Sensitivity operation approval decision system, method, readable storage medium and program product

By automatically assessing the rationality and security risks of operations through the sensitive operation approval decision system, the problems of slow approval processes and misjudgments in the existing vault model have been solved, and efficient and accurate sensitive operation approval has been achieved.

CN120296772BActive Publication Date: 2026-06-05CHINA MOBILE INFORMATION TECHNOLOGY CO LTD +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA MOBILE INFORMATION TECHNOLOGY CO LTD
Filing Date
2025-06-13
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

The existing treasury model relies on manual authorization and approval, which has problems such as slow approval process, high error rate and inability to assess potential risks in a timely manner, resulting in low efficiency and poor accuracy in the approval of sensitive operations.

Method used

A sensitive operation approval and decision-making system is adopted, including an operation application module, an intelligent approval agent, a risk assessment agent, and an authorization decision-making agent. It automatically acquires sensitive operation data, evaluates the rationality of the operation through the intelligent approval agent, analyzes security risks through the risk assessment agent, and determines the approval result through a comprehensive score by the authorization decision-making agent.

Benefits of technology

It improves the efficiency and accuracy of approval for sensitive operations, can automatically assess the rationality and security risks of operations, reduces the risk of releasing high-risk operations, and improves the system's operational efficiency and security.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN120296772B_ABST
    Figure CN120296772B_ABST
Patent Text Reader

Abstract

The application discloses a sensitive operation approval decision system and method, a readable storage medium and a program product, relates to the technical field of information security management, and the sensitive operation approval decision system comprises an operation application module, which is used for acquiring sensitive operation data of a target operator after receiving a sensitive operation request of the target operator; an intelligent approval intelligent agent, which is used for determining the matching degree of operation content and application reasons as the operation rationality score of the current sensitive operation; a risk assessment intelligent agent, which is used for performing security risk analysis according to the operation content, operator information and historical operation data, and generating the security risk score of the current sensitive operation; and an authorization decision intelligent agent, which is used for determining the approval decision score of the current sensitive operation according to the operation rationality score and the security risk score, so as to determine the approval result of the current sensitive operation. The application can improve the approval efficiency and accuracy of the sensitive operation of the operator.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of information security management technology, and in particular to a sensitive operation approval decision system, method, readable storage medium and program product. Background Technology

[0002] Currently, when handling system operations involving highly sensitive information, a vault mode (i.e., "two-person operation" mode) is often used to ensure the security of sensitive operations in order to prevent unauthorized access and potential security risks.

[0003] However, the existing vault model relies on manual authorization and approval, which has problems such as slow approval process, low operational efficiency, and is also prone to misjudgment and high-risk operations being released due to human negligence.

[0004] Therefore, the existing approval methods for sensitive operations are not only inefficient, but also have poor accuracy. Summary of the Invention

[0005] The main purpose of this application is to provide a sensitive operation approval decision system, method, readable storage medium and program product, which aims to improve the efficiency and accuracy of the approval of sensitive operations by operators.

[0006] To achieve the above objectives, this application provides a sensitive operation approval decision system, the sensitive operation approval decision system comprising:

[0007] The operation application module is used to obtain the sensitive operation data of the target operator after receiving a sensitive operation request from the target operator; the sensitive operation data includes operator information, historical operation data, the operation content of the current sensitive operation, and the reason for the application;

[0008] The intelligent approval agent has its input end connected to the first output end of the operation application module, and is used to determine the degree of matching between the operation content and the application reason, as a score of the reasonableness of the current sensitive operation.

[0009] A risk assessment agent, whose input end is connected to the second output end of the operation application module, is used to perform security risk analysis based on the operation content, the operator information and the historical operation data, and generate a security risk score for the current sensitive operation.

[0010] An authorization decision-making intelligent agent, the input end of which is connected to the output end of the intelligent approval intelligent agent and the output end of the risk assessment intelligent agent, is used to determine the approval decision score of the current sensitive operation based on the operation rationality score and the security risk score, and to determine the approval result of the current sensitive operation based on the approval decision score of the current sensitive operation.

[0011] In one embodiment, the sensitive operation approval decision system further includes a natural language processing tool and an operation application matching tool, and the intelligent approval agent connects the natural language processing tool and the operation application matching tool;

[0012] The intelligent approval agent is also used for:

[0013] Receive the operation content and the application reason output by the operation application module;

[0014] The natural language processing tool is invoked to perform semantic analysis on the operation content and the application reason, respectively, in order to determine the operation intent and key application reason of the current sensitive operation.

[0015] The operation application matching tool is invoked to determine the degree of matching between the operation intent and the key reasons for the application, which is used as the degree of matching between the operation content and the reasons for the application.

[0016] In one embodiment, the natural language processing tool is used for:

[0017] The operation content and the application reason are preprocessed to obtain the preprocessed operation content and application reason;

[0018] The preprocessed operation content and application reasons are input into the large language model associated with the natural language processing tool to determine the operation intent and key application reasons of the current sensitive operation.

[0019] In one embodiment, the operation request matching tool is used for:

[0020] Based on the large language model associated with the operation application matching tool, semantic embedding processing is performed on the operation intention and the key application reason to obtain the embedding vector of the operation intention and the embedding vector of the key application reason.

[0021] The similarity between the embedding vector of the operational intent and the embedding vector of the key application reason is determined as the degree of matching between the operational intent and the key application reason.

[0022] In one embodiment, the sensitive operation approval decision system further includes a behavior baseline construction tool and an anomaly risk assessment tool, wherein the risk assessment agent connects the behavior baseline construction tool and the anomaly risk assessment tool;

[0023] The risk assessment agent is also used for:

[0024] Receive the operation content, operator information, and historical operation data output by the operation request module;

[0025] The behavior baseline construction tool is invoked to construct a behavior baseline model for the target operator based on the historical operation data;

[0026] The abnormal risk assessment tool is invoked to perform feature extraction and feature fusion processing on the operation content and the operator information to obtain the current behavior feature vector of the target operator. The current behavior feature vector is then input into the behavior baseline model to obtain the reconstruction error of the current sensitive operation.

[0027] The absolute value of the difference between the reconstruction error and the preset error threshold is calculated to obtain the security risk score of the current sensitive operation.

[0028] In one embodiment, the behavioral baseline building tool is used to:

[0029] The historical operation data is preprocessed to obtain the record data of all historical sensitive operations of the target operator from the historical operation data;

[0030] Feature extraction and feature fusion are performed on the recorded data of each of the aforementioned historical sensitive operations to obtain the historical behavior feature vectors of the target operator.

[0031] Based on the aforementioned historical behavior feature vectors, the preset deep autoencoder model is iteratively trained to obtain the behavior baseline model.

[0032] In one embodiment, the sensitive operation approval decision system further includes a decision support tool and a historical matching tool, and the authorization decision agent connects the decision support tool and the historical matching tool;

[0033] The authorized decision-making agent is also used for:

[0034] Obtain the operational rationality score output by the intelligent approval agent and the security risk score output by the risk assessment agent;

[0035] The decision support tool is invoked to comprehensively analyze the rationality score of the operation and the security risk score to obtain a comprehensive decision score for the current sensitive operation.

[0036] The historical matching tool is invoked to obtain each historical sensitive operation similar to the current sensitive operation, which is taken as each target sensitive operation. Based on the comprehensive decision score of each target sensitive operation and the similarity between each target sensitive operation and the current sensitive operation, the total historical decision score is determined.

[0037] The overall decision score of the current sensitive operation and the total historical decision score are weighted to obtain the approval decision score of the current sensitive operation.

[0038] In one embodiment, the decision support tool is used for:

[0039] The operational rationality score and the safety risk score are standardized to obtain standardized operational rationality score and safety risk score;

[0040] The standardized operational rationality score and security risk score are weighted to obtain the comprehensive decision score for the current sensitive operation.

