Detailed Description
The technical scheme of the invention is further explained by the specific implementation mode in combination with the attached drawings. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the steps as a sequential process, many of the steps can be performed in parallel, concurrently or simultaneously. In addition, the order of the steps may be rearranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Example one
Fig. 1 is a flowchart of a bayesian network-based situation awareness method according to an embodiment of the present invention, where the method may be executed by a bayesian network-based situation awareness apparatus, where the apparatus may be implemented by software and/or hardware, and may generally be integrated in a computer device such as a server. As shown in fig. 1, the method includes:
s101, aiming at each micro service in the system, determining a target grouping attribute field according to preset historical data corresponding to the current micro service and data representation of the related attribute field, and determining at least two target grouping intervals corresponding to the target grouping attribute field.
The system may represent an architectural system of each enterprise, and may be, for example, a bank risk control system, an enterprise employee registration system, a merchandise sales system, and the like. In each system, each system can be divided into a plurality of corresponding micro services according to different use functions or different login nodes facing different users.
For example, the bank risk control system can be divided into a first micro service with a management function, a second micro service with a risk determination function, a third micro service with a statistical function, and the like according to different usage functions. Taking the employee login system of an enterprise as an example, according to the difference of departments or positions where each employee is located, the employee login system can be divided into a first micro service related to a management department, a second micro service related to a technical department, a third micro service related to a planning department and the like.
Correspondingly, a large amount of historical data formed by user access or user login can be generated in each micro service, if all historical data contained in each micro service within a preset time period (for example, one day, one week or one month) are analyzed to realize a zero trust standard by using a situation awareness method based on a bayesian network model, and all attribute values of a user are used as nodes of the bayesian network, there are too many nodes of the bayesian network model, which results in a complex model, and a large amount of resources are consumed when real-time adaptive evaluation of all user risks in zero trust is satisfied. On the other hand, if each micro-service is used as a bayesian network node, the number of nodes of the bayesian network model is small, the data granularity is large, and the requirement of real-time self-adaptive evaluation on all user risks in zero trust cannot be met.
In order to solve the above problems, embodiments of the present invention provide a bayesian network-based situation awareness method, which determines a target grouping attribute field through preset historical data and data representation of related attribute fields, so that data with the same or similar characteristics are merged, and data in each microservice is classified, so that on the premise of relatively small resource consumption, the number of nodes in a bayesian network model is made to adaptively meet the requirement of real-time adaptive evaluation on all related risks in zero trust.
Specifically, the preset history data may be data generated by accessing or logging in each microservice in the current system within a preset time period.
The related attribute field may be understood as a field corresponding to an attribute related to the micro service, may be a field determined according to a keyword of preset history data, may also be a storage field already divided in a database for storing the preset history data, may include related user attributes or other attributes, for example, may be an Internet Protocol (IP) address of a user, a data type of a request for access, login times or access times within a preset time period, times of initiating a preset request within the preset time period, a gender, an age, a preference, a occupation, a position, a user level, a user score, and the like, and may also be access time of the micro service, an access web page address (URL for short), an access context, and other access parameters, and the like, which are not limited herein. Furthermore, the relevant attribute field can be obtained by a statistical analysis method of the historical data, and generally, the determined relevant attribute field is an attribute field with a large influence factor on the current system.
For example, in the training stage or the history use process, the selection condition of the related attribute field may be statistically analyzed, and the target grouping attribute field may be determined according to the result of the statistical analysis. It should be noted that, the determining manner of the target grouping attribute field may be to select, as the target grouping attribute field, a relevant attribute field whose statistical number is greater than a certain value from the relevant attribute fields, or select, as the target grouping attribute field, a relevant attribute field whose statistical number is sequentially arranged in the first several bits, and the like, which is not limited herein.
