[go: up one dir, main page]

CN114117447A - Situational awareness method, device, equipment and storage medium based on Bayesian network - Google Patents

Situational awareness method, device, equipment and storage medium based on Bayesian network Download PDF

Info

Publication number
CN114117447A
CN114117447A CN202111400851.1A CN202111400851A CN114117447A CN 114117447 A CN114117447 A CN 114117447A CN 202111400851 A CN202111400851 A CN 202111400851A CN 114117447 A CN114117447 A CN 114117447A
Authority
CN
China
Prior art keywords
grouping
target
bayesian network
attribute field
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111400851.1A
Other languages
Chinese (zh)
Other versions
CN114117447B (en
Inventor
陈远猷
徐莉莎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Para Software Co ltd
Original Assignee
Shanghai Para Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Para Software Co ltd filed Critical Shanghai Para Software Co ltd
Priority to CN202111400851.1A priority Critical patent/CN114117447B/en
Publication of CN114117447A publication Critical patent/CN114117447A/en
Application granted granted Critical
Publication of CN114117447B publication Critical patent/CN114117447B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/20Design optimisation, verification or simulation
    • G06F30/27Design optimisation, verification or simulation using machine learning, e.g. artificial intelligence, neural networks, support vector machines [SVM] or training a model
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N7/00Computing arrangements based on specific mathematical models
    • G06N7/01Probabilistic graphical models, e.g. probabilistic networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2111/00Details relating to CAD techniques
    • G06F2111/08Probabilistic or stochastic CAD

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Algebra (AREA)
  • Probability & Statistics with Applications (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Physics (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Analysis (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Medical Informatics (AREA)
  • Geometry (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明实施例公开了基于贝叶斯网络的态势感知方法、装置、设备及存储介质。该方法包括:针对系统中的每个微服务,根据当前微服务对应的预设历史数据以及相关属性字段的数据表现确定目标分组属性字段,以及确定目标分组属性字段对应的至少两个目标分组区间;以系统中所有微服务对应的目标分组区间为目标节点,对历史贝叶斯网络模型进行更新,得到目标贝叶斯网络模型;基于目标贝叶斯网络模型进行零信任的态势感知。本发明实施例采用上述技术方案,相比于将系统产生的所有数据作为贝叶斯网络模型输入节点,可以在资源消耗较小的前提下,使得贝叶斯网络模型节点数量自适应的满足零信任中对用户风险的实时自适应评估,从而达到实现零信任的技术效果。

Figure 202111400851

The embodiments of the present invention disclose a Bayesian network-based situational awareness method, device, device and storage medium. The method includes: for each microservice in the system, determining a target grouping attribute field according to preset historical data corresponding to the current microservice and data performance of related attribute fields, and determining at least two target grouping intervals corresponding to the target grouping attribute field ; Take the target grouping interval corresponding to all microservices in the system as the target node, update the historical Bayesian network model, and obtain the target Bayesian network model; based on the target Bayesian network model, zero-trust situational awareness is carried out. The embodiment of the present invention adopts the above technical solution, compared with taking all the data generated by the system as the input nodes of the Bayesian network model, the number of Bayesian network model nodes can be adaptively made to satisfy zero under the premise of less resource consumption. Real-time adaptive assessment of user risk in trust, so as to achieve the technical effect of zero trust.

