet intelligent analysis method based on man-machine cooperation and analysis element driving. Background In the prior art, network packet analysis has been mainly based on conventional tools (such as Wireshark) and automated analysis systems based on Artificial Intelligence (AI). Conventional tools typically provide packet parsing, filtering, and statistics functions, but require manual manipulation by an analyst, lacking intelligent guidance and automated insight generation. The AI-based analysis system automatically detects anomalies in the network data packet through a machine learning model or a large language model, for example, using a clustering algorithm to identify abnormal traffic patterns or matching known attack features based on a rule engine, etc. These systems typically output a static report or list of alarms that the analyst needs to interpret and investigate further. Some advanced systems integrate a visual interface, but the analysis process is linear and fixed, lacking interactivity and flexibility. In order to meet the increasingly developed technical demands, the analysis finds that the prior art has the following disadvantages: AI model capability difference, namely, different AI models have difference in accuracy and generalization capability, model output is uncontrollable, and complex and changeable network environments are difficult to adapt. AI falls into dead office and dead-loop-automated analysis systems tend to fall into repetitive analysis or invalid reasoning in certain scenarios, consuming large amounts of computational resources but failing to draw useful conclusions, such as when unknown protocols or complex traffic are encountered. The existing system often isolates AI from human analysis, and cannot fully utilize the field experience and intuition of human analysts, so that the reliability of analysis results is low. The analysis process is uncontrollable, an analyst cannot intervene in the analysis direction in real time, the analysis path is difficult to adjust according to real-time insight, and the deep mining capacity is limited. Disclosure of Invention The invention aims to provide an intelligent analysis method of a network data packet based on man-machine cooperation and analysis element driving, which is used for carrying out structural analysis, analysis element mining and association analysis on the network data packet, realizing controllable and traceable complex data analysis flow by integrating automatic processing and manual interaction, and specifically comprises the following steps: the invention aims to improve analysis accuracy and reliability by combining AI automatic carding analysis elements with manual analysis element mining. Another object of the present invention is to avoid AI analysis dead spots by adjusting the analysis path by multi-analysis element and context fusion; it is another object of the present invention to provide an intuitive interactive interface that enables an analyst to intervene and guide the analysis direction in real time. In order to achieve the above purpose, the present invention adopts the following technical scheme: a network data packet intelligent analysis method based on man-machine cooperation and analysis element driving comprises the following steps: Setting an analysis target, analyzing the data packet, and extracting and structuring the decoding information of the stored data packet; the automatic analysis engine automatically analyzes the data packet decoding information based on the analysis target, acquires initial analysis element insertion and generates an analysis element list; Performing manual analysis element mining on the outside of the initial analysis elements to acquire new analysis elements to be inserted into an analysis element list; performing association on a plurality of analysis elements based on the analysis element list to perform interactive analysis, and adjusting an analysis path through context fusion; Based on the final analysis element list, a structured forensic report is automatically generated. In the above technical solution, the packet decoding information is unfiltered raw data, and is used for being stored in a data persistence layer in a persistence manner. In the above technical scheme, the automatic analysis engine invokes a corresponding analysis tool through a preset analysis strategy to obtain a preliminary analysis conclusion, and the automatic analysis engine automatically performs analysis element combing from the preliminary analysis conclusion and inserts the analysis elements obtained by combing into an analysis element list as initial analysis elements. In the technical scheme, the automatic analysis engine judges whether