A network security intelligent question answering method and system based on a generative large model
The intelligent question-answering system based on generative large models solves the problem that traditional network security protection methods are unable to cope with complex network attacks, achieving efficient and intelligent network security protection and enhancing the robustness and adaptability of the model.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- GUIZHOU POWER GRID CO LTD
- Filing Date
- 2024-12-11
- Publication Date
- 2026-06-19
AI Technical Summary
Traditional cybersecurity protection methods are struggling to cope with increasingly complex and diverse cyberattacks, necessitating a more intelligent and efficient approach.
Generative large-scale models are used for intelligent question answering in cybersecurity. Through data preprocessing, transfer learning, multimodal information fusion, adversarial training, and regular updates and maintenance, an intelligent question answering system is built and integrated into the cybersecurity monitoring and management system.
It improves the accuracy and efficiency of cybersecurity question answering, enhances the robustness and anti-attack capabilities of the model, enables continuous updates and maintenance, adapts to new changes in the cybersecurity field, and expands the application areas of intelligent question answering systems.
Smart Images

Figure CN119886213B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of intelligent network security technology, and in particular to an intelligent network security query method and system based on generative large models. Background Technology
[0002] Currently, with the continuous development and popularization of network technology, network security issues are becoming increasingly prominent, and traditional network security protection methods are struggling to cope with increasingly complex and diverse network attack methods. Therefore, a more intelligent and efficient network security protection method is needed to solve this problem. Generative large models, as an emerging artificial intelligence technology, have powerful learning and reasoning capabilities, providing new ideas and methods for intelligent protection in the field of network security. Summary of the Invention
[0003] The purpose of this section is to outline some aspects of embodiments of the present invention and to briefly describe some preferred embodiments. Simplifications or omissions may be made in this section, as well as in the abstract and title of this application, to avoid obscuring the purpose of these documents; however, such simplifications or omissions should not be construed as limiting the scope of the invention.
[0004] In view of the aforementioned existing problems, the present invention is proposed.
[0005] Therefore, this invention provides a method and system for intelligent cybersecurity questioning based on generative large models, which can solve the problems mentioned in the background art.
[0006] To solve the above-mentioned technical problems, the present invention provides the following technical solution:
[0007] In a first aspect, the present invention provides a method for intelligent data collection in cybersecurity based on a generative large model, which includes collecting cybersecurity data and preprocessing the cybersecurity data;
[0008] Generative large models are trained using preprocessed cybersecurity data, and transfer learning is introduced during the training process to adjust the model parameters and structure.
[0009] Build an intelligent question-answering system that receives user-input questions and generates answers based on a pre-trained generative large model, uses multimodal information fusion technology to process multimedia information, and optimizes the system based on user feedback;
[0010] Adversarial training techniques are used to generate adversarial examples to simulate real-world network attack and defense scenarios, evaluate the performance of the intelligent question-answering system, and regularly update and maintain the model.
[0011] As a preferred embodiment of the intelligent network security data query method based on generative large models described in this invention, the network security data includes network logs, attack patterns, defense strategies, user behavior data, and vulnerability information.
[0012] The preprocessing includes cleaning, noise reduction, formatting, and data augmentation.
[0013] The data augmentation includes data augmentation and data transformation. The data augmentation is achieved through random pruning, rotation, and flipping operations, while the data transformation is achieved through PCA dimensionality reduction and feature selection methods.
[0014] As a preferred embodiment of the intelligent online digitization method for cybersecurity based on generative large models described in this invention, the transfer learning includes:
[0015] Pre-trained models are used to accelerate the training process of generative large models and optimize model parameters and structure. These pre-trained models include ImageNet and Wikipedia.
[0016] As a preferred embodiment of the intelligent online data collection method for network security based on generative large models described in this invention, the multimedia information includes multimedia information composed of text, images, and audio.
[0017] The multimodal information fusion technology is implemented through a deep neural network architecture, including the multimodal Transformer model.
[0018] As a preferred embodiment of the intelligent questioning method for cybersecurity based on generative large models described in this invention, the generation of adversarial samples through adversarial training techniques includes generating adversarial samples by applying small perturbations to the original samples.
[0019] As a preferred embodiment of the intelligent data collection method for cybersecurity based on generative large models described in this invention, the periodic updating and maintenance of the model includes receiving data and updating and optimizing it through automated updating and online learning technologies.