Figure 202111400851

Description

Bayesian network-based situation awareness method, device, equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a Bayesian network-based situation awareness method, device, equipment and storage medium.
Background
Zero trust represents a new generation of network security protection concept, and can be understood as a method for performing risk assessment by using a dynamic risk judgment method without a machine topological relation (such as firewall software) in network security.
The use of a bayesian network model is sometimes required when implementing the zero trust standard with the situational Awareness (situational Awareness) method. When using a bayesian network model, the nodes of the network need to be determined. On one hand, if all attribute values of the user are used as nodes of the Bayesian network, a Bayesian network model is too complex, and if real-time adaptive evaluation of all user risks in zero trust needs to be met, a large amount of resources need to be consumed; on the other hand, if the micro-service is used as a node of the bayesian network, the bayesian network model is too simple to meet the requirement of real-time adaptive evaluation on all user risks in zero trust. Therefore, at present, it is difficult to reasonably determine nodes in the Bayesian network model, so that the constructed Bayesian network model can be well applicable to situation awareness under the zero trust standard.
Disclosure of Invention
The embodiment of the invention provides a Bayesian network-based situation awareness method, device, equipment and storage medium, which can optimize the existing Bayesian network-based situation awareness scheme.
In a first aspect, an embodiment of the present invention provides a method for situational awareness based on a bayesian network, including:
aiming at each micro service in the system, determining a target grouping attribute field according to preset historical data corresponding to the current micro service and data representation of the related attribute field, and determining at least two target grouping intervals corresponding to the target grouping attribute field;
updating the historical Bayesian network model by taking the target grouping intervals corresponding to all the micro-services in the system as target nodes to obtain a target Bayesian network model;
and performing zero-trust situation awareness based on the target Bayesian network model.
In a second aspect, an embodiment of the present invention provides a situation awareness apparatus based on a bayesian network, including:
the system comprises a grouping interval determining module, a grouping interval determining module and a grouping interval determining module, wherein the grouping interval determining module is used for determining a target grouping attribute field according to preset historical data corresponding to the current micro service and data representation of related attribute fields and determining at least two target grouping intervals corresponding to the target grouping attribute field;
the historical model updating module is used for updating the historical Bayesian network model by taking the target grouping intervals corresponding to all the micro services in the system as target nodes to obtain a target Bayesian network model;
and the target model application module is used for carrying out zero-trust situation perception based on the target Bayesian network model.
In a third aspect, an embodiment of the present invention provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the bayesian network-based situational awareness method according to the embodiment of the present invention.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a bayesian network-based situation awareness method according to an embodiment of the present invention.
According to the situation awareness scheme based on the Bayesian network, firstly, for each micro service in a system, a target grouping attribute field is determined according to preset historical data corresponding to the current micro service and data representation of a related attribute field, and at least two target grouping intervals corresponding to the target grouping attribute field are determined; then, updating the historical Bayesian network model by taking the target grouping intervals corresponding to all micro-services in the system as target nodes to obtain a target Bayesian network model; and finally, zero-trust situation perception is carried out based on the target Bayesian network model. By adopting the technical scheme, the system is divided into the micro services, the corresponding at least two target grouping intervals are determined according to the corresponding preset historical number and the data expression of the related attribute field in each micro service, the target grouping interval corresponding to each micro service is used as a target node and is input into the historical Bayesian network model for updating, and compared with the method that all data generated by the system are used as input nodes of the Bayesian network model, the number of nodes of the Bayesian network model can be adaptively evaluated in real time and adaptively in the condition of meeting the user risk in the zero trust on the premise of relatively small resource consumption, so that the technical effect of realizing the zero trust by using the Bayesian network-based situation awareness method is achieved.
Drawings
Fig. 1 is a schematic flowchart of a bayesian network-based situation awareness method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of another bayesian network-based situation awareness method according to an embodiment of the present invention;
fig. 3 is a block diagram of a situation awareness apparatus based on a bayesian network according to an embodiment of the present invention;
fig. 4 is a block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The technical scheme of the invention is further explained by the specific implementation mode in combination with the attached drawings. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the steps as a sequential process, many of the steps can be performed in parallel, concurrently or simultaneously. In addition, the order of the steps may be rearranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Example one
Fig. 1 is a flowchart of a bayesian network-based situation awareness method according to an embodiment of the present invention, where the method may be executed by a bayesian network-based situation awareness apparatus, where the apparatus may be implemented by software and/or hardware, and may generally be integrated in a computer device such as a server. As shown in fig. 1, the method includes:
s101, aiming at each micro service in the system, determining a target grouping attribute field according to preset historical data corresponding to the current micro service and data representation of the related attribute field, and determining at least two target grouping intervals corresponding to the target grouping attribute field.
The system may represent an architectural system of each enterprise, and may be, for example, a bank risk control system, an enterprise employee registration system, a merchandise sales system, and the like. In each system, each system can be divided into a plurality of corresponding micro services according to different use functions or different login nodes facing different users.
For example, the bank risk control system can be divided into a first micro service with a management function, a second micro service with a risk determination function, a third micro service with a statistical function, and the like according to different usage functions. Taking the employee login system of an enterprise as an example, according to the difference of departments or positions where each employee is located, the employee login system can be divided into a first micro service related to a management department, a second micro service related to a technical department, a third micro service related to a planning department and the like.
Correspondingly, a large amount of historical data formed by user access or user login can be generated in each micro service, if all historical data contained in each micro service within a preset time period (for example, one day, one week or one month) are analyzed to realize a zero trust standard by using a situation awareness method based on a bayesian network model, and all attribute values of a user are used as nodes of the bayesian network, there are too many nodes of the bayesian network model, which results in a complex model, and a large amount of resources are consumed when real-time adaptive evaluation of all user risks in zero trust is satisfied. On the other hand, if each micro-service is used as a bayesian network node, the number of nodes of the bayesian network model is small, the data granularity is large, and the requirement of real-time self-adaptive evaluation on all user risks in zero trust cannot be met.
