Method for generating a metric policy, and apparatus, electronic device, program product

By collaboratively generating initial measurement policies through the terminal and management end, identifying and integrating policy items, the shortcomings of manual configuration of measurement policies in trusted computing are resolved. This enables automated generation and optimization of trusted policies, improves the accuracy and adaptability of policies, and ensures comprehensive trusted protection.

CN122241685APending Publication Date: 2026-06-19BEIJING CREDIBLE HUATAI TECHNICAL SERVICE CO LTD +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIJING CREDIBLE HUATAI TECHNICAL SERVICE CO LTD
Filing Date
2026-04-10
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

In existing trusted computing, manual configuration of measurement strategies is prone to object omissions and lacks adaptive adjustment capabilities, resulting in insufficient flexibility and intelligence, and failing to achieve fine-grained security levels and resource balance.

Method used

By working collaboratively between the terminal and the management end, and utilizing the policy generation layer and the metric policy vector database, the system automatically generates initial metric policies, identifies and merges policy items, generates target metric policies, and achieves automated and reliable policy generation and optimization.

Benefits of technology

It enables the automated generation and optimization of trusted policies, improves the accuracy and adaptability of policies in complex business scenarios, ensures full-coverage trusted protection, and enhances the ability to resist attacks.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122241685A_ABST
    Figure CN122241685A_ABST
Patent Text Reader

Abstract

This invention discloses a method, apparatus, electronic device, and program product for generating a measurement strategy, relating to the fields of artificial intelligence and trusted computing technologies. The generation method includes: receiving an operation request, wherein the operation request carries data, including at least historical measurement information; processing the data and historical measurement information through a strategy generation layer of a terminal to obtain an initial measurement strategy; analyzing the initial measurement strategy through a management terminal to obtain an analysis result, wherein the management terminal stores a measurement strategy vector database, and the analysis result is obtained by comparing the initial measurement strategy with historical strategy vectors in the measurement strategy vector database, and the analysis result includes at least multiple strategy items; and fusing the multiple strategy items to obtain a target measurement strategy. This invention solves the technical problems in related technologies where manually configuring measurement strategies easily leads to the omission of measurement objects and the measurement strategy lacks adaptive adjustment capabilities.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the fields of artificial intelligence and trusted computing technology, and more specifically, to a method, apparatus, electronic device, and program product for generating a metric strategy. Background Technology

[0002] With the rapid development and widespread application of artificial intelligence technology, cyberspace is facing unprecedented and severe security challenges. Trusted computing technology, as the foundation for building an active defense system, is becoming increasingly important. However, in the current trusted computing practice, it still mainly relies on manual configuration of trusted policies. This model gradually exposes its lack of flexibility and intelligence when facing complex and ever-changing business scenarios, rapidly iterating application environments, and intelligent attack methods: (1) It is difficult to accurately control the coverage of measurement objects. In the process of application operation, especially in business scenarios with dynamic changes in behavior, the number of measurement objects that need to be checked is huge and the relationships are complex. Manually configured policies cannot exhaust all possible abnormal behavior paths, and measurement objects are easily missed, resulting in malicious behavior bypassing the verification of trusted measurement. (2) Policy updates lag behind the evolution of application behavior. Application version iteration, business logic adjustment, and changes in the operating environment will all lead to dynamic changes in application behavior. However, the manually maintained trusted policy library cannot achieve real-time synchronous updates, which easily leads to the problem of legitimate business behavior being mistakenly intercepted and malicious abnormal behavior being missed. (3) The measurement mechanism lacks adaptive adjustment capabilities. Current measurement strategies generally adopt a one-size-fits-all static configuration, performing measurement operations with the same frequency and depth regardless of the application process's runtime, historical security records, or business importance. This not only causes unnecessary system resource consumption and increases the performance loss of business operations, but also fails to achieve dynamic load reduction for long-term stable trusted processes, lacking a fine-grained balance between measurement efficiency and security level.

[0003] There is currently no effective solution to the above problems. Summary of the Invention

[0004] This invention provides a method, apparatus, electronic device, and program product for generating a measurement strategy, to at least solve the technical problems in related technologies where manually configuring measurement strategies easily leads to the omission of measurement objects and the measurement strategy lacks adaptive adjustment capabilities.

[0005] According to one aspect of the embodiments of this application, a method for generating a measurement strategy is provided, applied to a measurement strategy generation system. The measurement strategy generation system includes a terminal and a management terminal. The generation method includes: receiving an operation request, wherein the operation request carries data, the data including at least historical measurement information; processing the data and historical measurement information through a strategy generation layer of the terminal to obtain an initial measurement strategy; analyzing the initial measurement strategy through the management terminal to obtain an analysis result, wherein the management terminal stores a measurement strategy vector database, and the analysis result is obtained by comparing the initial measurement strategy with historical strategy vectors in the measurement strategy vector database, the analysis result including at least multiple strategy items; and fusing the multiple strategy items to obtain a target measurement strategy.

[0006] Furthermore, the data also includes: the object to be measured, the operations performed on the object to be measured, and the steps of processing the data and historical measurement information through the terminal's policy generation layer to obtain the initial measurement policy, including: verifying the identity of the object to be measured; if the identity verification of the object to be measured is successful, identifying the identity type of the object to be measured, and obtaining the historical behavior data and permission level of the object to be measured; constructing a profile of the object to be measured based on the identity type, historical behavior data, and permission level; parsing the operations and historical measurement information to obtain parsed data, wherein the parsed data includes at least: the sub-objects to be measured associated with the operation; determining the system resources occupied by the operation; determining the target security level of the object to be measured based on preset security classification rules, and determining the list of objects to be measured based on the target security level and the sub-objects to be measured; and generating the initial measurement policy based on the object profile, operations, system resources, and object list.

[0007] Furthermore, the steps for analyzing the initial measurement strategy through the management terminal to obtain the analysis results include: concatenating multiple preset fields in the initial measurement strategy to obtain concatenated text; vectorizing the concatenated text to obtain semantic vectors; searching in the measurement strategy vector database based on the semantic vectors to obtain multiple historical strategy vectors; and comparing the semantic vectors with the multiple historical strategy vectors to obtain the analysis results.

[0008] Further, the step of comparing the semantic vector with multiple historical policy vectors to obtain the analysis results includes: determining the historical policy corresponding to each historical policy vector and determining the initial measurement policy corresponding to the semantic vector; for each historical policy, comparing the initial measurement policy with the historical policy field by field to obtain multiple policy items, wherein the policy items include at least: identical items, missing items, added items, and conflicting items; identical items are fields that exist in both the initial measurement policy and the historical policy; missing items are fields that do not exist in the initial measurement policy but exist in the historical policy; added items are fields that exist in the initial measurement policy but do not exist in the historical policy; conflicting items are fields that conflict between the initial measurement policy and the historical policy.

[0009] Further, the steps of fusing multiple strategy items to obtain the target measurement strategy include: determining the operational scenario of the object to be measured; for each missing item, based on the operational scenario and the target security level of the object to be measured, determining whether to mark the missing item, and if the missing item is marked, taking the missing item as the first target item; determining multiple scoring dimensions and assigning preset weights to each scoring dimension; constructing a scoring function based on all scoring dimensions and all preset weights, wherein the scoring function is used to calculate the score of the added item; for each added item, taking the added item as the second target item if the score is greater than a preset scoring threshold; for each conflicting item, taking the conflicting item that satisfies the preset rules as the third target item; and determining the target measurement strategy based on all identical items, all first target items, all second target items, and all third target items.

[0010] Furthermore, the target measurement strategy includes at least: the object to be measured. After fusing multiple strategy items to obtain the target measurement strategy, it also includes: obtaining the baseline measurement value of the object to be measured; constructing a preset multi-dimensional evaluation model based on a preset time decay coefficient, anomaly measurement score, the weight of the preset time decay coefficient, and the weight of the anomaly measurement score, wherein the anomaly measurement score is obtained by statistically analyzing the historical measurement results of the object to be measured within a preset statistical period; and calculating the evaluation score of the baseline measurement value based on the preset multi-dimensional evaluation model.

[0011] Furthermore, after calculating the evaluation score of the benchmark metric based on the preset multi-dimensional evaluation model, the method further includes: associating the benchmark metric with the target metric strategy if the evaluation score is greater than or equal to a preset evaluation score threshold; sending the associated benchmark metric and target metric strategy to the terminal, wherein the terminal obtains the execution result by executing the target metric strategy; and updating the metric strategy vector database based on the execution result.

[0012] According to another aspect of the embodiments of this application, a measurement strategy generation apparatus is also provided. The measurement strategy generation system includes a terminal and a management terminal. The generation apparatus includes: a receiving unit for receiving an operation request, wherein the operation request carries data, and the data includes at least historical measurement information; a processing unit for processing the data and historical measurement information through the strategy generation layer of the terminal to obtain an initial measurement strategy; an analysis unit for analyzing the initial measurement strategy through the management terminal to obtain an analysis result, wherein the management terminal stores a measurement strategy vector database, and the analysis result is obtained by comparing the initial measurement strategy with historical strategy vectors in the measurement strategy vector database, and the analysis result includes at least multiple strategy items; and a fusion unit for fusing the multiple strategy items to obtain a target measurement strategy.

[0013] Furthermore, the data also includes: the object to be measured and the operations performed on the object to be measured. The processing unit includes: a first verification module, used to verify the identity of the object to be measured, identify the identity type of the object to be measured if the identity verification of the object to be measured is successful, and obtain the historical behavior data and permission level of the object to be measured; a first construction module, used to construct a profile of the object to be measured based on the identity type, historical behavior data and permission level; a first parsing module, used to parse the operations and historical measurement information to obtain parsed data, wherein the parsed data includes at least: the sub-objects to be measured associated with the operations; a first determination module, used to determine the system resources occupied by the operations; a second determination module, used to determine the target security level of the object to be measured based on preset security classification rules, and determine the list of objects to be measured based on the target security level and the sub-objects to be measured; and a first generation module, used to generate an initial measurement strategy based on the profile of the object to be measured, the operations, the system resources and the list of objects.

[0014] Furthermore, the analysis unit includes: a first concatenation module, used to concatenate multiple preset fields in the initial measurement strategy to obtain concatenated text; a first vectorization module, used to vectorize the concatenated text to obtain semantic vectors; a first search module, used to search in the measurement strategy vector database based on the semantic vectors to obtain multiple historical strategy vectors; and a first comparison module, used to compare the semantic vectors with the multiple historical strategy vectors to obtain analysis results.

[0015] Further, the first comparison module includes: a first determination submodule, used to determine the historical strategy corresponding to each historical strategy vector, and to determine the initial measurement strategy corresponding to the semantic vector; the first comparison submodule is used to compare the initial measurement strategy with the historical strategy field by field for each historical strategy to obtain multiple strategy items, wherein the strategy items include at least: identical items, missing items, added items, and conflicting items; identical items are fields that exist simultaneously in the initial measurement strategy and the historical strategy; missing items are fields that do not exist in the initial measurement strategy but exist in the historical strategy; added items are fields that exist in the initial measurement strategy but do not exist in the historical strategy; conflicting items are fields that conflict between the initial measurement strategy and the historical strategy.

[0016] Furthermore, the fusion unit includes: a third determining module for determining the operational scenario of the object to be measured; a first judging module for determining whether to mark the missing item for each missing item based on the operational scenario and the target security level of the object to be measured, and if the missing item is marked, it is used as the first target item; a fourth determining module for determining multiple scoring dimensions and assigning preset weights to each scoring dimension; a second construction module for constructing a scoring function based on all scoring dimensions and all preset weights, wherein the scoring function is used to calculate the score of the added item; a first processing module for using the added item as the second target item if the score is greater than a preset scoring threshold for each added item; a second processing module for using the conflicting item that satisfies preset rules as the third target item for each conflicting item; and a fifth determining module for determining the target measurement strategy based on all identical items, all first target items, all second target items, and all third target items.

[0017] Furthermore, the target measurement strategy includes at least: the object to be measured, and the measurement strategy generation device includes: a first acquisition module, used to acquire the benchmark measurement value of the object to be measured after fusing multiple strategy items to obtain the target measurement strategy; a third construction module, used to construct a preset multi-dimensional evaluation model based on a preset time decay coefficient, anomaly measurement score, the weight of the preset time decay coefficient, and the weight of the anomaly measurement score, wherein the anomaly measurement score is obtained by statistically analyzing the historical measurement results of the object to be measured within a preset statistical period; and a first calculation module, used to calculate the evaluation score of the benchmark measurement value based on the preset multi-dimensional evaluation model.

[0018] Furthermore, the device for generating the measurement strategy also includes: a first association module, used to associate the benchmark measurement value with the target measurement strategy after calculating the evaluation score of the benchmark measurement value based on the preset multi-dimensional evaluation model, provided that the evaluation score is greater than or equal to the preset evaluation score threshold; a first sending module, used to send the associated benchmark measurement value and the target measurement strategy to the terminal, wherein the terminal obtains the execution result by executing the target measurement strategy; and a first updating module, used to update the measurement strategy vector database based on the execution result.

[0019] According to another aspect of the embodiments of this application, a computer program product is also provided, including a non-volatile computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the generation method of any of the above-described measurement strategies.

[0020] According to another aspect of the embodiments of this application, an electronic device is also provided, including one or more processors and a memory, the memory being used to store one or more programs, wherein when the one or more programs are executed by one or more processors, the one or more processors cause the one or more processors to implement the generation method of any of the above-described metric strategies.

[0021] In this invention, an operation request is received, wherein the operation request carries data, including at least historical measurement information; the data and historical measurement information are processed by the policy generation layer of the terminal to obtain an initial measurement policy; the initial measurement policy is analyzed by the management terminal to obtain an analysis result, wherein the management terminal stores a measurement policy vector database, and the analysis result is obtained by comparing the initial measurement policy with the historical policy vectors in the measurement policy vector database, and the analysis result includes at least multiple policy items; the multiple policy items are fused to obtain a target measurement policy, which solves the technical problems in related technologies where manual configuration of measurement policies is prone to omission of measurement objects and the measurement policy lacks adaptive adjustment capabilities.

[0022] In this invention, an operation request is first received from the terminal. This request carries multi-dimensional data including information about the current object to be measured, the operation to be performed on the object, and historical measurement information. Then, the terminal's policy generation layer uses this data and a lightweight language model to perform semantic parsing and intent inference, automatically generating an initial measurement policy that conforms to the current operating scenario. Subsequently, this initial measurement policy is uploaded to the management terminal. The management terminal uses a built-in measurement policy vector database to convert the initial measurement policy into a semantic vector and performs semantic similarity matching and structured comparison with the massive historical policy vectors stored therein. This identifies multiple types of policy items, such as identical items, missing items, added items, and conflicting items. Through preset rules, each policy item is intelligently decided and its confidence is evaluated. This dynamically completes missing items, filters high-confidence added items, and resolves rule conflicts, ultimately generating the optimal target measurement policy. This achieves automated generation, matching, optimization, and execution of trusted policies without human intervention throughout the entire process. While ensuring full coverage of trusted basic measurement objects, it also improves the accuracy, adaptability, and anti-attack capability of trusted policies in complex business scenarios. Attached Figure Description

[0023] The accompanying drawings, which are included to provide a further understanding of the invention and form part of this invention, illustrate exemplary embodiments of the invention and are used to explain the invention, but do not constitute an undue limitation of the invention. In the drawings:

[0024] Figure 1 A hardware structure block diagram of a computer terminal (or mobile device) for implementing a method for generating metric strategies is shown.

[0025] Figure 2 This is a flowchart of the method for generating the measurement strategy according to Embodiment 1 of this application;

[0026] Figure 3 This is an architecture diagram of a trusted policy automated generation system according to an embodiment of this application;

[0027] Figure 4 This is a flowchart illustrating the generation and optimization of an initial strategy according to an embodiment of this application;

[0028] Figure 5 This is a flowchart of an optimization initial strategy according to an embodiment of this application;

[0029] Figure 6 This is a schematic diagram of an apparatus for generating an optional measurement strategy according to an embodiment of this application;

[0030] Figure 7 This is a structural block diagram of an electronic device according to an embodiment of this application. Detailed Implementation

[0031] To enable those skilled in the art to better understand the present invention, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort should fall within the scope of protection of the present invention.

[0032] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this invention are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of the invention described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0033] It should be noted that all relevant information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, stored data, and displayed data) collected and involved in this invention are information and data authorized by the user or fully authorized by all parties. Furthermore, the collection, storage, use, processing, transmission, provision, disclosure, and application of this data comply with the relevant laws, regulations, and standards of the relevant regions, do not violate public order and good morals, and provide corresponding operation entry points for users to choose to authorize or refuse. For example, this system has an interface with relevant users or organizations. Before obtaining relevant information, a request to obtain the information needs to be sent to the aforementioned user or organization through the interface. After receiving consent from the aforementioned user or organization, the relevant information is obtained. If the user chooses to refuse, the process enters the expert decision-making process.

[0034] In this invention, a collaborative architecture of a dual vector library of policy and benchmark is constructed. Through semantic retrieval, historical security experience and compliance knowledge are injected into the entire policy generation process, automatically identifying policy omissions, redundancies, and conflicts, which greatly improves the accuracy and traceability of policies. At the same time, a mechanism for obtaining multi-source benchmark values ​​and quantifying effectiveness evaluation is established to generate a final trusted policy containing the objects to be measured and newly added measurement objects, which is then simultaneously distributed to the terminal. The terminal side collects the feature information of the specified objects according to the final trusted policy, performs trusted measurement and behavior control, and feeds back the policy execution effect and measurement results to the management end, realizing continuous iterative optimization of policy generation capabilities.

[0035] The present invention will now be described in detail with reference to various embodiments.

[0036] Example 1

[0037] According to an embodiment of this application, an embodiment of a method for generating a measurement strategy is also provided. It should be noted that the steps shown in the flowchart in the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions. Furthermore, although a logical order is shown in the flowchart, in some cases, the steps shown or described may be executed in a different order than that shown here.

[0038] The method embodiment provided in Embodiment 1 of this application can be executed on a mobile terminal, computer terminal, or similar computing device. Figure 1 A hardware block diagram of a computer terminal (or mobile device) for implementing a method for generating metric strategies is shown. Figure 1 As shown, computer terminal 10 (or mobile device) may include one or more ( Figure 1 The processor 102 (which may include, but is not limited to, a microprocessor MCU or a programmable logic device FPGA, etc.), a memory 104 for storing data, and a transmission device 106 for communication functions may also be included. In addition, it may include: a display, a keyboard, a cursor control device, an input / output interface (I / O interface), a universal serial bus (USB) port (which may be included as one of the ports of a BUS bus), a network interface, a power supply, and / or a camera, wherein the network interface can be connected to wired and / or wireless networks. Those skilled in the art will understand that... Figure 1 The structure shown is for illustrative purposes only and does not limit the structure of the aforementioned electronic device. For example, computer terminal 10 may also include... Figure 1 The more or fewer components shown, or having the same Figure 1 The different configurations shown.

[0039] It should be noted that the aforementioned one or more processors 102 and / or other data processing circuits are generally referred to herein as "data processing circuits". These data processing circuits may be embodied, in whole or in part, in software, hardware, firmware, or any other combination thereof. Furthermore, the data processing circuits may be a single, independent processing module, or may be integrated, in whole or in part, into any other element within the computer terminal 10 (or mobile device). As involved in the embodiments of this application, the data processing circuits serve as a processor control mechanism (e.g., selection of a variable resistor termination path connected to an interface).

[0040] The memory 104 can be used to store software programs and modules of application software, such as the program instructions / data storage device corresponding to the measurement strategy generation method in this embodiment. The processor 102 executes various functional applications and data processing by running the software programs and modules stored in the memory 104, thereby implementing the aforementioned measurement strategy generation method. The memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 104 may further include memory remotely located relative to the processor 102, and these remote memories can be connected to the computer terminal 10 via a network. Examples of such networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.

[0041] The transmission device 106 is used to receive or send data via a network. Specific examples of the network described above may include a wireless network provided by the communication provider of the computer terminal 10. In one example, the transmission device 106 includes a Network Interface Controller (NIC), which can connect to other network devices via a base station to communicate with the Internet. In another example, the transmission device 106 may be a Radio Frequency (RF) module, used for wireless communication with the Internet.

[0042] The display may be, for example, a touchscreen liquid crystal display (LCD) that allows the user to interact with the user interface of the computer terminal 10 (or mobile device).

[0043] Under the aforementioned operating environment, this application provides the following: Figure 2 The method for generating the metric strategy is shown. Figure 2 This is a flowchart of the method for generating the measurement strategy according to Embodiment 1 of this application, as follows: Figure 2 As shown, the method includes the following steps:

[0044] Step S201: Receive an operation request, wherein the operation request carries data, and the data includes at least historical measurement information.

[0045] Optionally, the metric policy generation method can be applied to a metric policy generation system, which includes a terminal and a management terminal, such as... Figure 3 As shown, Figure 3This is an architecture diagram of an automated trusted policy generation system according to an embodiment of this application. The system as a whole can adopt a four-layer (policy generation layer, knowledge management layer, decision-making layer, and measurement execution layer) two-domain (terminal and management end) architecture, with the layers ordered according to the actual business execution process. The policy generation layer runs on the terminal side and mainly consists of a policy agent (lightweight intelligent agent program), including four main modules: perception module, decision-making module, execution module, and local optimizer. The policy agent can complete multi-dimensional profiling of the subject and deep analysis of operational semantics based on the terminal's trusted measurement data, and dynamically generate standardized initial trusted policies. The knowledge management layer runs on the management end side and mainly includes a policy RAG (Retrieval-Augmented Generation) vector library, a benchmark RAG vector library, and a typical security case library. It is mainly responsible for the structured storage of all historical trusted policies, multi-source trusted benchmark values, and typical security judgment cases, providing retrieval enhancement and prior knowledge support for policy optimization. The decision-making process operates on the management side, primarily comprising a vectorized retrieval module, a difference analysis engine, a policy fusion decision-maker, a confidence calculation engine, and a benchmark management module. Based on RAG knowledge, the decision-making layer optimizes, verifies, and finalizes the initial policy, simultaneously generating, verifying, and managing the trusted benchmark values ​​for the corresponding measurement objects. The measurement execution layer operates on the terminal side, including TPCM (Trusted Platform Control Module) and a trusted agent. The trusted agent mainly relies on TPCM to execute trusted policies, performing trusted measurements on the application and runtime environment, and feeding back the policy execution results to the policy agent. This feedback drives the optimization of the trusted measurement policy, leading to more accurate trusted measurements in the next round based on the optimized policy execution.

[0046] The strategy generation layer is responsible for transforming the original operation requests from the terminal's subject (i.e., the object to be measured) into standardized, structured, and trustworthy initial strategies. Through a strategy agent running on the terminal, it performs real-time perception and deep understanding of the subject, operation, object (i.e., the sub-object to be measured), and terminal environment, dynamically determining the measurement objects and benchmark requirements for each trust judgment, providing an intelligent foundation for subsequent measurement execution and judgment decisions. The strategy generation layer consists of four modules and their functions: Perception Module: Receives basic trustworthy measurement information from the measurement execution layer, collects and extracts contextual information such as subject identity, digital certificate, historical behavior records, permission level, operation type, call parameters, and execution chain, completing the construction of the subject profile and the initial extraction of operation semantics. Decision Module: Deeply integrates and understands the subject profile and operation semantics through a language model, completing operation intent inference, sensitivity classification, and impact scope assessment. Combined with preset dynamic classification rules, it intelligently selects the object and environment to be measured, forming the logical framework of the initial strategy. Execution Module: Transforms the logical structure output by the decision module into an initial trustworthy strategy conforming to the trusted computing standard format and synchronously transmits it to the knowledge management layer of the management terminal. Local optimizer: Receives policy optimization results from the management end and execution feedback from the trusted agent on the terminal, learns and updates local model parameters, enabling the policy agent's decision-making capabilities to continuously evolve.

[0047] The functions of each module in the knowledge management layer are as follows: **Policy RAG Vector Library:** This library uses a structured vector database to store all historical trusted policies. Policies are vectorized and encoded, supporting semantic similarity-based retrieval. It provides a mature historical policy reference for optimizing new policies, enabling the reuse of security experience. **Benchmark RAG Vector Library:** This library stores multi-source trusted benchmark values ​​and their corresponding effectiveness evaluation records and version history. It supports rapid association retrieval with policy measurement objects, providing benchmark value matching support for policy optimization. **Typical Security Case Library:** This library records various typical security judgment cases, including abnormal behavior characteristics, policy handling methods, and defense effects. It provides scenario-based references for large-scale model decisions at the management end, improving the rationality of policy optimization and its anti-attack capabilities.

[0048] The functions of each module in the decision-making layer are as follows: Vectorized Retrieval Module: Converts the initial strategy into a semantic vector, performs similarity retrieval in the strategy RAG vector library, and recalls multiple historical trusted strategies matching the current scenario, providing a reference for strategy optimization. Difference Analysis Engine: Performs a structured comparison between the initial strategy uploaded by the terminal and each historical trusted strategy recalled, accurately identifying common, missing, added, and conflicting items, clarifying the core direction of strategy optimization. Strategy Fusion Decision Maker: Based on preset fusion rules, combined with the large model of the management end and reference information from the typical security case library, it automatically processes differences and generates optimized trusted strategies. Confidence Calculation Engine: Based on multi-dimensional data such as historical similarity, operational context, subject security level, and typical case matching degree, it scores the confidence of newly added and supplementary metrics, providing a quantitative basis for strategy decision-making. Benchmark Value Management Module: Provides full-process benchmark value management support for all metrics in the optimized final trusted strategy, including multi-source benchmark value acquisition, effectiveness quantitative evaluation, structured storage and synchronization, ensuring that each metric has a reliable trusted benchmark value as a comparison basis.

[0049] In this embodiment of the invention, the operation request is a structured information carrier submitted by the terminal to the policy generation layer. It not only carries the data of the current operation, but also includes historical measurement information. Historical measurement information refers to the records collected and generated by the trusted measurement system for the subject (such as a process, service, or application) over a period of time (such as 30 calendar days) (i.e., the measurement information of the subject obtained from the trusted measurement report), including the characteristic value changes of the objects it accesses (such as files, registry, ports), the number of abnormal events, policy execution feedback, etc.

[0050] Step S202: The terminal's policy generation layer processes the data and historical measurement information to obtain the initial measurement policy.

[0051] Optionally, the policy generation layer is a lightweight intelligent agent module deployed on the terminal side. Its function is to perform local semantic understanding and dynamic decision-making based on the received operation request and its historical measurement information, and output an initial measurement policy that conforms to the trusted computing standard format.

[0052] In this embodiment of the invention, after completing the trust measurement based on TPCM, a trust measurement report can be obtained. The terminal trust agent software sends the historical measurement information (information in the trust measurement report) and operation request to the policy agent. The policy generation layer is responsible for transforming the terminal's original operation request into a standardized structured trust measurement initial policy. Through the policy agent running on the terminal, it performs real-time perception and deep understanding of the subject (i.e., the object to be measured), operation (i.e., the operation performed on the subject), object (i.e., the sub-object to be measured associated with the operation), and terminal environment, dynamically determining the measurement object and benchmark requirements required for each trust determination, providing an intelligent foundation for subsequent measurement execution and judgment decision.

[0053] Step S203: Analyze the initial measurement strategy through the management terminal to obtain the analysis results. The management terminal stores a measurement strategy vector database. The analysis results are obtained by comparing the initial measurement strategy with the historical strategy vectors in the measurement strategy vector database. The analysis results include at least multiple strategy items.

[0054] In this embodiment of the invention, the measurement strategy vector database stored in the management terminal, namely the strategy RAG vector library, is a semantic database that structurally stores historically effective reliable measurement strategies using vectorization encoding technology. Each strategy is converted into a high-dimensional semantic vector, which can be quickly retrieved based on semantic similarity. The management terminal converts the initial measurement strategy into a semantic vector using a semantic encoding model and retrieves the most similar historical strategy from the strategy RAG vector library, obtaining multiple historical strategies with high similarity (e.g., similarity threshold > 0.85). Subsequently, the initial strategy is compared with each historical strategy in a field-by-field structured manner to identify multiple strategy items, including: common items (both the initial strategy and the historical strategy exist and are effective), missing items (included in the historical strategy but missing in the initial strategy), added items (included in the initial strategy but not mentioned in the historical strategy), and conflicting items (inconsistent benchmark values ​​or execution rules).

[0055] Step S204: Merge multiple policy items to obtain the target measurement policy.

[0056] In this embodiment of the invention, these strategy items can be intelligently decided and integrated based on preset automated rules and confidence assessment mechanisms to ultimately generate a target measurement strategy.

[0057] In summary, the terminal-side policy agent dynamically constructs a subject profile based on the operation request and its carried historical measurement information, accurately generating a scenario-based initial measurement policy. The management end utilizes the policy RAG vector library to perform semantic retrieval and structured comparison of the initial policy, automatically identifying missing or added policy items, and intelligently completing missing items and filtering redundant items by combining confidence assessment and fusion rules, outputting an executable target measurement policy. This achieves a dynamic and trustworthy protection system that is comprehensive, accurately adapted, and fast-responding, thereby solving the technical problems in related technologies where manual configuration of measurement policies is prone to omission of measurement objects and lack of adaptive adjustment capabilities of measurement policies.

[0058] The data also includes: the object to be measured and the operations performed on the object to be measured. In order to generate a refined and context-aware initial measurement strategy, in the measurement strategy generation method provided in Embodiment 1 of this application, the identity of the object to be measured is verified. If the identity verification of the object to be measured is passed, the identity type of the object to be measured is identified, and the historical behavior data and permission level of the object to be measured are obtained. Based on the identity type, historical behavior data, and permission level, a profile of the object to be measured is constructed. The operations and historical measurement information are parsed to obtain parsed data, wherein the parsed data includes at least: the sub-objects to be measured associated with the operation; the system resources occupied by the operation are determined; the target security level of the object to be measured is determined based on the preset security classification rules, and the list of objects to be measured is determined based on the target security level and the sub-objects to be measured; and an initial measurement strategy is generated based on the profile of the object to be measured, the operation, the system resources, and the list of objects.

[0059] Optionally, the data may also include: the object to be measured (e.g., the process FinanceApp.exe), the operations performed on that object (e.g., reading a configuration file), and the verification of the signature and validity period of the digital certificate of the object to be measured (i.e., the subject). Subsequent processing will only continue if the authentication is successful.

[0060] In this embodiment of the invention, the subject type (i.e., identity type, such as the subject being a system core process, system service, business application, third-party program, etc.) can be identified, and the subject's historical behavior records (such as historical trust scores, abnormal event records, number of violations, etc.) can be queried. The subject's system permission level can also be extracted to complete the construction of a full-dimensional profile of the subject.

[0061] It can parse the core information of the operation performed on the subject, including the operation type (e.g., read, write, execute, network access, permission request, configuration modification, etc.), input parameters, call chain, and associated object information (i.e., the sub-objects to be measured associated with the operation; for example, the operation of reading a configuration file may involve accessing multiple sub-files, and the sub-files are the sub-objects to be measured). It can also determine the system resources affected by this operation, including associated files, processes, network ports, system configurations, memory space, etc., and clarify the potential impact boundary of the operation.

[0062] The system pre-defines security classification rules, which are based on subject type (such as process, service, application), permissions, history, and digital certificate trustworthiness, and pre-classifies five security levels (EL5-EL1). Based on these rules, the target security level of the object to be measured is determined. Furthermore, the final list of objects to be measured can be determined based on the target security level of the object and the operations performed. For example, high-security-level subjects (EL4-EL5) + highly sensitive operations: perform full-chain measurement, covering all objects and operating environments associated with the subject throughout its lifecycle; medium-security-level subjects (EL2-EL3) + medium-low sensitive operations: perform core item measurement, covering key associated objects and core operating environments; low-security-level subjects (EL1) + low-sensitive operations: perform sampling measurement, covering high-risk objects.

[0063] Optionally, the true business intent of an operation can be inferred based on a lightweight model (e.g., a lightweight large language model). This can be used to distinguish whether "obtaining device information" is a normal operation or a malicious information theft, and to accurately classify the sensitivity level of the operation (4 levels: low, medium, high, and extremely high).

[0064] The above-mentioned object profiles, subject information, operation information, system resources, and object list are organized into a logical structure and transformed into a structured initial measurement strategy that conforms to the trusted computing standard. The initial measurement strategy may include the following key fields: unique policy identifier, subject description, operation information, measurement target list (object + environment), benchmark requirements, execution cycle, and security level. After completion, the output is encrypted and sent to the knowledge management layer of the management terminal. Correspondingly, the knowledge management layer needs to decrypt it before it can be processed.

[0065] Figure 4 This is a flowchart illustrating the generation and optimization of an initial strategy according to an embodiment of this application, such as... Figure 4As shown, in the perception phase, the trusted agent sends TPCM measurement information and subject operation requests to the policy agent. The policy agent's perception module constructs a multi-dimensional profile of the subject and captures and parses the operations. In the decision-making phase, the decision-making module deeply understands the semantics of the operations, performing intent inference and sensitivity classification. Based on the subject's security level and operation sensitivity, the following internal logical structures are generated: high level + high sensitivity, medium level + medium sensitivity, low level + low sensitivity. High level + high sensitivity undergoes full measurement, medium level + medium sensitivity undergoes core item (customizable) measurement, and low level + low sensitivity undergoes sampling measurement, thus generating the initial policy's internal logical structure. In the execution phase, the logical structure is transformed into the initial policy and encrypted before being uploaded to the management-side knowledge management layer. In the learning phase, the policy agent continuously receives policy optimization results from the management side and policy execution feedback from the terminal's trusted agent. It updates the model's decision parameters through a local optimizer, continuously optimizing subsequent policy generation logic to improve policy accuracy, coverage, and execution efficiency, achieving local self-learning evolution on the terminal side.

[0066] By creating a multi-dimensional profile of the subject based on identity, historical behavior, and permission level, and combining this with operational intent inference, sensitivity classification, and impact scope assessment, dynamic and intelligent selection of measurement objects is achieved. At the same time, hierarchical and dynamically adjusted measurement rules are established, and differentiated measurement strategies are executed for subjects with different security levels and operations with different sensitivity levels. This not only solves the problem of easy omissions in manual configuration and achieves full coverage of measurement objects, but also avoids the waste of resources by applying a one-size-fits-all approach, achieving a fine balance between security protection level and system resource consumption.

[0067] In order to obtain accurate analysis results, in the method for generating measurement strategies provided in Embodiment 1 of this application, multiple preset fields in the initial measurement strategy are concatenated to obtain concatenated text; the concatenated text is vectorized to obtain semantic vectors; based on the semantic vectors, a search is performed in the measurement strategy vector database to obtain multiple historical strategy vectors; the semantic vectors are compared with the multiple historical strategy vectors to obtain analysis results.

[0068] In this embodiment of the invention, the key fields of the initial measurement strategy (i.e., preset fields, such as subject type, operation type, measurement object characteristics, and security level) are concatenated into natural language description text. A fixed-dimensional semantic vector of the natural language description text can be generated using a semantic encoding model on the management end (such as BERT (Bidirectional Encoder Representations from Transformers)). In the policy RAG vector library storing all historical trusted policies, a search is performed based on semantic similarity. A similarity threshold > 0.85 can be set to obtain the top K historical trusted policy vectors with the highest similarity, i.e., the historical policy vectors. The initial measurement strategy can then be compared with the top K historical trusted policy vectors with the highest similarity to obtain the analysis results.

[0069] To improve the accuracy of the analysis results, in the method for generating measurement strategies provided in Embodiment 1 of this application, the historical strategy corresponding to each historical strategy vector is determined, and the initial measurement strategy corresponding to the semantic vector is determined. For each historical strategy, the initial measurement strategy and the historical strategy are compared field by field to obtain multiple strategy items. The strategy items include at least: identical items, missing items, added items, and conflicting items. Identical items are fields that exist in both the initial measurement strategy and the historical strategy. Missing items are fields that do not exist in the initial measurement strategy but exist in the historical strategy. Added items are fields that exist in the initial measurement strategy but do not exist in the historical strategy. Conflicting items are fields that conflict between the initial measurement strategy and the historical strategy.

[0070] Optionally, the historical strategy corresponding to each historical strategy vector is first determined. Simultaneously, the initial measurement strategy corresponding to the semantic vector is clarified. Each field in the initial measurement strategy (such as subject, operation, measurement target, benchmark value, execution cycle, etc.) is precisely matched with the corresponding field in the historical strategy, thereby identifying four types of strategy items: identical items, missing items, added items, and conflicting items. Identical items are fields present in both the initial and historical strategies; missing items are fields not present in the initial measurement strategy but present in the historical strategy; added items are fields present in the initial measurement strategy but not in the historical strategy; conflicting items are words that conflict between the initial and historical strategies, meaning that the same conflicting item has contradictions in benchmark requirements, execution cycles, and verification rules in both the initial and historical strategies. Through field-by-field structured comparison, a refined diagnosis of the initial strategy is achieved, accurately identifying the four types of problems: missing, added, identical, and conflicting, thus improving the completeness of strategy generation.

[0071] To accurately determine the target measurement strategy, the measurement strategy generation method provided in Embodiment 1 of this application determines the operation scenario of the object to be measured; for each missing item, based on the operation scenario and the target security level of the object to be measured, it is determined whether to mark the missing item; if the missing item is marked, it is used as the first target item; multiple scoring dimensions are determined, and preset weights are assigned to each scoring dimension; a scoring function is constructed based on all scoring dimensions and all preset weights, wherein the scoring function is used to calculate the score of the added item; for each added item, if the score is greater than a preset scoring threshold, the added item is used as the second target item; for each conflicting item, the conflicting item that satisfies the preset rules is used as the third target item; and the target measurement strategy is determined based on all identical items, all first target items, all second target items, and all third target items.

[0072] In this embodiment of the invention, when optimizing the initial measurement strategy on the management end, the operational scenario of the object to be measured is first determined, that is, the specific business context in which the object exists, such as "financial system process reading configuration file" or "service accessing database connection string". Through the language model of the management end, combined with the operational scenario and the security level of the subject, it can automatically decide whether to mark the missing item to be included in the target measurement strategy. For example, when the object to be measured is EL4 level and its operational scenario is that the financial system process reads a sensitive configuration file, the system finds that its missing item is the verification registry. This registry item has been used to prevent ransomware from starting up in the historical security case library. Therefore, the system judges that the missing item has key protection value, marks it as the first target item, and includes it in the target measurement strategy.

[0073] For each addition, a confidence score is quantified using a confidence calculation engine. The full confidence score is 1.0, and the threshold is set to 0.9. Additions with high confidence (score ≥ 0.9, i.e., score greater than the preset score threshold) are designated as secondary target items and directly incorporated into the target measurement strategy. Additions with low confidence (score < 0.9) are marked as items to be reviewed and submitted for manual review.

[0074] Optionally, the specific calculation steps for the confidence score are as follows:

[0075] Four scoring dimensions can be selected: subject security level matching degree (A), operation scenario historical similarity (B), measurement item historical validity (C), and terminal environment adaptability (D). The preset weight allocation is as follows: subject security level matching degree 0.3, operation scenario historical similarity 0.3, measurement item historical validity 0.2, and terminal environment adaptability 0.2.

[0076] The confidence score is calculated as follows: A×0.3 + B×0.3 + C×0.2 + D×0.2, which is the scoring function. The subject security level matching score is assigned based on the matching degree between the additional metric and the subject's EL level protection requirements: 1.0 for a perfect match, 0.5-0.9 for a partial match, and 0-0.4 for a no match. The historical similarity score of the operational scenario is assigned based on the reuse rate of additional metrics for similar scenarios in the policy RAG vector library: 1.0 for a reuse rate ≥80%, and 0.0 for 50%-80%. 0% is 0.5-0.9, <50% is 0-0.4. The value of the historical validity of the metric can be assigned based on the anomaly detection rate and false judgment rate of the same type of metric in history. Both ≥90% is 1.0, 70%-90% is 0.5-0.9, and <70% is 0-0.4. The value of terminal environment adaptability can be assigned based on the adaptability of the added metric to the terminal hardware, system version, and service configuration. Fully adapted is 1.0, partially adapted is 0.5-0.9, and incompatible is 0-0.4.

[0077] For each conflict, a preset conflict resolution rule (i.e., preset rule) is enabled, prioritizing high-security-level policies or the most recently effective compliance policies. Conflicts that cannot be resolved automatically by the rules are marked as pending arbitration and submitted for manual arbitration.

[0078] Optionally, conflicts can be classified into different types, such as: conflict type classification: based on the core attributes of the metric, they can be divided into three categories: benchmark requirement conflicts (such as inconsistent hash values ​​and signature verification standards), execution rule conflicts (such as inconsistent metric frequency, depth, and period), and handling rule conflicts (such as inconsistent interception and alarm rules after metric anomalies).

[0079] Different conflict types follow different rules. For example, when executing conflict rules, the principle of security first, while taking efficiency into account, is to select rules with higher measurement frequency and greater depth. When handling conflict rules, the principle of least privilege + rapid response is to select handling rules that are more in line with the business risk level.

[0080] A general priority rule can also be set. When the above rules cannot resolve the issue, a three-level priority judgment is executed. The first priority is the high security level policy (such as EL5 and EL4 level main policies take precedence over lower levels). The second priority is the most recently effective policy (judged by the policy's effective timestamp, with the most recent policy taking precedence). The third priority is the high reuse rate policy (judged by the reuse rate in the same scenario in the policy RAG vector library, with policies with a reuse rate ≥90% taking precedence). In cases of policy conflicts with the same security level, effective time, and reuse rate, or where the conflict involves core systems or critical business operations, manual arbitration is triggered directly.

[0081] For common items, retain them directly and incorporate them into the target measurement strategy. For added or conflicting items that require manual confirmation, do not include them in the final strategy to be issued and implemented, and update them after manual confirmation.

[0082] Based on all identical items, all first objective items, all second objective items, and all third objective items, the objective measurement strategy can be determined.

[0083] Figure 5 This is a flowchart of an optimization initial strategy according to an embodiment of this application, such as... Figure 5 As shown, the initial strategy's key fields are first concatenated into natural language text. A pre-trained model is used to generate the semantic vector of the initial strategy, and a similarity search is performed in the strategy RAG vector library to recall the top 6 historical strategies with the highest similarity. The initial strategy is then compared in a structured manner with the best historical strategies (i.e., the top 6 historical strategies with the highest similarity) to identify four types of differences (common items, missing items, added items, and conflicting items). Then, based on strategy fusion decision-making, the four types of differences are fused: common items are directly retained; missing items are automatically decided by a large model, combined with the operational scenario and the subject's security level, to determine whether to supplement (i.e., supplement / not supplement); items confirmed to be supplemented are marked as supplementary items and included in the optimized strategy decision; added items are quantified using a confidence calculation engine, and added items with high confidence (score ≥ 0.9) are directly adopted. After optimization, additions with low confidence (score < 0.9) are marked as pending review and submitted for manual review. Conflicting items are automatically resolved according to conflict rules, prioritizing the adoption of high-security-level strategies or the most recently effective compliant strategies. Conflicting items that cannot be automatically resolved by rules are marked as pending arbitration and submitted for manual arbitration. After the above fusion decision, the final strategy output consists of: retained items (i.e., common items), supplementary items (key missing metrics adopted from historical strategies), and review items (i.e., additions or conflicting items that require manual confirmation) to generate the final trusted strategy. Among them, review items are temporarily stored and not included in the final strategy to be issued and executed. They will be supplemented and updated after manual confirmation. The final strategy (i.e., the target metric strategy) is stored in the strategy RAG library, and the benchmark value generation process is triggered simultaneously. The final strategy + benchmark value are encrypted and sent to the terminal.

[0084] The target measurement strategy includes at least: the object to be measured; in order to accurately evaluate the effectiveness of the benchmark measurement value, in the measurement strategy generation method provided in Embodiment 1 of this application, the benchmark measurement value of the object to be measured is obtained; a preset multi-dimensional evaluation model is constructed based on a preset time decay coefficient, anomaly measurement score, the weight of the preset time decay coefficient, and the weight of the anomaly measurement score, wherein the anomaly measurement score is obtained by statistically analyzing the historical measurement results of the object to be measured within a preset statistical period; and the evaluation score of the benchmark measurement value is calculated based on the preset multi-dimensional evaluation model.

[0085] Optionally, after generating the target measurement strategy, each object to be measured needs to be assigned a reliable, dynamically updated, and valid benchmark measurement value as a comparison basis for end-side trust measurement. First, the original benchmark measurement value for each object to be measured is obtained. This benchmark value comes from multiple acquisition mechanisms (such as factory presets, historical verification, or model generation), but its validity needs to be dynamically evaluated, rather than statically adopted. Through a multi-source fusion and validity evaluation management mechanism, the accuracy and timeliness of the benchmark library can be improved, providing a solid and reliable comparison basis for trust measurement.

[0086] In this embodiment of the invention, the baseline value generation and update process can be automatically triggered in the following scenarios: 1. The newly generated target measurement strategy contains new measurement objects, and a corresponding trusted baseline needs to be established; 2. When a legitimate change is detected in the object to be measured (such as a file, configuration, or certificate), the baseline value update is automatically triggered; 3. Security operations personnel manually initiate the generation, update, or rollback request of the baseline value.

[0087] Optionally, the benchmark values ​​can be obtained sequentially in descending order of priority. The applicable scenarios and priorities for multi-source benchmark values ​​are shown in Table 1.

[0088] Table 1

[0089]

[0090] In this embodiment of the invention, the validity of the benchmark value can be intelligently identified based on a preset multi-dimensional evaluation model (i.e., the calculation formula of the validity score), and a quantitative validity score can be output. The calculation formula of the validity score is: validity score = α × (1 - preset time decay coefficient) + β × anomaly measurement score, where: α = 0.4, β = 0.6, α is the weight of the preset time decay coefficient, and β is the weight of the anomaly measurement score.

[0091] The preset time decay coefficient reflects the degree of adaptability decay of the baseline value over time. It is calculated as follows: the number of days since the last successful authentication of the baseline value divided by 365 days (365 is the maximum decay period). For example, if the last successful authentication of the baseline value for file 1 was 37 days ago, the time decay coefficient is 37 ÷ 365 ≈ 0.1; if the last successful authentication of the baseline value for file 2 was 365 days ago, the preset time decay coefficient is 1. When the interval is greater than 365 days, the preset time decay coefficient is uniformly set to 1, with a value range of 0 ≤ preset time decay coefficient ≤ 1. If the baseline value has never been verified, it is calculated based on the initial generation time of the baseline value in TPCM. The closer the baseline value generation time and verification time are to the current time, the closer the coefficient is to 0; conversely, the further away the coefficient is, the closer it is to 1, and the more significant the adaptability decay.

[0092] The anomaly score can be calculated based on the total number of times the object to be measured and the number of anomalies within a preset statistical period (such as 30 calendar days). For example, if file 1 is measured 10 times in 30 days and there are only 2 anomalies, then the anomaly score is (10-2)÷10=0.8. The anomaly score ranges from 0 to 1.

[0093] Based on the validity score (i.e., the evaluation score), corresponding tiered processing actions can be performed. For example, if the validity score evaluation result is valid (validity score ≥ 0.8), it can be put into normal use, and the last verification timestamp is updated; if the validity score evaluation result is a warning (validity score between 0.5 and 0.8), a re-verification is triggered (i.e., the preset time decay coefficient and abnormal measurement score are recalculated), it is marked as pending observation, and a warning notification is issued simultaneously; if the validity score evaluation result is invalid (validity score < 0.5), it is immediately marked as invalid, put into use is prohibited, and the baseline value regeneration process is triggered (i.e., the baseline value is re-acquired and the validity is recalculated).

[0094] By using a two-dimensional evaluation model based on time decay and abnormal frequency, dynamic, quantitative, and adaptive management of benchmark metrics is achieved, avoiding the drawbacks of static benchmarks. This enables the system to intelligently identify benchmark drift caused by system updates, patch installations, or business changes, ensuring that the benchmark value bound to each target metric strategy always has high confidence and true representativeness.

[0095] To improve the comprehensiveness of the measurement strategy vector database, in the measurement strategy generation method provided in Embodiment 1 of this application, when the evaluation score is greater than or equal to a preset evaluation score threshold, the benchmark measurement value is associated with the target measurement strategy; the associated benchmark measurement value and the target measurement strategy are sent to the terminal, wherein the terminal obtains the execution result by executing the target measurement strategy; and the measurement strategy vector database is updated based on the execution result.

[0096] In this embodiment of the invention, when the evaluation score is greater than or equal to a preset evaluation score threshold, the benchmark metric value is associated with the target metric strategy and sent to the terminal. The terminal executes the target metric strategy and obtains the execution result (e.g., success, failure, false positive, missed positive, etc.). At the same time, based on the execution result (i.e. success), the target metric strategy that has taken effect this time can be vectorized and encoded and stored in the metric strategy vector database.

[0097] Optionally, benchmark metrics can be stored in a benchmark RAG vector library to update the library and provide knowledge support for subsequent policy optimization. Key fields of benchmark metrics may include: unique benchmark identifier, associated policy identifier, target metric object type, storage path, hash algorithm, specific benchmark value content, validity period, last verification time, current version number, complete version history, and validity assessment score.

[0098] Optionally, iterative optimization in two dimensions can be achieved through a policy self-learning and self-optimization closed-loop system. For example, on the terminal side, local iteration involves the policy agent continuously receiving policy execution feedback from the measurement execution layer, including measurement results, misjudgment records, and missed judgment events. The local optimizer adjusts model decision parameters and optimizes the measurement object selection logic, improving policy adaptability while ensuring security. On the management side, global iteration involves the management end continuously receiving policy execution effects, security events, and business change information reported by the terminals. The final effective policy, benchmark value, and judgment cases are added to the policy RAG library, benchmark RAG library, and typical case library, respectively, completing incremental updates to the knowledge base. Simultaneously, based on feedback data from all terminals, the management end model, semantic encoding model, and difference analysis rules are optimized to improve the accuracy and generalization ability of global policy optimization. This enables the autonomous evolution of trusted policies, effectively adapting to dynamically changing business scenarios and intelligent network attack postures, achieving synchronous evolution of protection capabilities.

[0099] The measurement strategy generation method provided in this application can dynamically generate an initial measurement strategy based on the subject profile and operation semantics through the terminal policy agent. Combined with the management end large model and dual RAG system, the strategy is semantically vectorized and compared in a structured manner field by field. It intelligently identifies identical items, missing items, added items and conflicting items. High-value items are filtered through a scenario-driven tagging mechanism and multi-dimensional scoring function to finally form the target measurement strategy. At the same time, a multi-dimensional evaluation model based on the time decay coefficient and abnormal measurement score is dynamically verified and associated with the trusted benchmark value. After threshold filtering, the target measurement strategy is sent to the terminal for execution. The execution result is then fed back to the strategy and benchmark knowledge base, realizing the automated generation and iteration of the trusted strategy without human intervention throughout the entire process.

[0100] It should be noted that the steps shown in the flowchart in the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and although a logical order is shown in the flowchart, in some cases the steps shown or described may be executed in a different order than that shown here.

[0101] Example 2

[0102] This application also provides a measurement strategy generation apparatus. It should be noted that the measurement strategy generation apparatus of this application can be used to execute the measurement strategy generation method provided in this application. The measurement strategy generation apparatus provided in this application will be described below.

[0103] According to an embodiment of this application, an apparatus for implementing the above-described method for generating the metric strategy is also provided. Figure 6 This is a schematic diagram of an optional measurement strategy generation apparatus according to an embodiment of this application, such as... Figure 6 As shown, the apparatus for generating the measurement strategy may include: a receiving unit 60, a processing unit 61, an analysis unit 62, and a fusion unit 63.

[0104] The receiving unit 60 is used to receive an operation request, wherein the operation request carries data, and the data includes at least historical measurement information.

[0105] The processing unit 61 is used to process the data and historical measurement information through the policy generation layer of the terminal to obtain the initial measurement policy.

[0106] Analysis unit 62 is used to analyze the initial measurement strategy through the management terminal and obtain the analysis results. The management terminal stores a measurement strategy vector database. The analysis results are obtained by comparing the initial measurement strategy with the historical strategy vectors in the measurement strategy vector database. The analysis results include at least multiple strategy items.

[0107] The fusion unit 63 is used to fuse multiple policy items to obtain the target measurement policy.

[0108] The measurement strategy generation apparatus provided in this application embodiment can receive operation requests through receiving unit 60, process data and historical measurement information through the strategy generation layer of the terminal through processing unit 61 to obtain an initial measurement strategy, analyze the initial measurement strategy through management terminal through analysis unit 62 to obtain analysis results, and fuse multiple strategy items through fusion unit 63 to obtain a target measurement strategy.

[0109] Optionally, the data also includes: the object to be measured and the operation performed on the object to be measured. The processing unit 61 includes: a first verification module, used to verify the identity of the object to be measured, identify the identity type of the object to be measured if the identity of the object to be measured is passed, and obtain the historical behavior data and permission level of the object to be measured; a first construction module, used to construct a profile of the object to be measured based on the identity type, historical behavior data and permission level; a first parsing module, used to parse the operation and historical measurement information to obtain parsed data, wherein the parsed data includes at least: the sub-object to be measured associated with the operation; a first determination module, used to determine the system resources occupied by the operation; a second determination module, used to determine the target security level of the object to be measured based on preset security classification rules, and determine the list of objects to be measured based on the target security level and the sub-objects to be measured; and a first generation module, used to generate an initial measurement strategy based on the profile of the object to be measured, the operation, the system resources and the list of objects.

[0110] Optionally, the analysis unit 62 includes: a first concatenation module for concatenating multiple preset fields in the initial measurement strategy to obtain concatenated text; a first vectorization module for vectorizing the concatenated text to obtain semantic vectors; a first search module for searching in the measurement strategy vector database based on the semantic vectors to obtain multiple historical strategy vectors; and a first comparison module for comparing the semantic vectors with the multiple historical strategy vectors to obtain analysis results.

[0111] Optionally, the first comparison module includes: a first determination submodule, used to determine the historical strategy corresponding to each historical strategy vector and to determine the initial measurement strategy corresponding to the semantic vector; the first comparison submodule is used to compare the initial measurement strategy with the historical strategy field by field for each historical strategy to obtain multiple strategy items, wherein the strategy items include at least: identical items, missing items, added items, and conflicting items; identical items are fields that exist simultaneously in the initial measurement strategy and the historical strategy; missing items are fields that do not exist in the initial measurement strategy but exist in the historical strategy; added items are fields that exist in the initial measurement strategy but do not exist in the historical strategy; conflicting items are fields that conflict between the initial measurement strategy and the historical strategy.

[0112] Optionally, the fusion unit 63 includes: a third determining module for determining the operation scenario of the object to be measured; a first judging module for determining whether to mark the missing item for each missing item based on the operation scenario and the target security level of the object to be measured, and if the missing item is marked, the missing item is taken as the first target item; a fourth determining module for determining multiple scoring dimensions and assigning preset weights to each scoring dimension; a second construction module for constructing a scoring function based on all scoring dimensions and all preset weights, wherein the scoring function is used to calculate the score of the added item; a first processing module for taking the added item as the second target item if the score is greater than a preset scoring threshold for each added item; a second processing module for taking the conflicting item that meets the preset rules as the third target item for each conflicting item; and a fifth determining module for determining the target measurement strategy based on all identical items, all first target items, all second target items, and all third target items.

[0113] Optionally, the target measurement strategy includes at least: the object to be measured, and the measurement strategy generation device includes: a first acquisition module, used to acquire the benchmark measurement value of the object to be measured after fusing multiple strategy items to obtain the target measurement strategy; a third construction module, used to construct a preset multi-dimensional evaluation model based on a preset time decay coefficient, anomaly measurement score, the weight of the preset time decay coefficient, and the weight of the anomaly measurement score, wherein the anomaly measurement score is obtained by statistically analyzing the historical measurement results of the object to be measured within a preset statistical period; and a first calculation module, used to calculate the evaluation score of the benchmark measurement value based on the preset multi-dimensional evaluation model.

[0114] Optionally, the measurement strategy generation device further includes: a first association module, used to associate the benchmark measurement value with the target measurement strategy after calculating the evaluation score of the benchmark measurement value based on a preset multi-dimensional evaluation model, provided that the evaluation score is greater than or equal to a preset evaluation score threshold; a first sending module, used to send the associated benchmark measurement value and the target measurement strategy to the terminal, wherein the terminal obtains the execution result by executing the target measurement strategy; and a first updating module, used to update the measurement strategy vector database based on the execution result.

[0115] The aforementioned measurement strategy generation device may also include a processor and a memory. The aforementioned receiving unit 60, processing unit 61, analysis unit 62, fusion unit 63, etc., are all stored in the memory as program units, and the processor executes the aforementioned program units stored in the memory to realize the corresponding functions.

[0116] The aforementioned processor contains a kernel, which retrieves the corresponding program units from memory. One or more kernels can be configured, and by adjusting kernel parameters, multiple policy items can be fused to obtain the target metric policy.

[0117] The aforementioned memory may include non-permanent memory in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM, and the memory includes at least one memory chip.

[0118] It should be noted that the receiving unit 60, processing unit 61, analysis unit 62, and fusion unit 63 mentioned above correspond to steps S201 to S204 in Embodiment 1. The instances and application scenarios implemented by the above units and their corresponding steps are the same, but they are not limited to the content disclosed in Embodiment 1. It should be noted that the above units can be hardware or software components stored in memory (e.g., memory 104) and processed by one or more processors (e.g., processors 102a, 102b, ..., 102n). The above units can also be part of a device and run in the computer terminal 10 provided in Embodiment 1.

[0119] Example 3

[0120] Embodiments of this application may provide a computer terminal, which may be any computer terminal device in a group of computer terminals. Optionally, in this embodiment, the aforementioned computer terminal may also be replaced with a mobile terminal or an electronic device, etc.

[0121] Optionally, in this embodiment, the computer terminal may be located in at least one of a plurality of network devices in a computer network.

[0122] In this embodiment, the computer terminal described above can execute the program code for the following steps in the method for generating a measurement strategy: receiving an operation request, wherein the operation request carries data, the data including at least historical measurement information; processing the data and historical measurement information through the strategy generation layer of the terminal to obtain an initial measurement strategy; analyzing the initial measurement strategy through a management terminal to obtain an analysis result, wherein the management terminal stores a measurement strategy vector database, and the analysis result is obtained by comparing the initial measurement strategy with historical strategy vectors in the measurement strategy vector database, and the analysis result includes at least: multiple strategy items; fusing the multiple strategy items to obtain a target measurement strategy.

[0123] Optionally, the aforementioned computer terminal can execute the program code for the following steps in the method for generating a measurement policy: verifying the identity of the object to be measured; if the identity verification of the object to be measured is successful, identifying the identity type of the object to be measured, and obtaining the historical behavior data and permission level of the object to be measured; constructing a profile of the object to be measured based on the identity type, historical behavior data, and permission level; parsing the operation and historical measurement information to obtain parsed data, wherein the parsed data includes at least: the sub-objects to be measured associated with the operation; determining the system resources occupied by the operation; determining the target security level of the object to be measured based on preset security classification rules, and determining the list of objects to be measured based on the target security level and the sub-objects to be measured; and generating an initial measurement policy based on the profile of the object to be measured, the operation, the system resources, and the list of objects.

[0124] Optionally, the aforementioned computer terminal can execute the program code for the following steps in the method for generating a measurement strategy: concatenating multiple preset fields in the initial measurement strategy to obtain concatenated text; vectorizing the concatenated text to obtain a semantic vector; searching in the measurement strategy vector database based on the semantic vector to obtain multiple historical strategy vectors; and comparing the semantic vector with the multiple historical strategy vectors to obtain analysis results.

[0125] Optionally, the aforementioned computer terminal may execute the program code for the following steps in the method for generating a measurement strategy: determining the historical strategy corresponding to each historical strategy vector, and determining the initial measurement strategy corresponding to the semantic vector; for each historical strategy, comparing the initial measurement strategy with the historical strategy field by field to obtain multiple strategy items, wherein the strategy items include at least: identical items, missing items, added items, and conflicting items; identical items are fields that exist simultaneously in the initial measurement strategy and the historical strategy; missing items are fields that do not exist in the initial measurement strategy but exist in the historical strategy; added items are fields that exist in the initial measurement strategy but do not exist in the historical strategy; conflicting items are fields that conflict between the initial measurement strategy and the historical strategy.

[0126] Optionally, the aforementioned computer terminal can execute the program code for the following steps in the method for generating a measurement strategy: determining the operation scenario of the object to be measured; for each missing item, based on the operation scenario and the target security level of the object to be measured, determining whether to mark the missing item, and if the missing item is marked, taking the missing item as the first target item; determining multiple scoring dimensions and assigning preset weights to each scoring dimension; constructing a scoring function based on all scoring dimensions and all preset weights, wherein the scoring function is used to calculate the score of the added item; for each added item, taking the added item as the second target item if the score is greater than a preset scoring threshold; for each conflicting item, taking the conflicting item that satisfies the preset rules as the third target item; and determining the target measurement strategy based on all identical items, all first target items, all second target items, and all third target items.

[0127] Optionally, the computer terminal described above can execute the program code for the following steps in the method for generating the measurement strategy: obtaining the baseline measurement value of the object to be measured; constructing a preset multi-dimensional evaluation model based on a preset time decay coefficient, anomaly measurement score, the weight of the preset time decay coefficient, and the weight of the anomaly measurement score, wherein the anomaly measurement score is obtained by statistically analyzing the historical measurement results of the object to be measured within a preset statistical period; and calculating the evaluation score of the baseline measurement value based on the preset multi-dimensional evaluation model.

[0128] Optionally, the computer terminal described above can execute the program code for the following steps in the method for generating a measurement strategy: when the evaluation score is greater than or equal to a preset evaluation score threshold, associate the benchmark measurement value with the target measurement strategy; send the associated benchmark measurement value and the target measurement strategy to the terminal, wherein the terminal obtains the execution result by executing the target measurement strategy; and update the measurement strategy vector database based on the execution result.

[0129] Optionally, Figure 7 This is a structural block diagram of an electronic device according to an embodiment of this application. Figure 7 As shown, the electronic device may include: one or more ( Figure 7 (Only one is shown) Processor 702, memory 704, memory controller, and peripheral interface, wherein the peripheral interface is connected to the radio frequency module, audio module and display.

[0130] The memory can be used to store software programs and modules, such as the program instructions / modules corresponding to the measurement strategy generation method and apparatus in this application embodiment. The processor executes various functional applications and data processing by running the software programs and modules stored in the memory, thereby implementing the aforementioned measurement strategy generation method. The memory may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory may further include memory remotely located relative to the processor, and these remote memories can be connected to the terminal via a network. Examples of such networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.

[0131] The processor can invoke the information and application program stored in the memory through the transmission device to execute the steps described above in the method for generating the aforementioned metric strategy.

[0132] The embodiments of this application provide a scheme for generating measurement strategies. An initial measurement strategy is dynamically generated by a terminal policy agent based on the subject profile and operational semantics. This is combined with a large model and a dual RAG system on the management end for semantic retrieval, difference analysis, and confidence assessment. It intelligently identifies missing, added, and conflicting items, and dynamically generates a reliable benchmark value by integrating a multi-dimensional evaluation model that incorporates time decay and anomaly frequency. This ultimately forms a self-optimizing strategy with closed-loop feedback. This enables precise matching of measurement objects, automatic completion and conflict resolution of policy rules, and real-time updating and validity verification of benchmark values. It achieves fully automated generation, adaptive adjustment, and continuous evolution of reliable strategies, thus solving the technical problems in related technologies where manual configuration of measurement strategies easily leads to omissions of measurement objects and a lack of adaptive adjustment capabilities.

[0133] Those skilled in the art will understand that Figure 7 The structure shown is for illustrative purposes only. Electronic devices can also be terminal devices such as smartphones, tablets, PDAs, and mobile internet devices (MIDs). Figure 7 This does not limit the structure of the aforementioned electronic device. For example, electronic devices may also include components that are more... Figure 7 The more or fewer components shown (such as network interfaces, display devices, etc.), or having the same Figure 7 The different configurations shown.

[0134] Those skilled in the art will understand that all or part of the steps in the various methods of the above embodiments can be implemented by a program instructing the hardware related to the terminal device. The program can be stored in a computer-readable storage medium, which may include: flash drive, read-only memory (ROM), random access memory (RAM), disk or optical disk, etc.

[0135] Example 4

[0136] Embodiments of this application also provide a storage medium. Optionally, in this embodiment, the storage medium can be used to store the program code executed by the method for generating the metric strategy provided in Embodiment 1.

[0137] Optionally, in this embodiment, the storage medium may be located in any computer terminal in a group of computer terminals in a computer network, or in any mobile terminal in a group of mobile terminals.

[0138] This application also provides a computer program product, which, when executed on a data processing device, is adapted to perform the steps of a method for generating a measurement strategy.

[0139] The sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0140] In the above embodiments of this application, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments.

[0141] In the several embodiments provided in this application, it should be understood that the disclosed technical content can be implemented in other ways. The device embodiments described above are merely illustrative; for example, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the displayed or discussed mutual coupling, direct coupling, or communication connection may be through some interfaces; the indirect coupling or communication connection between units or modules may be electrical or other forms.

[0142] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0143] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0144] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as a USB flash drive, read-only memory (ROM), random access memory (RAM), portable hard drive, magnetic disk, or optical disk.

[0145] The above description is only a preferred embodiment of this application. It should be noted that for those skilled in the art, several improvements and modifications can be made without departing from the principle of this application, and these improvements and modifications should also be considered within the scope of protection of this application.

Claims

1. A method for generating a metric strategy, characterized in that, This is applied to a metric policy generation system, which includes a terminal and a management terminal, and the generation method includes: Receive an operation request, wherein the operation request carries data, and the data includes at least historical measurement information; The terminal's policy generation layer processes the data and historical measurement information to obtain an initial measurement policy. The initial measurement strategy is analyzed by the management terminal to obtain analysis results. The management terminal stores a measurement strategy vector database. The analysis results are obtained by comparing the initial measurement strategy with historical strategy vectors in the measurement strategy vector database. The analysis results include at least multiple strategy items. The multiple policy items are fused to obtain the target measurement policy.

2. The method for generating a measurement strategy according to claim 1, characterized in that, The data also includes: the object to be measured, the operations performed on the object to be measured, and the steps of processing the data and the historical measurement information through the policy generation layer of the terminal to obtain the initial measurement policy, including: The identity of the object to be measured is verified. If the identity verification of the object to be measured is successful, the identity type of the object to be measured is identified, and the historical behavior data and the permission level of the object to be measured are obtained. Based on the identity type, the historical behavior data, and the permission level, a profile of the object to be measured is constructed; The operation and the historical measurement information are parsed to obtain parsed data, wherein the parsed data includes at least: the sub-object to be measured associated with the operation; Determine the system resources used by the operation; Based on preset security classification rules, the target security level of the object to be measured is determined, and based on the target security level and the sub-object to be measured, a list of objects to be measured is determined. The initial measurement strategy is generated based on the object profile to be measured, the operation, the system resources, and the object list.

3. The method for generating a measurement strategy according to claim 1, characterized in that, The steps for analyzing the initial measurement strategy through the management terminal to obtain the analysis results include: Multiple preset fields in the initial measurement strategy are concatenated to obtain concatenated text; The concatenated text is vectorized to obtain a semantic vector; Based on the semantic vector, a search is performed in the metric strategy vector database to obtain multiple historical strategy vectors; The semantic vector is compared with multiple historical strategy vectors to obtain the analysis results.

4. The method for generating a measurement strategy according to claim 3, characterized in that, The step of comparing the semantic vector with multiple historical strategy vectors to obtain the analysis result includes: Determine the historical strategy corresponding to each historical strategy vector, and determine the initial metric strategy corresponding to the semantic vector; For each historical strategy, the initial measurement strategy is compared field by field with the historical strategy to obtain multiple strategy items. Each strategy item includes at least: identical items, missing items, added items, and conflicting items. The identical items are fields that exist simultaneously in both the initial measurement strategy and the historical strategy. The missing items are fields that do not exist in the initial measurement strategy but exist in the historical strategy. The added items are fields that exist in the initial measurement strategy but do not exist in the historical strategy. The conflicting items are fields that conflict between the initial measurement strategy and the historical strategy.

5. The method for generating a metric strategy according to claim 1, characterized in that, The step of fusing the multiple policy terms to obtain the target measurement policy includes: Determine the operational scenario of the object to be measured; For each missing item, based on the operation scenario and the target security level of the object to be measured, it is determined whether to mark the missing item. If the missing item is marked, the missing item is taken as the first target item. Multiple rating dimensions are determined, and a preset weight is assigned to each rating dimension; Based on all the stated rating dimensions and all the stated preset weights, a rating function is constructed, wherein the rating function is used to calculate the rating of the added item; For each of the added items, if the score is greater than a preset score threshold, the added item will be used as the second target item; For each conflicting item, the conflicting item that satisfies the preset rules will be taken as the third target item; The target measurement strategy is determined based on all identical items, all first target items, all second target items, and all third target items.

6. The method for generating a measurement strategy according to claim 1, characterized in that, The target measurement strategy includes at least: the object to be measured, and after fusing the multiple strategy items to obtain the target measurement strategy, it also includes: Obtain the baseline metric value of the object to be measured; Based on a preset time decay coefficient, anomaly measurement score, the weight of the preset time decay coefficient, and the weight of the anomaly measurement score, a preset multi-dimensional evaluation model is constructed. The anomaly measurement score is obtained by statistically analyzing the historical measurement results of the object to be measured within a preset statistical period. Based on the preset multi-dimensional evaluation model, the evaluation score of the benchmark metric is calculated.

7. The method for generating a measurement strategy according to claim 6, characterized in that, After calculating the evaluation score of the benchmark metric based on the preset multi-dimensional evaluation model, the method further includes: If the evaluation score is greater than or equal to a preset evaluation score threshold, the benchmark metric value is associated with the target metric strategy; The associated benchmark metric and the target metric strategy are sent to the terminal, wherein the terminal obtains the execution result by executing the target metric strategy; Based on the execution results, update the metric strategy vector database.

8. A device for generating a measurement strategy, characterized in that, This is applied to a metric policy generation system, which includes a terminal and a management terminal, and the generation device includes: A receiving unit is configured to receive an operation request, wherein the operation request carries data, and the data includes at least historical measurement information; The processing unit is used to process the data and the historical measurement information through the policy generation layer of the terminal to obtain an initial measurement policy; An analysis unit is used to analyze the initial measurement strategy through the management terminal to obtain analysis results. The management terminal stores a measurement strategy vector database. The analysis results are obtained by comparing the initial measurement strategy with historical strategy vectors in the measurement strategy vector database. The analysis results include at least multiple strategy items. The fusion unit is used to fuse the multiple policy items to obtain the target measurement policy.

9. A computer program product, characterized in that, The method includes a non-volatile computer-readable storage medium storing a computer program that, when executed by a processor, implements the method for generating the metric strategy according to any one of claims 1 to 7.

10. An electronic device, characterized in that, It includes one or more processors and a memory, the memory being used to store one or more programs, wherein when the one or more programs are executed by the one or more processors, the one or more processors cause the one or more processors to implement the method for generating the metric strategy according to any one of claims 1 to 7.