Correspondingly, determining at least two target grouping intervals corresponding to the target grouping attribute field according to the preset historical data corresponding to the current micro service and the data representation of the related attribute field can be understood as screening the historical data corresponding to the related attribute field from the preset historical data, and dividing the historical data into a plurality of target grouping intervals, so that the corresponding at least two target grouping intervals can be determined according to the target grouping attribute field. When the division is performed, the division may be performed in a packet manner, for example.
For example, taking the first micro service with management function in the bank risk control system as an example, assuming that the data representation form of the related attribute field is the login times in a preset time period, by grouping the login times, (0, 1), (1, 4), and (5 or more) 3 grouping intervals can be obtained.
It should be noted that, the relevant attribute fields corresponding to each micro service may be different, and the data representation of the relevant attribute fields may also be different, so that the determined at least two target packet intervals are not necessarily the same, and therefore, after all the micro services included in the system are traversed, a plurality of target packet intervals corresponding to each micro service can be obtained in the whole system.
And S102, updating the historical Bayesian network model by taking the target grouping intervals corresponding to all the micro-services in the system as target nodes to obtain the target Bayesian network model.
After step S101, at least two target grouping intervals determined by each micro service are denoted as m, there may be a case where each micro service target grouping interval m is different, and when the target grouping intervals corresponding to all the micro services in the system are taken as target nodes, the total number of target nodes generated by corresponding to k micro services of the current system may be represented as m1+m2+…+mk。
And inputting each target node into the historical Bayesian network model, and updating to obtain a target Bayesian model. Optionally, the historical bayesian network model comprises: and updating the obtained Bayesian network model last time or the Bayesian network model in the training stage.
S103, zero-trust situation perception is conducted on the basis of the target Bayesian network model.
For example, data generated by the current system in real time may be input into the target bayesian network model, and zero-trust situational awareness may be performed according to an output result of the model, for example, it is determined whether a node or a connection triggering a risk exists in the target bayesian network model, if so, processing may be performed in a targeted manner, such as risk prompt or early warning, and if not, updating of the bayesian network model may be continued at a suitable time.
Further, the data generated by the current system in real time can be used as new historical data, and steps S101 and S102 are repeated again to obtain the latest target bayesian network model, so that zero-trust situation perception is performed based on the latest target bayesian network model.
By means of zero trust situation perception based on the target Bayesian network model, the security level of the system network in each day or each time period can be obtained, and the network security situation trend can be analyzed to find out possible network security risks in advance, so that early warning is provided for a manager of the network system, network security events are prevented, and asset loss is avoided.
According to the situation perception method based on the Bayesian network, provided by the embodiment of the invention, firstly, for each micro service in a system, a target grouping attribute field is determined according to preset historical data corresponding to the current micro service and data representation of a related attribute field, and at least two target grouping intervals corresponding to the target grouping attribute field are determined; then, updating the historical Bayesian network model by taking the target grouping intervals corresponding to all micro-services in the system as target nodes to obtain a target Bayesian network model; and finally, zero-trust situation perception is carried out based on the target Bayesian network model. By adopting the technical scheme, the system is divided into the micro services, the corresponding at least two target grouping intervals are determined according to the historical data in each micro service and the data expression of the related attribute field, the target grouping interval corresponding to each micro service is used as a target node and is input into the historical Bayesian network model for updating, and compared with the method that all data generated by the system is used as input nodes of the Bayesian network model, the number of nodes of the Bayesian network model can be adaptively evaluated in real time and adaptively in the condition of meeting the user risk in the zero trust on the premise of smaller resource consumption, so that the technical effect of realizing the zero trust by using the Bayesian network-based situation awareness method is achieved.