In order to solve the above problems, embodiments of the present invention provide a bayesian network-based situation awareness method, which determines a target grouping attribute field through preset historical data and data representation of related attribute fields, so that data with the same or similar characteristics are merged, and data in each microservice is classified, so that on the premise of relatively small resource consumption, the number of nodes in a bayesian network model is made to adaptively meet the requirement of real-time adaptive evaluation on all related risks in zero trust.
Specifically, the preset history data may be data generated by accessing or logging in each microservice in the current system within a preset time period.
The related attribute field may be understood as a field corresponding to an attribute related to the micro service, may be a field determined according to a keyword of preset history data, may also be a storage field already divided in a database for storing the preset history data, may include related user attributes or other attributes, for example, may be an Internet Protocol (IP) address of a user, a data type of a request for access, login times or access times within a preset time period, times of initiating a preset request within the preset time period, a gender, an age, a preference, a occupation, a position, a user level, a user score, and the like, and may also be access time of the micro service, an access web page address (URL for short), an access context, and other access parameters, and the like, which are not limited herein. Furthermore, the relevant attribute field can be obtained by a statistical analysis method of the historical data, and generally, the determined relevant attribute field is an attribute field with a large influence factor on the current system.
For example, in the training stage or the history use process, the selection condition of the related attribute field may be statistically analyzed, and the target grouping attribute field may be determined according to the result of the statistical analysis. It should be noted that, the determining manner of the target grouping attribute field may be to select, as the target grouping attribute field, a relevant attribute field whose statistical number is greater than a certain value from the relevant attribute fields, or select, as the target grouping attribute field, a relevant attribute field whose statistical number is sequentially arranged in the first several bits, and the like, which is not limited herein.
Correspondingly, determining at least two target grouping intervals corresponding to the target grouping attribute field according to the preset historical data corresponding to the current micro service and the data representation of the related attribute field can be understood as screening the historical data corresponding to the related attribute field from the preset historical data, and dividing the historical data into a plurality of target grouping intervals, so that the corresponding at least two target grouping intervals can be determined according to the target grouping attribute field. When the division is performed, the division may be performed in a packet manner, for example.
For example, taking the first micro service with management function in the bank risk control system as an example, assuming that the data representation form of the related attribute field is the login times in a preset time period, by grouping the login times, (0, 1), (1, 4), and (5 or more) 3 grouping intervals can be obtained.
It should be noted that, the relevant attribute fields corresponding to each micro service may be different, and the data representation of the relevant attribute fields may also be different, so that the determined at least two target packet intervals are not necessarily the same, and therefore, after all the micro services included in the system are traversed, a plurality of target packet intervals corresponding to each micro service can be obtained in the whole system.
And S102, updating the historical Bayesian network model by taking the target grouping intervals corresponding to all the micro-services in the system as target nodes to obtain the target Bayesian network model.
After step S101, at least two target grouping intervals determined by each micro service are denoted as m, there may be a case where each micro service target grouping interval m is different, and when the target grouping intervals corresponding to all the micro services in the system are taken as target nodes, the total number of target nodes generated by corresponding to k micro services of the current system may be represented as m1+m2+…+mk
And inputting each target node into the historical Bayesian network model, and updating to obtain a target Bayesian model. Optionally, the historical bayesian network model comprises: and updating the obtained Bayesian network model last time or the Bayesian network model in the training stage.
S103, zero-trust situation perception is conducted on the basis of the target Bayesian network model.
For example, data generated by the current system in real time may be input into the target bayesian network model, and zero-trust situational awareness may be performed according to an output result of the model, for example, it is determined whether a node or a connection triggering a risk exists in the target bayesian network model, if so, processing may be performed in a targeted manner, such as risk prompt or early warning, and if not, updating of the bayesian network model may be continued at a suitable time.
Further, the data generated by the current system in real time can be used as new historical data, and steps S101 and S102 are repeated again to obtain the latest target bayesian network model, so that zero-trust situation perception is performed based on the latest target bayesian network model.
By means of zero trust situation perception based on the target Bayesian network model, the security level of the system network in each day or each time period can be obtained, and the network security situation trend can be analyzed to find out possible network security risks in advance, so that early warning is provided for a manager of the network system, network security events are prevented, and asset loss is avoided.
According to the situation perception method based on the Bayesian network, provided by the embodiment of the invention, firstly, for each micro service in a system, a target grouping attribute field is determined according to preset historical data corresponding to the current micro service and data representation of a related attribute field, and at least two target grouping intervals corresponding to the target grouping attribute field are determined; then, updating the historical Bayesian network model by taking the target grouping intervals corresponding to all micro-services in the system as target nodes to obtain a target Bayesian network model; and finally, zero-trust situation perception is carried out based on the target Bayesian network model. By adopting the technical scheme, the system is divided into the micro services, the corresponding at least two target grouping intervals are determined according to the historical data in each micro service and the data expression of the related attribute field, the target grouping interval corresponding to each micro service is used as a target node and is input into the historical Bayesian network model for updating, and compared with the method that all data generated by the system is used as input nodes of the Bayesian network model, the number of nodes of the Bayesian network model can be adaptively evaluated in real time and adaptively in the condition of meeting the user risk in the zero trust on the premise of smaller resource consumption, so that the technical effect of realizing the zero trust by using the Bayesian network-based situation awareness method is achieved.
Example two
The method for determining the target grouping attribute field based on the preset historical data and the data representation of the relevant attribute field comprises the following steps: acquiring first historical data within a latest preset time length corresponding to the current micro service; acquiring related attribute field sequencing corresponding to the current micro service; sequentially grouping the first historical data in a corresponding preset grouping mode based on the current attribute field according to the related attribute field sequence to obtain at least two grouping intervals corresponding to the current attribute field, and determining the corresponding current attribute field as a target grouping attribute field if the number of the grouping intervals is within a preset number range, wherein the preset grouping mode is determined according to the data representation of the corresponding historical data in a training stage; and determining the grouping interval corresponding to the target attribute field as a target grouping interval. The method has the advantages that the historical data are grouped in the preset grouping mode, so that the data with the same or similar characteristics can be combined, the data input is reduced, and the model calculation is simplified.