[0041] In one embodiment, the historical matching tool is used for:

[0042] Determine the operation feature vector of the current sensitive operation;

[0043] The similarity between the operation feature vectors of each historical sensitive operation recorded in the long-term memory module and the operation feature vector of the current sensitive operation is determined as the similarity between each historical sensitive operation and the current sensitive operation.

[0044] Based on the similarity between each historical sensitive operation and the current sensitive operation, a preset number of historical sensitive operations are obtained in descending order and used as each target sensitive operation.

[0045] The weight of each target sensitive operation is determined based on the similarity between each target sensitive operation and the current sensitive operation.

[0046] Calculate the product of the weight of each target-sensitive operation and the comprehensive decision score of each target-sensitive operation to obtain each historical decision sub-score;

[0047] The sum of the scores of each historical decision sub-score is calculated to obtain the total historical decision score.

[0048] Furthermore, to achieve the above objectives, this application also provides a sensitive operation approval decision-making method, the method comprising:

[0049] Upon receiving a sensitive operation request from a target operator, the system acquires the target operator's sensitive operation data; the sensitive operation data includes operator information, historical operation data, the content of the current sensitive operation, and the reason for the request.

[0050] The degree of matching between the operation content and the application reason is determined as the operation rationality score of the current sensitive operation;

[0051] Based on the operation content, the operator information, and the historical operation data, a security risk analysis is performed to generate a security risk score for the current sensitive operation.

[0052] Based on the operational rationality score and the security risk score, the approval decision score for the current sensitive operation is determined, and based on the approval decision score for the current sensitive operation, the approval result for the current sensitive operation is determined.

[0053] In addition, to achieve the above objectives, this application also provides a readable storage medium, which is a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, it implements the steps of the sensitive operation approval decision method as described above.

[0054] In addition, to achieve the above objectives, this application also provides a program product, which is a computer program product, comprising a computer program that, when executed by a processor, implements the steps of the sensitive operation approval decision method as described above.

[0055] This application provides a sensitive operation approval decision system, which includes an operation application module, an intelligent approval agent, a risk assessment agent, and an authorization decision agent. The input end of the intelligent approval agent is connected to the first output end of the operation application module, the input end of the risk assessment agent is connected to the second output end of the operation application module, and the input end of the authorization decision agent is connected to the output ends of the intelligent approval agent and the risk assessment agent. The operation application module is used to obtain the sensitive operation data of the target operator after receiving a sensitive operation request from the target operator. The sensitive operation data includes operator information, historical operation data, the operation content of the current sensitive operation, and the application reason. The intelligent approval agent is used to determine the degree of matching between the operation content and the application reason, as a reasonableness score for the current sensitive operation. The risk assessment agent is used to perform security risk analysis based on the operation content, operator information, and historical operation data, and generate a security risk score for the current sensitive operation. The authorization decision agent is used to determine the approval decision score for the current sensitive operation based on the reasonableness score and the security risk score, and determine the approval result for the current sensitive operation based on the approval decision score.

[0056] Therefore, this application establishes an operation application module, an intelligent approval agent, a risk assessment agent, and an authorization decision agent. When an operator applies for a sensitive operation, the operation application module automatically acquires relevant sensitive operation data. Furthermore, the intelligent approval agent determines the degree of matching between the operation content in the sensitive operation data and the application reason, automatically assessing the rationality of the applied sensitive operation and obtaining an operation rationality score. Simultaneously, the risk assessment agent uses the operation content, operator information, and historical operation data from the sensitive operation data to automatically perform a security analysis of the current sensitive operation, determining its security risk score. Finally, the authorization decision agent uses the operation rationality score and the security risk score to determine the approval decision score for the current sensitive operation, thereby determining the approval result.

[0057] In summary, this application provides a system for automatically approving sensitive operations performed by operators. Compared with conventional technologies that rely on manual authorization and approval, this system is not only more efficient, but also takes into account the rationality and safety risks of sensitive operations during the approval process. This can help avoid the problem of releasing high-risk operations to a certain extent, thus ensuring higher approval accuracy. Attached Figure Description

[0058] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.

[0059] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, for those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0060] Figure 1 A schematic diagram illustrating the implementation process of an existing vault model provided in this application embodiment;

[0061] Figure 2 This is a schematic diagram of the module structure of the sensitive operation approval decision system provided in the first embodiment of this application;

[0062] Figure 3 This is an overall architecture diagram of the sensitive operation approval decision system provided in the first embodiment of this application;

[0063] Figure 4 This is a schematic diagram of the module structure of the sensitive operation approval decision system provided in the second embodiment of this application;

[0064] Figure 5 This is a schematic diagram of the module structure of the sensitive operation approval decision system provided in the third embodiment of this application;

[0065] Figure 6 This is a schematic diagram of the module structure of the sensitive operation approval decision system provided in the fourth embodiment of this application;

[0066] Figure 7 This is a flowchart illustrating the sensitive operation approval decision-making method provided in the embodiments of this application.

[0067] The purpose, features, and advantages of this application will be further explained in conjunction with the embodiments and with reference to the accompanying drawings.

[0068] Explanation of icon numbers:

[0069] 10. Operation Application Module; 20. Intelligent Approval Agent; 30. Risk Assessment Agent; 40. Authorization Decision Agent; 201. Natural Language Processing Tool; 202. Operation Application Matching Tool; 301. Behavioral Baseline Construction Tool; 302. Anomaly Risk Assessment Tool; 401. Decision Support Tool; 402. Historical Matching Tool. Detailed Implementation

[0070] It should be understood that the specific embodiments described herein are merely illustrative of the technical solutions of this application and are not intended to limit this application.

[0071] To better understand the technical solution of this application, a detailed description will be provided below in conjunction with the accompanying drawings and specific implementation methods.

[0072] Currently, when handling system operations involving highly sensitive information, a vault model (i.e., a "two-person operation" model) is often used to ensure the security of sensitive operations in order to prevent unauthorized access and potential security risks. The vault model requires at least two operators with appropriate permissions to collaborate on highly sensitive operations, preventing abuse of privileges by a single person and thus protecting highly sensitive information within the system.

[0073] The implementation process of the existing vault model can be referenced. Figure 1When an operator intends to perform a highly sensitive operation on critical resources, the Vault Mode will be triggered, requiring the operator to provide a reason for the operation. After completing the reason, the operator submits it to the Vault Authentication Module. Upon receiving the reason, the Vault Authentication Module automatically sends an approval request to authorized personnel. The request includes the operator's identity information, the operation to be performed, and the reason for the application. Authorized personnel review the operation request based on the reason and relevant security policies and make an approval decision. The approval result is returned to the operator through the Vault Authentication Module. If the approval is successful, the operator will gain permission to perform the highly sensitive operation; if the approval fails, the operation request will be rejected.

[0074] However, the existing vault model has the following obvious drawbacks:

[0075] 1. Misjudgment Issue: The vault approval process relies entirely on manual authorization. Authorizing personnel must review operational applications based on their own experience and judgment. Due to the complexity of highly sensitive operations and the large amount of related information, authorizing personnel are prone to misjudgments due to negligence or errors in judgment, thereby increasing security risks. Therefore, this method, which relies entirely on human judgment, is not only prone to subjective bias but may also affect the accuracy of approvals due to the excessive amount of information processed.

[0076] 2. Efficiency Issues: The approval process requires manual intervention, resulting in lengthy approval times. In cases of urgent operations or batch processing, the approval process may fail to respond promptly, causing system delays and impacting overall system efficiency.

[0077] 3. Security issues: Currently, vaults are often audited only after operations are completed, making it impossible to conduct risk assessments during the operation. This post-operation auditing model means that the relevant review and handling are only carried out after the operation has been performed and the loss has occurred, which cannot effectively prevent and respond to potential high-sensitivity operational risks in a timely manner.

[0078] Based on this, this application proposes a sensitive operation approval decision system according to the first embodiment, please refer to... Figure 2 The sensitive operation approval decision system may include an operation application module 10, an intelligent approval agent 20, a risk assessment agent 30, and an authorization decision agent 40; the input end of the intelligent approval agent 20 is connected to the first output end of the operation application module 10, the input end of the risk assessment agent 30 is connected to the second output end of the operation application module 10, and the input end of the authorization decision agent 40 is connected to the output ends of the intelligent approval agent 20 and the risk assessment agent 30.

[0079] The operation application module 10 is used to obtain the sensitive operation data of the target operator after receiving a sensitive operation request from the target operator; the sensitive operation data includes operator information, historical operation data, the operation content of the current sensitive operation and the reason for the application;

[0080] The intelligent approval agent 20 is used to determine the degree of matching between the operation content and the application reason, and to score the rationality of the current sensitive operation.

[0081] Risk assessment agent 30 is used to perform security risk analysis based on operation content, operator information and historical operation data, and generate a security risk score for the current sensitive operation.

[0082] Authorization decision-making agent 40 is used to determine the approval decision score of the current sensitive operation based on the operation rationality score and security risk score, and to determine the approval result of the current sensitive operation based on the approval decision score of the current sensitive operation.

[0083] It should be noted that the target operator is the person who needs to apply for a sensitive operation. The number of target operators can be one or more; this embodiment does not impose a specific limitation. The current sensitive operation is the sensitive operation that the target operator is currently applying to perform. The operation content includes a detailed description of the operation to be performed, covering the specific actions and involved objects; the application reason includes a description of the reasons given by the operator, which requires the operator to elaborate on the background and purpose of the operation, i.e., to clarify why the operation needs to be performed. Operator information refers to the relevant user information of the target operator, which may include, but is not limited to, user ID (Identity document), username, position, department, operation permissions, authentication status, operation type, operation target, operation time, and operation source IP (Internet Protocol), etc. This embodiment does not impose a specific limitation; historical operation data includes all historical operation logs associated with the target operator's user ID. Each historical operation log should completely record the previous operation content, application reason, operator information, and final approval result.

[0084] Understandably, the operation application module 10, as the front-end module of the sensitive operation approval decision-making system, is responsible for collecting sensitive operation requests from operators and obtaining sensitive operation data from operators to transmit to the subsequent intelligent approval agent 20 and risk assessment agent 30. Thus, the operation application module 10 provides basic data support for subsequent processes. To ensure the comprehensiveness and accuracy of operation application records, the operation application module 10 needs to collect four types of data: operator information, historical operation data, operation content, and application reason.

[0085] In one feasible implementation, to ensure the data integrity and security of the operation application module 10 during the data transmission process, the operation application module 10 can perform structured processing of the acquired data in JSON (JavaScript Object Notation) format and securely transmit the data to the intelligent approval agent 20 and the risk assessment agent 30 through a secure interface (such as a TLS (Transport Layer Security) encrypted channel).

[0086] In one feasible implementation, during the process of determining the approval result of a current sensitive operation based on its approval decision score, the following steps can be taken: First, compare the current sensitive operation's approval decision score with a first preset score and a second preset score. If the current sensitive operation's approval decision score is greater than or equal to the first preset score, it indicates that the application for the current sensitive operation complies with the vault's security standards and business rules, and most similar historical sensitive operations have been approved. In this case, the approval result for the current sensitive operation can be determined as an "approved" decision. If the current sensitive operation's approval decision score is less than or equal to the second preset score, it indicates that the application for the current sensitive operation does not comply with the vault's security standards and business rules, or most similar historical sensitive operations have been rejected. In this case, the approval result for the current sensitive operation can be determined as a "rejected" decision. If the current sensitive operation's approval decision score is greater than the second preset score but less than the first preset score, it indicates that the current sensitive operation has a certain degree of rationality, but the degree of risk is uncertain or controversial, and there are no similar operations in historical cases or the final decision cannot be determined. In this case, the approval result for the current sensitive operation can be determined as a "pending manual review" decision.

[0087] The first and second preset scores can be dynamically set and adjusted by the authorized decision-making agent 40 according to specific circumstances to adapt to different security strategies and business needs.

[0088] Understandably, when the approval result of the current sensitive operation is determined to be "approved" or "rejected", the target operator can be directly allowed or denied to execute the current sensitive operation according to the approval result. When the approval result of the current sensitive operation is determined to be "pending manual review", the sensitive operation data and the approval decision score of the current sensitive operation need to be sent to the authorized personnel. After the authorized personnel make a decision, the operation is executed according to the decision result of the authorized personnel. The decision result of the authorized personnel and the analysis report can be stored in the long-term memory module connected to the authorized decision-making intelligent agent 40 for future decision-making judgments of the authorized decision-making intelligent agent 40.

[0089] This embodiment establishes an operation application module 10, an intelligent approval agent 20, a risk assessment agent 30, and an authorization decision agent 40. When an operator applies for a sensitive operation, the operation application module 10 automatically acquires relevant sensitive operation data. Furthermore, the intelligent approval agent 20 determines the degree of matching between the operation content in the sensitive operation data and the application reason, automatically assessing the rationality of the applied sensitive operation and obtaining an operation rationality score. Simultaneously, the risk assessment agent 30 uses the operation content, operator information, and historical operation data from the sensitive operation data to automatically perform a security analysis of the current sensitive operation, determining its security risk score. Finally, the authorization decision agent 40 uses the operation rationality score and the security risk score to determine the approval decision score for the current sensitive operation, thereby determining the approval result.

[0090] In summary, this embodiment provides a system for automatically approving sensitive operations performed by operators. Compared with conventional technologies that rely on manual authorization and approval, this system is not only more efficient in its approval process, but also takes into account the rationality and safety risks of sensitive operations during the approval process. This can, to a certain extent, avoid the problem of releasing high-risk operations. Therefore, the approval accuracy of this embodiment is also relatively high.

[0091] For example, to aid in understanding the sensitive operation approval decision system of this embodiment, please refer to the overall implementation architecture after combining the above-described embodiments. Figure 3 , specifically:

[0092] When an operator intends to perform a sensitive operation on critical resources, vault authentication is triggered, and the operator is required to provide a reason for the operation. After the operator completes the reason, the operation application module 10 receives the sensitive operation request from the operator and obtains the sensitive operation data, which is then transmitted to the intelligent approval agent 20 and the risk assessment agent 30. The intelligent approval agent 20 determines the degree of matching between the operation content in the sensitive operation data and the reason for the application, as a score for the reasonableness of the current sensitive operation. The risk assessment agent 30 uses the operation content in the sensitive operation data, operator information, and historical operation data to assess the security of the current sensitive operation. The system analyzes the data to determine the security risk score of the current sensitive operation. The authorization decision agent 40 receives the operation rationality score output by the intelligent approval agent 20 and the security risk score output by the risk assessment agent 30, and uses both to determine the approval decision score of the current sensitive operation, thereby determining the approval result of the current sensitive operation. If the approval result is "approved", the operator can be allowed to execute the current sensitive operation. If the approval result is "rejected", the operator can be refused to execute the current sensitive operation. If the approval result is "pending review", the sensitive operation data and the approval decision score of the current sensitive operation can be sent to the authorized personnel for manual review.

[0093] Based on the first embodiment described above, a second embodiment of the sensitive operation approval decision system of this application is proposed. For the second embodiment, please refer to... Figure 4 The sensitive operation approval decision system may also include a natural language processing tool 201 and an operation application matching tool 202, and the intelligent approval agent 20 connects the natural language processing tool 201 and the operation application matching tool 202.

[0094] The intelligent approval agent 20 is also used for:

[0095] Receive the operation content and application reason output by the operation application module 10;

[0096] The Natural Language Processing Tool 201 is invoked to perform semantic analysis on the operation content and the application reason to determine the operational intent and key application reason of the current sensitive operation.

[0097] Invoke the operation application matching tool 202 to determine the degree of matching between the operation intent and the key reasons for the application, which will be used as the degree of matching between the operation content and the reasons for the application.

[0098] It should be noted that the operation content describes the specific operation to be performed by the operator, such as "deleting the user data table"; the application reason explains the reason and rationale for the operator to perform the current sensitive operation, such as "in order to comply with data privacy protection and rationality requirements, it is necessary to delete the user data table that is no longer in use".

[0099] In addition, it should be noted that the intelligent approval agent 20 can connect to the natural language processing tool 201 and the operation application matching tool 202 through the call interface of a specific API (Application Programming Interface), or can also connect to the natural language processing tool 201 and the operation application matching tool 202 through the call interface of the RPC (Remote Procedure Call) framework, and can also connect to the natural language processing tool 201 and the operation application matching tool 202 through the interface of the middleware. This embodiment does not make specific limitations in this regard.

[0100] It can be understood that the intelligent approval agent 20 realizes a fully automated process for operation application parsing, intent recognition, and score generation by decomposing the approval task into four subtasks: operation parsing, intent recognition, content matching, and score generation, and respectively using the natural language processing tool 201 and the operation application matching tool 202 to execute each subtask.

[0101] In a feasible implementation manner, the natural language processing tool 201 is used for:

[0102] Preprocess the operation content and application reason to obtain the preprocessed operation content and application reason;

[0103] Input the preprocessed operation content and application reason into the large language model associated with the natural language processing tool 201 respectively to determine the operation intent of the current sensitive operation and the key application reason.

[0104] It should be noted that the purpose of preprocessing the operation content and application reason is to convert the operation content and application reason into a form that can be processed by a computer. In the process of preprocessing the operation content and application reason, first, it is necessary to perform word segmentation on the operation content and application reason to decompose them into basic semantic units. Specifically: the natural language processing tool 201 can use a word segmentation tool and combine a probabilistic statistical method based on the hidden Markov model to perform word segmentation on the operation content and application reason to segment the operation content and application reason into words (Tokens), and identify and filter out common Chinese stop words (such as "de", "le", "zai", etc.). Then, the natural language processing tool 201 can use a part-of-speech tagging tool to assign corresponding part-of-speech tags to each Token after word segmentation, such as verb (v), noun (n), adjective (a), preposition (p), etc. These part-of-speech tags provide the necessary syntactic structure information for subsequent intent recognition and extraction of key application reasons.

[0105] Additionally, it should be noted that the large language model associated with the natural language processing tool 201 can include a joint intent recognition sub-model and a key reason extraction sub-model. The joint intent recognition sub-model can extract the operational intent of the operation content, while the key reason extraction sub-model can extract the key reasons for the application. In the process of inputting the preprocessed operation content and application reasons into the large language model associated with the natural language processing tool 201 to determine the operational intent and key reasons for the current sensitive operation, firstly, the segmented token sequence and its part-of-speech tags are integrated into a standard input format, such as "[delete / v, user / n, data table / n]". Then, the embedding layer in the large language model associated with the natural language processing tool 201 is called to convert the standardized input into a high-dimensional semantic embedding vector, obtaining the semantic embedding vector of the operation content and the semantic embedding vector of the application reason. The embedding layer of the large language model can map each token to a high-dimensional vector space, and the resulting vectors can contain not only the semantic information of the words but also their contextual information within the surrounding text. Next, the semantic embedding vectors of the operation content and the semantic embedding vectors of the application reason will be input into the joint model associated with the large language model to obtain the intent category and its confidence level of the operation content, as well as the key topic and its confidence level of the application reason. Then, by using the intent category and its confidence level of the operation content, the operation intent of the operation content can be determined, and by using the key topic and its confidence level of the application reason, the key application reason can be determined.

[0106] The joint model combines a multilayer perceptron and a Transformer architecture. The input layer of the joint model receives semantic embedding vectors from a large language model, the hidden layer further extracts complex semantic features and contextual information through a multi-head self-attention mechanism and a non-linear activation function, and the output layer uses the Softmax function (normalized exponential function) to generate probability distributions for different intent categories and key topics.

[0107] To improve the accuracy of the joint model in operational application scenarios, the model can be fine-tuned during training, and joint training can be performed using labeled operational intent datasets and application-related reason datasets. Model parameters can also be optimized through backpropagation to minimize the cross-entropy loss in a multi-task learning framework. The model can calculate scores for each intent category and reason topic through forward propagation, and use a softmax function to convert these scores into a probability distribution. Each output neuron can represent the confidence level of the corresponding category or topic.

[0108] In one feasible implementation, the application matching tool 202 is used to:

[0109] Based on the large language model associated with the operation application matching tool 202, semantic embedding processing is performed on the operation intention and the key reasons for the application to obtain the embedding vector of the operation intention and the embedding vector of the key reasons for the application.

[0110] The similarity between the embedding vector of the operational intent and the embedding vector of the key justification for the application is determined as the degree of matching between the operational intent and the key justification for the application.

[0111] It should be noted that cosine similarity can be used as the similarity between the embedding vector of the operational intent and the embedding vector of the key justification for the application. Therefore, the process of determining the similarity between the embedding vector of the operational intent and the embedding vector of the key justification for the application can be expressed as the following formula 1:

[0112] Formula 1;

[0113] in, The similarity between the embedding vector of the operational intent and the embedding vector of the key justification for the application. The embedding vector of the operational intent. The embedding vector of the key reasons for the application. The magnitude of the embedding vector representing the operational intent. The magnitude of the embedding vector for the key reasons for the application.

[0114] In one feasible implementation, to enhance the long-term optimization capability of the intelligent matching agent 20, the determined operational intent, key application reasons, embedding vectors of the operational intent and key application reasons, and operational rationality scores can all be stored in the long-term memory module connected to the intelligent matching agent 20 (a vector database can be used to ensure rapid data retrieval and continuous optimization). Through long-term memory data storage and management, the intelligent approval agent 20 can better support future approval processes, thereby optimizing the approval efficiency of the intelligent approval agent 20.

[0115] Based on the first and / or second embodiments described above, a third embodiment of the sensitive operation approval decision system of this application is proposed. In the third embodiment, please refer to... Figure 5 The sensitive operation approval decision system may also include a behavior baseline construction tool 301 and an anomaly risk assessment tool 302, and the risk assessment agent 30 connects the behavior baseline construction tool 301 and the anomaly risk assessment tool 302.

[0116] Risk assessment agent 30 is also used for:

[0117] Receive the operation content, operator information, and historical operation data output by the operation request module;

[0118] The behavior baseline construction tool 301 is invoked to construct a behavior baseline model for the target operator based on historical operation data;

[0119] The abnormal risk assessment tool 302 is invoked to perform feature extraction and feature fusion processing on the operation content and operator information to obtain the current behavior feature vector of the target operator. The current behavior feature vector is then input into the behavior baseline model to obtain the reconstruction error of the current sensitive operation.

[0120] The absolute value of the difference between the reconstruction error and the preset error threshold is calculated to obtain the security risk score of the current sensitive operation.

[0121] It should be noted that the preset error threshold can be used as a basis for judging whether the current sensitive operation is abnormal. Specifically, when the reconstruction error is less than or equal to the preset error threshold, it can be considered a normal operation; when the reconstruction error is greater than the preset error threshold, it can be considered an abnormal operation. The preset error threshold can be a default value or can be flexibly set by the user according to the actual situation. This embodiment does not impose specific limitations on it. For example, it can be determined using the mean and standard deviation of the reconstruction error defined by the behavioral baseline model, as well as the coefficient values ​​determined by the risk assessment agent 30. The specific determination process can be expressed as the following formula 2:

[0122] Formula 2;

[0123] in, To preset the error threshold, The mean of the reconstruction error defined by the behavioral baseline model. The standard deviation of the reconstruction error is defined by the behavioral baseline model, and k is a coefficient value determined by the risk assessment agent 30.

[0124] Additionally, it should be noted that the current behavior feature vector represents the comprehensive behavioral performance of the target operator in terms of operation type, time, and geographical location for the current sensitive operation to be performed. During the feature extraction and fusion process of operation content and operator information, three types of features can be extracted: operation features, time features, and geographical features. Then, the extracted features are fused to obtain the target operator's current behavior feature vector.

[0125] In addition, it should be noted that the risk assessment agent 30 can connect to the behavior baseline construction tool 301 and the anomaly risk assessment tool 302 through a specific API call interface, or through the call interface of the RPC framework, or through the middleware interface. This embodiment does not make specific limitations on this.

[0126] Understandably, the risk assessment agent 30 decomposes the risk assessment task into two sub-tasks: behavioral baseline construction and abnormal risk detection. It then uses the behavioral baseline construction tool 301 and the abnormal risk assessment tool 302 to execute each sub-task, thereby achieving a fully automated risk assessment process.

[0127] In one feasible implementation, the behavior baseline construction tool 301 is used for:

[0128] Preprocess the historical operation data to obtain the record data of all historical sensitive operations of the target operator from the historical operation data;

[0129] Feature extraction and feature fusion are performed on the recorded data of each historical sensitive operation to obtain the feature vectors of each historical behavior of the target operator.

[0130] Based on the feature vectors of each historical behavior, the pre-set deep autoencoder model is iteratively trained to obtain the behavior baseline model.

[0131] It should be noted that in the process of preprocessing historical operation data to obtain the record data of all historical sensitive operations of the target operator, the user ID of the target operator can be used first to filter out the historical operation logs associated with that user ID from the historical operation data; then, using the set sensitive operation judgment criteria or rules, the operation recorded in each historical operation log associated with that user ID can be analyzed to see if it is a sensitive operation; then, the historical operation logs whose recorded operations are sensitive operations are used as the record data of the target operator's historical sensitive operations.

[0132] Additionally, it should be noted that the historical behavior feature vector represents the comprehensive behavioral performance of the target operator regarding the historically sensitive operations performed, in terms of operation type, time, and geographical location. In the process of feature extraction and feature fusion processing of the recorded data for each historically sensitive operation to obtain the target operator's historical behavior feature vectors, three types of features can be extracted: operation features, time features, and geographical features. Operation features describe the specific operation behavior and its type performed by the user, and may include the operation type and operation target. Time features describe the time and frequency of the user's operation to reflect the user's time patterns and behavioral regularities, and may include the operation time and operation frequency. Geographical features describe the source location of the user's operation and identify whether there are any geographical location anomalies; they may include the geographical location information resolved from the operation's source IP address. After completing the feature extraction processing, for any historically sensitive operation, the corresponding operation features, time features, and geographical features can be standardized to transform data from different scales to the same scale. Then, the standardized features are concatenated to fuse the features and obtain the target operator's historical behavior feature vector under that historically sensitive operation.

[0133] Furthermore, it's important to note that a deep autoencoder is a neural network structure consisting of an encoder and a decoder. It compresses high-dimensional input data into a low-dimensional representation, then reconstructs the high-dimensional data from the low-dimensional representation, learning the intrinsic representation of the data by minimizing the reconstruction error. A deep autoencoder consists of four parts: an input layer, an encoder, a decoder, and an output layer. The input layer receives the feature vectors of each historical behavior; the encoder, composed of multiple fully connected layers, compresses the high-dimensional input data (i.e., the feature vectors of each historical behavior) into a low-dimensional space by progressively reducing the number of neurons layer by layer; the decoder has a structure symmetrical to the encoder, and it decodes the low-dimensional representation layer by layer back to the original high-dimensional data; the output layer has the same dimension as the input layer and is used to reconstruct the feature vectors of each historical behavior input.

[0134] In this context, the mean squared error (MSE) can be used to calculate the model reconstruction error in the deep autoencoder, as shown in Formula 3 below:

[0135] Formula 3;

[0136] Where n is the total number of historical behavior feature vectors, Let i be the feature vector of the i-th historical behavior. This represents the i-th reconstructed output after passing through the encoder and decoder. During training, the goal is to minimize... and To reduce the reconstruction error between different user behaviors, deep autoencoder models can employ gradient descent optimization algorithms to continuously optimize the neural network parameters, thereby decreasing the reconstruction error. During this process, the deep autoencoder model effectively learns the user's normal operational behavior patterns and establishes a baseline of normal user behavior. Therefore, after model training, the reconstruction error of the trained model for normal operational data is typically small. Thus, the distribution of reconstruction error can serve as a metric for the user behavior baseline.

[0137] In one feasible implementation, after determining the security risk score, the anomaly risk assessment tool 302 can also construct a detailed prompt based on the security risk score, operation content, and operator information through prompting engineering. This prompt transmits key information such as the security risk score, operation content, and operation information to the large language model associated with the anomaly risk assessment tool 302. Based on this, the prompt guides the large language model associated with the anomaly risk assessment tool 302 to generate a natural language text as a risk assessment report, describing the security risks of the current sensitive operation.

[0138] In one feasible implementation, to enhance the long-term optimization capability of the risk assessment agent 30, the aforementioned determined behavioral baseline model, current behavioral feature vector, security risk score, and risk assessment report can all be stored in the long-term memory module connected to the risk assessment agent 30 (a vector database can be used to ensure rapid data retrieval and continuous optimization), so that the risk assessment agent 30 can refer to security risk assessments and optimize risk assessment strategies in the future.

[0139] Based on the first, second, and / or third embodiments described above, a fourth embodiment of the sensitive operation approval decision system of this application is proposed. In the fourth embodiment, please refer to... Figure 6 The sensitive operation approval decision system may also include a decision support tool 401 and a historical matching tool 402, and the authorized decision intelligent agent 40 connects the decision support tool 401 and the historical matching tool 402.

[0140] The authorized decision-making agent 40 is also used for:

[0141] Obtain the operational rationality score output by the intelligent approval agent and the security risk score output by the risk assessment agent;

[0142] The decision support tool 401 is invoked to conduct a comprehensive analysis of the operational rationality score and the safety risk score, thereby obtaining a comprehensive decision score for the current sensitive operation.

[0143] Call the historical matching tool 402 to obtain all historical sensitive operations that are similar to the current sensitive operation, and use them as target sensitive operations. Based on the comprehensive decision score of each target sensitive operation and the similarity between each target sensitive operation and the current sensitive operation, determine the total historical decision score.

[0144] The overall decision score of the current sensitive operation and the total historical decision score are weighted to obtain the approval decision score of the current sensitive operation.

[0145] It should be noted that when calling the historical matching tool 402 to obtain historical sensitive operations similar to the current sensitive operation, if the authorization decision agent 40 is connected to a long-term memory module, the historical matching tool 402 can directly obtain historical sensitive operations similar to the current sensitive operation from the long-term memory module connected to the authorization decision agent 40; alternatively, it can obtain historical sensitive operations similar to the current sensitive operation from an external database. This embodiment does not specifically limit this. The process of weighting the comprehensive decision score of the current sensitive operation and the total historical decision score to obtain the approval decision score of the current sensitive operation can be expressed as the following formula 4:

[0146] Formula 4;

[0147] in, Score the approval decisions for currently sensitive operations. A comprehensive decision-making score for the current sensitive operations. The weighting of the overall decision score for the current sensitive operations. The overall score for historical decisions, The weighting of the overall historical decision score. The weighting of the overall decision score for current sensitive operations. It can be dynamically adjusted by the authorized decision-making agent 40, whose default value is 0.5.

[0148] Additionally, it should be noted that the authorized decision-making agent 40 can connect to the decision support tool 401 and the historical matching tool 402 through a specific API call interface, or through the call interface of the RPC framework, or through the middleware interface. This embodiment does not specifically limit this.

[0149] Understandably, the authorized decision-making agent 40 decomposes the authorized decision-making task into two sub-tasks: final decision support and historical data comparison, and executes each sub-task using the decision support tool 401 and the historical matching tool 402 respectively, thereby realizing a fully automated process of comprehensive analysis and decision generation.

[0150] In addition, in other embodiments, in order to obtain approval results more quickly, the historical decision total score may be disregarded, and the comprehensive decision score of the current sensitive operation may be directly used as the approval decision score of the current sensitive operation.

[0151] In one feasible implementation, decision support tool 401 is used for:

[0152] The operational rationality score and safety risk score are standardized to obtain the standardized operational rationality score and safety risk score;

[0153] The standardized operational rationality score and safety risk score are weighted to obtain a comprehensive decision score for the current sensitive operation.

[0154] It should be noted that the purpose of standardizing the operational rationality score and the safety risk score is to convert them to the same scale. A higher operational rationality score indicates a more reasonable operation, while a higher safety risk score indicates a greater deviation from normal behavior, i.e., a higher degree of risk. Therefore, in the process of weighting the standardized operational rationality score and the safety risk score to obtain the comprehensive decision score for the current sensitive operation, the first decision sub-score is obtained by multiplying the weight corresponding to the operational rationality score with the standardized operational rationality score, and the second decision sub-score is obtained by multiplying the weight corresponding to the safety risk score with the complementary value of the standardized safety risk score. The sum of the first and second decision sub-scores is then calculated to obtain the comprehensive decision score for the current sensitive operation. The above process can be represented by the following formula 5.

[0155] Formula 5;

[0156] in, A comprehensive decision-making score for the current sensitive operations. To score the reasonableness of the operation, The weights corresponding to the operational rationality score. To score safety risks, As complementary values ​​to the safety risk score, The weights corresponding to the safety risk score and the operational rationality score. The weight can be set according to the system's security policy and business needs, and the authorization decision-making agent 40 can also dynamically adjust the weight according to the actual scenario. The weights corresponding to the operational rationality score during system initialization. It can be set to 0.5 by default.

[0157] Additionally, it should be noted that the comprehensive decision-making score for the current sensitive operation quantifies the rationality and risk level of the current sensitive operation.

[0158] In one feasible implementation, the history matching tool 402 is used for:

[0159] Determine the operation feature vector of the current sensitive operation;

[0160] Determine the similarity between the operation feature vectors of each historical sensitive operation recorded in the long-term memory module and the operation feature vector of the current sensitive operation, and use this similarity as the similarity between each historical sensitive operation and the current sensitive operation.

[0161] Based on the similarity between each historical sensitive operation and the current sensitive operation, a preset number of historical sensitive operations are obtained in descending order and used as the target sensitive operations.

[0162] The weight of each target sensitive operation is determined based on its similarity to the current sensitive operation.

[0163] Calculate the product of the weight of each target-sensitive operation and the comprehensive decision score of each target-sensitive operation to obtain the historical decision sub-score;

[0164] The total historical decision score is obtained by summing the scores of each historical decision sub-score.

[0165] It should be noted that the operational feature vector of the current sensitive operation can be constructed using key features from the application for the current sensitive operation. These key features may include operation type, operation time, operator, and application reason. Based on this, when determining the operational feature vector of the current sensitive operation, a detailed prompt can be constructed using prompt engineering. Then, the operation application information of the current sensitive operation is passed to the large language model associated with the historical matching tool 402. The constructed prompt will guide the large language model to generate a standardized natural language text and convert this text into a high-dimensional semantic vector. This high-dimensional semantic vector is the operational feature vector of the current sensitive operation.

[0166] Additionally, it should be noted that cosine similarity can be used as the similarity between the operation feature vectors of each historical sensitive operation recorded in the long-term memory module and the operation feature vector of the current sensitive operation. Therefore, the process of determining the similarity between the operation feature vectors of each historical sensitive operation recorded in the long-term memory module and the operation feature vector of the current sensitive operation can be expressed as the following formula 6:

[0167] Formula 6;

[0168] in, This represents the similarity between the feature vectors of historically sensitive operations and the feature vectors of current sensitive operations. This is the operation feature vector of the current sensitive operation. This is the operation feature vector of historically sensitive operations. Let be the magnitude of the feature vector of the current sensitive operation. The modulus of the operation feature vector for history-sensitive operations.

[0169] Furthermore, it should be noted that the preset quantity can be a default value, such as 10, or it can be flexibly set by the user according to the actual situation. This embodiment does not impose a specific limitation on this. In other feasible implementations, each historical sensitive operation with a similarity greater than a preset similarity threshold can also be used as each target sensitive operation. This embodiment does not impose a specific limitation on this. The preset similarity threshold is a default value and can be flexibly set by the user according to the actual situation. This embodiment does not impose a specific limitation on this.

[0170] In one feasible implementation, the process of determining the weight of each target sensitive operation based on the similarity between each target sensitive operation and the current sensitive operation can be expressed as the following formula 7:

[0171] Formula 7;

[0172] in, Let i be the weight of the target-sensitive operation. Let be the similarity between the i-th target sensitive operation and the current sensitive operation. The sum of similarity between all target sensitive operations and the current sensitive operation, where m is the preset number.

[0173] In one feasible implementation, to enhance the long-term optimization capability of the authorization decision-making agent 40, the approval decision score and approval result determined above can be stored in the long-term memory module connected to the authorization decision-making agent 40 (a vector database can be used to ensure fast data retrieval and continuous optimization) for future decision-making by the authorization decision-making agent 40.

[0174] This application also provides a sensitive operation approval decision method. Please refer to... Figure 7 The sensitive operation approval decision-making method may include steps S10~S40:

[0175] Step S10: After receiving a sensitive operation request from the target operator, obtain the sensitive operation data of the target operator; the sensitive operation data includes operator information, historical operation data, the operation content of the current sensitive operation and the reason for the request;

[0176] Step S20: Determine the degree of matching between the operation content and the application reason, as the operation rationality score of the current sensitive operation;

[0177] Step S30: Perform a safety risk analysis based on the operation content, operator information, and historical operation data to generate a safety risk score for the current sensitive operation;

[0178] Step S40: Determine the approval decision score for the current sensitive operation based on the operation rationality score and the security risk score, and determine the approval result for the current sensitive operation based on the approval decision score for the current sensitive operation.

[0179] In one embodiment, step S20 may include steps S21 to S23:

[0180] Step S21: Receive the operation content and application reason output by the operation application module;

[0181] Step S22: Invoke natural language processing tools to perform semantic analysis on the operation content and application reasons respectively, in order to determine the operation intent and key application reasons of the current sensitive operation;

[0182] Step S23: Invoke the operation application matching tool to determine the degree of matching between the operation intention and the key reasons for the application, which is used as the degree of matching between the operation content and the reasons for the application.

[0183] In one embodiment, step S22 may include steps S221 to S222:

[0184] Step S221: Preprocess the operation content and application reasons to obtain the preprocessed operation content and application reasons;

[0185] Step S222: Input the preprocessed operation content and application reasons into the large language model associated with the natural language processing tool to determine the operation intent and key application reasons of the current sensitive operation.

[0186] In one embodiment, step S23 may include steps S231-S232:

[0187] Step S231: Based on the large language model associated with the operation application matching tool, perform semantic embedding processing on the operation intent and the key reasons for the application to obtain the embedding vector of the operation intent and the embedding vector of the key reasons for the application.

[0188] Step S232: Determine the similarity between the embedding vector of the operational intent and the embedding vector of the key application reason, as the degree of matching between the operational intent and the key application reason.

[0189] In one embodiment, S30 may include steps S31 to S34:

[0190] Step S31: Receive the operation content, operator information, and historical operation data output by the operation request module;

[0191] Step S32: Invoke the behavior baseline construction tool to construct a behavior baseline model for the target operator based on historical operation data;

[0192] Step S33: Call the abnormal risk assessment tool to perform feature extraction and feature fusion processing on the operation content and operator information to obtain the current behavior feature vector of the target operator, and input the current behavior feature vector into the behavior baseline model to obtain the reconstruction error of the current sensitive operation;

[0193] Step S34: Calculate the absolute value of the difference between the reconstruction error and the preset error threshold to obtain the security risk score of the current sensitive operation.

[0194] In one embodiment, step S34 may include steps S341 to S343:

[0195] Step S341: Preprocess the historical operation data to obtain the record data of all historical sensitive operations of the target operator from the historical operation data;

[0196] Step S342: Perform feature extraction and feature fusion processing on the recorded data of each historical sensitive operation to obtain the feature vectors of each historical behavior of the target operator.

[0197] Step S343: Based on the historical behavior feature vectors, iteratively train the preset deep autoencoder model to obtain the behavior baseline model.

[0198] In one embodiment, step S40 may include steps S41 to S44:

[0199] Step S41: Obtain the operation rationality score output by the intelligent approval agent and the security risk score output by the risk assessment agent;

[0200] Step S42: Call the decision support tool to conduct a comprehensive analysis of the operation rationality score and safety risk score to obtain the comprehensive decision score of the current sensitive operation;

[0201] Step S43: Call the historical matching tool to obtain each historical sensitive operation similar to the current sensitive operation, and use them as each target sensitive operation. Based on the comprehensive decision score of each target sensitive operation and the similarity between each target sensitive operation and the current sensitive operation, determine the total historical decision score.

[0202] Step S44: Weight the comprehensive decision score of the current sensitive operation and the total historical decision score to obtain the approval decision score of the current sensitive operation.

[0203] In one embodiment, step S42 may include steps S421-S422:

[0204] Step S421: Standardize the operation rationality score and safety risk score to obtain the standardized operation rationality score and safety risk score.

[0205] Step S422: The standardized operational rationality score and safety risk score are weighted to obtain the comprehensive decision score for the current sensitive operation.

[0206] In one embodiment, step S43 may include steps S431 to S436:

[0207] Step S431: Determine the operation feature vector of the current sensitive operation;

[0208] Step S432: Determine the operation feature vectors of each historical sensitive operation recorded in the long-term memory module, and the similarity between each operation feature vector and the operation feature vector of the current sensitive operation, as the similarity between each historical sensitive operation and the current sensitive operation;

[0209] Step S433: Based on the similarity between each historical sensitive operation and the current sensitive operation, obtain a preset number of historical sensitive operations in descending order, and use them as target sensitive operations.

[0210] Step S434: Determine the weight of each target sensitive operation based on the similarity between each target sensitive operation and the current sensitive operation;

[0211] Step S435: Calculate the product of the weight of each target-sensitive operation and the comprehensive decision score of each target-sensitive operation to obtain the historical decision sub-score;

[0212] Step S436: Calculate the sum of the scores of each historical decision sub-score to obtain the total historical decision score.

[0213] The sensitive operation approval decision-making method provided in this application can improve the efficiency and accuracy of approving sensitive operations performed by operators. Compared with the prior art, the beneficial effects of the sensitive operation approval decision-making method provided in this application are the same as those of the sensitive operation approval decision-making system provided in the above embodiments, and will not be repeated here.

[0214] This application also provides a computer-readable storage medium storing a computer program that can run on a processor. The computer program is used to execute the sensitive operation approval decision method in the above embodiments.

[0215] The computer-readable storage medium provided in this application embodiment may be, for example, a USB flash drive, but is not limited to, electrical, magnetic, optical, electromagnetic, infrared, or semiconductor systems or devices, or any combination thereof. More specific examples of computer-readable storage media may include, but are not limited to: electrical connections with one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fibers, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination thereof. In this embodiment, the computer-readable storage medium may be any tangible medium containing or storing a program that can be used by or in conjunction with an instruction execution system, system, or device. The program code contained on the computer-readable storage medium may be transmitted using any suitable medium, including but not limited to: wires, optical cables, RF (Radio Frequency), etc., or any suitable combination thereof.

[0216] The aforementioned computer-readable storage medium may be included in the sensitive operation approval decision system; or it may exist independently and not be assembled into the sensitive operation approval decision system.

[0217] The aforementioned computer-readable storage medium carries one or more programs. When these programs are executed by the sensitive operation approval decision system, the sensitive operation approval decision system: upon receiving a sensitive operation request from a target operator, acquires the target operator's sensitive operation data; the sensitive operation data includes operator information, historical operation data, the operation content of the current sensitive operation, and the reason for the application; determines the degree of matching between the operation content and the reason for the application, as a score for the reasonableness of the current sensitive operation; performs a security risk analysis based on the operation content, operator information, and historical operation data, and generates a security risk score for the current sensitive operation; determines the approval decision score for the current sensitive operation based on the reasonableness score and the security risk score, and determines the approval result for the current sensitive operation based on the approval decision score for the current sensitive operation.

[0218] Computer program code for performing the operations of this disclosure can be written in one or more programming languages ​​or a combination thereof, including object-oriented programming languages ​​such as Java, Smalltalk, and C++, and conventional procedural programming languages ​​such as the "C" language or similar programming languages. The program code can be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving remote computers, the remote computer can be connected to the user's computer via any type of network—including a local area network (LAN) or a wide area network (WAN)—or can be connected to an external computer (e.g., via the Internet using an Internet service provider).

[0219] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of this application. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.

[0220] The modules described in the embodiments of this application can be implemented in software or hardware. The names of the modules do not necessarily limit the functionality of the unit itself.

[0221] The computer-readable storage medium provided in this application embodiment stores computer-readable program instructions for executing the above-described sensitive operation approval decision method, which can improve the efficiency and accuracy of approval for sensitive operations performed by operators. Compared with the prior art, the beneficial effects of the computer-readable storage medium provided in this application embodiment are the same as the beneficial effects of the sensitive operation approval decision method provided in the above embodiments, and will not be repeated here.

[0222] This application also provides a computer program product, including a computer program that, when executed by a processor, implements the steps of the sensitive operation approval decision method described above.

[0223] The computer program product provided in this application can improve the efficiency and accuracy of approving sensitive operations performed by operators. Compared with the prior art, the beneficial effects of the computer program product provided in this application are the same as those of the sensitive operation approval decision-making method provided in the above embodiments, and will not be repeated here.

[0224] The above are merely preferred embodiments of this application and do not limit the patent scope of this application. Any equivalent structural or procedural transformations made using the content of this application's specification and drawings, or direct or indirect applications in other related technical fields, are similarly included within the patent scope of this application.