[0020] As a preferred embodiment of the intelligent question-answering method for cybersecurity based on generative large models described in this invention, the intelligent question-answering system is used to be integrated into a cybersecurity monitoring and management system, and the intelligent question-answering system is combined with real-time log analysis and a threat intelligence platform.
[0021] Secondly, the present invention provides a network security intelligent question-answering system based on a generative large model, which includes: a data acquisition and preprocessing module, a model training module, an intelligent question-answering module, and an update and maintenance module;
[0022] The data acquisition and preprocessing module is used to acquire network security data and preprocess the network security data.
[0023] The model training module is used to train a generative large model using preprocessed cybersecurity data, introduces transfer learning during the training process, and adjusts the model parameters and structure.
[0024] The intelligent question answering module is used to build an intelligent question answering system. It receives user-input questions and generates answers based on a pre-trained generative large model, uses multimodal information fusion technology to process multimedia information, and optimizes the system based on user feedback.
[0025] The update and maintenance module is used to generate adversarial examples through adversarial training techniques to simulate real network attack and defense scenarios, evaluate the performance of the intelligent question answering system, and update and maintain the model regularly.
[0026] Thirdly, the present invention provides a computer device, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps of a network security intelligent query method based on a generative large model.
[0027] Fourthly, the present invention provides a computer-readable storage medium having a computer program stored thereon, wherein: when the computer program is executed by a processor, it implements the steps of a network security intelligent query method based on a generative large model.
[0028] Compared with existing technologies, the advantages of this invention are: improved accuracy and efficiency of cybersecurity question answering, providing more convenient and intelligent services for cybersecurity administrators; enhanced robustness and anti-attack capabilities of the model through attack and defense simulation and verification, improving the reliability and stability of cybersecurity protection; continuous updates and maintenance, enabling the model to adapt to new changes and needs in the cybersecurity field, maintaining the advanced nature and practicality of the technology; and expanded application areas of intelligent question answering systems, providing more comprehensive and intelligent solutions for cybersecurity education and training. Attached Figure Description
[0029] To more clearly illustrate the technical solutions of the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0030] Figure 1 A flowchart of a network security intelligent query method and system based on a generative large model is provided as an embodiment of the present invention;
[0031] Figure 2 This is an internal structural diagram of a computer device for a network security intelligent query method and system based on a generative large model, provided as an embodiment of the present invention. Detailed Implementation
[0032] To make the above-mentioned objects, features, and advantages of the present invention more readily understood, specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of the present invention, and not all of them. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort should fall within the protection scope of the present invention.
[0033] Many specific details are set forth in the following description in order to provide a full understanding of the invention. However, the invention may also be practiced in other ways different from those described herein, and those skilled in the art can make similar extensions without departing from the spirit of the invention. Therefore, the invention is not limited to the specific embodiments disclosed below.
[0034] Secondly, the term "one embodiment" or "embodiment" as used herein refers to a specific feature, structure, or characteristic that may be included in at least one implementation of the present invention. The phrase "in one embodiment" appearing in different places in this specification does not necessarily refer to the same embodiment, nor is it a single or selective embodiment that is mutually exclusive with other embodiments.
[0035] Example 1, referring to Figures 1-2 This is the first embodiment of the present invention, which provides a network security intelligent query method based on a generative large model, including:
[0036] This application provides a method that can effectively solve the problems mentioned above. The following will describe in detail how to implement this intelligent query method for network security based on a generative large model, using multiple embodiments.
[0037] Figure 1 A flowchart illustrating a network security intelligent querying method and system based on a generative large model is presented, including:
[0038] S1: Collect network security data and preprocess the network security data;
[0039] Furthermore, cybersecurity data includes network logs, attack patterns, defense strategies, user behavior data, and vulnerability information;
[0040] Preprocessing includes cleaning, noise reduction, formatting, and data augmentation;
[0041] Data augmentation includes data augmentation and data transformation. Data augmentation is achieved through random pruning, rotation, and flipping operations, while data transformation is achieved through PCA dimensionality reduction and feature selection methods. Data augmentation techniques enrich datasets and improve the model's generalization ability. Data augmentation generates new data samples by transforming or combining the original data. Data augmentation generates new data samples by copying, rotating, and scaling the original data. Data transformation techniques, on the other hand, perform feature extraction, dimensionality reduction, or transformation on the data to make it more suitable for the model's training needs. These techniques not only increase the diversity and complexity of the dataset but also help improve the model's training performance, enabling it to better address various complex cybersecurity issues.