Fig. 2 is a schematic flow chart of another situation awareness method based on a bayesian network according to an embodiment of the present invention, specifically, the method includes the following steps:
s210, obtaining first historical data in the latest preset time corresponding to the current micro service.
Since the data generated by the system is updated in real time and becomes historical data for the current data within a preset time, when the current microservice is analyzed by using the data within the preset time, the data within the latest time period (for example, 10 seconds) generated by the system can be preferably analyzed as the first historical data.
And S220, acquiring related attribute field sequencing corresponding to the current micro service.
And S210, acquiring relevant attribute fields corresponding to the current micro service according to the first historical data within the latest preset time corresponding to the current micro service, and sequencing the acquired relevant attribute fields from large to small according to the accumulated times.
Optionally, the manner of obtaining the related attribute field ordering corresponding to the current micro service may be: and acquiring the related attribute field sequence obtained by the last update corresponding to the current micro service, or acquiring the related attribute field sequence of the training stage corresponding to the current micro service.
The method comprises the steps of obtaining related attribute field sequencing obtained by last updating corresponding to the current micro service, wherein the related attribute field sequencing can be understood as that data generated by a system can be updated in real time, and the statistical sequencing can be carried out on the data generated from the latest updated data to the data generated in the current time period on the basis of the related attribute field obtained by last updating.
The method for obtaining the related attribute field sequence of the training stage corresponding to the current micro service can be understood as that the model needs to be trained before different grouping intervals of the related attribute field are used as nodes and input to the model, so that the related attribute field sequence can be carried out in the training stage.
Specifically, the related attribute field ordering in the training phase is obtained by:
a) and acquiring second historical data in a plurality of continuous preset durations corresponding to the current micro service.
The manner of obtaining the second historical data within a plurality of continuous preset durations corresponding to the current micro service may be to obtain the historical data corresponding to the current micro service, and the historical data may be divided according to the preset durations (e.g., t), so that the historical data corresponding to each micro service may be divided into a plurality of segments (slots), that is, the second historical data within a plurality of continuous preset durations is obtained.
When it needs to be explained, when the current micro service is divided according to the time t and second historical data within a plurality of continuous preset durations is obtained, the time t may be 10 seconds or 30 seconds, and the selection of the specific time t is not limited herein.
For example, the second history data within a plurality of continuous preset time lengths of the slot1, the slot2, the slot3, the slot …, the slot q and the like can be divided for each micro service.
b) And for each preset time length, grouping the second historical data corresponding to the current preset time length in a preset grouping mode sequentially based on each attribute field to obtain the number of grouping intervals corresponding to each attribute field, determining the attribute field with the grouping interval number closest to the preset number as a target field, and adding 1 to the cumulative number corresponding to the target field.
And grouping the values of the attribute fields with the same or similar characteristics in a preset grouping mode according to the second historical data corresponding to each preset duration. In each slot, attribute fields corresponding to meaningful historical data after investigation are grouped respectively, wherein the meaningful historical data are attribute fields corresponding to data with large influence in the system. Firstly, one slot divided according to time t is selected, and for second historical data corresponding to the current slot, a relevant attribute field can be determined according to keywords of the second historical data, and the relevant attribute field can be, for example: age, occupation, position and the like, and the corresponding grouping interval number can be obtained by grouping according to the values of the current relevant attribute fields.
The preset grouping mode is determined according to the data representation of the second historical data, the grouping principle corresponding to the preset grouping mode comprises the minimum number of members in each group and/or grouping error grouping, the preset grouping mode comprises a supervised mode or an unsupervised mode, the grouping modes of fields with different attributes can be different, and the limitation is not made here.
In the embodiment of the present invention, the grouping manner adopted is not limited, each cluster obtained after grouping may correspond to a grouping interval, and the grouping interval may be a number interval, for example, a number interval such as age and login times, and may also be a specific attribute name, for example, a specific name corresponding to a position, and the like, and is not limited herein. For example, grouping intervals of (0-18), (18-45), (45-60), and (60 or more) may be obtained for age; after the position, the grouping intervals of common staff, group leader, manager, general prison and the like can be obtained.
When the number of the packet intervals corresponding to each relevant attribute field is determined for each preset time length, the relevant attribute fields determined for each preset time length may be the same or different, and the determined number of the packet intervals is different based on different relevant attribute fields.
Further, a preset number may be preset, where the preset number is used to indicate the number of nodes corresponding to the current microservice expected to be obtained, and a specific value of the preset number is not limited, and may be, for example, 5. The determining, as the target field, the relevant attribute field whose number of packet intervals is closest to the preset number may be understood as that, for each preset duration, that is, each slot, before grouping, each slot may be planned to be divided into the preset number of packet intervals denoted as n, but in the actual dividing process, the number of packet intervals corresponding to the actual relevant attribute field is denoted as m. In each slot, m and n may be the same or different. If m is equal to n, determining the related attribute field corresponding to the grouping interval number n as a target field; and if m is not equal to n, determining the related attribute field with the packet interval number m closest to the preset number n as a target field.
A preferred method, determining the related attribute field with the packet interval number closest to the preset number as the target field, includes: and if a plurality of candidate correlation attribute fields with the packet interval quantity closest to the preset quantity exist, selecting one candidate correlation attribute field from the plurality of candidate correlation attribute fields as a target field in a random sampling mode.
It can be understood that, when the preset number is 5, and the number of the determined packet intervals corresponding to the first candidate correlation attribute field is 4, and the number of the determined packet intervals corresponding to the second candidate correlation attribute field is 4 or 6, both the first candidate correlation attribute field and the second candidate correlation attribute field are close to the preset number of candidate correlation attribute fields, and therefore, any candidate correlation attribute field can be selected as the target field in a random sampling manner.
The specific random sampling manner is not limited herein, and a candidate field with a larger value of the correlation attribute may be selected as a target field, or a candidate field with a smaller value of the correlation attribute may be selected as a target field, or any one of the candidate fields may be selected at random.
Further, in order to count the number of times of cumulative occurrence of the target field, 1 is added to the count of the cumulative number of times corresponding to the target field.
c) And determining the related attribute field sequence of the training stage according to the final accumulated times corresponding to each attribute field.
And finally, the final accumulated times corresponding to each attribute field are the accumulated times corresponding to the target field obtained through statistics, so that the ordering is carried out according to the accumulated times corresponding to the target field, and the ordering of the related attribute fields in the training stage is determined.
