A Holographic Perception Assessment Method and System for Data Security
By using a holographic perception assessment method that integrates multiple sensory channels, this approach addresses the problem of users struggling to develop a deep understanding of security in traditional data security training. It enables users to gain an intuitive and in-depth understanding of data security risks, enhances the retention and adaptability of security knowledge, accommodates the cognitive characteristics of different users, and supports consistent security experiences across scenarios and roles.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- QINGDAO ZHIHUICHENGSHI IND DEV
- Filing Date
- 2025-11-21
- Publication Date
- 2026-06-30
AI Technical Summary
Traditional data security training methods rely primarily on a single sensory channel, making it difficult for users from diverse backgrounds to develop a deep understanding of security. This results in poor effectiveness in cultivating security awareness, especially when faced with complex data security threats. Users often struggle to connect abstract security concepts with specific risk scenarios.
A holographic perception assessment method based on multi-sensory channel fusion is adopted. Through security risk feature extraction, cross-modal feature mapping, generation of multi-sensory security scenarios and physiological feedback closed-loop optimization, a holographic perception assessment system based on multi-sensory channels is constructed to enable users to intuitively understand and deeply recognize data security risks.
It significantly enhances users' intuitive understanding and in-depth awareness of data security risks, strengthens the retention and adaptability of security knowledge, adapts to the cognitive characteristics of different users, supports consistent security experience across scenarios and roles, and improves the overall security awareness of organizations.
Smart Images

Figure CN121504277B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of data security training and assessment technology, and more specifically, to a holographic perception assessment method and system for data security. Background Technology
[0002] With the deepening of digital transformation and the continuous increase in the value of data assets, data security has become a major challenge for organizations. Traditional data security protection mainly relies on technical means and management systems, but in practice, human factors remain one of the main causes of data security incidents. How to effectively improve the data security awareness and risk perception capabilities of all personnel within an organization has become a key issue that needs to be addressed.
[0003] Current data security training and assessment methods primarily rely on traditional methods such as document reading and classroom lectures. This singular approach to knowledge transfer makes it difficult for users from diverse backgrounds to develop a deep understanding of security. Especially when faced with increasingly complex data security threats, users often struggle to connect abstract security concepts with specific risk scenarios, resulting in ineffective security awareness cultivation.
[0004] With the development of human-computer interaction technology, multi-sensory collaborative information transmission methods have shown great potential. Research indicates that by engaging multiple human sensory systems for learning and cognition, the acceptance of knowledge and the persistence of memory can be significantly improved. This provides a new technological approach to addressing cognitive barriers and training effectiveness issues in the field of data security. Summary of the Invention
[0005] This invention provides a holographic perception assessment method and system for data security, which overcomes the limitations of single-sensory channels in related technologies and realizes a holographic perception assessment method based on multi-sensory channel fusion, thereby improving users' intuitive understanding and in-depth cognitive ability of data security risks.
[0006] This invention provides a holographic perception assessment method for data security, comprising the following steps:
[0007] Security risk feature extraction involves collecting risk data from multiple sources, constructing a feature space that includes risk type, impact level, perception difficulty, and attack path, and generating risk feature vectors.
[0008] A security risk semantic network is constructed based on feature vectors. Security concepts are represented as network nodes and initialized. A hierarchical semantic network structure is constructed through three edge relationship establishment methods.
[0009] Perform cross-modal feature mapping, construct a shared semantic encoder and sensory channel decoder, apply triple semantic consistency constraints, and adjust the mapping according to user characteristics;
[0010] Generate multi-sensory safety scenarios, dynamically inject risk elements, collaboratively generate multi-channel feedback content, and adjust the scenarios based on interactions;
[0011] Perform physiological feedback closed-loop optimization, collect physiological signals to assess the state, dynamically adjust the scenario, and continuously optimize the system;
[0012] Based on feedback data, a holistic perception assessment is conducted to evaluate risk identification and decision-making capabilities, analyze behavioral transferability, and form a safety literacy assessment.
[0013] In a preferred embodiment, the multidimensional feature extraction algorithm in the step of security risk feature extraction includes:
[0014] The feature encoder uses a multi-layer neural network structure to preserve the complex relationships between features through ReLU or Tanh activation functions;
[0015] The feature dimensionality reduction module applies principal component analysis or t-SNE algorithm to reduce the dimensionality of feature vectors.
[0016] Feature standardization is performed by mapping feature values to the [0, 1] interval using Z-score or Min-Max methods.
[0017] In a preferred embodiment, the establishment of edge relationships in the step of constructing a security risk semantic network based on feature vectors is achieved through the following three methods:
[0018] ER-1: Based on predefined security concept association rules in an expert knowledge base;
[0019] ER-2: By calculating the cosine similarity between feature vectors, an association is established when the similarity exceeds a preset threshold;
[0020] ER-3: It applies association rule mining algorithms to automatically discover implicit relationships between concepts in historical security event data.
[0021] In a preferred embodiment, the semantic consistency constraint mechanism in the cross-modal feature mapping step includes three constraints:
[0022] SC-1: Perception intensity is maintained to ensure that high-risk situations are represented as high-intensity stimuli in all sensory channels;
[0023] SC-2: Semantic similarity constraint, ensuring that the Euclidean distance of risks with a cosine similarity greater than a preset threshold mapped to sensory expressions is less than a specified range;
[0024] SC-3: Emotional Consistency Constraint, ensuring that emotional responses triggered by different channels are coordinated and consistent.
[0025] In a preferred embodiment, the dynamic adaptive adjustment of the scene is achieved in the step of generating a multi-sensory safety scene through the following means:
[0026] Construct a scenario decision tree model and select the appropriate branch based on the user's real-time interactive behavior;
[0027] A context-aware difficulty adjustment algorithm is used to adjust the complexity of security challenges based on user performance;
[0028] A personalized narrative generation mechanism is implemented to adjust the scene narrative method based on the user's interests and cognitive style.
[0029] In a preferred embodiment, the cognitive state assessment step in the physiological feedback closed-loop optimization includes:
[0030] Attention level assessment, based on eye movement trajectory and fixation duration analysis of user attention allocation;
[0031] Cognitive load assessment measures cognitive processing difficulty using heart rate variability and pupillary dilation response.
[0032] Emotional state assessment analyzes users' emotional responses based on facial expressions, skin conductance, and heart rate changes.
[0033] In a preferred embodiment, the step of performing holographic perception evaluation based on feedback data includes behavioral transferability analysis:
[0034] Construct simulated scenarios similar to users' actual work environments to test knowledge transfer capabilities;
[0035] Set up mixed missions that include both known and unknown security challenges to assess adaptability to different types of threats;
[0036] Record and analyze users' decision-making paths and behavioral patterns, and compare them with the performance in security experience training;
[0037] The accuracy of knowledge application, decision-making speed, response effectiveness, risk identification rate, and threat handling rate are used as key indicators.
[0038] In a preferred embodiment, a holographic perception evaluation system for data security is used to execute a holographic perception evaluation method for data security, comprising:
[0039] The data acquisition module is used to collect data related to security risks;
[0040] The feature extraction module is used to construct risk feature vectors;
[0041] The semantic network module is used to build a security risk semantic network;
[0042] The cross-modal mapping module is used to map risk features to multi-sensory expressions;
[0043] The scene generation module is used to generate multi-sensory safety experience scenes;
[0044] The physiological monitoring module is used to collect and analyze the user's physiological signals;
[0045] The assessment and analysis module is used to evaluate users' security awareness and response capabilities;
[0046] The system optimization module is used to continuously optimize system performance.
[0047] In a preferred embodiment, a holographic perception assessment system for data security further includes:
[0048] The user profile module is used to build and update a user's security awareness profile.
[0049] The personalized recommendation module is used to recommend customized security experience content based on user profiles;
[0050] The group analysis module is used to compare and analyze the security awareness characteristics of different user groups;
[0051] A security knowledge base for storing and updating security concepts, risk models, and best practices.
[0052] In a preferred embodiment, a computer-readable storage medium is provided for storing computer-readable instructions that, when read by a computer, enable the operation of a holographic perception and evaluation system oriented towards data security.
[0053] The beneficial effects of this invention are as follows:
[0054] The holographic perception assessment method, which integrates multiple sensory channels, significantly enhances users' intuitive understanding and in-depth cognitive ability regarding data security risks. This method overcomes the limitations of traditional single-sensory channels, enabling the coordinated transmission of security knowledge across multiple dimensions, including vision, hearing, and touch, transforming abstract security concepts into concrete perceptual experiences.
[0055] Based on cross-sensory security mapping technology, this invention establishes a systematic correspondence between data security risks and multimodal perceptual features, effectively addressing the differences in security perception among different user groups. Through personalized perceptual intensity adjustment and semantic relevance optimization, the system can adapt to the cognitive characteristics of different users, providing a more targeted security experience.
[0056] Leveraging innovative security hazard simulation technology, this invention enables dynamic simulation and interactive experience of known and unknown security threats. This immersive experience based on multiple sensory channels significantly enhances the persistence of users' security knowledge retention and cultivates their adaptive thinking and coping abilities when facing new security threats.
[0057] This invention achieves consistent security experience across scenarios and roles by constructing a unified perception and assessment framework. This framework not only supports various application scenarios such as internal enterprise training and professional security personnel capacity building, but can also be flexibly extended to new business models such as remote security training, providing a systematic solution for improving the overall security awareness of organizations. Attached Figure Description
[0058] Figure 1 This is a flowchart of a holographic perception evaluation method for data security according to the present invention;
[0059] Figure 2 This is a radar chart comparing the effectiveness of the holographic perception evaluation method of this invention with traditional methods;
[0060] Figure 3 This is a line graph showing the performance improvement of the holographic perception evaluation system of the present invention with the training cycle;
[0061] Figure 4 This is a bar chart comparing the security experience of different user groups in this invention;
[0062] Figure 5 This is a pie chart showing the contribution ratio of different sensory channels to the user's perception of safety risks according to the present invention.
[0063] Figure 6 This is a scatter plot showing the relationship between cognitive load and the safety risk perception effect of the present invention.
[0064] Figure 7 This is a funnel diagram of user conversion during the security experience learning process of this invention. Detailed Implementation
[0065] The subject matter described herein will now be discussed with reference to exemplary embodiments. It should be understood that these embodiments are discussed only to enable those skilled in the art to better understand and implement the subject matter described herein, and changes may be made to the function and arrangement of the elements discussed without departing from the scope of this specification. Various processes or components may be omitted, substituted, or added as needed in the examples. Furthermore, some features described in the examples may be combined in other examples.
[0066] At least one embodiment of the present invention discloses a holographic perception evaluation method for data security, such as... Figure 1As shown, it includes the following steps:
[0067] Step 1, security risk feature extraction: collect risk data from multiple sources, construct a feature space that includes risk type, impact level, perception difficulty and attack path, and generate risk feature vectors;
[0068] Specifically, the following steps are included:
[0069] Step 1.1, Security Risk Data Collection;
[0070] Security risk-related data is collected from multiple sources, including security incident databases, threat intelligence sources, and vulnerability databases. This includes, but is not limited to, information such as attack technique descriptions, vulnerability characteristics, attack impact scope, and loss assessment.
[0071] In some implementations, real-time alarm data from security monitoring systems can also be collected to improve the timeliness of risk assessment.
[0072] Step 1.2, Definition and Quantification of Security Risk Characteristic Dimensions;
[0073] To accurately and multidimensionally characterize data security risks, this invention defines a four-dimensional feature space:
[0074] ;
[0075] in, This indicates the risk type dimension, used to classify security risks; This dimension represents the degree of impact and is used to quantify the potential losses caused by a risk. This represents the perception difficulty dimension, used to measure how easily or how poorly a user can perceive the risk. This represents the attack path dimension, used to describe the key steps an attacker takes from initiating an attack to achieving their goal.
[0076] Risk type This invention categorizes security risks. It employs a hierarchical classification system. The first-level classification includes technical, managerial, and physical categories; the second-level classification further subdivides these, such as the technical category including malware, phishing, SQL injection, and DDoS attacks. In implementation, this dimension is encoded as a... A one-hot vector of dimension, where This represents the total number of secondary categories.
[0077] degree of impact This invention is used to quantify the potential losses that may result if a risk occurs. It employs an improved method. The model is evaluated and scored from five sub-dimensions: Damage, Reproducibility, Exploitability, Affected Users, and Discoverability.
[0078] Specific quantification methods: each sub-dimension The rating range is Integer. Total score for degree of influence. Calculated by weighted summation:
[0079] ;
[0080] in, The total score indicates the degree of impact; Represents the weight coefficients of each sub-dimension; This represents the score value for each sub-dimension; This indicates that the sum of all weight coefficients is 1; Indicates the index of the sub-dimension, from 1 to 5.
[0081] In a typical configuration, the weights can be set as follows:
[0082] The weight representing potential damage is 0.3;
[0083] The weight representing reproducibility is 0.1;
[0084] The weight for exploitability is 0.3;
[0085] This indicates that the weight of Affected Users is 0.2;
[0086] The weight for discoverability is 0.1;
[0087] The final result The score will be normalized to The interval serves as the final quantized value for that dimension.
[0088] Perceived difficulty ( This refers to the ease with which users perceive the risk through conventional means. This dimension also uses a scoring system, evaluating it from three perspectives: concealment, professionalism, and deceptiveness. Each perspective has a scoring range of [missing information]. The final score is calculated using a weighted average and then normalized. For example, the perceived difficulty score for advanced persistent threats (APTs) is significantly higher than that for common virus emails.
[0089] Attack path ( This describes the key steps an attacker takes from initiating an attack to achieving their goal. This invention uses a graph structure to represent the attack path, where nodes represent attack states and edges represent attack behaviors. In the feature vector, this dimension is encoded as key topological features of the attack graph, such as path length and the number of key nodes, forming a fixed-length vector.
[0090] Step 1.3: Input of multi-source heterogeneous data and feature extraction;
[0091] The data input sources for this invention are extensive and diverse in format, mainly including:
[0092] Structured data:
[0093] Sources: Logs from various security products (such as firewalls, IDS / IPS), vulnerability scan reports, and CMDB (Configuration Management Database).
[0094] Format: Typically JSON or CSV. The data contains explicit fields such as source IP, destination port, alarm level, CVE number, etc.
[0095] Semi-structured data:
[0096] Source: Public Threat Intelligence Feeds.
[0097] Format: Usually XML (such as the STIX / TAXII standard format), containing structured tags and some natural language descriptions.
[0098] Unstructured data:
[0099] Source: Security incident analysis reports, security news, and technical forum discussion threads.
[0100] Format: Plain text (.txt), Word document (.docx), or PDF document.
[0101] Feature extraction process:
[0102] This invention employs different processing pipelines for different types of data:
[0103] For structured / semi-structured data: extract information directly from the corresponding fields, such as CVE number and CVSS score from vulnerability reports, and map them to the aforementioned risk type and impact dimension.
[0104] For unstructured data: Feature extraction is performed using a deep learning model based on Natural Language Processing (NLP). The specific steps are as follows:
[0105] Text preprocessing includes text cleaning (removing irrelevant characters), sentence segmentation, and word segmentation.
[0106] Named Entity Recognition (NER): Using a pre-trained BERT-CRF model, it identifies security-specific entities in text, such as malware family names, attack organization names, target asset types, and exploit techniques (such as "buffer overflow").
[0107] Relationship extraction: Among the identified entities, a relationship extraction model (such as BERT-BiLSTM) is used to identify the relationships between them, such as "APT28 uses CVE-2023-XXXX to attack the energy industry".
[0108] Feature vectorization:
[0109] Entities and relationships extracted from the text are used to populate the feature dimensions. Meanwhile, in order to capture the deep semantic information of the text, the entire descriptive text is encoded into a 768-dimensional semantic vector through the Sentence-BERT model.
[0110] Finally, the features from structured data, NER, relation extraction, and semantic encoding are concatenated to form a high-dimensional initial risk feature vector. This vector is then passed through a fully connected layer for dimensionality reduction, ultimately forming a 256-dimensional, information-dense risk feature vector, which serves as the input for subsequent steps.
[0111] Step 1.4, Construction and optimization of the security risk semantic network;
[0112] After obtaining the risk feature vector, this invention constructs a security risk semantic network. To organize these risk concepts, among which It is a set of nodes. It is a set of edges.
[0113] node Each node in the network It represents an independent security risk concept, whose attributes are directly derived from the 256-dimensional risk feature vector generated in Section 1.3.
[0114] side :side Represents risk nodes and The semantic relationships between them. The construction of edges combines the following three methods:
[0115] ER-1 (based on expert knowledge): Utilizes a built-in security knowledge graph, for example, establishing an "is-a" parent-child relationship between the "SQL Injection" node and the "Database Security" node. This approach ensures the correctness of the network's fundamental logic.
[0116] ER-2 (based on vector similarity): Calculates the similarity between any two risk feature vectors. and Cosine similarity between When the similarity exceeds a preset threshold (For example When a node is identified as a "similar-to" node, an edge is created between the two nodes. This can uncover undefined potential associations in the knowledge base.
[0117] ER-3 (Association Rule Mining): This method applies association rule mining algorithms such as Apriori or FP-Growth to historical security event datasets. If risk A and risk B are found to frequently co-occur in the same security event (i.e., both support and confidence exceed the threshold), an edge is established between them to establish a "co-occurs-with" relationship.
[0118] Network optimization: The initially constructed network may contain redundancy and noise. This invention uses the PageRank algorithm to evaluate the importance of each node and combines it with community detection algorithms (such as the Louvain algorithm) to modularize the network, eliminating isolated nodes and weak connections with low importance, forming a semantic network with a clear structure and distinct hierarchy.