[0042] S2: Train a generative large model using preprocessed cybersecurity data, introduce transfer learning during the training process, and adjust the model parameters and structure;
[0043] Furthermore, transfer learning includes,
[0044] This study utilizes pre-trained models, including ImageNet and Wiki, to accelerate the training process of large generative models and optimize model parameters and structure. Transfer learning techniques are introduced, which leverage models already trained in other domains as pre-trained models to accelerate the current training process. Through transfer learning, the model can adapt to new tasks and datasets more quickly, saving significant training time and computational resources. Furthermore, during training, the model's parameters and structure are meticulously tuned to ensure optimal performance in cybersecurity question-answering tasks. These adjustments include modifying the number of layers, neurons, and activation functions, as well as introducing techniques such as regularization and dropout to prevent overfitting.
[0045] S3: Build an intelligent question-answering system that receives user-input questions and generates answers based on a pre-trained generative large model, uses multimodal information fusion technology to process multimedia information, and optimizes the system based on user feedback;
[0046] Furthermore, multimedia information includes multimedia information composed of text, images, and audio;
[0047] The system employs multimodal information fusion technology, implemented through a deep neural network architecture, including a multimodal Transformer model. This technology fully leverages the complementarity between various information types, such as text, images, and audio, to achieve a deeper and more comprehensive understanding of complex issues. For example, in describing network attacks that include images, the system can automatically extract key information from the images and combine it with textual information for comprehensive analysis, thereby generating a more accurate and comprehensive answer. Furthermore, the system possesses contextual understanding capabilities, enabling it to generate more coherent and logical responses based on the user's past questions and answers.
[0048] S4: Generate adversarial examples using adversarial training techniques to simulate real-world network attack and defense scenarios, evaluate the performance of the intelligent question-answering system, and regularly update and maintain the model.
[0049] Furthermore, adversarial examples are generated through adversarial training techniques, including generating adversarial examples by applying small perturbations to the original samples.
[0050] Furthermore, in the attack and defense simulation and verification phase, this invention comprehensively evaluated and optimized the performance of the intelligent question-answering system by simulating real network attack and defense scenarios. To enhance the robustness and anti-attack capability of the model, adversarial training technology was introduced. This technology generates adversarial examples and trains the model, enabling it to learn more robust features and representations. Adversarial examples are generated by adding small perturbations to the original data. Although these perturbations do not affect human perception, they can cause the model to make incorrect predictions. By training the model to identify and respond to these adversarial examples, the robustness and anti-attack capability of the model can be significantly improved. In addition, the system's response time, accuracy, and other key indicators were tested in detail to ensure the stability and reliability of the system in practical applications.
[0051] Furthermore, regular model updates and maintenance include receiving and optimizing data through automated updates and online learning technologies. These technologies enable the model to receive new data and feedback in real time, automatically updating and optimizing itself. This mechanism ensures the model remains up-to-date and adapts to new changes and demands in the cybersecurity field. Automated updates and online learning technologies not only improve the model's flexibility and adaptability but also reduce maintenance costs. In addition, comprehensive security audits and performance tests are conducted regularly to identify and fix potential vulnerabilities and defects. These measures not only enhance the system's security and stability but also provide users with more reliable and efficient cybersecurity Q&A services.
[0052] Furthermore, the intelligent question-and-answer system is integrated into network security monitoring and management systems, combining real-time log analysis and threat intelligence platforms. Applying the intelligent question-and-answer system to network security education and training provides learners with personalized learning resources and guidance. Through the question-and-answer service provided by the system, learners can quickly acquire the necessary knowledge and skills and conduct targeted learning and practice based on their individual circumstances. This application can further improve the effectiveness and quality of network security education and training, contributing to the cultivation of more network security professionals.
[0053] Furthermore, this embodiment also provides a cybersecurity intelligent question-answering system based on a generative large model, including: a data acquisition and preprocessing module, a model training module, an intelligent question-answering module, and an update and maintenance module;
[0054] The data acquisition and preprocessing module is used to acquire network security data and preprocess the network security data.