And S230, sequentially grouping the first historical data in a corresponding preset grouping mode based on the current attribute field according to the related attribute field sequence to obtain at least two grouping intervals corresponding to the current attribute field, and determining the corresponding current attribute field as a target grouping attribute field if the number of the grouping intervals is within a preset number range.
And the preset grouping mode is determined according to the data performance of the corresponding historical data in the training stage.
When the first historical data is grouped in the corresponding preset grouping mode based on the current attribute field according to the related attribute field sorting, the related attribute fields which are sequentially arranged in the preset order can be selected for grouping based on the first historical data, and a certain sorting quantity of attribute fields can be selected for grouping based on the first historical data according to the related attribute field sorting, wherein the specific mode is not limited herein. Generally, whether the current attribute field meets the requirement is sequentially judged according to the sequence of the related attribute field from the highest accumulated times to the lowest accumulated times.
The process of grouping the first historical data according to the current attribute field is the same as the process of grouping the second historical data corresponding to each attribute field, and the process of determining the related attribute field is the same as the process of determining the target field, which is not described herein again.
Optionally, the attribute field corresponding to the determined target field may be determined as the related attribute field.
Wherein the preset number range comprises a preset number. For example, the lower limit of the preset number range may be a difference between the preset number and a preset value, and the upper limit of the preset number range may be a sum of the preset number and the preset value. For example, if the predetermined number is 5 and the predetermined value is 1, the predetermined number may range from 4 to 6.
The purpose of judging that the number of the grouping intervals is within the preset number range is to convert uncontrollable mass data generated by the system into the grouping intervals with controllable number through analysis of each micro-service data, and the grouping intervals can be used as input nodes of a Bayesian network model, so that the input number of the model nodes is reduced, and the calculation is simplified. For example, if the current system contains 1000 data, the problem of tedious model input data may be generated if all 1000 data are analyzed as nodes, so that the current system may be divided into 4 micro services, and each micro service plan generates 25 packet intervals, and thus, 1000 data inputs may be reduced to inputs of nodes corresponding to 100 packet intervals.
After determining the corresponding current attribute field as the target packet attribute field, the method further comprises: and adding 1 to the accumulated times corresponding to the target grouping attribute field in the related attribute field sequencing, and updating the related attribute field sequencing.
And counting the occurrence times of the related attribute fields, adding 1 to the accumulated times, and updating the related attribute field sequencing when the original state that the magnitude of the attribute value of the related attribute fields changes.
S240, determining the grouping interval corresponding to the target grouping attribute field as a target grouping interval.
And S250, judging whether all the micro-services determine the target grouping interval, if so, executing S260, and if not, executing S210.
And S260, updating the historical Bayesian network model by taking the target grouping intervals corresponding to all the micro-services in the system as target nodes to obtain the target Bayesian network model.
Through the analysis of the steps, a plurality of target grouping intervals corresponding to all micro services in the system can be used as target nodes, and the target nodes are input into the historical Bayesian network model for updating, so that the target Bayesian network model is obtained. Wherein, historical Bayesian network model includes: and updating the obtained Bayesian network model last time or the Bayesian network model in the training stage.
The bayesian network model in embodiments of the present invention may be updated based on a period of time (e.g., every hour, half day, or day). For example, the system generation data in one day may be analyzed based on the target grouping interval of the bayesian network model obtained by the last update, and the historical bayesian network model is updated to obtain the target bayesian network model. And the Bayesian network model in the training stage can be selected and directly applied to obtain the target Bayesian network model.
In a preferred mode, the bayesian network model in the training phase is obtained by: for each micro service, determining the related attribute field at the head of the arrangement in the related attribute field sequence corresponding to the current micro service as a target grouping field, and grouping all second historical data within a plurality of continuous preset durations corresponding to the current micro service in a preset grouping mode based on the target grouping field to obtain a grouping interval corresponding to the target grouping field; and taking the grouping intervals corresponding to all the micro services in the system as nodes, and modeling all the second historical data by using the Bayesian network to obtain a Bayesian network model in the training stage.
And S270, zero-trust situation perception is conducted on the basis of the target Bayesian network model.
According to the situation awareness method based on the Bayesian network, the current attribute field is determined as the target grouping attribute field by using a method of a preset grouping mode, and the grouping interval corresponding to the target grouping attribute field is determined as the target grouping interval, so that the target grouping intervals corresponding to all micro-services in the system are used as target nodes, and the historical Bayesian network model is updated, so that the number of the nodes in the Bayesian network model can meet the requirement of real-time self-adaptive evaluation on all user risks in zero trust on the premise of relatively small resource consumption in a self-adaptive manner.
EXAMPLE III
Fig. 3 is a block diagram of a bayesian network-based situation awareness apparatus according to an embodiment of the present invention, where the apparatus may be implemented by software and/or hardware, and may be generally integrated in a computer device such as a server, and may perform bayesian network-based situation awareness by executing a bayesian network-based situation awareness method. As shown in fig. 3, the apparatus includes: a grouping interval determination module 31, a history model update module 32 and a target model application module 33, wherein:
a grouping interval determining module 31, configured to determine, for each micro service in the system, a target grouping attribute field according to preset history data corresponding to the current micro service and data representation of the relevant attribute field, and determine at least two target grouping intervals corresponding to the target grouping attribute field;
the historical model updating module 32 is configured to update the historical bayesian network model by using the target grouping intervals corresponding to all the micro services in the system as target nodes to obtain a target bayesian network model;
and the target model application module 33 is configured to perform zero-trust situation awareness based on the target bayesian network model.
According to the situation awareness device based on the Bayesian network, firstly, for each micro service in a system, a target grouping attribute field is determined according to preset historical data corresponding to the current micro service and data representation of a related attribute field, and at least two target grouping intervals corresponding to the target grouping attribute field are determined; then, updating the historical Bayesian network model by taking the target grouping intervals corresponding to all micro-services in the system as target nodes to obtain a target Bayesian network model; and finally, zero-trust situation perception is carried out based on the target Bayesian network model. By adopting the technical scheme, the system is divided into the micro services, the corresponding at least two target grouping intervals are determined according to the corresponding preset historical number and the data expression of the related attribute field in each micro service, the target grouping interval corresponding to each micro service is used as a target node and is input into the historical Bayesian network model for updating, and compared with the method that all data generated by the system are used as input nodes of the Bayesian network model, the number of nodes of the Bayesian network model can be adaptively evaluated in real time and adaptively in the condition of meeting the user risk in the zero trust on the premise of relatively small resource consumption, so that the technical effect of realizing the zero trust by using the Bayesian network-based situation awareness method is achieved.