Claims

1. A sensitive operation approval decision-making system, characterized in that, The sensitive operation approval decision system includes: The operation application module is used to obtain the sensitive operation data of the target operator after receiving a sensitive operation request from the target operator; the sensitive operation data includes operator information, historical operation data, the operation content of the current sensitive operation, and the reason for the application; The intelligent approval agent has its input end connected to the first output end of the operation application module, and is used to determine the degree of matching between the operation content and the application reason, as a score of the reasonableness of the current sensitive operation. A risk assessment agent, whose input end is connected to the second output end of the operation application module, is used to perform security risk analysis based on the operation content, the operator information and the historical operation data, and generate a security risk score for the current sensitive operation. An authorization decision-making intelligent agent, the input end of which is connected to the output end of the intelligent approval intelligent agent and the output end of the risk assessment intelligent agent, is used to determine the approval decision score of the current sensitive operation based on the operation rationality score and the security risk score, and to determine the approval result of the current sensitive operation based on the approval decision score of the current sensitive operation; The intelligent approval agent calculates the similarity between the embedding vector of the operation intention and the embedding vector of the key reasons for the application in the application reason according to the first preset algorithm, and uses it as the operation rationality score of the current sensitive operation; The sensitive operation approval decision system also includes decision support tools and historical matching tools, and the authorization decision-making agent connects the decision support tools and the historical matching tools; The authorized decision-making agent is also used for: Obtain the operational rationality score output by the intelligent approval agent and the security risk score output by the risk assessment agent; The decision support tool is invoked to comprehensively analyze the rationality score of the operation and the security risk score according to the second preset algorithm, thereby obtaining a comprehensive decision score for the current sensitive operation. The second preset algorithm is as follows: in, A comprehensive decision score is given for the current sensitive operation. Score the reasonableness of the operation. The weight corresponding to the reasonableness score of the operation. Score the security risks mentioned above. The weight corresponding to the security risk score; The historical matching tool is invoked to calculate the operation feature vectors of each historical sensitive operation recorded in the long-term memory module according to the third preset algorithm, and the similarity between each operation feature vector and the operation feature vector of the current sensitive operation is used as the similarity between each historical sensitive operation and the current sensitive operation. The historical matching tool, based on the similarity between each historical sensitive operation and the current sensitive operation, obtains a preset number of historical sensitive operations in descending order, which are then used as target sensitive operations. The tool also calculates the weight of each target sensitive operation according to a fourth preset algorithm, which is as follows: in, The weight of the i-th target-sensitive operation, Let be the similarity between the i-th target sensitive operation and the current sensitive operation. The sum of similarities between all the target sensitive operations and the current sensitive operation, where m is a preset number; Calculate the product of the weight of each target-sensitive operation and the comprehensive decision score of each target-sensitive operation to obtain each historical decision sub-score; Calculate the sum of the scores of each historical decision sub-score to obtain the total historical decision score; The comprehensive decision score of the current sensitive operation and the total historical decision score are substituted into the fifth preset algorithm to calculate the approval decision score of the current sensitive operation. The fifth preset algorithm is as follows: in, Score the approval decision for the current sensitive operation. A comprehensive decision score is given for the current sensitive operation. The weight of the comprehensive decision score for the current sensitive operation. The total score for the aforementioned historical decisions. The weight is the total score of the historical decisions.

2. The sensitive operation approval decision system as described in claim 1, characterized in that, The sensitive operation approval decision system also includes a natural language processing tool and an operation application matching tool, and the intelligent approval agent connects the natural language processing tool and the operation application matching tool. The intelligent approval agent is also used for: Receive the operation content and the application reason output by the operation application module; The natural language processing tool is invoked to perform semantic analysis on the operation content and the application reason, respectively, in order to determine the operation intent and key application reason of the current sensitive operation. The operation application matching tool is invoked to determine the degree of matching between the operation intent and the key reasons for the application, which is used as the degree of matching between the operation content and the reasons for the application.

3. The sensitive operation approval decision system as described in claim 2, characterized in that, The natural language processing tool is used for: The operation content and the application reason are preprocessed to obtain the preprocessed operation content and application reason; The preprocessed operation content and application reasons are respectively input into the large language model associated with the natural language processing tool to determine the operation intent and key application reasons of the current sensitive operation.

4. The sensitive operation approval decision system as described in claim 2, characterized in that, The operation request matching tool is used for: Based on the large language model associated with the operation application matching tool, semantic embedding processing is performed on the operation intention and the key application reason to obtain the embedding vector of the operation intention and the embedding vector of the key application reason. The similarity between the embedding vector of the operational intent and the embedding vector of the key application reason is determined as the degree of matching between the operational intent and the key application reason.

5. The sensitive operation approval decision system as described in claim 1, characterized in that, The behavior baseline construction tool is used for: The historical operation data is preprocessed to obtain the record data of all historical sensitive operations of the target operator from the historical operation data; Feature extraction and feature fusion are performed on the recorded data of each of the aforementioned historical sensitive operations to obtain the historical behavior feature vectors of the target operator. Based on the aforementioned historical behavior feature vectors, the preset deep autoencoder model is iteratively trained to obtain the behavior baseline model.

6. The sensitive operation approval decision system as described in claim 1, characterized in that, The decision support tool is used for: The operational rationality score and the safety risk score are standardized to obtain standardized operational rationality score and safety risk score; The standardized operational rationality score and security risk score are weighted to obtain the comprehensive decision score for the current sensitive operation.

7. A sensitive operation approval decision-making method, characterized in that, The method includes: Upon receiving a sensitive operation request from a target operator, the system acquires the target operator's sensitive operation data; the sensitive operation data includes operator information, historical operation data, the content of the current sensitive operation, and the reason for the request. The degree of matching between the operation content and the application reason is determined as the operation rationality score of the current sensitive operation; Based on the operation content, the operator information, and the historical operation data, a security risk analysis is performed to generate a security risk score for the current sensitive operation. Based on the operational rationality score and the security risk score, the approval decision score for the current sensitive operation is determined, and based on the approval decision score for the current sensitive operation, the approval result for the current sensitive operation is determined. The step of determining the degree of matching between the operation content and the application reason, and using this as the operation rationality score for the current sensitive operation, includes: The similarity between the embedding vector of the operational intent and the embedding vector of the key reasons for the application in the application reason is calculated according to the first preset algorithm, and is used as the operational rationality score of the current sensitive operation; The step of determining the approval decision score for the current sensitive operation based on the operation rationality score and the security risk score includes: The decision support tool is invoked to comprehensively analyze the rationality score of the operation and the security risk score according to the second preset algorithm, thereby obtaining the comprehensive decision score of the current sensitive operation. The second preset algorithm is as follows: in, A comprehensive decision score is given for the current sensitive operation. Score the reasonableness of the operation. The weight corresponding to the reasonableness score of the operation. Score the security risks mentioned above. The weight corresponding to the security risk score; The historical matching tool is invoked to calculate the operation feature vector of each historical sensitive operation recorded in the long-term memory module according to the third preset algorithm. The similarity between each operation feature vector and the operation feature vector of the current sensitive operation is used as the similarity between each historical sensitive operation and the current sensitive operation. The historical matching tool, based on the similarity between each historical sensitive operation and the current sensitive operation, obtains a preset number of historical sensitive operations in descending order, which are then used as target sensitive operations. The tool also calculates the weight of each target sensitive operation according to a fourth preset algorithm, which is as follows: in, The weight of the i-th target-sensitive operation, Let be the similarity between the i-th target sensitive operation and the current sensitive operation. The sum of similarities between all the target sensitive operations and the current sensitive operation, where m is a preset number; Calculate the product of the weight of each target-sensitive operation and the comprehensive decision score of each target-sensitive operation to obtain each historical decision sub-score; Calculate the sum of the scores of each historical decision sub-score to obtain the total historical decision score; The comprehensive decision score of the current sensitive operation and the total historical decision score are substituted into the fifth preset algorithm to calculate the approval decision score of the current sensitive operation. The fifth preset algorithm is as follows: in, Score the approval decision for the current sensitive operation. A comprehensive decision score is given for the current sensitive operation. The weight of the comprehensive decision score for the current sensitive operation. The total score for the aforementioned historical decisions. The weight is the total score of the historical decisions.

8. A readable storage medium, characterized in that, The readable storage medium is a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, it implements the sensitive operation approval decision method as described in claim 7.

9. A program product, characterized in that, The program product is a computer program product, which includes a computer program. When the computer program is executed by a processor, it implements the sensitive operation approval decision method as described in claim 7.