[0055] The model training module is used to train a generative large model using preprocessed cybersecurity data, introduces transfer learning during the training process, and adjusts the model parameters and structure.
[0056] The intelligent question answering module is used to build an intelligent question answering system. It receives user-input questions and generates answers based on a pre-trained generative large model, uses multimodal information fusion technology to process multimedia information, and optimizes the system based on user feedback.
[0057] The update and maintenance module is used to generate adversarial examples through adversarial training techniques to simulate real network attack and defense scenarios, evaluate the performance of the intelligent question answering system, and update and maintain the model regularly.
[0058] This embodiment also provides a computer device, which may be a terminal, and its internal structure diagram may be as follows. Figure 2As shown, the computer device includes a processor, memory, communication interface, display screen, and input devices connected via a system bus. The processor provides computing and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system and computer programs. The internal memory provides an environment for the operation of the operating system and computer programs stored in the non-volatile storage media. The communication interface is used for wired or wireless communication with external terminals; wireless communication can be achieved through Wi-Fi, carrier networks, NFC (Near Field Communication), or other technologies. When executed by the processor, the computer program implements a network security intelligent query method based on a generative large model. The display screen can be an LCD screen or an e-ink screen. The input devices can be a touch layer covering the display screen, buttons, a trackball, or a touchpad on the computer device casing, or an external keyboard, touchpad, or mouse.
[0059] This embodiment also provides a computer-readable storage medium storing a computer program thereon, which, when executed by a processor, performs the following steps: collecting network security data and preprocessing the network security data;
[0060] Generative large models are trained using preprocessed cybersecurity data, and transfer learning is introduced during the training process to adjust the model parameters and structure.
[0061] Build an intelligent question-answering system that receives user-input questions and generates answers based on a pre-trained generative large model, uses multimodal information fusion technology to process multimedia information, and optimizes the system based on user feedback;
[0062] Adversarial training techniques are used to generate adversarial examples to simulate real-world network attack and defense scenarios, evaluate the performance of the intelligent question-answering system, and regularly update and maintain the model.
[0063] Example 2, refer to Figure 1 - Figure 2 This is the second embodiment of the present invention, which provides a network security intelligent query method based on a generative large model. In order to verify the beneficial effects of the present invention, scientific demonstration is carried out through economic benefit calculation and simulation experiments.
[0064] To verify the effectiveness of the network security intelligent query method based on generative large models in real-world applications, a medium-sized enterprise network environment was selected as the experimental subject. This enterprise's network system includes an internal LAN, server clusters, and an external internet connection, processing approximately 100,000 network requests daily and storing a large amount of sensitive data.
[0065] We collected network logs, attack pattern records, defense strategy documents, and user behavior data from the past six months. The total amount of this data is approximately 2TB.
[0066] The collected data was cleaned to remove duplicates, invalid information, and noise, ensuring data consistency and accuracy.
[0067] Data augmentation techniques were applied, such as augmenting image data through random cropping and rotation; and PCA dimensionality reduction and feature selection methods were used to optimize text data, thereby enriching the training dataset.
[0068] Generative large models were trained using the preprocessed dataset. Pre-trained models based on the Transformer architecture, such as BERT or GPT series, were selected and fine-tuned to adapt to tasks specific to the cybersecurity domain.
[0069] During training, model parameters such as learning rate and batch size were adjusted, and transfer learning techniques were introduced. Large-scale pre-trained models from ImageNet and Wikipedia were used to accelerate the training process and improve model performance.
[0070] Based on a pre-trained generative large model, an intelligent question-answering system was built, which can receive and respond to questions about cybersecurity and supports text, image and audio input.
[0071] The system employs multimodal information fusion technology to integrate different types of media information, thereby improving the accuracy and comprehensiveness of the responses.
[0072] It integrates a user feedback mechanism to enable continuous optimization based on actual usage.
[0073] Various real-world network attack scenarios were simulated, including DDoS attacks and SQL injection attacks, to generate adversarial examples for testing the robustness of the model.
[0074] By using automated updates and online learning technologies, the system can adapt to emerging threats in real time and perform performance evaluations regularly.
[0075] Integrate the intelligent question-and-answer system into the existing network security monitoring platform to provide real-time security situation awareness and early warning services.
[0076] A one-month trial run was conducted within the company, during which user feedback was collected to further improve the system's functionality and service quality.
[0077] Before the experiment began, detailed planning and technical solutions were designed for all the above steps. First, the data acquisition team collaborated with the enterprise's IT department to ensure that the acquired data covered the widest possible range of scenarios. Next, data scientists were responsible for data preprocessing to ensure data quality met the needs of subsequent modeling. Then, algorithm engineers focused on model selection and training, paying particular attention to how to accelerate training speed without sacrificing accuracy through transfer learning. Based on this, the development team built an intelligent question-answering system and collaborated with security experts to ensure the system could effectively address various cybersecurity issues. Finally, the operations team deployed the system to the production environment and assigned dedicated technical support personnel to assist users in familiarizing themselves with the new tool. The entire experimental process strictly adhered to scientific methodologies to ensure the authenticity and reliability of the results.
[0078] Table 1: Comparison Indicators Before and After the Experiment
[0079]
[0080]
[0081] Table 1 shows the changes in key performance indicators before and after applying the method of this invention to an enterprise-level network environment. It can be seen that the average response time is significantly reduced, the accuracy of vulnerability detection is significantly improved, the efficiency of security incident handling is significantly enhanced, user satisfaction is also greatly improved, and model updates are more timely.
[0082] Table 2: Evaluation of the Effectiveness of Adversarial Training
[0083] Parameter name unit Pre-experiment value Post-experiment values Increase ratio Remark Adversarial example recognition rate % 65.4 88.2 22.8% Significant improvement Resistance to attack rating (out of 10 points) 5.6 8.3 26.8% Significantly enhanced Model robustness score (out of 10 points) 6.1 8.7 26.2% Significantly enhanced System stability score (out of 10 points) 6.8 9.1 19.1% Significantly improved Operating costs Yuan / month 15,000 14,500 -3.3% Cost reduction Performance degradation threshold % 10.2 7.6 -25.5% More stable
[0084] Table 2 focuses on the effectiveness evaluation of adversarial training, showing that after introducing adversarial training, the system has made significant progress in identifying adversarial examples, anti-attack capabilities, and model robustness, while maintaining low operating costs and higher performance stability.
[0085] As shown in Table 1, the method of this invention has achieved significant improvements in several key performance indicators. Specifically, the average response time has been reduced from 5.2 seconds to 1.8 seconds, a reduction of 65.4%, which not only improves the user experience but also ensures rapid response to potential security threats. The vulnerability detection accuracy has increased from 78.9% to 92.3%, an increase of 13.4 percentage points, meaning that more hidden security risks are being discovered in a timely manner. In addition, the security incident handling efficiency has improved by 25.5%, reaching 85.7%, indicating that the system can respond to emergencies more efficiently. The user satisfaction score has increased from 6.5 to 8.9, reflecting a significant increase in user acceptance of the new system. More importantly, the model update frequency has increased from once a month to three times a month, ensuring that the system is always in optimal condition and adapts to the ever-changing security environment.
[0086] Table 2 further confirms the positive impact of adversarial training on enhancing system security. The adversarial example recognition rate increased by 22.8% to 88.2%, indicating that the model trained adversarially is more resistant to malicious attacks. The scores for anti-attack capability and model robustness improved by 26.8% and 26.2%, respectively, reflecting the system's stable performance in complex network environments. Notably, despite enhanced security measures, the overall operating cost decreased by 3.3%, demonstrating the economic advantages of the proposed method. The performance degradation threshold also decreased from 10.2% to 7.6%, indicating that the system maintains good performance even under high loads.
[0087] In summary, the method of this invention demonstrates outstanding innovation and practicality in enterprise-level network environments. Compared to existing technologies, it not only improves the efficiency and accuracy of network security management but also effectively reduces operating costs and enhances the system's robustness and resistance to attacks. These advantages make the method of this invention an ideal choice for solving current network security challenges, possessing significant academic value and promising practical application prospects.
[0088] It should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and are not intended to limit it. Although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art should understand that modifications or equivalent substitutions can be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, and all such modifications or substitutions should be covered within the scope of the claims of the present invention.
[0089] Those skilled in the art will understand that embodiments of this application can be provided as methods, systems, or computer program products. Therefore, this application can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, this application can take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code. The solutions in the embodiments of this application can be implemented in various computer languages, such as the object-oriented programming language Java and the interpreted scripting language JavaScript.
[0090] This application is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this application. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart... Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.
[0091] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.
[0092] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.
[0093] Although preferred embodiments of this application have been described, those skilled in the art, upon learning the basic inventive concept, can make other changes and modifications to these embodiments. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments as well as all changes and modifications falling within the scope of this application.
[0094] Obviously, those skilled in the art can make various modifications and variations to this application without departing from the spirit and scope of this application. Therefore, if such modifications and variations fall within the scope of the claims of this application and their equivalents, this application also intends to include such modifications and variations.
Claims
1. A cybersecurity intelligent query method based on generative large models, characterized in that: include, Collect network security data and preprocess the network security data; Generative large models are trained using preprocessed cybersecurity data, and transfer learning is introduced during the training process to adjust the model parameters and structure. Build an intelligent question-answering system that receives user-input questions and generates answers based on a pre-trained generative large model, uses multimodal information fusion technology to process multimedia information, and optimizes the system based on user feedback; Adversarial examples are generated using adversarial training techniques to simulate real-world network attack and defense scenarios, evaluate the performance of the intelligent question-answering system, and regularly update and maintain the model. The network security data includes network logs, attack patterns, defense strategies, user behavior data, and vulnerability information; The preprocessing includes cleaning, noise reduction, formatting, and data augmentation. The data augmentation includes data augmentation and data transformation. The data augmentation is achieved through at least one of random pruning, rotation, and flipping operations, and the data transformation is achieved through at least one of PCA dimensionality reduction and feature selection. The data augmentation generates new data samples by performing at least one operation of copying, rotating, and scaling on the original data; the data transformation makes the data more suitable for the training requirements of the model by performing feature extraction, dimensionality reduction, or transformation operations on the data, in order to address network security issues. The transfer learning includes, Pre-trained models are used to accelerate the training process of generative large models and optimize model parameters and structure. These pre-trained models include ImageNet and Wikipedia.
2. The intelligent data collection method for cybersecurity based on generative large models as described in claim 1, characterized in that: The multimedia information includes multimedia information composed of text, images, and audio; The multimodal information fusion technology is implemented through a deep neural network architecture, including the multimodal Transformer model.
3. The intelligent online data collection method for cybersecurity based on generative large models as described in claim 2, characterized in that: The generation of adversarial examples through adversarial training techniques includes generating adversarial examples by applying small perturbations to the original examples.
4. The intelligent online query method for cybersecurity based on generative large models as described in claim 3, characterized in that: The regular update and maintenance model includes receiving and updating data through automated updates and online learning technologies.
5. The intelligent query method for cybersecurity based on generative large models as described in claim 4, characterized in that: The intelligent question-and-answer system is used to integrate into the network security monitoring and management system, and the intelligent question-and-answer system is combined with real-time log analysis and threat intelligence platform.
6. A cybersecurity intelligent questioning system based on a generative large model, based on the cybersecurity intelligent questioning method based on a generative large model as described in any one of claims 1 to 5, characterized in that: It includes a data acquisition and preprocessing module, a model training module, an intelligent question answering module, and an update and maintenance module; The data acquisition and preprocessing module is used to acquire network security data and preprocess the network security data. The model training module is used to train a generative large model using preprocessed cybersecurity data, introduces transfer learning during the training process, and adjusts the model parameters and structure. The intelligent question answering module is used to build an intelligent question answering system. It receives user-input questions and generates answers based on a pre-trained generative large model, uses multimodal information fusion technology to process multimedia information, and optimizes the system based on user feedback. The update and maintenance module is used to generate adversarial examples through adversarial training techniques to simulate real network attack and defense scenarios, evaluate the performance of the intelligent question answering system, and update and maintain the model regularly.
7. A computer device comprising a memory and a processor, wherein the memory stores a computer program, characterized in that: When the processor executes the computer program, it implements the steps of the network security intelligent questioning method based on any one of claims 1 to 5.
8. A computer-readable storage medium having a computer program stored thereon, characterized in that: When the computer program is executed by the processor, it implements the steps of the network security intelligent questioning method based on any one of claims 1 to 5.