Optionally, the grouping interval determining module 31 includes: the device comprises a first history data acquisition unit, an attribute field acquisition unit, a target attribute field determination unit and a target grouping interval determination unit. Wherein:
the first historical data acquisition unit is used for acquiring first historical data in the latest preset duration corresponding to the current micro service;
the attribute field acquisition unit is used for acquiring related attribute field sequencing corresponding to the current micro service;
a target grouping attribute field determining unit, configured to perform corresponding grouping in a preset grouping manner on the first historical data sequentially based on the current attribute field according to the relevant attribute field ordering, to obtain at least two grouping intervals corresponding to the current attribute field, and if the number of the grouping intervals is within a preset number range, determine the corresponding current attribute field as a target grouping attribute field, where the preset grouping manner is determined according to data representation of the corresponding historical data in a training stage;
and the target grouping interval determining unit is used for determining the grouping interval corresponding to the target grouping attribute field as a target grouping interval.
Optionally, the attribute fields in the related attribute field sorting are sorted from large to small according to the accumulated times.
The packet interval determination module 31 further includes: an attribute field updating unit;
an attribute field updating unit, configured to add 1 to the cumulative number of times corresponding to the target packet attribute field in the relevant attribute field ordering, and update the relevant attribute field ordering;
and the attribute field acquisition unit is further configured to acquire a related attribute field sequence obtained by the last update corresponding to the current micro service, or acquire a related attribute field sequence of a training stage corresponding to the current micro service.
Wherein the historical Bayesian network model comprises: and updating the obtained Bayesian network model last time or the Bayesian network model in the training stage.
Optionally, the grouping interval determining module 31 further includes: the device comprises a second data acquisition unit, a target field determination unit and an attribute field determination unit, wherein the second data acquisition unit is used for acquiring a target field;
the second data acquisition unit is used for acquiring second historical data within a plurality of continuous preset durations corresponding to the current micro service;
the target field determining unit is used for grouping second historical data corresponding to the current preset duration in a preset grouping mode according to each preset duration on the basis of each attribute field in sequence to obtain the number of grouping intervals corresponding to each attribute field, determining the attribute field with the grouping interval number closest to the preset number as a target field, and adding 1 to the accumulated number corresponding to the target field, wherein the preset grouping mode is determined according to the data performance of the second historical data, the grouping principle corresponding to the preset grouping mode comprises the minimum number of members in each group and/or grouping error grouping, and the preset grouping mode comprises a supervised mode or an unsupervised mode;
and the attribute field determining unit is used for determining the related attribute field sequence in the training stage according to the final accumulated times corresponding to each attribute field.
Optionally, the target field determining unit is further configured to select, if there are multiple candidate attribute fields with a packet interval number closest to the preset number, one candidate attribute field from the multiple candidate attribute fields as the target field in a random sampling manner.
Optionally, the target grouping interval determining unit is further configured to, for each micro service, determine a relevant attribute field at the top of the ranking in the relevant attribute field ordering corresponding to the current micro service as a target grouping field, and perform grouping in a preset grouping manner on all second history data within the multiple continuous preset durations corresponding to the current micro service based on the target grouping field to obtain a grouping interval corresponding to the target grouping field; and taking the grouping intervals corresponding to all the micro services in the system as nodes, and modeling all the second historical data by using a Bayesian network to obtain a Bayesian network model in a training stage.
Optionally, the preset number range includes the preset number.
Example four
The embodiment of the invention provides computer equipment, wherein the situation awareness device based on the Bayesian network provided by the embodiment of the invention can be integrated into the computer equipment. Fig. 4 is a block diagram of a computer device according to an embodiment of the present invention. The computer device 400 may include: a memory 401, a processor 402 and a computer program stored on the memory 401 and executable on the processor, wherein the processor 402 implements the bayesian network based situational awareness method according to an embodiment of the present invention when executing the computer program.
The computer device provided by the embodiment of the invention can execute the Bayesian network-based situation awareness method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects for executing the method.
EXAMPLE five
Embodiments of the present invention also provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform a bayesian network-based situational awareness method, the method comprising:
aiming at each micro service in the system, determining a target grouping attribute field according to preset historical data corresponding to the current micro service and data representation of the related attribute field, and determining at least two target grouping intervals corresponding to the target grouping attribute field;
updating the historical Bayesian network model by taking the target grouping intervals corresponding to all the micro-services in the system as target nodes to obtain a target Bayesian network model;
and performing zero-trust situation awareness based on the target Bayesian network model.
Storage medium-any of various types of memory devices or storage devices. The term "storage medium" is intended to include: mounting media such as CD-ROM, floppy disk, or tape devices; computer system memory or random access memory such as DRAM, DDRRAM, SRAM, EDORAM, Lanbas (Rambus) RAM, etc.; non-volatile memory such as flash memory, magnetic media (e.g., hard disk or optical storage); registers or other similar types of memory elements, etc. The storage medium may also include other types of memory or combinations thereof. In addition, the storage medium may be located in a first computer system in which the program is executed, or may be located in a different second computer system connected to the first computer system through a network (such as the internet). The second computer system may provide program instructions to the first computer for execution. The term "storage medium" may include two or more storage media that may reside in different locations, such as in different computer systems that are connected by a network. The storage medium may store program instructions (e.g., embodied as a computer program) that are executable by one or more processors.
Of course, the storage medium containing the computer-executable instructions provided by the embodiments of the present invention is not limited to the foregoing bayesian network based situational awareness operation, and may also perform related operations in the bayesian network based situational awareness method provided by any embodiments of the present invention.