[0119] like Figure 2 The figure shows a comparison of the holographic perception assessment method and the traditional method across five key metrics: risk identification accuracy, experience effectiveness, memory retention rate, adaptation to new threats, and assessment consistency. The figure clearly demonstrates that the holographic perception assessment method significantly outperforms the traditional method across all dimensions, with the most significant improvement observed in memory retention rate.
[0120] Step 2: Construct a security risk semantic network based on feature vectors, represent security concepts as network nodes and initialize them, and construct a hierarchical semantic network structure through three edge relationship establishment methods;
[0121] Specifically, the following steps are included:
[0122] Step 2.1, Share the semantic encoder;
[0123] All risk feature vectors are first passed through a shared semantic encoder to extract their deeper, more generalized semantic representations.
[0124] Structure: The encoder employs a Transformer model. The input 256-dimensional risk feature vector is first mapped to a higher dimension (e.g., 512-dimensional) through an embedding layer, and then processed by a multi-head self-attention mechanism and a feed-forward network.
[0125] Objective: Through self-attention, the model can capture the complex dependencies between different dimensions within a feature vector, generating a "contextualized" semantic vector. This vector This serves as a unified input for all sensory decoders, ensuring that the semantic source of different sensory outputs is consistent.
[0126] Step 2.2, Construction of the sensory channel decoder;
[0127] Each sensory channel (visual, auditory, tactile) has a dedicated decoder responsible for converting shared semantic vectors. Translate into the output parameters of the corresponding mode.
[0128] Visual Decoder:
[0129] Objective: To generate visual elements such as colors, shapes, and dynamic effects.
[0130] Construction: A generative adversarial network (GAN) is used.
[0131] Generator: A multilayer perceptron (MLP) whose input is a semantic vector. Output a control vector This vector contains specific parameter descriptions of visual elements, such as: color: RGB values; shape: shape type encoding; dynamic effects: parameters such as blinking frequency and movement speed.
[0132] Discriminator: A convolutional neural network (CNN) used to determine whether the generated visual effects are "realistic" and "compliant with safety semantics". Its training data consists of pairs of samples (risk description text, visual examples that match the risk).
[0133] Output: Control Vector It is sent to the rendering engine to generate the final visual stimulus.
[0134] Auditory Decoder:
[0135] Objective: To generate sound elements such as pitch, volume, and rhythm.
[0136] Construction: A sequence generation model based on recurrent neural networks (RNNs), specifically LSTM or GRU, is adopted.
[0137] Input: Shared semantic vector .
[0138] Processing: The model will As the initial hidden state, an audio parameter sequence is then generated autoregressively. This sequence defines how sound changes over time, for example:
[0139] Pitch: A sustained increase indicates heightened risk.
[0140] Loudness: directly proportional to the degree of risk impact.
[0141] Rhythm: A rapid beat indicates an emergency.
[0142] Output: Parameter sequence It is fed into an audio synthesizer (such as a Wavetable or FM synthesizer) to generate the final audio waveform.
[0143] Haptic Decoder:
[0144] Objective: To generate vibration patterns, such as intensity, frequency, and duration.
[0145] Construction: A similar RNN-based model is used, with a structure similar to the auditory decoder, but its output parameter sequence... It is designed for haptic feedback devices such as linear resonant actuators (LRAs).
[0146] Vibration intensity: corresponds to the degree of risk impact.
[0147] Vibration frequency: Frequency changes can simulate the psychological suggestion effect of a heartbeat.
[0148] Vibration patterns: Different vibration patterns (such as short, continuous, and impulsive) can represent different types of risk.
[0149] Output: Parameter sequence The drive circuit for controlling haptic feedback devices.
[0150] Step 2.3, semantic consistency constraints;
[0151] To ensure semantic consistency in the outputs of different sensory channels, a multi-task learning loss function was introduced during model training. :
[0152] ;
[0153] in, Represents the total loss function; Represents the loss function of the visual decoder; The loss function of the auditory decoder; The loss function of the haptic decoder is represented by . This represents the semantic consistency loss term, used to ensure semantic consistency of outputs from different sensory channels; This represents the weighting coefficient of the semantic consistency loss term.
[0154] It consists of three parts:
[0155] SC-1 (Intensity Remains): High Risk (Depth of Impact) (High value) The output intensity (visual brightness, volume, vibration amplitude) of all channels should be high. A loss term is used to penalize intensity mismatch.
[0156] SC-2 (Semantic Similarity): Two risks that are semantically similar (whose feature vectors) (high cosine similarity), its output in various sensory spaces ( The distances should also be similar (e.g., small Euclidean distance).
[0157] SC-3 (Emotional Consistency): Utilizes a pre-trained emotion classification model to ensure that the predicted emotions (such as "fear" and "vigilance") evoked by visual, auditory, and tactile stimuli are consistent.
[0158] Step 2.4, optimize mapping parameters;
[0159] Model training and parameter optimization is an end-to-end process.
[0160] Training data: A dataset containing thousands of samples, each in the form of (risk feature vector, ideal visual parameter, ideal auditory parameter, ideal tactile parameter). These "ideal parameters" were jointly annotated by security experts and UX designers.
[0161] Optimization algorithm: Employ gradient descent optimizers such as Adam or RMSprop to minimize the total loss function defined in Section 2.3. The network weights of the shared semantic encoder and all sensory decoders are updated simultaneously using the backpropagation algorithm.
[0162] Hyperparameter tuning: learning rate, batch size, and weights in the loss function. Hyperparameters are optimized using methods such as grid search or Bayesian optimization to achieve the best mapping effect.
[0163] like Figure 3 As shown, the performance improvement trend of the holographic perception assessment system over five training cycles is illustrated. The chart tracks three key indicators: overall system performance, risk identification accuracy, and user experience satisfaction. The chart shows that the overall system performance improves by approximately 18% per cycle, exhibiting a stable upward trend. Furthermore, risk identification accuracy and user experience satisfaction also continuously improve with increasing training cycles, demonstrating the system's strong self-evolutionary capability.
[0164] Step 3: Perform cross-modal feature mapping, construct a shared semantic encoder and sensory channel decoder, apply triple semantic consistency constraints, and adjust the mapping according to user characteristics;
[0165] Specifically, the following steps are included:
[0166] Step 3.1, Scene Template Library Construction and Implementation Examples;
[0167] The template library is a pre-designed, structured scene framework that defines the basic narrative flow, interaction nodes, and evaluation points of the scene.
[0168] Template library construction: Each template in the template library Each template is a Directed Acyclic Graph (DAG), where nodes represent scene events and edges represent process progression. The templates were jointly designed by security experts and cognitive psychologists to ensure they conform to security logic while providing a good user experience.
[0169] Example: A template for a "phishing email" scenario:
[0170] Template ID: T-007;
[0171] Subject: Identifying and responding to a phishing email disguised as an IT department notification.
[0172] Narrative framework:
[0173] Event 1 (Starting Point): A user receives an email with the subject "Urgent: Your mailbox storage space is full, please upgrade immediately".
[0174] Event 2 (Risk Injection Point): The email content contains a "Scale Up Now" link. The risk element here (i.e., the "phishing link") will be dynamically injected by cross-modal features. For example, a high-risk phishing risk will trigger a more deceptive sender address, a more realistic page spoofing, and will be presented in conjunction with visual (such as flashing warning colors) and auditory (such as urgent alert sounds).
[0175] Event 3 (Interaction Node): The user faces a choice:
[0176] Branch A: Click the link.
[0177] Branch B: Ignore emails.
[0178] Branch C: Check the link address or sender information.
[0179] Branch D: Report the email as spam.
[0180] Event 4 (Feedback and Progress):
[0181] If you choose A, you will enter the "password stolen" failure branch. The system will give strong multi-sensory negative feedback (such as a piercing alarm sound, the screen turning red, and the controller vibrating violently) and explain the knowledge points.
[0182] If you choose C, you will enter the correct path branch of "anomaly detected". The system will provide positive feedback and guide you to complete the correct subsequent handling (reporting).
[0183] If you choose D, you will directly proceed to the "successful handling" outcome.
[0184] Evaluation points: In event 3, record the user's decision time and initial choice; in event 4, evaluate whether the user can learn from the mistakes.
[0185] Step 3.2, Sensory Branch Generator Network;
[0186] The generator network refers to the scene scheduling and compositing engine. It is responsible for calling the outputs of each sensory decoder in real time according to the template library and combining them into a coherent, multimodal scene branch.
[0187] Network structure: The engine can be modeled as a hierarchical state machine (HSM).
[0188] High-level states: These correspond to the main events in the scene template (such as event 1, event 2).
[0189] Low-level state: corresponds to the detailed representation inside the event.
[0190] Workflow: The engine loads T-007 from the template library.
[0191] Upon entering Event 1 state, the email is presented to the user. Proceeding to Event 2 state, a "phishing" risk feature vector is extracted from the risk database. Using a cross-modal mapping model, the corresponding visual, auditory, and tactile parameters for this risk are obtained. The engine applies these parameters to the scene in real time, for example, by... The rendering of email links will be applied to... Combined into background sound effects. Enter event 3 state, waiting for user interaction.
[0192] Step 3.3, dynamic branch selection based on user feedback;
[0193] This invention enables dynamic and personalized advancement of scenarios by quantifying users' interactive behaviors and physiological responses in real time.
[0194] Quantification of user interaction behavior:
[0195] Decision time The time from when the interactive option appears to when the user makes a choice. A longer time may indicate that the user is more hesitant or has a higher cognitive load.
[0196] Behavioral sequence The user's sequence of actions. For example, when inspecting a link, does the user first hover the mouse over the URL to view it, or do they right-click and copy the link address? Different sequences reflect different levels of security awareness.
[0197] Number of errors The number of times an incorrect choice is made in a scenario.
[0198] Quantification of user physiological responses:
[0199] The user's cognitive state vector is obtained in real time through the physiological monitoring module: .
[0200] Branch selection mechanism: This invention employs a decision model To select the next scenario branch, it can be a predefined rule engine or a trained reinforcement learning agent.
[0201] Inputs: Current scene state, user interaction behavior vectors and the user's cognitive state vector ,in, This indicates the user's decision time, that is, the time taken from when the options appear to when a choice is made; It represents the user's sequence of actions and records the user's specific steps. Indicates the number of errors, recording the number of times the user made an incorrect choice in the scenario; This represents a user's cognitive state vector, which includes metrics such as attention level, cognitive load, and emotional state.
[0202] In this way, the progression of the scene is no longer fixed, but adaptively adjusted based on each user's real-time performance.
[0203] like Figure 4 As shown, the performance of four different user groups (security professionals, technicians, managers, and ordinary employees) in three security capabilities after using the holographic perception assessment system was compared: risk identification ability, security knowledge assimilation, and emergency response ability. Data shows that the system has significant effects on all user groups; even ordinary employees without a technical background can achieve a high level of security capability, demonstrating the system's universality and adaptability to individual needs.
[0204] Step 4: Generate a multi-sensory safety scene, dynamically inject risk elements, collaboratively generate multi-channel feedback content, and adjust the scene according to the interaction.
[0205] Specifically, the following steps are included:
[0206] Physiological feedback closed-loop optimization and cognitive assessment;
[0207] This step is the highest level of closed loop in this invention. It directly links the user's physiological characteristics with their cognitive assessment results and optimizes the entire system accordingly.
[0208] How physiological characteristics reflect cognitive assessment results: A user's physiological signals are an objective, unconscious, and direct reflection of their cognitive activities. This invention focuses on the correlation between the following key signals and cognitive states (i.e., as described in claim 6):
[0209] Eye tracking: Fixation point and fixation duration reflect the user's focus of attention. In phishing email scenarios, if a user stares at the sender's address and URL link for an extended period, it indicates that their attention has been directed to key information. Changes in pupil diameter are significantly correlated with cognitive load; the more difficult the task, the larger the pupil diameter.
[0210] Heart rate variability (HRV): A decrease in HRV usually indicates increased mental stress and cognitive resource consumption, and is a reliable indicator of cognitive load.
[0211] Skin conductance response (GSR): A sudden increase in skin conductance (GSR peak) is a sign of arousal of the autonomic nervous system and is closely related to emotional arousal (such as surprise, fear, and alertness).
[0212] Cognitive assessment model: This invention employs a multimodal fusion deep learning model to assess the user's cognitive state from physiological signals.
[0213] Model structure: A parallel convolutional neural network (CNN) and long short-term memory network (LSTM) structure.
[0214] CNN branch: used to extract spatial features from image data such as eye-tracking heatmaps.
[0215] LSTM branch: used to extract time series features from time series signals such as heart rate and GSR.
[0216] Fusion and Output: The features extracted from the two branches are concatenated and passed through a fully connected layer to finally output the classification result, namely the aforementioned cognitive state vector. .
[0217] Model training: Pre-training was performed using publicly available physiological signal datasets (such as DEAP, AMIGOS), and then fine-tuning was performed using data collected by this system in experiments.
[0218] like Figure 5 As shown, this illustrates the contribution ratio of different sensory channels to user safety risk perception in a holographic perception assessment system. Data shows that the visual channel contributes the most, followed by the auditory and tactile channels, with the multi-channel synergistic enhancement effect contributing 8%. This result verifies the importance of multi-sensory synergy and also provides data support for optimizing sensory channel balance.
[0219] Step 5: Perform physiological feedback closed-loop optimization, collect physiological signals to assess the state, dynamically adjust the scenario, and continuously optimize the system;
[0220] Specifically, the following steps are included:
[0221] Step 5.1, User Experience Model Construction;
[0222] Based on users' physiological feedback data and subjective evaluations, a personalized user experience model is constructed to characterize the perceptual characteristics of specific users to different forms of security risk expression.
[0223] Step 5.2, experience the adaptive adjustment of parameters;
[0224] By applying reinforcement learning algorithms, the parameters of multi-sensory expression are dynamically adjusted based on the user experience model, including the brightness and complexity of visual elements, the volume and spectral characteristics of auditory signals, and the intensity and pattern of tactile feedback, to optimize the perceptual experience of individual users.
[0225] The specific implementation of the reinforcement learning algorithm is as follows:
[0226] The system employs a personalized parameter optimization framework based on an improved deep Q-network to achieve intelligent adaptive adjustment of experience parameters. The algorithm specifically includes the following core components:
[0227] State space construction: A state consists of three parts:
[0228] The current security risk feature vector includes dimensions such as risk type and severity;
[0229] The user's physiological state vector is provided by the physiological signal processing algorithm in step 4, and includes indicators such as cognitive load and emotional state.
[0230] User individual characteristic vectors include personalized attributes such as user perception ability, learning style, and professional background.
[0231] The state vectors are integrated into a unified representation through a feature fusion network.
[0232] Motion space design: Motion is defined as a combination of multi-sensory parameter adjustment operations, including:
[0233] Adjusting visual parameters: such as the brightness, saturation, contrast, complexity, and animation speed of visual elements;
[0234] Auditory parameter adjustments: such as volume, pitch, rhythm, spatial positioning, and speech intelligibility;
[0235] Tactile parameter adjustment: such as vibration intensity, frequency, mode, force feedback intensity, etc.
[0236] To handle high-dimensional continuous action spaces, the algorithm employs parameterized action representations, mapping adjustment operations to displacements in a parameter vector space.
[0237] Reward function design: The reward function combines multiple evaluation metrics:
[0238] Direct feedback rewards: calculated based on explicit user feedback (such as ratings, feedback);
[0239] Physiological state reward: Positive rewards are given when the user's physiological indicators show good attention and moderate emotional arousal;
[0240] Learning performance reward: calculated based on the user's performance in the security awareness test;
[0241] Long-term memory reward: Calculated based on the user's knowledge retention in the latency test.
[0242] The reward function balances immediate experience and long-term effects by weighting these metrics.
[0243] Deep Dual-Q Network Architecture: The system employs a dual-network structure (target network and evaluation network) to reduce the bias in Q-value estimation and introduces a priority experience replay mechanism to focus on learning transformation samples with high temporal difference errors. The network structure uses attention-enhanced fully connected layers, paying particular attention to the dimensions in the state space most relevant to the current security risk.
[0244] Strategy optimization and exploration mechanism: The algorithm employs a decaying ε-greedy strategy to balance exploration and utilization. Initially, it tends to explore new parameter combinations, gradually shifting towards utilizing known and effective parameter settings as learning progresses. Simultaneously, a curiosity-driven intrinsic reward mechanism is introduced to encourage the system to explore state-action pairs that are not yet fully understood.
[0245] This reinforcement learning algorithm continuously optimizes sensory parameter settings through ongoing interaction with users, gradually adapting to the personalized needs of different users and improving the effectiveness and acceptability of the safety experience. The system employs an incremental learning approach, enabling it to continuously optimize model parameters while retaining learned knowledge.
[0246] Step 5.3, Multi-sensory channel balance optimization;
[0247] Analyze the contribution of each sensory channel to the user's perception, dynamically adjust the information weight of different channels, and enhance or replace channels with weaker perception effects to ensure the balance and effectiveness of the overall perception experience.
[0248] Step 5.4, Long-term learning and optimization;
[0249] Establish a user experience database, and through long-term data accumulation and analysis, continuously optimize mapping rules and generation models to improve the system's adaptability to different user groups and form a self-evolving security experience optimization mechanism.
[0250] According to one embodiment of this application, the long-term learning and optimization mechanism can further achieve the following functions:
[0251] A knowledge distillation framework is constructed to extract the learning experiences of multiple users into a general knowledge model, and then the extracted knowledge is transferred into the personalized model of new users, thereby accelerating the adaptation process of new users.
[0252] Alternatively, the framework can employ a progressive learning strategy, incrementally integrating new experiential data while retaining existing knowledge.
[0253] By applying a multi-objective optimization algorithm, which considers multiple optimization objectives such as user experience, learning efficiency, and memory persistence, the algorithm seeks the optimal balance point in the objective space and generates the Pareto optimal parameter configuration.
[0254] It should be noted that the weights of each objective can be dynamically adjusted in different application scenarios to meet specific training needs.
[0255] To achieve a cross-group knowledge transfer mechanism, the optimization experience learned in a specific user group (such as security professionals) can be selectively transferred to the model of other user groups (such as ordinary employees) using transfer learning technology, thereby improving the model's generalization ability across different groups.
[0256] In addition, meta-learning techniques can be applied to build an optimized framework for "learning to learn," enabling the system to quickly adapt to new types of security risks and expression requirements.
[0257] The aforementioned long-term learning and optimization mechanism forms a closed-loop adaptive system. Through continuous data collection, experience refinement, and model optimization, it achieves a spiral increase in system performance, providing a dynamically evolving technical foundation for security experience assessment.
[0258] like Figure 6 As shown, the relationship between user cognitive load level and the effectiveness of security risk perception is illustrated. The data points exhibit a clear negative correlation trend, indicating that the effectiveness of security risk perception gradually decreases as cognitive load increases. This finding supports the necessity of the dynamic adaptive adjustment mechanism in the patent, whereby the system needs to adjust the content complexity in real time according to the user's cognitive state to maintain an appropriate cognitive load level in order to achieve the best security risk perception effect.
[0259] Step 6: Conduct a holographic perception assessment based on feedback data to evaluate risk identification and decision-making capabilities, analyze behavioral transferability, and form a safety literacy assessment.
[0260] Specifically, the following steps are included:
[0261] Step 6.1, Behavioral data collection;
[0262] Record user behavior data during the security experience, including operation choices, reaction time, decision-making process, etc., to build a user behavior dataset.
[0263] Step 6.2, Safety awareness assessment;
[0264] Design an evaluation task to measure users' understanding and retention of the experience content, including the accuracy of security risk identification and the understanding of risk response strategies, and quantify the cognitive effect of the security experience.
[0265] The specific implementation of the user performance evaluation algorithm is as follows:
[0266] The system constructs a multi-dimensional, multi-layered user performance evaluation framework, capable of comprehensively analyzing user behavior in security scenarios and assigning capability ratings. The algorithm includes the following core components and processing flow:
[0267] Behavioral feature extraction and analysis:
[0268] The system extracts multidimensional behavioral features from user interaction data:
[0269] Time-related features include time-series indicators such as response delay, operation interval, and task completion time.
[0270] Operational characteristics include operation sequence patterns, operation accuracy, and operation frequency distribution.
[0271] Decision-making dimension features include decision selection, number of decision changes, and decision consistency.
[0272] Attention dimension features: visual scanning patterns and attention shift paths extracted from eye-tracking data.
[0273] These raw characteristics are transformed into advanced behavioral indicators, such as decision efficiency index, alertness coefficient, and risk aversion tendency, through feature engineering.
[0274] Expert Behavior Pattern Comparison: The system maintains a library of expert behavior models, storing best practice behavior patterns for different types of security scenarios. User behavior is compared with expert patterns using a dynamic time warping algorithm to calculate a behavior similarity score and assess the gap between user behavior and best practices. The system not only focuses on the final decision outcome but also on the behavioral trajectory throughout the decision-making process, improving the accuracy and diagnostic capability of the assessment through process evaluation.
[0275] Security Capability Modeling and Assessment: Based on cognitive psychology theory, the system constructs a multi-layered security capability model, including the following dimensions:
[0276] Risk perception capability: the accuracy and speed with which security threats are identified and understood;
[0277] Situational judgment ability: assessing the complexity and urgency of security situations;
[0278] Decision-making ability: The ability to make reasonable and safe decisions under conditions of uncertainty;
[0279] Implementation capability: The ability to effectively implement security response measures;
[0280] Cognitive transfer ability: The ability to apply learned safety knowledge to new situations.
[0281] The system employs a multi-task learning model to simultaneously predict a user's performance level across these five capability dimensions, generating a comprehensive capability profile.
[0282] Progress Tracking and Prediction: The system implements a longitudinal user progress tracking mechanism, monitoring the evolution trend of user capabilities through time series analysis and applying regression models to predict future capability development curves. This dynamic assessment approach not only focuses on the user's current capability level but also on their learning rate and potential, providing a basis for personalized training.
[0283] Comprehensive Assessment and Feedback Generation: The system integrates multi-dimensional assessment results, generates a comprehensive score through a weighted fusion algorithm, and automatically produces a detailed assessment report. The report includes an analysis of strengths and weaknesses, specific improvement suggestions, and personalized learning path recommendations, providing users with targeted feedback and guidance.
[0284] This algorithm employs a continuous learning mechanism, constantly optimizing the evaluation model by collecting new behavioral data to improve the accuracy and sensitivity of the evaluation. Simultaneously, the system designs a standardized cross-scenario evaluation method to ensure that evaluation results under different security scenarios are comparable, forming a unified standard for measuring security capabilities.
[0285] Step 6.3, Behavioral transferability analysis;
[0286] The simulation test assesses users' ability to transfer the knowledge and skills gained in the security experience to real-world work situations, measures behavioral transfer rate and application effectiveness, and verifies the practical value of experiential learning.
[0287] According to one embodiment of this application, behavioral transferability analysis may include the following steps:
[0288] Construct simulated scenarios that are similar to, but not exactly the same as, the user's actual work environment to test knowledge transfer rather than simple memorization;
[0289] Set up mixed tasks that include both known and unknown security challenges to assess users’ adaptability in dealing with emerging threats;
[0290] Record and analyze users' decision-making paths and behavioral patterns in the simulated environment, and compare and analyze their performance with that in security experience training;
[0291] The accuracy of knowledge application, decision-making speed, and response effectiveness are calculated as key indicators to comprehensively evaluate the effectiveness of transfer learning.
[0292] Optionally, the system can also conduct long-term tracking during the user's actual work process, measuring the persistence of security knowledge retention and the stability of practical application effects through security incident response logs and periodic assessments.
[0293] Step 6.4, System Optimization Feedback;
[0294] Based on the assessment results, system optimization suggestions are generated, including content adjustments, mapping rule corrections, and interaction process optimizations, forming a closed-loop system improvement mechanism to continuously improve the quality and effectiveness of security awareness assessment.
[0295] like Figure 7 As shown, this demonstrates the complete transformation process from participating in security training to successfully preventing security risks. From the initial 1000 participants, 850 completed all modules, 720 passed the security knowledge test, 580 applied the learned knowledge in their work, and ultimately 480 successfully prevented security risks. The overall conversion rate was 48%, significantly higher than that of traditional security training methods, validating the advantages of the holographic perception assessment method in improving the practical application of security knowledge.
[0296] The embodiments of the present invention have been described above. However, the embodiments are not limited to the specific implementation methods described above. The specific implementation methods described above are merely illustrative and not restrictive. Those skilled in the art can make more equivalent embodiments under the guidance of the present embodiments, and all of them are within the protection scope of the present embodiments.
Claims
1. A holographic perception assessment method for data security, characterized in that, Includes the following steps: Security risk feature extraction involves collecting risk data from multiple sources, constructing a feature space that includes risk type, impact level, perception difficulty, and attack path, and generating risk feature vectors. A security risk semantic network is constructed based on feature vectors. Security concepts are represented as network nodes and initialized. A hierarchical semantic network structure is built through three edge relationship establishment methods: ER-1: based on predefined security concept association rules in an expert knowledge base; ER-2: by calculating the cosine similarity between feature vectors, and establishing an association when the similarity exceeds a preset threshold; ER-3: applying an association rule mining algorithm to automatically discover implicit relationships between concepts from historical security event data. The edge attributes include association strength, association type, and temporal characteristics. Low-confidence or redundant association edges are removed using a graph pruning algorithm, and highly related concept clusters are identified using a community detection algorithm, forming a hierarchical security risk semantic structure. Cross-modal feature mapping is performed, a shared semantic encoder and sensory channel decoder are constructed, and a triple semantic consistency constraint is applied. The triple semantic consistency constraint includes: SC-1: perceptual intensity preservation constraint, ensuring that high-risk events are represented as high-intensity stimuli in all sensory channels; SC-2: semantic similarity constraint, ensuring that the Euclidean distance of risks with a semantic vector cosine similarity greater than a preset threshold mapped to sensory expressions is less than a specified range; SC-3: emotional consistency constraint, ensuring that the emotional responses evoked by each channel are coordinated and consistent; the mapping is adjusted according to user characteristics. Generate multi-sensory safety scenarios, dynamically inject risk elements, collaboratively generate multi-channel feedback content, and adjust the scenarios based on interactions; Perform physiological feedback closed-loop optimization, collect physiological signals to assess the state, dynamically adjust the scenario, and continuously optimize the system; Based on feedback data, a holistic perception assessment is conducted to evaluate risk identification and decision-making capabilities, analyze behavioral transferability, and form a safety literacy assessment.
2. The holographic perception assessment method for data security according to claim 1, characterized in that, The security risk feature extraction step includes a multi-dimensional feature extraction algorithm comprising: The feature encoder uses a multi-layer neural network structure to preserve the complex relationships between features through ReLU or Tanh activation functions; The feature dimensionality reduction module applies principal component analysis or t-SNE algorithm to reduce the dimensionality of feature vectors. Feature standardization is performed by mapping feature values to the [0, 1] interval using Z-score or Min-Max methods.
3. The holographic perception assessment method for data security according to claim 1, characterized in that, In the step of generating a multi-sensory safety scene, the dynamic adaptive adjustment of the scene is achieved through the following methods: Construct a scenario decision tree model and select the appropriate branch based on the user's real-time interactive behavior; A context-aware difficulty adjustment algorithm is used to adjust the complexity of security challenges based on user performance; A personalized narrative generation mechanism is implemented to adjust the scene narrative method based on the user's interests and cognitive style.
4. The holographic perception assessment method for data security according to claim 1, characterized in that, In the steps of physiological feedback closed-loop optimization, cognitive state assessment includes: Attention level assessment, based on eye movement trajectory and fixation duration analysis of user attention allocation; Cognitive load assessment measures cognitive processing difficulty using heart rate variability and pupillary dilation response. Emotional state assessment analyzes users' emotional responses based on facial expressions, skin conductance, and heart rate changes.
5. The holographic perception assessment method for data security according to claim 1, characterized in that, In the step of performing holographic perception evaluation based on feedback data, behavioral transferability analysis includes: Construct simulated scenarios similar to users' actual work environments to test knowledge transfer capabilities; Set up mixed missions that include both known and unknown security challenges to assess adaptability to different types of threats; Record and analyze users' decision-making paths and behavioral patterns, and compare them with the performance in security experience training; The accuracy of knowledge application, decision-making speed, response effectiveness, risk identification rate, and threat handling rate are used as key indicators.
6. A holographic perception assessment system for data security, used to execute the holographic perception assessment method for data security as described in any one of claims 1-5, characterized in that, include: The data acquisition module is used to collect data related to security risks; The feature extraction module is used to construct risk feature vectors; The semantic network module is used to build a security risk semantic network; The cross-modal mapping module is used to map risk features to multi-sensory expressions; The scene generation module is used to generate multi-sensory safety experience scenes; The physiological monitoring module is used to collect and analyze the user's physiological signals; The assessment and analysis module is used to evaluate users' security awareness and response capabilities; The system optimization module is used to continuously optimize system performance.
7. A holographic perception and evaluation system for data security according to claim 6, characterized in that, Also includes: The user profile module is used to build and update a user's security awareness profile. The personalized recommendation module is used to recommend customized security experience content based on user profiles; The group analysis module is used to compare and analyze the security awareness characteristics of different user groups; A security knowledge base for storing and updating security concepts, risk models, and best practices.
8. A computer-readable storage medium, characterized in that, It is used to store computer-readable instructions, which, when read by a computer, enable the execution of a holographic perception evaluation method for data security as described in any one of claims 1-5.