Example two
The method for determining the target grouping attribute field based on the preset historical data and the data representation of the relevant attribute field comprises the following steps: acquiring first historical data within a latest preset time length corresponding to the current micro service; acquiring related attribute field sequencing corresponding to the current micro service; sequentially grouping the first historical data in a corresponding preset grouping mode based on the current attribute field according to the related attribute field sequence to obtain at least two grouping intervals corresponding to the current attribute field, and determining the corresponding current attribute field as a target grouping attribute field if the number of the grouping intervals is within a preset number range, wherein the preset grouping mode is determined according to the data representation of the corresponding historical data in a training stage; and determining the grouping interval corresponding to the target attribute field as a target grouping interval. The method has the advantages that the historical data are grouped in the preset grouping mode, so that the data with the same or similar characteristics can be combined, the data input is reduced, and the model calculation is simplified.
Fig. 2 is a schematic flow chart of another situation awareness method based on a bayesian network according to an embodiment of the present invention, specifically, the method includes the following steps:
s210, obtaining first historical data in the latest preset time corresponding to the current micro service.
Since the data generated by the system is updated in real time and becomes historical data for the current data within a preset time, when the current microservice is analyzed by using the data within the preset time, the data within the latest time period (for example, 10 seconds) generated by the system can be preferably analyzed as the first historical data.
And S220, acquiring related attribute field sequencing corresponding to the current micro service.
And S210, acquiring relevant attribute fields corresponding to the current micro service according to the first historical data within the latest preset time corresponding to the current micro service, and sequencing the acquired relevant attribute fields from large to small according to the accumulated times.
Optionally, the manner of obtaining the related attribute field ordering corresponding to the current micro service may be: and acquiring the related attribute field sequence obtained by the last update corresponding to the current micro service, or acquiring the related attribute field sequence of the training stage corresponding to the current micro service.
The method comprises the steps of obtaining related attribute field sequencing obtained by last updating corresponding to the current micro service, wherein the related attribute field sequencing can be understood as that data generated by a system can be updated in real time, and the statistical sequencing can be carried out on the data generated from the latest updated data to the data generated in the current time period on the basis of the related attribute field obtained by last updating.
The method for obtaining the related attribute field sequence of the training stage corresponding to the current micro service can be understood as that the model needs to be trained before different grouping intervals of the related attribute field are used as nodes and input to the model, so that the related attribute field sequence can be carried out in the training stage.
Specifically, the related attribute field ordering in the training phase is obtained by:
a) and acquiring second historical data in a plurality of continuous preset durations corresponding to the current micro service.
The manner of obtaining the second historical data within a plurality of continuous preset durations corresponding to the current micro service may be to obtain the historical data corresponding to the current micro service, and the historical data may be divided according to the preset durations (e.g., t), so that the historical data corresponding to each micro service may be divided into a plurality of segments (slots), that is, the second historical data within a plurality of continuous preset durations is obtained.
When it needs to be explained, when the current micro service is divided according to the time t and second historical data within a plurality of continuous preset durations is obtained, the time t may be 10 seconds or 30 seconds, and the selection of the specific time t is not limited herein.
For example, the second history data within a plurality of continuous preset time lengths of the slot1, the slot2, the slot3, the slot …, the slot q and the like can be divided for each micro service.
b) And for each preset time length, grouping the second historical data corresponding to the current preset time length in a preset grouping mode sequentially based on each attribute field to obtain the number of grouping intervals corresponding to each attribute field, determining the attribute field with the grouping interval number closest to the preset number as a target field, and adding 1 to the cumulative number corresponding to the target field.
And grouping the values of the attribute fields with the same or similar characteristics in a preset grouping mode according to the second historical data corresponding to each preset duration. In each slot, attribute fields corresponding to meaningful historical data after investigation are grouped respectively, wherein the meaningful historical data are attribute fields corresponding to data with large influence in the system. Firstly, one slot divided according to time t is selected, and for second historical data corresponding to the current slot, a relevant attribute field can be determined according to keywords of the second historical data, and the relevant attribute field can be, for example: age, occupation, position and the like, and the corresponding grouping interval number can be obtained by grouping according to the values of the current relevant attribute fields.
The preset grouping mode is determined according to the data representation of the second historical data, the grouping principle corresponding to the preset grouping mode comprises the minimum number of members in each group and/or grouping error grouping, the preset grouping mode comprises a supervised mode or an unsupervised mode, the grouping modes of fields with different attributes can be different, and the limitation is not made here.
In the embodiment of the present invention, the grouping manner adopted is not limited, each cluster obtained after grouping may correspond to a grouping interval, and the grouping interval may be a number interval, for example, a number interval such as age and login times, and may also be a specific attribute name, for example, a specific name corresponding to a position, and the like, and is not limited herein. For example, grouping intervals of (0-18), (18-45), (45-60), and (60 or more) may be obtained for age; after the position, the grouping intervals of common staff, group leader, manager, general prison and the like can be obtained.
When the number of the packet intervals corresponding to each relevant attribute field is determined for each preset time length, the relevant attribute fields determined for each preset time length may be the same or different, and the determined number of the packet intervals is different based on different relevant attribute fields.
Further, a preset number may be preset, where the preset number is used to indicate the number of nodes corresponding to the current microservice expected to be obtained, and a specific value of the preset number is not limited, and may be, for example, 5. The determining, as the target field, the relevant attribute field whose number of packet intervals is closest to the preset number may be understood as that, for each preset duration, that is, each slot, before grouping, each slot may be planned to be divided into the preset number of packet intervals denoted as n, but in the actual dividing process, the number of packet intervals corresponding to the actual relevant attribute field is denoted as m. In each slot, m and n may be the same or different. If m is equal to n, determining the related attribute field corresponding to the grouping interval number n as a target field; and if m is not equal to n, determining the related attribute field with the packet interval number m closest to the preset number n as a target field.
A preferred method, determining the related attribute field with the packet interval number closest to the preset number as the target field, includes: and if a plurality of candidate correlation attribute fields with the packet interval quantity closest to the preset quantity exist, selecting one candidate correlation attribute field from the plurality of candidate correlation attribute fields as a target field in a random sampling mode.
It can be understood that, when the preset number is 5, and the number of the determined packet intervals corresponding to the first candidate correlation attribute field is 4, and the number of the determined packet intervals corresponding to the second candidate correlation attribute field is 4 or 6, both the first candidate correlation attribute field and the second candidate correlation attribute field are close to the preset number of candidate correlation attribute fields, and therefore, any candidate correlation attribute field can be selected as the target field in a random sampling manner.
The specific random sampling manner is not limited herein, and a candidate field with a larger value of the correlation attribute may be selected as a target field, or a candidate field with a smaller value of the correlation attribute may be selected as a target field, or any one of the candidate fields may be selected at random.
Further, in order to count the number of times of cumulative occurrence of the target field, 1 is added to the count of the cumulative number of times corresponding to the target field.
c) And determining the related attribute field sequence of the training stage according to the final accumulated times corresponding to each attribute field.
And finally, the final accumulated times corresponding to each attribute field are the accumulated times corresponding to the target field obtained through statistics, so that the ordering is carried out according to the accumulated times corresponding to the target field, and the ordering of the related attribute fields in the training stage is determined.
And S230, sequentially grouping the first historical data in a corresponding preset grouping mode based on the current attribute field according to the related attribute field sequence to obtain at least two grouping intervals corresponding to the current attribute field, and determining the corresponding current attribute field as a target grouping attribute field if the number of the grouping intervals is within a preset number range.
And the preset grouping mode is determined according to the data performance of the corresponding historical data in the training stage.
When the first historical data is grouped in the corresponding preset grouping mode based on the current attribute field according to the related attribute field sorting, the related attribute fields which are sequentially arranged in the preset order can be selected for grouping based on the first historical data, and a certain sorting quantity of attribute fields can be selected for grouping based on the first historical data according to the related attribute field sorting, wherein the specific mode is not limited herein. Generally, whether the current attribute field meets the requirement is sequentially judged according to the sequence of the related attribute field from the highest accumulated times to the lowest accumulated times.
The process of grouping the first historical data according to the current attribute field is the same as the process of grouping the second historical data corresponding to each attribute field, and the process of determining the related attribute field is the same as the process of determining the target field, which is not described herein again.
Optionally, the attribute field corresponding to the determined target field may be determined as the related attribute field.
Wherein the preset number range comprises a preset number. For example, the lower limit of the preset number range may be a difference between the preset number and a preset value, and the upper limit of the preset number range may be a sum of the preset number and the preset value. For example, if the predetermined number is 5 and the predetermined value is 1, the predetermined number may range from 4 to 6.
The purpose of judging that the number of the grouping intervals is within the preset number range is to convert uncontrollable mass data generated by the system into the grouping intervals with controllable number through analysis of each micro-service data, and the grouping intervals can be used as input nodes of a Bayesian network model, so that the input number of the model nodes is reduced, and the calculation is simplified. For example, if the current system contains 1000 data, the problem of tedious model input data may be generated if all 1000 data are analyzed as nodes, so that the current system may be divided into 4 micro services, and each micro service plan generates 25 packet intervals, and thus, 1000 data inputs may be reduced to inputs of nodes corresponding to 100 packet intervals.
After determining the corresponding current attribute field as the target packet attribute field, the method further comprises: and adding 1 to the accumulated times corresponding to the target grouping attribute field in the related attribute field sequencing, and updating the related attribute field sequencing.
And counting the occurrence times of the related attribute fields, adding 1 to the accumulated times, and updating the related attribute field sequencing when the original state that the magnitude of the attribute value of the related attribute fields changes.
S240, determining the grouping interval corresponding to the target grouping attribute field as a target grouping interval.
And S250, judging whether all the micro-services determine the target grouping interval, if so, executing S260, and if not, executing S210.
And S260, updating the historical Bayesian network model by taking the target grouping intervals corresponding to all the micro-services in the system as target nodes to obtain the target Bayesian network model.
Through the analysis of the steps, a plurality of target grouping intervals corresponding to all micro services in the system can be used as target nodes, and the target nodes are input into the historical Bayesian network model for updating, so that the target Bayesian network model is obtained. Wherein, historical Bayesian network model includes: and updating the obtained Bayesian network model last time or the Bayesian network model in the training stage.
The bayesian network model in embodiments of the present invention may be updated based on a period of time (e.g., every hour, half day, or day). For example, the system generation data in one day may be analyzed based on the target grouping interval of the bayesian network model obtained by the last update, and the historical bayesian network model is updated to obtain the target bayesian network model. And the Bayesian network model in the training stage can be selected and directly applied to obtain the target Bayesian network model.
In a preferred mode, the bayesian network model in the training phase is obtained by: for each micro service, determining the related attribute field at the head of the arrangement in the related attribute field sequence corresponding to the current micro service as a target grouping field, and grouping all second historical data within a plurality of continuous preset durations corresponding to the current micro service in a preset grouping mode based on the target grouping field to obtain a grouping interval corresponding to the target grouping field; and taking the grouping intervals corresponding to all the micro services in the system as nodes, and modeling all the second historical data by using the Bayesian network to obtain a Bayesian network model in the training stage.
And S270, zero-trust situation perception is conducted on the basis of the target Bayesian network model.
According to the situation awareness method based on the Bayesian network, the current attribute field is determined as the target grouping attribute field by using a method of a preset grouping mode, and the grouping interval corresponding to the target grouping attribute field is determined as the target grouping interval, so that the target grouping intervals corresponding to all micro-services in the system are used as target nodes, and the historical Bayesian network model is updated, so that the number of the nodes in the Bayesian network model can meet the requirement of real-time self-adaptive evaluation on all user risks in zero trust on the premise of relatively small resource consumption in a self-adaptive manner.
EXAMPLE III
Fig. 3 is a block diagram of a bayesian network-based situation awareness apparatus according to an embodiment of the present invention, where the apparatus may be implemented by software and/or hardware, and may be generally integrated in a computer device such as a server, and may perform bayesian network-based situation awareness by executing a bayesian network-based situation awareness method. As shown in fig. 3, the apparatus includes: a grouping interval determination module 31, a history model update module 32 and a target model application module 33, wherein:
a grouping interval determining module 31, configured to determine, for each micro service in the system, a target grouping attribute field according to preset history data corresponding to the current micro service and data representation of the relevant attribute field, and determine at least two target grouping intervals corresponding to the target grouping attribute field;
the historical model updating module 32 is configured to update the historical bayesian network model by using the target grouping intervals corresponding to all the micro services in the system as target nodes to obtain a target bayesian network model;
and the target model application module 33 is configured to perform zero-trust situation awareness based on the target bayesian network model.
According to the situation awareness device based on the Bayesian network, firstly, for each micro service in a system, a target grouping attribute field is determined according to preset historical data corresponding to the current micro service and data representation of a related attribute field, and at least two target grouping intervals corresponding to the target grouping attribute field are determined; then, updating the historical Bayesian network model by taking the target grouping intervals corresponding to all micro-services in the system as target nodes to obtain a target Bayesian network model; and finally, zero-trust situation perception is carried out based on the target Bayesian network model. By adopting the technical scheme, the system is divided into the micro services, the corresponding at least two target grouping intervals are determined according to the corresponding preset historical number and the data expression of the related attribute field in each micro service, the target grouping interval corresponding to each micro service is used as a target node and is input into the historical Bayesian network model for updating, and compared with the method that all data generated by the system are used as input nodes of the Bayesian network model, the number of nodes of the Bayesian network model can be adaptively evaluated in real time and adaptively in the condition of meeting the user risk in the zero trust on the premise of relatively small resource consumption, so that the technical effect of realizing the zero trust by using the Bayesian network-based situation awareness method is achieved.
Optionally, the grouping interval determining module 31 includes: the device comprises a first history data acquisition unit, an attribute field acquisition unit, a target attribute field determination unit and a target grouping interval determination unit. Wherein:
the first historical data acquisition unit is used for acquiring first historical data in the latest preset duration corresponding to the current micro service;
the attribute field acquisition unit is used for acquiring related attribute field sequencing corresponding to the current micro service;
a target grouping attribute field determining unit, configured to perform corresponding grouping in a preset grouping manner on the first historical data sequentially based on the current attribute field according to the relevant attribute field ordering, to obtain at least two grouping intervals corresponding to the current attribute field, and if the number of the grouping intervals is within a preset number range, determine the corresponding current attribute field as a target grouping attribute field, where the preset grouping manner is determined according to data representation of the corresponding historical data in a training stage;
and the target grouping interval determining unit is used for determining the grouping interval corresponding to the target grouping attribute field as a target grouping interval.
Optionally, the attribute fields in the related attribute field sorting are sorted from large to small according to the accumulated times.
The packet interval determination module 31 further includes: an attribute field updating unit;
an attribute field updating unit, configured to add 1 to the cumulative number of times corresponding to the target packet attribute field in the relevant attribute field ordering, and update the relevant attribute field ordering;
and the attribute field acquisition unit is further configured to acquire a related attribute field sequence obtained by the last update corresponding to the current micro service, or acquire a related attribute field sequence of a training stage corresponding to the current micro service.
Wherein the historical Bayesian network model comprises: and updating the obtained Bayesian network model last time or the Bayesian network model in the training stage.
Optionally, the grouping interval determining module 31 further includes: the device comprises a second data acquisition unit, a target field determination unit and an attribute field determination unit, wherein the second data acquisition unit is used for acquiring a target field;
the second data acquisition unit is used for acquiring second historical data within a plurality of continuous preset durations corresponding to the current micro service;
the target field determining unit is used for grouping second historical data corresponding to the current preset duration in a preset grouping mode according to each preset duration on the basis of each attribute field in sequence to obtain the number of grouping intervals corresponding to each attribute field, determining the attribute field with the grouping interval number closest to the preset number as a target field, and adding 1 to the accumulated number corresponding to the target field, wherein the preset grouping mode is determined according to the data performance of the second historical data, the grouping principle corresponding to the preset grouping mode comprises the minimum number of members in each group and/or grouping error grouping, and the preset grouping mode comprises a supervised mode or an unsupervised mode;
and the attribute field determining unit is used for determining the related attribute field sequence in the training stage according to the final accumulated times corresponding to each attribute field.
Optionally, the target field determining unit is further configured to select, if there are multiple candidate attribute fields with a packet interval number closest to the preset number, one candidate attribute field from the multiple candidate attribute fields as the target field in a random sampling manner.
Optionally, the target grouping interval determining unit is further configured to, for each micro service, determine a relevant attribute field at the top of the ranking in the relevant attribute field ordering corresponding to the current micro service as a target grouping field, and perform grouping in a preset grouping manner on all second history data within the multiple continuous preset durations corresponding to the current micro service based on the target grouping field to obtain a grouping interval corresponding to the target grouping field; and taking the grouping intervals corresponding to all the micro services in the system as nodes, and modeling all the second historical data by using a Bayesian network to obtain a Bayesian network model in a training stage.
Optionally, the preset number range includes the preset number.
Example four
The embodiment of the invention provides computer equipment, wherein the situation awareness device based on the Bayesian network provided by the embodiment of the invention can be integrated into the computer equipment. Fig. 4 is a block diagram of a computer device according to an embodiment of the present invention. The computer device 400 may include: a memory 401, a processor 402 and a computer program stored on the memory 401 and executable on the processor, wherein the processor 402 implements the bayesian network based situational awareness method according to an embodiment of the present invention when executing the computer program.
The computer device provided by the embodiment of the invention can execute the Bayesian network-based situation awareness method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects for executing the method.
EXAMPLE five
Embodiments of the present invention also provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform a bayesian network-based situational awareness method, the method comprising:
aiming at each micro service in the system, determining a target grouping attribute field according to preset historical data corresponding to the current micro service and data representation of the related attribute field, and determining at least two target grouping intervals corresponding to the target grouping attribute field;
updating the historical Bayesian network model by taking the target grouping intervals corresponding to all the micro-services in the system as target nodes to obtain a target Bayesian network model;
and performing zero-trust situation awareness based on the target Bayesian network model.
Storage medium-any of various types of memory devices or storage devices. The term "storage medium" is intended to include: mounting media such as CD-ROM, floppy disk, or tape devices; computer system memory or random access memory such as DRAM, DDRRAM, SRAM, EDORAM, Lanbas (Rambus) RAM, etc.; non-volatile memory such as flash memory, magnetic media (e.g., hard disk or optical storage); registers or other similar types of memory elements, etc. The storage medium may also include other types of memory or combinations thereof. In addition, the storage medium may be located in a first computer system in which the program is executed, or may be located in a different second computer system connected to the first computer system through a network (such as the internet). The second computer system may provide program instructions to the first computer for execution. The term "storage medium" may include two or more storage media that may reside in different locations, such as in different computer systems that are connected by a network. The storage medium may store program instructions (e.g., embodied as a computer program) that are executable by one or more processors.
Of course, the storage medium containing the computer-executable instructions provided by the embodiments of the present invention is not limited to the foregoing bayesian network based situational awareness operation, and may also perform related operations in the bayesian network based situational awareness method provided by any embodiments of the present invention.
The bayesian network based situation awareness apparatus, device and storage medium provided in the above embodiments may execute the bayesian network based situation awareness method provided in any embodiment of the present invention, and have corresponding functional modules and beneficial effects for executing the method. Technical details that are not described in detail in the above embodiments may be referred to a bayesian network-based situational awareness method provided in any embodiment of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.