The bayesian network based situation awareness apparatus, device and storage medium provided in the above embodiments may execute the bayesian network based situation awareness method provided in any embodiment of the present invention, and have corresponding functional modules and beneficial effects for executing the method. Technical details that are not described in detail in the above embodiments may be referred to a bayesian network-based situational awareness method provided in any embodiment of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1.一种基于贝叶斯网络的态势感知方法,其特征在于,包括:1. a situational awareness method based on Bayesian network, is characterized in that, comprises: 针对系统中的每个微服务,根据当前微服务对应的预设历史数据以及相关属性字段的数据表现确定目标分组属性字段,以及确定所述目标分组属性字段对应的至少两个目标分组区间;For each microservice in the system, determine the target grouping attribute field according to the preset historical data corresponding to the current microservice and the data performance of the relevant attribute field, and determine at least two target grouping intervals corresponding to the target grouping attribute field; 以所述系统中所有微服务对应的目标分组区间为目标节点,对历史贝叶斯网络模型进行更新,得到目标贝叶斯网络模型;Taking the target grouping interval corresponding to all microservices in the system as the target node, the historical Bayesian network model is updated to obtain the target Bayesian network model; 基于所述目标贝叶斯网络模型进行零信任的态势感知。Zero-trust situational awareness is performed based on the target Bayesian network model. 2.根据权利要求1所述的方法,其特征在于,所述根据当前微服务对应的预设历史数据以及相关属性字段的数据表现确定目标分组属性字段,以及确定所述目标分组属性字段对应的至少两个目标分组区间,包括:2. The method according to claim 1, wherein the target grouping attribute field is determined according to the preset historical data corresponding to the current microservice and the data representation of the related attribute field, and the corresponding target grouping attribute field is determined. At least two target grouping intervals, including: 获取当前微服务对应的最近的预设时长内的第一历史数据;Obtain the first historical data within the most recent preset duration corresponding to the current microservice; 获取所述当前微服务对应的相关属性字段排序;Obtain the order of the relevant attribute fields corresponding to the current microservice; 根据相关属性字段排序依次基于当前属性字段对所述第一历史数据进行相应的预设分组方式的分组,得到当前属性字段对应的至少两个分组区间,若分组区间的数量处于预设数量范围内,则将对应的当前属性字段确定为目标分组属性字段,其中,所述预设分组方式在训练阶段根据对应的历史数据的数据表现确定;According to the sorting of the relevant attribute fields, the first historical data is grouped in a corresponding preset grouping manner based on the current attribute field, and at least two grouping intervals corresponding to the current attribute field are obtained. If the number of grouping intervals is within the preset number range , then the corresponding current attribute field is determined as the target grouping attribute field, wherein the preset grouping method is determined according to the data performance of the corresponding historical data in the training phase; 将所述目标分组属性字段对应的分组区间确定为目标分组区间。The grouping interval corresponding to the target grouping attribute field is determined as the target grouping interval. 3.根据权利要求2所述的方法,其特征在于,所述相关属性字段排序中的各属性字段按照累计次数由大至小排序;3. The method according to claim 2, wherein each attribute field in the related attribute field sorting is sorted in descending order according to the accumulated number of times; 在所述将对应的当前属性字段确定为目标分组属性字段之后,还包括:After determining the corresponding current attribute field as the target grouping attribute field, the method further includes: 将所述相关属性字段排序中所述目标分组属性字段对应的累计次数加1,并更新所述相关属性字段排序;adding 1 to the cumulative number of times corresponding to the target grouping attribute field in the sorting of the related attribute fields, and updating the sorting of the related attribute fields; 其中,所述获取所述当前微服务对应的相关属性字段排序,包括:Wherein, the obtaining the order of the relevant attribute fields corresponding to the current microservice includes: 获取所述当前微服务对应的上一次更新得到的相关属性字段排序,或者,获取所述当前微服务对应的训练阶段的相关属性字段排序;Obtain the order of the relevant attribute fields obtained from the last update corresponding to the current microservice, or obtain the order of the relevant attribute fields of the training phase corresponding to the current microservice; 其中,所述历史贝叶斯网络模型包括:Wherein, the historical Bayesian network model includes: 上一次更新得到的贝叶斯网络模型,或者,训练阶段的贝叶斯网络模型。The Bayesian network model obtained from the last update, or the Bayesian network model in the training phase. 4.根据权利要求3所述的方法,其特征在于,所述训练阶段的相关属性字段排序通过以下方式得到:4. The method according to claim 3, wherein the ordering of the relevant attribute fields in the training phase is obtained in the following manner: 获取当前微服务对应的连续多个预设时长内的第二历史数据;Acquire second historical data corresponding to the current microservice within multiple consecutive preset durations; 针对每个预设时长,依次基于各属性字段对当前预设时长对应的第二历史数据进行预设分组方式的分组,得到各属性字段分别对应的分组区间数量,将分组区间数量最接近于预设数量的属性字段确定为目标字段,将目标字段对应的累计次数加1,其中,预设分组方式根据第二历史数据的数据表现确定,所述预设分组方式对应的分组原则包括每组成员最少数量和/或分组误差分组,所述预设分组方式包括监督式或非监督式;For each preset duration, the second historical data corresponding to the current preset duration is grouped in a preset grouping manner based on each attribute field in turn, and the number of grouping intervals corresponding to each attribute field is obtained, and the number of grouping intervals is the closest to the preset duration. The number of attribute fields is determined as the target field, and the accumulated number of times corresponding to the target field is added by 1, wherein the preset grouping method is determined according to the data performance of the second historical data, and the grouping principle corresponding to the preset grouping method includes the members of each group. Minimum number and/or grouping error grouping, and the preset grouping method includes supervised or unsupervised; 根据各属性字段分别对应的最终累计次数确定训练阶段的相关属性字段排序。The sorting of the relevant attribute fields in the training phase is determined according to the final accumulated times corresponding to each attribute field. 5.根据权利要求4所述的方法,其特征在于,所述将分组区间数量最接近于预设数量的属性字段确定为目标字段,包括:5. The method according to claim 4, characterized in that, determining the attribute field whose number of grouping intervals is closest to the preset number as the target field, comprising: 若存在多个分组区间数量最接近于预设数量的候选属性字段,则采用随机抽样方式从多个候选属性字段中选取一个候选属性字段作为目标字段。If there are multiple candidate attribute fields whose number of grouping intervals is closest to the preset number, a random sampling method is used to select one candidate attribute field from the multiple candidate attribute fields as the target field. 6.根据权利要求4所述的方法,其特征在于,所述训练阶段的贝叶斯网络模型通过以下方式得到:6. The method according to claim 4, wherein the Bayesian network model in the training phase is obtained in the following manner: 对于每个微服务,将当前微服务对应的相关属性字段排序中排名首位的相关属性字段确定为目标分组字段,基于目标分组字段对当前微服务对应的所述连续多个预设时长内的所有第二历史数据进行预设分组方式的分组,得到目标分组字段对应的分组区间;For each microservice, the related attribute field ranked first in the sorting of the related attribute fields corresponding to the current microservice is determined as the target grouping field, and based on the target grouping field, all the The second historical data is grouped in a preset grouping manner to obtain a grouping interval corresponding to the target grouping field; 以所述系统中所有微服务对应的分组区间为节点,利用贝叶斯网络对所有第二历史数据进行建模,得到训练阶段的贝叶斯网络模型。Taking the grouping intervals corresponding to all the microservices in the system as nodes, the Bayesian network is used to model all the second historical data, and the Bayesian network model in the training stage is obtained. 7.根据权利要求4所述的方法,其特征在于,所述预设数量范围包含所述预设数量。7. The method according to claim 4, wherein the preset quantity range includes the preset quantity. 8.一种基于贝叶斯网络的态势感知装置,其特征在于,包括:8. A situation awareness device based on a Bayesian network, characterized in that it comprises: 分组区间确定模块,用于针对系统中的每个微服务,根据当前微服务对应的预设历史数据以及相关属性字段的数据表现确定目标分组属性字段,以及确定所述目标分组属性字段对应的至少两个目标分组区间;The grouping interval determination module is used for, for each microservice in the system, to determine the target grouping attribute field according to the preset historical data corresponding to the current microservice and the data performance of the relevant attribute field, and to determine at least one corresponding to the target grouping attribute field. Two target grouping intervals; 历史模型更新模块,用于以所述系统中所有微服务对应的目标分组区间为目标节点,对历史贝叶斯网络模型进行更新,得到目标贝叶斯网络模型;A historical model updating module, used for updating the historical Bayesian network model by taking the target grouping interval corresponding to all microservices in the system as the target node to obtain the target Bayesian network model; 目标模型应用模块,用于基于所述目标贝叶斯网络模型进行零信任的态势感知。The target model application module is used for zero-trust situational awareness based on the target Bayesian network model. 9.一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如权利要求1-7任一项所述的方法。9. A computer device, comprising a memory, a processor and a computer program stored on the memory and running on the processor, wherein the processor implements any of claims 1-7 when the processor executes the computer program. one of the methods described. 10.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,该程序被处理器执行时实现如权利要求1-7任一项所述的方法。10. A computer-readable storage medium on which a computer program is stored, characterized in that, when the program is executed by a processor, the method according to any one of claims 1-7 is implemented.
CN202111400851.1A 2021-11-24 2021-11-24 Situation awareness method, device, equipment and storage medium based on Bayesian network Active CN114117447B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111400851.1A CN114117447B (en) 2021-11-24 2021-11-24 Situation awareness method, device, equipment and storage medium based on Bayesian network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111400851.1A CN114117447B (en) 2021-11-24 2021-11-24 Situation awareness method, device, equipment and storage medium based on Bayesian network

Publications (2)

Publication Number Publication Date
CN114117447A true CN114117447A (en) 2022-03-01
CN114117447B CN114117447B (en) 2025-08-19

Family

ID=80440770

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111400851.1A Active CN114117447B (en) 2021-11-24 2021-11-24 Situation awareness method, device, equipment and storage medium based on Bayesian network

Country Status (1)

Country Link
CN (1) CN114117447B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115426200A (en) * 2022-11-03 2022-12-02 北京数盾信息科技有限公司 Data acquisition processing method and system

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6499127B1 (en) * 1999-04-22 2002-12-24 Synopsys, Inc. Method and apparatus for random stimulus generation
US8682812B1 (en) * 2010-12-23 2014-03-25 Narus, Inc. Machine learning based botnet detection using real-time extracted traffic features
CN106326585A (en) * 2016-08-29 2017-01-11 东软集团股份有限公司 Prediction analysis method based on bayesian network reasoning and device thereof
CN108632266A (en) * 2018-04-27 2018-10-09 华北电力大学 A kind of power distribution communication network security situational awareness method
CN109347697A (en) * 2018-10-10 2019-02-15 南昌航空大学 Opportunistic network link prediction method, device and readable storage medium
CN109801073A (en) * 2018-12-13 2019-05-24 中国平安财产保险股份有限公司 Risk subscribers recognition methods, device, computer equipment and storage medium
CN110032463A (en) * 2019-03-01 2019-07-19 阿里巴巴集团控股有限公司 A kind of system fault locating method and system based on Bayesian network
CN112231692A (en) * 2020-10-13 2021-01-15 中移(杭州)信息技术有限公司 Security authentication method, device, equipment and storage medium
US20210021456A1 (en) * 2019-07-18 2021-01-21 International Business Machines Corporation Bayesian-based event grouping
CN112488181A (en) * 2020-11-26 2021-03-12 哈尔滨工程大学 Service fault high-response matching method based on MIDS-Tree
CN112686532A (en) * 2020-12-29 2021-04-20 中国航天标准化研究所 Passive operation risk analysis and evaluation method and device based on Bayesian network model
CN113098827A (en) * 2019-12-23 2021-07-09 中国移动通信集团辽宁有限公司 Network security early warning method and device based on situation awareness

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6499127B1 (en) * 1999-04-22 2002-12-24 Synopsys, Inc. Method and apparatus for random stimulus generation
US8682812B1 (en) * 2010-12-23 2014-03-25 Narus, Inc. Machine learning based botnet detection using real-time extracted traffic features
CN106326585A (en) * 2016-08-29 2017-01-11 东软集团股份有限公司 Prediction analysis method based on bayesian network reasoning and device thereof
CN108632266A (en) * 2018-04-27 2018-10-09 华北电力大学 A kind of power distribution communication network security situational awareness method
CN109347697A (en) * 2018-10-10 2019-02-15 南昌航空大学 Opportunistic network link prediction method, device and readable storage medium
CN109801073A (en) * 2018-12-13 2019-05-24 中国平安财产保险股份有限公司 Risk subscribers recognition methods, device, computer equipment and storage medium
CN110032463A (en) * 2019-03-01 2019-07-19 阿里巴巴集团控股有限公司 A kind of system fault locating method and system based on Bayesian network
US20210021456A1 (en) * 2019-07-18 2021-01-21 International Business Machines Corporation Bayesian-based event grouping
CN113098827A (en) * 2019-12-23 2021-07-09 中国移动通信集团辽宁有限公司 Network security early warning method and device based on situation awareness
CN112231692A (en) * 2020-10-13 2021-01-15 中移(杭州)信息技术有限公司 Security authentication method, device, equipment and storage medium
CN112488181A (en) * 2020-11-26 2021-03-12 哈尔滨工程大学 Service fault high-response matching method based on MIDS-Tree
CN112686532A (en) * 2020-12-29 2021-04-20 中国航天标准化研究所 Passive operation risk analysis and evaluation method and device based on Bayesian network model

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
闫长健,张艳艳: "基于贝叶斯网络的船舶碰撞事故态势分析", 《广州航海学院学报》, 15 January 2021 (2021-01-15) *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115426200A (en) * 2022-11-03 2022-12-02 北京数盾信息科技有限公司 Data acquisition processing method and system

Also Published As

Publication number Publication date
CN114117447B (en) 2025-08-19

Similar Documents

Publication Publication Date Title
US20220300812A1 (en) Workflow optimization
He et al. Keyword search for building service-based systems
US20100299128A1 (en) Automatic generation of hybrid performance models
JP5230421B2 (en) Extensive user clustering based on set similarity
CN100412871C (en) Systems and methods for generating domain knowledge for automated system management
US8140682B2 (en) System, method, and apparatus for server-storage-network optimization for application service level agreements
US20030139918A1 (en) Evaluating hardware models having resource contention
US20070203740A1 (en) Systemic enterprise management method and apparatus
US20170220672A1 (en) Enhancing time series prediction
Chen et al. $ d $ d-Simplexed: Adaptive Delaunay Triangulation for Performance Modeling and Prediction on Big Data Analytics
Zheng et al. Probabilistic QoS aggregations for service composition
US11810022B2 (en) Contact center call volume prediction
US12086601B2 (en) Dynamic insights extraction and trend prediction
Chi et al. Distribution-based query scheduling
Tsagkaropoulos et al. Severity: a QoS-aware approach to cloud application elasticity
CN114117447B (en) Situation awareness method, device, equipment and storage medium based on Bayesian network
US11683391B2 (en) Predicting microservices required for incoming requests
Su et al. Quantitative verification for monitoring event-streaming systems
Ardagna et al. Dynamic web service composition with QoS constraints
CA3119490A1 (en) Contact center call volume prediction
Smith A service for queue prediction and job statistics
EP1562113B1 (en) An application management system and a method of managing an application
US20210334734A1 (en) Method and system for presenting digital task implemented in computer-implemented crowd-sourced environment
Mukhopadhyay et al. Analytics at Scale
US20250244974A1 (en) Web application telemetry

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant